Environment Manager powered by AppSense

Self Heal Actions

In this section:

About Self Heal Actions

When triggered, the Self Heal action restores environment items including files, processes, services and registry keys. Using Self Heal, computer and user settings can be restored to their original state in the event of software failure or when unauthorized changes have been made. The self healing mechanism restores settings in real-time. For example, if a Trojan virus is added to any of the Windows start up keys, Self Healing immediately removes the threat.

Self Healing can be used to ensure critical applications, such as security software, are restarted or repaired immediately following any failure resulting from malicious or accidental actions and provides security against the threat of malicious software attempting to infiltrate and alter registry settings or modify content.

Although the option to self heal the whole registry is available, it is resource intensive and is likely to impact performance. Therefore, when configuring Self Healing Registry actions, it is recommended that only those relevant sections of the registry are configured to be self healed.

Targeting only specific portions of the registry reduces the resource load on the Environment Manager Agent during run-time. Self Heal is particularly useful for healing important processes, files, services and registry keys that are critical to the day-to-day running of the system. Care should be taken to ensure that critical items remain unaltered by the Self Heal function.

Caution: Stability issues may arise if software patches or upgrades to areas of your system which you have chosen to self heal as Environment Manager automatically self heals these changes and removes them.

Currently only 32-bit and 64-bit applications are fully supported by the self healing process mechanism. It is not recommended to self heal DOS or 16-bit applications using this method. Attempting to self heal a DOS or 16-bit application process may present multiple instances of the same application in a short period of time.

Create a Self Heal Service Action

  1. In the Policy Configuration navigation tree, create a new node or select an existing node from within the Computer trigger.

    The Self Heal Service action is only available for Computer triggers.

  2. In the Actions ribbon, select Self Heal > Self Heal Service to display the Self Heal Services dialog.
  3. Click Add > Browse Services to open a Service Browser listing the services on the local machine. The service list for other machines in the Active Directory can be selected if required.

    Services can be entered manually by selecting Add > Add Entry and completing the fields with the service details.

  4. Select the required service and click OK. Multiple applications can be selected using the Ctrl or Shift keys.

    The services are added to the Self Heal Service dialog box.

  5. Set the Status for the service:
    • Always running
    • Never starts
  6. Click OK.

Each service creates an individual action in the node work area based on the status selected.

Each action can be edited by double-clicking to open the Self Heal Service dialog box.

Create a Self Heal Registry Action

  1. In the Policy Configuration navigation tree, create a new node or select an existing node.
  2. In the Actions ribbon, select Self Heal > Self Heal Registry to display the Self Heal Registry dialog.
  3. Select the ellipsis in the Main Key field to open a registry browser and select a registry key. The browser defaults to the registry of the local machine. This can be changed to the registry of remote machines using the Connect button.
  4. Click OK.
  5. The Main Key, Sub Key and Value Name (if applicable) fields are automatically populated. The fields can be completed and edited manually if required.
  6. Select the behavior required for the action:
    • Use default value - Select to maintain the default value for the registry keys on managed endpoints satisfying any associated conditions when triggered. This disables the Value Name field so it cannot be edited.
    • Ensure the registry item remains unchanged OR Ensure the registry item never exists - The action will not allow changes to the registry item or not allow it to be created.
  7. Click OK to create the action for the registry key selected using the defined criteria.

Create a Self Heal File Action

  1. In the Policy Configuration navigation tree, create a new node or select an existing node.
  2. In the Actions ribbon, select Self Heal > Self Heal File to display the Self Heal Registry dialog.
  3. Select the ellipsis (...) in the Filename field to open a Windows browser and select the required file. The file path and name can be entered manually if required.
  4. Select the behavior required for the action:
    • Make sure the file is always present - The action ensures that the file exists when triggered on managed endpoints which satisfy any associated conditions. Select the sub option Ensure the file is never changed to stop the file from being modified.
    • Make sure the file is not present - The action will not allow the file to be created.
  5. Click OK to create the action for the file using the defined criteria.

Create a Self Heal Process Action

  1. In the Policy Configuration navigation tree, create a new node or select an existing node.
  2. In the Actions tab, select Self Heal > Self Heal Process to display the Self Heal Process dialog.
  3. Select a process by navigating to the appropriate executable using the ellipsis in either the Process Name or Process Directory fields.
  4. In the Parameters field, enter any parameters, separated by spaces, which the service needs to run. For example, Auditing can take the name of a file in which it logs data. This can be entered as follows: -log C:\Temp\MyLogFilename.txt.
  5. Select the Run the process as SYSTEM user if required. This option is only available for actions in User triggers.
  6. Click OK to save the action.

Related Topics


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other