Device cloning

This Article Applies to:

  • Business Hub

The Business Hub comes equipped with the functionality of device cloning/device mirroring. When cloning a master hard drive image or VM image with Avast Business Antivirus ready for a deployment to multiple machines around the network, you will need to carry out the following tasks on the master hard drive that you will be cloning.

In cases where the clones will have the same BIOS serial number, please use the steps in this article to ensure the devices are correctly identified.

On the master hard drive image or VM image:

  1. Open CMD as an administrator and enter the following command:
    • For 64 Bit OS: C:\Program Files (x86)\AVAST Software\Business Agent\setup.exe -c
    • For 32 Bit OS: C:\Program Files\AVAST Software\Business Agent\setup.exe -c
  2. Open the Antivirus client on the device
  3. Navigate to Menu ▸ Settings ▸ Troubleshooting ▸ uncheck the box beside Enable Self Defense
  4. From services.msc, stop these Avast Business Console services:
    • Avast Business Console Client
    • Avast Business Console Client Antivirus Service
  5. Delete the following directory: C:\ProgramData\AvastSoftware\Avast\Var

After the above steps, the master hard drive image or VM image of the device can be shutdown / is ready to be cloned.

When the master hard drive image restarts and boots up, authentication will occur between the Business Hub and the image. The physical MAC address of the machine will be compared against the MAC(s) it has listed in the registry at the following key:

  • 64 bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Business Agent/Macs
  • 32 bit: HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Business Agent/Macs

You will see that the REG DWORD for these locations will be a value of 0=hex:00,0c,29,b2,15,f7

Since this is the master hard drive image or master VM image, the physical MAC address will find a match in the registry. In this case, the code will just continue on with the normal authentication instead of installing the client as though it were a clone.

First boot of a proper Business Hub clone:

When a clone has been prepared using your cloning/ghosting software and is run for the first time, the physical MAC address of that machine will not find a match in the registry. This is because the MAC address for the cloned device has to be unique on a given network.

When this condition is detected during the first authentication (please see step 1), the code will perform the following:

  1. The MAC address entries in the registry will be cleared and rewritten with the physical MAC(s) of the clone.
  2. The ccl_id (unique machine id) will be cleared from the registry so that a new, unique one can be generated and stored.
  3. A Create Device request will be posted to the authentication server which will create a new device record for the clone with a new computer name, a new ccl_id and new nic(s) record(s) (please see above). A new device id is returned from the authentication server and this gets written to the registry as well as the local policy.
  4. The CL registry key value will be set to 0, and will not be set as 1.

Repairing a clone that was created without invoking setup.exe -c:

Open CMD as an administrator and enter the command: C:\Program Files (x86)\AVAST Software\Business Agent\setup.exe -b

  • 64 bit: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Business Agent
  • 32 bit: HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Business Agent

The CL registry key value dword will be =dword:00000002

Once this registry key value has been written, the code will post a re-authentication message to the AvastTrayApp.exe which will start a re-authentication of the client against the authentication server.

During this re-authentication, all the same steps that are performed in the first step above are performed. The main difference being that the local active NIC record is automatically deleted from the master device record in the back-end database as well as from the clone's local policy database. When the clone repair is complete, the CL key value will be changed to 0 from value of 2.

In order for the -b (bad clone repair) option to complete on the clone, it must finish going through a complete re-authentication, this could take up to several minutes. Also, the master hard drive image or master VM image will need to go through a re-authentication as well in order for it to update the computer name in its device record and retrieve the updated NICs table. The master re-authentication may be manually invoked by the user or else it will happen automatically during the next reboot.

Scripts

These scripts can be applied for all virtualization types, not just Hyper-V, and can repair existing clones.

Display the BIOS UUID

$VMName = 'vmname'

(Get-CimInstance -Namespace Root\Virtualization\V2 -ClassName Msvm_VirtualSystemSettingData -Filter "ElementName = '$VMName'").BiosGUID

pause

Change the UUID after reboot

$VMName = 'vmname'

$MSVM = gwmi -Namespace root\virtualization\v2 -Class msvm_computersystem -Filter "ElementName = '$VMName'"

# get current settings object

$MSVMSystemSettings = $null

foreach($SettingsObject in $MSVM.GetRelated('msvm_virtualsystemsettingdata'))

{

$MSVMSystemSettings = [System.Management.ManagementObject]$SettingsObject

}

# assign a new id

$MSVMSystemSettings['BIOSGUID'] = "{$(([System.Guid]::NewGuid()).Guid.ToUpper())}"

$VMMS = gwmi -Namespace root\virtualization\v2 -Class msvm_virtualsystemmanagementservice

# prepare and assign parameters

$ModifySystemSettingsParameters = $VMMS.GetMethodParameters('ModifySystemSettings')

$ModifySystemSettingsParameters['SystemSettings'] = $MSVMSystemSettings.GetText([System.Management.TextFormat]::CimDtd20)

# invoke modification

$VMMS.InvokeMethod('ModifySystemSettings', $ModifySystemSettingsParameters, $null)

pause