LabTech

HitmanPro
HITMANPRO 1

Overview ................................................................................................................................... 1
How it Works ............................................................................................................................ 1
HitmanPro Setup ..................................................................................................................... 3
Enabling/Disabling Licensing on Agents .............................................................................. 3
Adding HitmanPro Licenses................................................................................................... 4
Scanning for Threats on an Agent ......................................................................................... 4
Cleaning Threats on an Agent................................................................................................ 5
Uninstalling HitmanPro ........................................................................................................... 7
Document Revision History.................................................................................................... 7

Overview
HitmanPro checks for all forms of malicious software, including viruses,
trojans, rootkits, worms, spyware, fake software and keyloggers and can
be used in conjunction with other antivirus software for added security.

LabTech has created six HitmanPro scripts to find and clean potential threats, disable
or enable HitmanPro licensing on an agent, as well as uninstall HitmanPro. These
scripts must be downloaded from the Marketplace.

 HitmanPro Free Scan

 HitmanPro Licensed Clean
 HitmanPro Incident Clean
 HitmanPro Disable Licensed – Uncheck on Agent
 HitmanPro Enable Licensed – Check on Agent
 HitmanPro Uninstall

How it Works
All agents are initially placed into the ‘Anti Malware/HitmanPro/Unmanaged’ group.
The ‘HitmanPro Enabled Licensed – Check on Agent’ script is run at the client,
location, group or agent level and selects the Licensed checkbox on the Info >
HitmanPro screen of the agent computer. The auto join then moves the agents
where the Licensed checkbox is selected into the ‘Anti
Malware/HitmanPro/Managed’ group. Agents that appear in the managed group are
automatically cleaned if there are any threats detected when the ‘Licensed Clean’
script runs daily at 1a.

The ‘HitmanPro Free Scan’ script scans the agent computer(s) in the unmanaged
group to check to see that HitmanPro exists on the agent and if it does not exist, it
will download it from the LTShare\Transfer directory to the agent. Once the software
has been verified to exist on the agent, the script will initiate a scan of the agent. The
results of the scan are stored in a log file (ltsvc\packages\hitmanpro folder on the
agent) and named the name of the computer.xml. Each of the HitmanPro scripts will
wait a maximum of 45 minutes until the scan is completed before checking for log
results. LabTech then parses this data and stores it in extra data fields located on
the Info tab of the agent (double-click on the agent from the navigation tree and click
on the Info > HitmanPro tab).

29B.51.155.HitmanPro.docx 1
 HitmanPro

NOTE: By default, you will only receive alerts when threats are found. If you want
tickets to be created, create the property ‘_slnHitmanProEnableTicketing’ and set the
value to ‘1’. For information on how to create properties, refer to the Properties
documentation.

If there are any threats indicated, there are two different scripts that can be used to
clean the computer. The ‘HitmanPro Licensed Clean’ script is used when there is a
full license of HitmanPro for the computer, client or system; whereas, the ‘HitmanPro
Incident Clean’ script is used for the one-offs where a full license is not available.
The ‘HitmanPro Licensed Clean’ script is scheduled to run at 1a every day on agent
computers that are in the ‘Anti Malware/HitmanPro/Managed’ group; whereas, the
‘HitmanPro Free Scan’ script is scheduled to run at 1a every day on agent computers
that are in the ‘Anti Malware/HitmanPro/Unmanaged’ group. Each option is explained
further below.

The ‘HitmanPro Licensed Clean’ script will check for a license key using the ‘LabTech
License Retrieve’ function to see if there is an available license. The license check
process will first look for a computer license, then a client license and then finally a
system license. If a license cannot be found at any level, then the script will create a
ticket and exit. If a license is found at any of the levels, then the license will get
populated in the Product Key field on the HitmanPro tab of the Agent > Info
screen. The script will then download the HitmanPro executable from the
LTShare\Transfer directory and run the licensed executable to clean the threats. The
results of the clean will be stored in ltsvc\packages\HitmanPro folder and parsed to
the extra data fields on the Info > HitmanPro tab of the agent. The clean log is
named the name of the computer-clean.xml. The scan may need to reboot to finish
cleaning serious threats. If this is the case, a pop-up message will display to the end-
user asking to reboot the computer. If the user answers ‘no’ or the computer is not
logged in, then the script will create a ticket indicating that the computer needs a
reboot to finish remediation. The script will NOT automatically reboot a computer
without the end-user’s consent. If the end-user answers ‘yes’, then the script will
reboot the computer.

