Persistent Installation vector (desktop)

Purpose

The Persistent Installation vector adds the agent to the target computer's firmware.

This type of infection has two great advantages:

Vector preparation

Compiling a factory with the Persistent Installation vector creates .zip FactoryName_windows_persistent.zip file in folder

Installing the agent

How to install the agent:

Step Action
1

Unzip FactoryName_windows_persistent.zip.

2

Copy the entire content of the unzipped .zip file to a FAT32 formatted key.

IMPORTANT: the key should only contain file FactoryName_windows_persistent.zip

3

Turn off the target computer and insert the key in the computer USB port.

4

Turn on the computer and boot from the inserted key: a window opens.

5 Continue the procedure following the on-screen instructions.
Infection activation conditions

If the agent was successfully installed, the infection is only activated the next time the computer reboots if at least one user was set. The infection only involves all users set when the infection is activated.

If installed on a computer that did not correctly follow the shutdown procedure or hybernated, the computer must be turned off and rebooted to activate the infection.

Check installation

Since the target computer shows no signs of agent installation, use RCS Console to check the installation before leaving the target's computer.

How to check installation:

If... Then...
The computer is new and no users have been set
  1. reboot the computer
  2. install Windows and set at least one user
  3. reboot the computer
  4. use RCS Console to check that the agent synchronizes and sends evidence
  5. reset the computer
users are already set on the computer
  1. reboot the computer
  2. check that the agent synchronizes with RCS Console and sends evidence