Reconfigure a Golden Image after its AMP services are restarted
This document describes the steps how to reconfigure a 'Golden Image' after AMP services are started again before freezing the image to deploy Advanced Malware Protection (AMP) for Endpoints on VDI hosts.
This works with Virtual Machines (VM) or Hardware 'Golden Image' use. A 'Golden Image' is used for the installation of the AMP for Endpoints connector on multiple hosts from one image file.
Knowledge to navigate and edit Windows Registry.
Knowledge to use Windows OS command prompt.
Knowledge of Virtual environments.
Note: This article needs to be followed when AMP services are restarted on Golden Image which was earlier configured for AMP for Endpoints with below articles reference: For 6.3.1 or later versions, click here. For 6.2.x or earlier versions, click here.
Note: This article also needs to be followed after the AMP connector is upgraded on Golden Image.
This document is not restricted to specific software and hardware versions.
Check if a reconfiguration of a Golden Image is required
Step 1. Check the status of Cisco AMP for Endpoints on Golden Image, if it is connected.
Step 2. Check if you see connector UUID populated in local.xml, which is located in AMP installation directory (default: 'C:\Program Files\Cisco\AMP').
If you see connector UUID populated in the local.xml file of the Golden Image then reconfiguration is required.
Step 1. Stop the AMP service on the Golden Image, as described in this article.
Step 2. Open policy.xml from AMP installation directory (default: 'C:\Program Files\Cisco\AMP') and verify if the install-token is present, as shown in the image.
This install-token in policy.xml helps your VDI connectors to join the correct group and not fall back to the default group.
Step 3. If the policy.xml on your Golden Image does not contain the above install-token configuration, uninstall AMP and reinstall it with a newly downloaded 'redistributable' connector installer from the AMP Cloud.
Step 4. Delete local.xml file from the AMP installation directory (default: 'C:\Program Files\Cisco\AMP').
Step 5. Create a new local.xml on Desktop with a blank configuration, as shown in the image.
Note: The extension of the file must be .xml
Step 6. Copy this local.xml with blank config in the AMP installation directory (default: 'C:\Program Files\Cisco\AMP').
Step 7. Type regedit in the Start menu or at the Run prompt to open Registry Editor.
Step 8. Navigate to 'HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Immunet Protect' and delete the highlighted entries, as shown in the image.
You can also delete them from the command line. To do so open the command prompt (CMD) as an administrator and execute commands as follows:
Note: Do not restart the Golden Image or restart AMP service to avoid redoing the above steps again.
The host is ready to be frozen and distributed. Once the cloned host boots up, AMP starts and registers to the Cloud. No further action is required with regards to the connector's configuration unless there are changes that you want to make to the policy or host.