The ‘HitmanPro Incident Clean’ script will check for a HitmanPro incident token key
using the ‘LabTech License Retrieve’ function. The token check process will first look
for a computer token, then a client token and then finally a system token. If a token
cannot be found at any level, then the script will create a ticket and exit. If a token is
found at any of the levels, then the license will get populated in the Product Key field
on the HitmanPro tab of the Agent > Info screen.

NOTE: Clean scripts can be scheduled without taking all of the licenses, because
the LabTech License Retrieve function will look to see if there is already a license
associated with an agent computer and not pull a new license or reduce the total
available.

The script will then download the HitmanPro executable from the LTShare\Transfer
directory and run the licensed executable to clean the threats. The results of the
clean will be stored in the same log file as the scan log file and parsed to the extra
data fields on the Info > HitmanPro tab of the agent. The scan may need to reboot
to finish cleaning serious threats. If this is the case, a pop-up message will display to
the end-user asking to reboot the computer. If the user answers ‘no’ or the computer
is not logged in, then the script will create a ticket indicating that the computer needs
a reboot to finish remediation. The script will NOT automatically reboot a computer
without the end-user’s consent. If the end-user answers ‘yes’, then the script will
reboot the computer.

29B.51.155.HitmanPro.docx 2
 LabTech

NOTE: As licenses or tokens are used, they will be marked as such and will be
removed from the Licenses Remaining total, seen in the License Manager. Refer
to the License Manager documentation for more information.

HitmanPro Setup
The HitmanPro solution is only available by download from the Marketplace. For
detailed information on how to use the Marketplace, refer to the Marketplace
documentation.

1. From the Marketplace, download the ‘HitmanPro Setup’ script. When prompted
to download all dependencies, click Yes.
2. When the script and its dependencies have finished downloading, click Finish
and close the Marketplace.
3. From the Control Center, select Tools > Reload System Cache. The scripts
may appear in a previously created folder or at the ‘root’ of Scripts. The
following steps to run the setup script will put the scripts into the proper folder;
however, you must locate the setup script first. Do not move the scripts
manually.
a) Right-click on Scripts and select Find Script and enter ‘Hitman’ to find the
location of the scripts (e.g., Anti-Virus\HitmanPro).
4. Run the ‘HitmanPro Setup’ script ONCE on the LabTech server.
a) Navigate to your LabTech server. If you are a Cloud partner, run the script in
the same fashion except run it on an agent that is checking into your system.
b) Right-click and select Scripts > XXX > HitmanPro Setup (where XXX is the
folder that the scripts are currently residing in).
c) Accept the defaults to Run Right Now in the script scheduler and click
Create. The script will create all the groups, extra data fields, folders, auto
join searches needed for HitmanPro. Additionally, it will also move all of the
scripts that were downloaded to the correct Anti-Virus > HitmanPro script
folder.

Enabling/Disabling Licensing on Agents

All agents are initially placed into the ‘Anti Malware/HitmanPro/Unmanaged’ group.
Agents will be scanned daily at 1a for any threats but will not be cleaned
automatically unless you enable licensing on these agents.

To enable licensing on agents:

1. Run the ‘HitmanPro Enable Licensed – Check on Agent’ script on the desired
agents to enable licensing. This script selects the Licensed checkbox on the
Info > HitmanPro screen of the agent computer. The auto join then moves the
agents where the Licensed checkbox is selected into the ‘Anti
Malware/HitmanPro/Managed’ group. Agents that appear in the managed group
are automatically cleaned if there are any threats detected when the clean script
runs daily at 1a.

To disable licensing on agents:

1. Run the ‘Hitman Pro Disable Licensed – Uncheck on Agent’ script on all agents
to disable licensing. This will remove the checkmark in the Licensed checkbox

29B.51.155.HitmanPro.docx 3
 HitmanPro

on the Info > Hitman Pro screen of the agent computer. The auto join then will
move these agents to the ‘Anti Malware/HitmanPro/Unmanaged’ group. The
agent will continue to be scanned but will not be cleaned automatically if any
threats are detected.

