Pre-caching Application Resilience files
In some cases, you may want to use Application Resilience to reinstall applications on your devices without the devices connecting to the Internet. For these situations, you can cache the required files on your devices in advance. Pre-caching the files on your devices may be useful to prepare for the following situations:
- a Ransomware attack
- a network quarantine
-
network challenges:
- firewall, bandwidth, or mobile devices on broadband
- bandwidth challenges from activating an Application Resilience policy to reinstall an application on a large number of devices
- avoiding future downloads as a best practice
In order for the RAR component A lightweight software component of the Secure Endpoint Agent that detects the status of third party applications installed on a device. The component may also attempt to repair the third party application if it is non-compliant. The RAR component is deployed on a device only when the device is associated with a customized policy group and that policy group's Application Resilience policy is activated. to reinstall an application using a cached version of the required files instead of downloading them, the following conditions must be met:
The pre-cached files must be stored in the correct location on the device. For all applications, the installers must be hosted in the $(ProgramData)\CTES\Components\RAR\ folder.
The files must have the correct file name. The exact file names required are listed in the Pre-caching installers section that is included in each application's online Help topic. For example, for Absolute Secure Access, the file must be named NetMotion.msi.
For applications that use Absolute Resilience file hosting, Absolute creates a SHA-256 hash when the file is uploaded. When you host you own installer, you assign a SHA-256 hash in the Application Resilience policy configuration.
When the RAR component validates the installer file, it verifies that the hash matches the hash provided in the policy configuration.
The hash is created based on the content of the file, not the file name. If an installer configured in the policy has a different file name than the installer pre-cached on the device, the hash matches as long as the content of the two files are identical.
If you have configured an Application Resilience policy for a policy group that contains both 64-bit and 32-bit Windows devices and the policy supports both installer types, make sure the appropriate installer is saved to the device. The RAR component will attempt to verify the hash for the appropriate version of the installer. For example, if the 64-bit installer is pre-cached on a 32-bit Windows device, the hash won't match and the pre-cached installer cannot be used.
To pre-cache an installer:
-
Configure the Application Resilience policy for the application.
If you want to pre-cache the installer to avoid a large number of devices from trying to download the installer at the same time, don't activate the policy at this point.
- Save an exact copy of the files used in the policy configuration with the file names specified in the application's Pre-caching installers section.
-
Using your preferred method, save the required files to the $(ProgramData)\CTES\Components\RAR\ folder on your devices.
-
If the Application Resilience policy is not activated, activate it now.
When the RAR component detects that the application is Not compliant, it checks the $(ProgramData)\CTES\Components\RAR\ folder to see if the required files are available. When it detects the required files with the matching file names, it verifies the SHA-256 hash for each file. If the file name and hash match, the RAR component attempts to reinstall the application.