Adder IPEPS as a remote antivirus

The Adder company designs and manufactures a great variety of equipment for the remote control of PCs, laptops and servers. One of these devices is Adder IPEPS whose main features have already been studied and described. For the devices of such kind there is a relatively new feature which allows emulating an external USB-drive for the device under control: a floppy disc-drive, a flash-card, an external hard drive, a CD-drive, and may be used for transmitting data in cases when a network connection does not exist or is unavailable on the computer under control. As the emulation process is a hardware one (from the point of view of the controlled device), the operational system of the remote PC doesn’t take part in the emulation process itself, consequently, BIOS will also detect the connected USB-drive and will allow booting from it. In our case as a controlled PC we’ve chosen a platform on the ASUS P7H55 motherboard with the 0602 BIOS version which had been adjusted for booting from a virtual Adder adapter.

For the successful booting process, we should mount an image of a bootable disc for which we go to the Adder IPEPS web-page. There or from the producer’s site we download the VNC Viewer utility, launch it, connect to IPEPS and mount an iso-image or a real CD/DVD disc.

If everything has been done correctly, the computer will start booting as if it had a real drive with a real disc or a bootable flash-card connected to it. The only difference is that the bandwidth will only be 5 Mbps. However, our discriminating reader may have long been wondering what all this complicated and nonstandard booting is for. The answer is quite simple – it’s all down to the flexibility and convenience of remote administration. A company with geographically remote offices doesn’t need to have a qualified system administrator in every office as all actions on the recovery of an OS, software or drivers may be done remotely from the headquarters.

Imagine a computer or a laptop has been attacked so deeply that the operational system ceased to boot. In this case a local administrator could insert a Kaspersky Rescue Disk or Dr.Web LiveCD into the drive, boot from it and check for viruses. To do the same thing, the remote administrator will have to make the user connect the already configured IPEPS to his PC or laptop. Then the disc image is mounted to the remote system over the network and the same booting and checking for viruses is performed.

We tried to boot a computer from the disc images of two major Russian producers of antivirus software: Dr.Web (5.0.3) and Kaspersky (9.0). Unfortunately, we failed to boot with the latter after which we sent a request to the technical support of the Kaspersky Lab. They recommended using the newer version (10) of the image which is available for download from their site. The 10th version was loaded without a hitch. Below you can see the work of both producers’ antivirus discs.

Beside the remote antivirus checking of the infected computer, the administrator can also test hardware components of the controlled PC with the help of any software available in the central office if any suspicions about the hardware arise. Below you can see the work of the Memtest86 v2.01 program.

If the hardware is all right but it’s impossible to restore the system, the administrator can remotely reinstall it still using the Virtual Media Adder IPEPS function without resorting to the help of the remote office colleagues.

In the end, we would like to look once again at the constraints of the Virtual Media technology: the maximum volume of the drive emulated by the Adder IPEPS is 2 GB and the maximum bandwidth is 5 Mbps, which will have to be taken into account while recovering the remote PC. However, in our view, these constraints are nothing in comparison with the convenience of control and the efficiency of the remote PCs, servers and laptops recovery with the help of Adder IPEPS.

The author wishes to thank the KVMinfo company for providing the equipment for testing.

Add comment


Security code
Refresh

Found a typo? Please select it and press Ctrl + Enter.