Getting started with Application Resilience policies
Depending on the Absolute product licenses associated with your account, Application Resilience policies may not be available.
Your organization depends on a multitude of software applications to complete the critical business processes required in your day-to-day operations. Many of these applications are deployed to your fleet of devices with limited access to tools that make sure that the devices are secure and comply with your organization's defined policies. Over time, these critical applications may become non-functional or non-compliant without your knowledge, potentially exposing your organization to data breaches, regulatory non-compliance, and a loss of employee productivity.
In Absolute, administrators can activate Application Resilience policies to help validate and maintain the resiliency of critical third party applications in the following ways:
- Report on the functional status of the application's essential components
- Determine if the device is compliant by comparing the current state of the application with the desired state (as defined in the Application Resilience policy configurations)
- Repair components that are non-functional or non-compliant (for most applications, requires Absolute Resilience license)
- Reinstall the application if it can't be repaired or is no longer installed (for most applications, requires Absolute Resilience license)
-
Install the application if it was never previously installed (for most applications, requires Absolute Resilience license)
For more information about Application Resilience, visit the Learning Hub. To access the Learning Hub, click 
(Help and Support) on the quick access toolbar and then click Resources > The Learning Hub.
System requirements
You can activate Application Resilience policies on devices running a supported version of the Windows operating system. To see information about third party applications in the console, each device's Secure Endpoint Agent must be regularly connecting to the Absolute Monitoring Center.
Windows 11 SE
Due to restrictions imposed by Microsoft on PowerShell scripts, not all health checks can be completed on devices running Windows 11 SE. The following applications are available on Windows 11 SE and have been tested to determine if report, repair, and reinstall are supported:
| Application | Report | Repair and reinstall |
|---|---|---|
| BitLocker | Not supported | Not supported |
| Cisco Umbrella Roaming Client | Supported | Not supported |
| ESET Endpoint Antivirus | Supported | Not supported |
| FortiClient Fabric Agent | Supported | Not supported |
| FortiClient VPN | Supported | Supported |
| IMTLazarus Agent | Not supported | Not supported |
| Lightspeed Smart Agent | Supported | Not supported |
| Microsoft Intune | Not supported | Not supported |
| Microsoft Defender Antivirus | Not supported | Not supported |
The rest of the applications included in Application Resilience haven't been tested. If the application's health checks require PowerShell to run, Application Resilience isn't supported for the application on Windows 11 SE devices.
Collecting status information for third party applications
The Application Resilience (RAR) component A lightweight software component of the Secure Endpoint Agent that detects the status of third party applications installed on a device. The component may also attempt to repair the third party application if it is non-compliant. The RAR component is deployed on a device only when the device is associated with a customized policy group and that policy group's Application Resilience policy is activated. of the Secure Endpoint Agent is responsible for collecting status information about third party agents, clients, services, and drivers installed on your devices.
When you activate an Application Resilience policy, the RAR component is activated on each device after the next successful agent connection to the Absolute Monitoring Center. Going forward, the component checks the status of the application every 15 minutes. If the device is online, results are uploaded to the database using a secure connection. The upload occurs every 6 hours. An additional upload occurs immediately if an application's health status changes.
You can activate the Application Resilience policy to enable the RAR component to report on the functional status and compliance of the third-party applications supported in the current release. Each application has a series of health checks that are tested by the RAR component A lightweight software component of the Secure Endpoint Agent that detects the status of third party applications installed on a device. The component may also attempt to repair the third party application if it is non-compliant. The RAR component is deployed on a device only when the device is associated with a customized policy group and that policy group's Application Resilience policy is activated. when the application's Application Resilience policy is configured and activated. For most applications, the RAR component checks to make sure the version installed on the device matches the version configured in the policy. In addition, each application has its own set of health checks that the RAR component tests.
If the RAR component determines that the application is non-functional or non-compliant and the Absolute Resilience license is associated with the policy group, the component can be configured to attempt to repair, or in some cases reinstall, the application.
Global Application Resilience policy
By default, the Global Policy Group includes a preconfigured Application Resilience policy, which is set to Inactive. Although you can activate the policy in the Global Policy Group, best practice is to create custom policy groups, then configure and activate each policy group's Application Resilience policy, as required.
Application Resilience reporting
After you activate an Application Resilience policy, the agent begins to collect third party application status information from the devices associated with the applicable policy group. After you've allowed a day for the policy to be deployed and run on each Windows device, you can view the collected status information in the Application Resilience report and the Application Resilience Events report.
You can also view status information in the Application Health > Health column on the Applications page, the Installed Applications report, and the Applications page for each device.
