Application Persistence policies for Cisco AMP for Endpoints
Cisco® AMP (Advanced Malware Protection) for Endpoints (Cisco AMP) provides visibility, context, and control to prevent attacks, and if malware gets in, detects it and responds before damage can be done. This platform requires the installation of the Cisco AMP for Endpoints Windows Connector (Cisco AMP Connector) on the organization's devices.
You can activate an Application Persistence policy to collect information about the functional status of the Cisco AMP Connectors installed on your Windows devices and to view the results in reports. You can also configure the policy to attempt to repair or reinstall the Cisco AMP Connector.
Application Persistence policies for Cisco AMP are supported only on devices running a supported version of the Windows operating system and one of the following versions of the Cisco AMP Connector:
- 7.x and higher
If you select Report higher versions as Compliant, higher versions report Compliant without running health checks.
You can configure an Application Persistence policy for Cisco AMP to enable the RAR component to repair the Cisco AMP Connector if it's not functioning or to reinstall it if it's missing or can't be repaired.
NOTE Depending on the Absolute product licenses associated with your account, the Report and repair option and the Report, repair, and reinstall option may not be available.
The RAR component of the Absolute agent can respond to the following issues:
One of the following services isn't running:
The RAR component restarts the service.
The Cisco AMP Connector failed to be repaired, or the expected version of the Cisco AMP Connector isn't installed
If the Report, repair, and reinstall option is selected in the Application Persistence policy, the RAR component downloads and installs the configured version of the Cisco AMP Connector.
NOTE Downgrades are not supported. If the version installed on a device is higher than the expected version, no action is taken.
A device restart is required after the Cisco AMP Connector is installed. The Absolute agent doesn't force the device to restart, so a status of Not Compliant continues to show in the Application Persistence reports until the device user performs a restart. You can review the report's Status Details to determine if a restart is required.
Before you activate an Application Persistence policy you need to configure the policy. You need to configure the application version in addition to the settings in Configuring Application Persistence policies.
To configure the application version:
Under Cisco AMP version, enter the version of the Cisco AMP Connector you expect to be running on your devices.
- The target version must be a sequence of digits separated by a period.
- You must enter the full version number, for example, 7.02.20.
IMPORTANT Wildcard "*" characters are not accepted.
If you selected the Report, repair, and reinstall option, you also need to configure this setting in addition to the settings in Configuring Application Persistence policies.
To configure the Cisco AMP specific setting:
- Under Additional Installer Commands, enter the applicable command line parameters to configure any settings not covered by the policy configurations. For more information about the available command line parameters, see Cisco's documentation.