Adding HitmanPro Licenses

Refer to the License Manager documentation for adding HitmanPro licenses to the
LabTech system.

Scanning for Threats on an Agent

The following instructions assume you have already downloaded the HitmanPro
solution from the Marketplace.

To scan for threats on a client, location, agent or group:

2. From the Control Center, right-click the target client, location, computer or group
and select Scripts > Anti-Virus > HitmanPro > HitmanPro Scan. Once
selected, the Schedule a Script window will display.
Figure 1: Schedule Script

3. The Start Date and Time will default to the current date and time. You can use
the drop-down to bring up a calendar to select a different date. Time can be
entered manually.

29B.51.155.HitmanPro.docx 4
 LabTech

4. Select the frequency in which to run the selected script. Available options are:
one time only, daily, weekly, bi-weekly and monthly.
5. Select the Run Right Now checkbox to run the script right now.
6. Select where you want to run the script. The available options will be dependent
on where you chose to run the script. If you selected a specific computer to run
the script, you will see all options (computer, client, location and these groups).
To run it on a group instead of the specific computer, right-click in the white area
and select the appropriate groups.
7. If you chose a client, location or group, the Search Limiting drop-down allows
you to limit the computers to a specific search. For example, you can limit the
computers to run the script on for the selected client, location or group to just
Windows Desktops by selecting the 'Computer Types\Computers – Windows
desktop' search from the Search Limiting drop-down.
8. Click Create. Once scheduled, you can view the status by double-clicking on the
agent or an agent that is associated with the client, location, or group and then
clicking on the Scripts tab.
Figure 2: Script Results

9. When the script has completed, click on the Info > HitmanPro tab to view the
scan results.
Figure 3: Scan Results

10. If any threats are indicated in the Current Threats field, run the ‘HitmanPro
Incident Clean’ or ‘HitmanPro License Clean’ script to clean the threat.

Cleaning Threats on an Agent

To clean threats that have been found on an agent:

1. From the Control Center, right-click the target computer and select Scripts >
Anti-Virus > HitmanPro > HitmanPro Incident Clean or HitmanPro License
Clean. The script selection you choose will depend on whether you have a
licensed agent or an unlicensed agent. Once selected, the Schedule a Script
window will display.

29B.51.155.HitmanPro.docx 5
 HitmanPro

Figure 4: Schedule Script

2. The Schedule a Script window will default to the current time and to only run the
script once, right now. Accept these defaults or make the desired changes and
click Create.

IMPORTANT: Do not schedule the clean scripts to be reoccurring as this will count
against your licenses.

3. Once scheduled, you can view the status by double-clicking on the agent or an
agent that is associated with the client, location, or group and then clicking on the
Scripts tab.
Figure 5: Script Results

4. When the script has completed, click on the Info > HitmanPro tab to view the
scan results.

29B.51.155.HitmanPro.docx 6
 LabTech

Figure 6: Scan Results

Uninstalling HitmanPro
The ‘HitmanPro Uninstall’ script allows you to decommission an agent computer and
re-use the license that was assigned to that computer.

The script will check the database to see if the agent computer has a license. If a
license is found, then the script runs the deactivate function to return the license
count available up by one and then deactivate the computer from counting against
the license count for the partner. Then, the script deletes all HitmanPro files from the
agent computer.

To uninstall HitmanPro:

1. From the Control Center, right-click the target computer and select Scripts >
Anti-Virus > HitmanPro > HitmanPro Uninstall. Once selected, the Schedule
a Script window will display.
2. The Schedule a Script window will default to the current time and to only run
the script once, right now. Accept these defaults or make the desired changes
and click Create.
3. Once scheduled, you can view the status by double-clicking on the agent and
then clicking on the Scripts tab.

Document Revision History

Date Notes
10/23/2012 New for 2012 SP1
12/20/2012 Added enabling/disabling licensing.
Changed the name of the scan script.
Added instructions for setup.
02/05/2013 Added information for running the Hitman Pro Setup script for
Cloud partners.
02/18/2013 Added property information to control alerts/tickets when threats
are found and uninstall information.
03/25/2013 Scripts updated to wait a maximum of 45 minutes until scan is
completed before checking for log file results.

29B.51.155.HitmanPro.docx 7