Antidote delivery manager utilization, Major worm attack, Antidote – Lenovo THINKPAD Z60M User Manual
Page 79: Delivery, Manager, Utilization, Major, Worm, Attack

Certain
Microsoft
commands
are
also
available
to
Antidote
Delivery
Manager.
The
permitted
commands
include
all
commands
built
into
command
shell,
for
example
DIR
or
CD.
Other
useful
commands,
such
as
reg.exe
to
change
the
registry
and
chkdsk.exe
to
verify
disk
integrity,
are
available.
Antidote
Delivery
Manager
utilization
The
Antidote
Delivery
Manager
system
can
be
used
to
complete
a
wide
variety
of
tasks.
The
following
examples
demonstrate
how
the
system
might
be
used.
v
Simple
system
test
-
Display
notification
The
most
basic
use
of
the
system
is
to
display
a
single
message
to
the
user.
The
easiest
way
to
run
this
test
and
also
test
other
scripts
before
deployment
is
to
place
the
message
in
a
repository
that
is
a
local
directory
on
the
administrators
personal
computer.
This
placement
allows
rapid
testing
of
the
script
with
no
impact
to
other
machines.
v
Script
preparation
and
packaging
Write
a
go.rrs
script
on
any
machine
where
Antidote
Delivery
Manager
has
been
installed.
Include
a
line:
MSGBOX
/MSG
“Hello
World”
/OK
.
Run
the
APKGMSG
command
on
the
directory
containing
go.rrs
to
create
a
message.
v
Script
execution
Place
the
message
file
in
one
of
the
repository
directories
on
your
machine
and
observe
correct
operation.
When
the
agent
runs
next,
a
message
box
displays
with
the
“Hello
World”
text.
Such
a
script
is
also
a
good
way
to
test
network
repositories
and
to
demonstrate
features,
such
as
the
checking
of
repositories
on
resume
from
suspend
mode.
Major
worm
attack
This
example
demonstrates
one
possible
approach
to
combat
a
major
virus.
The
basic
approach
is
to
turn
off
networking,
then
reboot
to
Rescue
and
Recovery,
retrieve
fixes,
perform
repairs,
then
boot
back
to
Windows
XP,
install
patches,
and
finally
restore
networking.
A
single
message
might
be
used
to
perform
all
of
these
functions
through
the
use
of
flag
files
and
the
RETRYONERROR
command.
1.
Lockdown
phase
To
accomplish
lockdown
phase,
inform
the
user
what
is
about
to
happen.
If
the
attack
is
not
extremely
serious,
the
administrator
can
give
the
user
the
option
to
defer
the
fix
until
later.
In
the
most
conservative
case,
this
phase
would
be
used
to
disable
networking
and
provide
a
short
window,
such
as
15
minutes,
for
the
user
to
save
work
in
progress.
The
RETRYONERROR
command
is
used
to
keep
the
script
running
and
then
the
machine
can
be
rebooted
into
the
Rescue
and
Recovery
environment.
2.
Code
distribution
phase
an
repair
phase
Now
that
the
threat
of
infection
has
been
removed
by
disabling
the
network
and
rebooting
to
Rescue
and
Recovery,
additional
code
can
be
retrieved
and
repairs
accomplished.
The
network
can
be
enabled
or
only
certain
addresses
can
be
permitted
for
the
time
required
to
retrieve
additional
files.
While
in
Rescue
and
Recovery,
virus
files
can
be
removed
and
the
registry
can
be
cleaned
up.
Unfortunately,
installing
new
software
or
patches
is
not
possible
because
the
patches
assume
that
Windows
XP
is
running.
With
networking
still
disabled
and
all
virus
code
removed,
it
is
safe
to
reboot
to
Windows
XP
to
complete
repairs.
A
tag
file
written
at
this
time
directs
the
script
to
the
patch
section
after
the
reboot.
3.
Patch
and
recovery
phase
Chapter
5.
Antidote
Delivery
Manager
infrastructure
73