Hosting Application Resilience files

When you select the Report, repair, and reinstall or Report and reinstall option in your Application Resilience policy configuration, you can upload the required files in the Secure Endpoint Console. This allows you to set up Application Resilience policies without hosting the files on a publicly facing server. With Application Resilience file hosting, you can:

  • upload a file once, and use it for multiple policy groups
  • upload files for multiple versions of an application
  • delete unused files

All uploaded files undergo an anti-malware scan before they are available to use in Application Resilience policies.

Depending on the Absolute product licenses associated with your account, the Application Resilience feature may not be available.

Most applications support file hosting for the most recent version of the application. Additionally, some applications also support earlier versions.

The following applications do not support file hosting:

To upload your files in the Secure Endpoint Console, the following conditions must be met:

  • The file is 700 MB or smaller

  • There is enough space available in your account quota for the file, each account is allocated 3 GB of storage for all files

    If there is not enough available space in your account quota, delete unused files or contact Absolute Technical Support to increase your storage.

  • The file belongs to a single Absolute account

When you upload files during Application Resilience policy configuration, Absolute automatically scans them before they can be used in policies or deployed to devices.

Absolute leverages multiple scanning engines to ensure:

  • Files are free of viruses and other malware

  • File integrity is intact, with no corruption or tampering

  • Digital signatures are valid (files may be flagged if unsigned, signatures are invalid, or checksums don’t match)

    Digital signatures are validated for MSI and EXE files only, and are checked against the list of trusted signers defined in the Application Resilience policy. If there are no signers specified in the policy, signature validation is not performed.

Scan times may vary depending on file size and type. Application Resilience policies cannot use an uploaded file until the scan completes successfully with no threats detected, or until a flagged file receives secondary approval. Files with incomplete scans after initial upload are automatically classified as potentially malicious.

After initial upload, files are re-scanned on a weekly basis to check for newly discovered threats that may have emerged since the original scan. Any malware detections that were previously approved remain trusted on subsequent scans and don't require re-approval.

If a weekly scan detects a new threat in a file that has been deployed to devices, you can delete the file on the devices using a Reach script.

Scans performed during the initial upload of files will trigger an Installer file scan succeeded, Installer file scan not completed, or Installer file scan detected threats event to be logged to Event History, depending on the result. Weekly scans will only trigger an Installer file scan detected threats event.

If an uploaded file is flagged as potentially malicious for any reason (for example, a virus is detected, the file is corrupted, or a signature is invalid), the following actions occur:

  • All users who hold the Policies - Manage permission are notified by email that the file has been flagged as potentially malicious.

  • The file is immediately quarantined and cannot be used in Application Resilience policies. If the flagged file is currently assigned to an active Application Resilience policy, the policy will automatically switch to Report and repair mode (or Report only mode, if Report and repair is unavailable), preventing distribution of the flagged file.

  • A scan report is generated in the Console containing the results of each individual scanning engine, including the reasons why the file was flagged as potentially malicious.

  • An Installer file scan detected threats event is logged to Event History.

  • If a quarantined file is not approved within 7 days, it is automatically deleted from the system.

If you believe a flagged file is safe and the scan result is a false positive, a secondary approval can release the file from quarantine. All approvals are logged for audit purposes.

To assess a flagged file in quarantine and either delete or approve it:

  1. Log in to the Secure Endpoint Console as a user with Manage permissions for Policies.

  2. Do one of the following:

    1. Navigate to the Application Resilience policy and application that you uploaded the file for.

    2. Under Upload installer, locate the flagged file.

    1. Navigate to any Application Resilience policy and application.

    2. Under Upload installer, click Upload or Manage, depending on which button appears.

    3. Click View unused files.

    4. Locate the flagged file. You can sort all unused files by using the Sort by drop-down.

    You can also quickly access the flagged file by clicking the link in the notification email you received.

  3. Click Download report, open the report, and carefully review the scan results.

    • Avoid launching or extracting the file.

    • Re-scan the file using a trusted multi-engine service, such as VirusTotal, for a second opinion. Compare the detection ratio: if only one or two engines flag the file, it could be a false positive.

    • Compute the file hash (MD5, SHA-1, SHA-256) using a tool like certutil, then search the hash online to see if it appears in threat intelligence feeds or known safe repositories.

    • If you can't determine with certainty that the file is safe, contact your IT or security team for further guidance.

  4. Do one of the following:

    1. Click Delete file.

      The file is deleted and an Installer file deleted event is logged to Event History.

    You can approve your own uploaded file only if you are the sole user who holds the Policies - Manage permission within your account; otherwise, approval must come from a secondary approver. A secondary approver can be any user who holds the Policies - Manage permission (you can click View approvers to see the list of possible approvers). All of these users will have already received an email notifying them that the file was flagged as potentially malicious.

    Before approving the release of a quarantined file, make sure you are absolutely certain the file is safe and you have verified its source and integrity. Removing a file from quarantine due to malware detection can put your organization at serious risk.

