Device cloning

This Article Applies to:

  • AVG Business Cloud Console
  • AVG Business On-Premise Console

The AVG Business Management Consoles come equipped with the functionality of device cloning/device mirroring. When cloning a master hard drive image or VM image with AVG Business Antivirus ready for a deployment to multiple machines around the network, you will need to carry out the following tasks on the master hard drive that you will be cloning.

In cases where the clones will have the same BIOS serial number, please use the steps in this article to ensure the devices are correctly identified.

On the master hard drive image or VM image:

  1. Open CMD as an administrator and enter the following command:
    • For 64 Bit OS: C:\Program Files (x86)\AVG\Antivirus\Business Agent\setup.exe -c
    • For 32 Bit OS: C:\Program Files\AVG\Antivirus\Business Agent\setup.exe -c
  2. Open the Antivirus client on the device
  3. Navigate to Menu ▸ Settings ▸ Troubleshooting ▸ uncheck the box beside Enable Self Defense
  4. From services.msc, stop these AVG Business Console services:
    • AVG Business Console Client
    • AVG Business Console Client Antivirus Service
  5. Delete the following directory: C:\ProgramData\AVG\Antivirus\var

After the above steps, the master hard drive image or VM image of the device can be shutdown / is ready to be cloned.

When the master hard drive image restarts and boots up, authentication will occur between the AVG Business Management Console and the image. The physical MAC address of the machine will be compared against the MAC(s) it has listed in the registry at the following key:

  • 64 bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVG\Business Agent
  • 32 bit: HKEY_LOCAL_MACHINE\SOFTWARE\AVG\Business Agent/Macs

You will see that the REG DWORD for these locations will be a value of 0=hex:00,0c,29,b2,15,f7

Since this is the master hard drive image or master VM image, the physical MAC address will find a match in the registry. In this case, the code will just continue on with the normal authentication instead of installing the client as though it were a clone.

First boot of a proper AVG Business Antivirus clone:

When a clone has been prepared using your cloning/ghosting software and is run for the first time, the physical MAC address of that machine will not find a match in the registry. This is because the MAC address for the cloned device has to be unique on a given network.

When this condition is detected during the first authentication (please see step 1), the code will perform the following:

  1. The MAC address entries in the registry will be cleared and rewritten with the physical MAC(s) of the clone.
  2. The ccl_id (unique machine id) will be cleared from the registry so that a new, unique one can be generated and stored.
  3. A Create Device request will be posted to the authentication server which will create a new device record for the clone with a new computer name, a new ccl_id and new nic(s) record(s) (please see above). A new device id is returned from the authentication server and this gets written to the registry as well as the local policy.
  4. The CL registry key value will be set to 0, and will not be set as 1.

Repairing a clone that was created without invoking setup.exe -c:

Open CMD as an administrator and enter the command: C:\Program Files (x86)\AVG\Antivirus\Business Agent\setup.exe -b

  • 64 bit: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVG\Business Agent
  • 32 bit: HKEY_LOCAL_MACHINE\SOFTWARE\AVG\Business Agent

The CL registry key value dword will be =dword:00000002

Once this registry key value has been written, the code will post a re-authentication message to the AvastTrayApp.exe which will start a re-authentication of the client against the authentication server.

During this re-authentication, all the same steps that are performed in the first step above are performed. The main difference being that the local active NIC record is automatically deleted from the master device record in the back-end database as well as from the clone's local policy database. When the clone repair is complete, the CL key value will be changed to 0 from value of 2.

In order for the -b (bad clone repair) option to complete on the clone, it must finish going through a complete re-authentication, this could take up to several minutes. Also, the master hard drive image or master VM image will need to go through a re-authentication as well in order for it to update the computer name in its device record and retrieve the updated NICs table. The master re-authentication may be manually invoked by the user or else it will happen automatically during the next reboot.