@racer2991, I would strongly advise against utilizing the download command and instead leveraging a prefetch block and add prefetch item for any objects that need to be securely downloaded to your managed endpoints. With this approach you can leverage substitution relevance to specify the required security parameters (i.e. object size, SHA1 and/or SHA256) to ensure the integrity of the payload being delivered to your managed endpoints. For example, the following relevance pulls the required object data from a downloaded text file and creates the necessary add prefetch item for a prefetch block.
add prefetch item {concatenation “; " of (“name=” & following text of last “/” of preceding text of last “/” of tuple string item 1 of it & “_” & following text of last “/” of tuple string item 1 of it & " sha256=” & tuple string item 3 of it & " size=" & tuple string item 2 of it & " url=https://download.server.url" & tuple string item 1 of it) of (concatenation ", " of substrings separated by “;” of it) of lines whose (it starts with “OS-NAME”) of file “MANIFEST-FILE-NAME” of folder “SITE-NAME” of parent folder of client folder of current site}
Please note that the above is a fairly advanced client relevance statement and still requires the prefetch block components as well.