You are here: Technician's functions > Appendix: modules > Crisis module

Crisis module

Behavior on desktop devices

The Crisis module is enabled (automatically or upon a specific action) and recognizes dangerous situations on the machine that may disclose the agent’s presence on the device (i.e.: a network sniffer running). Synchronization and all commands can be temporarily disabled.

This module increases the level of stealthness against protection software.

NOTE: Crisis can be enabled by default on the desktop device to allow the agent to automatically detect dangerous situations, and act accordingly (ie. going silent).

Behavior on mobile devices

The Crisis module is used to suspend activities that make heavy use of battery power. Based on its settings, this module can temporarily disable some functions.

On a mobile device, the Crisis module must be explicitly started by a specific action (i.e.: agent is started when the battery level is too low) and stopped when the anomalous situation terminates.

NOTE: this module does not create evidence.

Significant desktop data

On Desktops, the default settings should not be changed unless otherwise suggested by RCS Support Team.

Field Description
Inhibit network

Inhibits synchronization when potentially dangerous processes are running.

Inhibitors (network) List of processes that, if running, will prevent synchronization.
Inhibit Hooking Inhibits program hooking when potentially dangerous processes are running.
Inhibitors (Hooking ) List of processes that, if running, will prevent hooking.
Process Process to be added to the list.
Significant mobile data

In the Mobile version, the functions to be blocked can be specified:

Field Description
Microphone if selected, it prevents Mic audio recording
Calls if selected, it prevents Call audio recording
Camera if selected, it prevents Camera snapshots
Position if selected, it prevents GPS use
Synchronization

if selected, it prevents synchronization

Warning: highly hazardous operation! Before preventing synchronization please contact HackingTeam support service! You agent may be permanently lost

 

RCS9.3 | User's and Installation Guide | © COPYRIGHT 2013