Golden Image

Golden Image is for customers who want to use the same Operating System Images to start new machines. As we use the computer name/hostname of the machine/asset as a unique identifier for the machine/asset, customers cannot use the same image in which AIR responder is already installed without newly introduced golden image support.

It basically cleans some configuration options set during registration and then disables and stops the AIR responder service before the image of the operating system is taken. To do this, we use --prepare-golden-image flag that is explained below. This must be called before the imaging process takes place.

After the image is prepared, the user must use --init-golden-image flag, which is explained below before the image is used to create a new instance.


The user must use this flag before creating a golden image.


"C:\Program Files (x86)\Binalyze\AIR\responder\AIR.exe" configure --prepare-golden-image


/opt/binalyze/air/responder/air configure --prepare-golden-image

This flag does the following:

  • Stops the service.

  • Disables the service.

  • Cleans the RegisteredTo, SecurityToken, and EndpointID fields in the config.yml.

  • Uninstalls the watchdog (if tamper detection was enabled)


This flag activates the responder again after the golden image is up and after the hostname is changed.


"C:\Program Files (x86)\Binalyze\AIR\responder\AIR.exe" configure --init-golden-image --deployment-token 769aca0ff45a433a --console-address --organization-id 0


/opt/binalyze/air/responder/air configure --init-golden-image --deployment-token 769aca0ff45a433a --console-address --organization-id 0

Note: The use of --deployment-token is required. Because the deployment token is clean after the registration of the AIR responder. The use of --console-address and --organization-id is optional. They are used to overwrite the console address and organization ID, which are already set in the configuration file at the first installation before the image was taken.

This flag does the following:

  • Updates the DeploymentToken, ConsoleAddress, and OrganizationID values entered as a command in the config.yml.

  • Starts the service.

  • Enables the service.

  • Watchdog is installed automatically after registration if it is enabled by AIR Console.


Exit code other than 0 (zero) means an error occurred while executing commands. The terminal will print the error messages, and also log file will contain the error messages.

If something goes wrong, the first option is to re-run the same command.

If a re-run of the command doesn’t succeed, the user should perform the same steps manually.

Last updated