UnHackMe Corporative Edition - Technical Details

Allows you to protect any number of computers in the local network.

Coprorative Edition includes UnHackMeCorporative.exe.

UnHackMeCorporative.exe is used for customizing all settings on the user computers.

Getting Started

1. Open UnHackMeCorporative.exe.
2. Choose the "Common Parameters" tab.
3. Set the checking period in minutes and seconds.
4. Tick the "Hide icon" parameter to run UnHackMe in the invisible mode.
   UnHackMe will work in the backround and a user could not close it using UnHackMe icon in the system tray.
   But a use can close UnHackMe monitor (hackmon.exe) using Task Manager, Processes.
5. Click on the "Open Excusion List" to set up false positive items if it is required.
   UnHackMe will skip the items in the Exclusion list.

Open the Actions tab.

1. Tick the parameter "Write to Event Log".
   UnHackMe will add its record to the Application journal.
2. "Lock netowrk card" - disable network connection. It's useful to block rootkit propogation.
   To active connection again you need to open Control Panel, Network. Right click on the connection and choose Activate in the popup menu.
3. Posting log to Web Form.
   You need to setup special cgi script on your web server. Refer to "Web Posting" tab.
4. Sending .
   Specify the administrative computer on the "Admin Contacts" tab. UnHackMe sends a short message using "net send" protocol.
5. Sending alert by e-mail.
   You need to specify admin e-mail on the "Admin contacts" tab.
6. Executing a program.
   If you want to execute your program, type the full program name in the edit box.
7. Automatically stopping a rootkit.
   Be careful with this option, because UnHackMe will automatically kills a rootkit without asking user permission. Reboot is required.

Click on the OK button to save settings and close UnHackMe Corporative. This will create the "corp.ini" file in the UnHackMe Corporative folder.

1. Download the latest version of UnHackMe from web site:
   http://www.greatis.com/unhackme.zip
2. Install UnHackMe on your computer.
   It will be the basic folder for user installation.
   Usually it is "C:\Program Files\UnHackMe".
3. If all users have access to the shared network drive, create a folder on this drive for UnHackMe corp.ini file.
   Set the read permissions for users and the full rights for admins.
   Copy the "corp.ini" file to the folder.
   For example: s:\programs\unhackme.
   It must be the mapped drive, not the UNC path like \\server\program\unhackme.
   If you do not have common drive, copy the "corp.ini" to the UnHackMe folder.
4. Copy "aspr_keys.ini" file (unlock code), received from Greatis Software, to the UnHackMe folder.
5. Open "Compil32.exe".
   It is "Inno Setup" compiler for creating user installation.
6. Choose File, Open and locate for "unhackmecorp.iss" file.
7. Check the path names in the file with your paths and correct it if required.
8. If you use "corp.ini on the network drive, go to the end of file and locate for the text in the Registry chapter:
   Root: HKCU; Subkey: Software\Greatis\Unhackme; ValueType: string; ValueName: " UnHackMeCorp"; ValueData: "{app}\corp.ini"
   Change the "ValueData" to your network path.
   Set the Root to "HKLM" if you want to use UnHackMe for all users on the computer.
9. Press F9 to create installation file.

Silent Install

If you want to silently install UnHackMe to a user computers using logon script or a SMS software you amy use switches:

• /SILENT, /VERYSILENT - When Setup is silent the wizard and the background window are not displayed but the installation progress window is. When a setup is very silent this installation progress window is not displayed. Everything else is normal so for example error messages during installation are displayed and the startup prompt is (if you haven't disabled it with DisableStartupPrompt or the '/SP-' command line option explained above)
• /SP- Disables the "This will install... Do you wish to continue?" prompt at the beginning of Setup. Of course, this will have no effect if the DisableStartupPrompt [Setup] section directive was set to yes.
• /SUPPRESSMSGBOXES Instructs Setup to suppress message boxes. Only has an effect when combined with '/SILENT' and '/VERYSILENT'.
• /NOCANCEL Prevents the user from cancelling during the installation process, by disabling the Cancel button and ignoring clicks on the close button. Useful along with '/SILENT' or '/VERYSILENT'.
• /NORESTART