Getting started with Application Persistence policies
Your organization depends on a multitude of software applications to complete the critical business processes required in your day-to-day operations. Many of these applications are deployed to your fleet of devices with limited access to tools that ensure that the devices are secure and comply with your organization's defined policies. Over time, these critical applications may become non-functional or non-compliant without your knowledge, potentially exposing your organization to data breaches, regulatory non-compliance, and a loss of employee productivity.
In Absolute, administrators can activate Application Persistence policies to help validate and maintain the resiliency of critical third party applications in the following ways:
- Report on the functional status of the application's essential components
- Determine if the device is compliant by comparing the current state of the application with the desired state (as defined in the Application Persistence policy configurations)
- Repair components that are non-functional or non-compliant (for most applications, requires Absolute Resilience license)
- Reinstall the application if it can't be repaired or is no longer installed (for most applications, requires Absolute Resilience license)
NOTE For more information about Application Persistence, review the training videos and interactions in the Learning Hub.
You can activate Application Persistence policies on devices running a supported version of the Windows operating system.
The Application Persistence (RAR) componentA lightweight software component of the Absolute agent that detects the status of third party applications installed on a device. The component may also attempt to repair the third party application if it is non-compliant. The RAR component is deployed on a device only when the device is associated with a customized policy group and that policy group's Application Persistence policy is activated. of the Absolute agentA small software client that resides in devices that are managed in the Absolute console. After the agent is initially installed on a new device, it is activated with its first connection to the Absolute Monitoring Center. The Absolute agent requires an internet connection only; contact with your devices is maintained when they are on or off your corporate network. is responsible for collecting status information about third party agents, clients, services, and drivers installed on your devices.
When you activate an Application Persistence policy, the RAR component is activated on each device after the next successful agent connection to the Absolute Monitoring CenterA lightweight software component of the Absolute agent that detects software applications installed on a device. The SNG component is deployed on a device only when the device is associated with a policy group in which the Installed Software policy is activated.. Going forward, the component checks the status of the application every six hours and uploads the results to the database using a secure connection.
In the current release, you can activate the Application Persistence policy to enable the RAR component to report on the functional status and compliance of the following applications:
- Cisco AnyConnect® Secure Mobility Client
- Cisco® AMP for Endpoints
- Citrix Workspace™
- CrowdStrike Falcon®
- Dell Advanced Threat Prevention
- Dell Data Guardian
- Dell Encryption
- ESET® Endpoint Antivirus
- F5® BIG-IP® Edge Client®
- Ivanti® Endpoint Manager
- Ivanti® Patch for Windows
- Lenovo® Universal Device Client Service
- McAfee® ePolicy Orchestrator®
- Microsoft BitLocker® Drive Encryption
- Microsoft® SCCM
- Pulse Connect Secure
- VMware Carbon Black Cloud™
- VMware Workspace ONE™
- WinMagic SecureDoc™
- Ziften Zenith
If the RAR component determines that the application is non-functional or non-compliant and the Absolute Resilience license is associated with the policy group, the component can be configured to attempt to repair, or in some cases reinstall, the application.
By default, the Global Policy Group includes a preconfigured Application Persistence policy, which is set to Inactive. Although you can activate the policy in the Global Policy Group, best practice is to create custom policy groups, then configure and activate each policy group's Application Persistence policy, as required.
After you activate an Application Persistence policy, the agent begins to collect third party application status information from the devices associated with the applicable policy group. After you've allowed a day for the policy to be deployed and run on each Windows device, you can view the collected status information in the Application Persistence report and the Application Persistence Events report.