Crisis module

Behavior on desktop devices

The Crisis module is enabled (automatically or upon a specific action) and recognizes dangerous situations on the machine that may disclose the agent’s presence on the device (i.e.: a network sniffer running). Synchronization and all commands can be temporarily disabled.

This module increases the level of stealthness against protection software.

NOTE: Crisis can be enabled by default on the desktop device to allow the agent to automatically detect dangerous situations, and act accordingly (ie. going silent).

Behavior on mobile devices

The Crisis module is used to suspend activities that make heavy use of battery power. Based on its settings, this module can temporarily disable some functions.

On a mobile device, the Crisis module must be explicitly started by a specific action (i.e.: agent is started when the battery level is too low) and stopped when the anomalous situation terminates.

NOTE: this module does not create evidence.

Operating systems

Desktop: Windows, OS X

Mobile: Android, BlackBerry, iOS, WinMobile

Significant desktop data

On Desktops, the default settings should not be changed unless otherwise suggested by RCS Support Team.

Field Description
Inhibits Network

Inhibits synchronization when potentially dangerous processes are running.

Network Inhibitors List of processes that, if running, will prevent synchronization.
Inhibits Hooking Inhibits program hooking when potentially dangerous processes are running.
Hooking Inhibitors List of processes that, if running, will prevent hooking.
Process Process to be added to the list.
Significant mobile data

In the Mobile version, the functions to be blocked can be specified:

Field Description
Mic if selected, it prevents Mic audio recording
Call if selected, it prevents Call audio recording
Camera if selected, it prevents Camera snapshots
Position if selected, it prevents GPS use
Synchronize

if selected, it prevents synchronization

Warning: highly hazardous operation! Before preventing synchronization please contact HackingTeam support service! You agent may be permanently lost