Application Resilience policies for Dell Advanced Threat Prevention
You can activate an Application Resilience policy for Dell Endpoint Security Suite Enterprise Advanced Threat Prevention (Dell ATP) to collect information about the functional status of Dell ATP Agents installed on your Windows devices and view the results in reports. You can also configure the policy to attempt to reinstall the application.
Application Resilience policies for Dell ATP are supported on devices running:
- a supported version of the Windows operating system
-
PowerShell version 5.1 or higher
Due to PowerShell restrictions imposed by Microsoft, Application Resilience isn't supported for this application on devices running Windows 11 SE.
-
the following version of Dell Endpoint Security Suite Enterprise:
- 2.0.1.5
This platform requires the installation of a number of components, including the Dell ATP Agent, on the organization's devices.
To make the Dell ATP Agent resilient, the following Execution Control policy must be disabled on the Dell Security Management Server for Dell ATP: Prevent Service Shutdown from Device.
If this policy is enabled, the Dell ATP Agent can't be reinstalled.
In addition to checking the version, the following table describes the health checks performed:
Report higher versions as Compliant is not available.
Component | Test performed | ||
---|---|---|---|
Services | Installed | Running | Signed by |
Cylance PROTECT (CylanceSvc.exe) | P | P | Cylance, Inc. |
DellMgmtAgent (Dell.SecurityFramework.Agent.exe) | P | P | Dell Inc |
Drivers | Installed | Running | Signed by |
CyProtectDrv (CyProtectDrv64.sys or CyProtectDrv32.sys) | P | P | Cylance, Inc. |
Plugins | Exists | Signed by | |
Dell ATP Plugin (Dell.Client.Agent.Plugin.dll) | P | Cylance, Inc. |
You can configure an Application Resilience policy for Dell ATP to enable the Application Resilience (RAR) component A lightweight software component of the Secure Endpoint Agent that detects the status of third party applications installed on a device. The component may also attempt to repair the third party application if it is non-compliant. The RAR component is deployed on a device only when the device is associated with a customized policy group and that policy group's Application Resilience policy is activated. to attempt to reinstall the following Dell Endpoint Security Suite Enterprise components if they're not functioning or missing:
- Dell ATP Agent
- Dell ATP Plugin
- Dell Encryption Management Agent
The Report and repair option isn't supported. Depending on the Absolute product licenses associated with your account, the Report, repair, and reinstall option may not be available.
The RAR component of the Secure Endpoint Agent can respond to the following issues if the Report, repair, and reinstall option is selected:
Issue | Resolution |
---|---|
Reinstall | |
Downgrades are not supported. If the version installed on a device is higher than the expected version, no action is taken. |
|
The expected version of the ATP Agent isn't installed | If the ATP agent is installed, the RAR component uninstalls it. After the application is uninstalled, or if the application wasn't installed, the RAR component downloads and installs the configured version of the ATP agent. |
Cylance PROTECT (CylanceSvc.exe) service isn't running, or isn't installed | |
One or more of the following device drivers aren't installed, or aren't functioning correctly:
|
|
The expected version of the Dell ATP Plugin is missing | If the Dell ATP Plugin is installed, the RAR component uninstalls it. After the application is uninstalled, or if the application wasn't installed, the RAR component downloads and installs the configured version of the Dell ATP Plugin. |
The DellMgmtAgent (Dell.SecurityFramework.Agent.exe) service isn't running, or isn't installed |
If the Encryption Management Agent is installed, the RAR component uninstalls it. After the application is uninstalled, or if the application wasn't installed, the RAR component downloads and installs the configured version of the Encryption Management Agent. A device restart is required after the application is uninstalled. The Secure Endpoint Agent doesn't force the device to restart, so a status of Not Compliant continues to show in the Application Resilience reports until the device user performs a restart and the configured version of the application is downloaded and installed. You can review the report's Status details to determine if a restart is required. |
If you want the Secure Endpoint Agent to reinstall the Dell ATP Agent if it is non-functional or missing, you need to make the following Dell installers available for download:
- Dell ATP Agent installer
- Dell ATP Plugin installer
- Dell Encryption Management Agent installer
These installers, which are included in the Dell Endpoint Security Suite Enterprise master installer, need to be extracted to a web server before you begin configuring the policy. You also need to generate a SHA-256 hash for each installer file.
To prepare the installers:
- Copy the Dell Endpoint Security Suite Enterprise master installer (DDSSuite.exe) from the installation media to your computer.
-
Extract the installers from the master installer by doing the following:
- Open a Command prompt and navigate to the location of the DDSSuite.exe file.
-
Enter the following where <destination folder> is the location where you want to store the extracted installer, and press Enter:
CopyDDSSuite.exe /z"\"EXTRACT_INSTALLERS=<destination folder>""
For example, if <destination folder> is C:\DellEncryption_installer\, enter:
CopyDDSSuite.exe /z"\"EXTRACT_INSTALLERS=C:\DellEncryption_installer\""
- If User Account Control (UAC) is enabled, click Yes to open the InstallShield Wizard and begin extracting the master installer.
- When the installer is extracted, click Finish to close the InstallShield Wizard.
- Navigate to the destination folder. You'll see that each installer is extracted to its own folder.
Ensure that you extract all of the required installers from a single DDSSuite.exe file. Do not use installers obtained from multiple sources.
- Copy the contents of the following folders to the web server where you want to host the installers:
- Advanced Threat Prevention, which contains the Dell ATP Agent installer and the Dell ATP Plugin installer
- Encryption Management Agent, which contains 32- and 64-bit versions of the Dell Encryption Management Agent installer
Both HTTP and HTTPS protocols are supported. If necessary, you can restrict access to the installers by enabling HTTP basic authentication on the web server.
- Use a hash generator tool of your choice to generate a SHA-256 hash for each installer file. For example, you can use the CertUtil.exe command-line utility, which is included with most Windows operating systems.
The RAR component looks for the following files names when checking pre-cached installers:
Component | File name |
---|---|
Installers |
|
Before you activate an Application Resilience policy you need to configure the policy. If you selected Report, repair, and reinstall, use the installers and SHA-256 Hash keys from Preparing the Dell installers in Configuring Application Resilience policies and configure these additional settings.
To configure the Dell ATP specific settings:
-
Under Dell Management Server:
- Enter the fully qualified hostname of the Dell Management Server (for example, myserver.example.com). This server is also referred to as the Core server.
- If you're not using port 8888 to connect to the server, edit the default port number that shows in the field.
-
Under Dell Management Security Server:
- Enter the fully qualified hostname of the Dell Management Security server (for example, myserver.example.com).
- If you're not using port 8443 to connect to the server, edit the default port number that shows in the field.