    1. Click Approve anyway.

    2. Under Approval reason, enter the reason you're providing approval to release the file from quarantine (for example: False positive: file verified safe after manual review).

    3. Click Approve.

      The file is now available to use in Application Resilience policies, and an Installer file approved event is logged to Event History. The approval reason, timestamp, and approver’s name are always listed alongside all approved files in the Console.

If you choose to upload your files in the Secure Endpoint Console, the files are uploaded and managed when you configure an Application Resilience policy.

To upload a file:

  1. Log in to the Secure Endpoint Console as a user with Manage permissions for Policies and Licenses.
  2. Navigate to the Application Resilience policy and application that you want to upload a file for.
  3. Select Report and reinstall or Report, repair, and reinstall.
  4. Select Upload installer.
  5. Click Upload or Manage, depending on which button appears.

  6. If the application supports both 64-bit and 32-bit installers, select 64-bit installer, 32-bit installer, or both. If the policy group contains both 64-bit and 32-bit Windows devices, select both. Devices automatically download the appropriate installer for their operating system. To remove a selection, clear its checkbox.

  7. Do one of the following:

    • Click browse. Navigate to and select the file you want to upload.
    • Navigate to and select the file that you want to upload and drag it to the work area.

    The file must be a file type supported by the application.

    If the policy supports both 64-bit and 32-bit installers, you can upload one 64-bit installer and one 32-bit installer at the same time.

    If another file was previously used, it is moved to the Other versions drop-down when a new file is uploaded.

  8. Wait for the file to upload.
  9. [Optional] Click Add description (optional) and enter a description, if desired.
  10. Repeat the previous steps for each file you want to add.

  11. When you have finished uploading the files, click Save.

You can cancel an upload while it is in progress. However, if you cancel the upload or if an error occurs during upload, you can't restart it. The entire file must be uploaded again.

The name of the files appears under Upload installer, an Installer file uploaded event is logged to Event History, and an anti-malware scan runs automatically. An uploaded file is available to use in a policy only when one of the following is true:

  • The anti-malware scan completes successfully with no threats detected

  • A file that is flagged as potentially malicious receives secondary approval

What happens if my file is flagged as potentially malicious?

If you configure an Application Resilience policy using an uploaded file, and you activate the policy before the file scan is completed, the Reinstall feature will be temporarily paused until the file is verified safe. During this time, the application remains protected by Report and repair mode (or Report only mode, if Report and repair is unavailable).

When configuring your Application Resilience policy, you can select a previously uploaded file. You may want to do this if the file was uploaded for a different policy group, or you want to use a file for a different version of the application.

To select a previously uploaded file:

  1. Log in to the Secure Endpoint Console as a user with Manage permissions for Policies and Licenses.
  2. Navigate to the Application Resilience policy and application that you want to select a previously uploaded file for.
  3. Select Report and reinstall or Report, repair, and reinstall.

  4. Select Upload installer.

  5. Click Upload or Manage, depending on which button appears.

    Currently selected files show in the work area. The file name, size, description (optional), upload date, and SHA-256 hash appear.

  6. Click Other versions.

  7. Select one of the previously uploaded files from the drop-down menu.

  8. Click Save.

The name of the selected files appear under Upload installer.

If you have uploaded Application Resilience files that you are no longer using or have used up your account storage quota, you can delete your unused files.

Once a file has been deleted, it cannot be recovered.

Prerequisites

In order to be eligible for deletion, one of the following must apply:

  • The file isn't linked to any Application Resilience policies
  • The file is linked to an Application Resilience policy, but that policy is configured for Report only, or Report and repair
  • The file is linked to an Application Resilience policy that is configured for Report and reinstall or Report, repair, and reinstall, but the policy is inactive
  • The file is linked to an Application Resilience policy that is configured for Report and reinstall or Report, repair, and reinstall, but the policy is now using Host my own installer file

To delete a previously uploaded file:

  1. Log in to the Secure Endpoint Console as a user with Manage permissions for Policies and Licenses.
  2. Navigate to any Application Resilience policy that is configured for Report and reinstall or Report, repair, and reinstall.

  3. Click Upload or Manage, depending on which button appears.

    Currently selected files show in the work area.

  4. Click View unused files. This link only appears if there are files eligible for deletion.

    Eligible files show in Unused files. For each file, the following information is displayed:

    • File name and size
    • Upload date
    • User that uploaded the file
    • Date and time of last anti-malware scan
    • Associated application

  5. Click Delete file beside the file that you want to delete.

    To sort the unused files, use the Sort by drop-down and select one of the following:

    • Sort by Application (default)
    • Sort by File Name
    • Sort by Date - Oldest first
    • Sort by Date - Newest first
    • Sort by File Size - Smallest first
    • Sort by File Size - Largest first

    • Sort by User

  6. To confirm you want to delete the file, click OK.

The file is deleted, an Installer file deleted event is logged to Event History, and the remaining space in your account quota is updated.

For information on activating a policy linked to a deleted file, see Changing the activation of the policy.