Detailed list of things to consider before performing a factory reset of an iCSP device

book

Article ID: 242276

calendar_today

Updated On:

Products

Industrial Control System Protection

Issue/Introduction

Before resetting the device to factory defaults, if certain steps are not taken first then it is very likely that individual computers will be unable to not access a USB device on their computers after has been scanned and or cleaned .

Cause

Exporting/backup of iCSP keys is important to do before

Environment

Release : 5.4.2

 

Resolution

To Export the ICSP keys file you would do the following:

 

  • Click Scan > Import / Export Key File
  • On the Export Key File section, click Download Key File.
  • Ensure that the downloaded ICSP keys file is kept at a secure location. After the upgrade, import the iCSP keys back into the unit

                 

To import the ICSP keys file:

Note: Importing the ICSP keys of another scanner station overwrites the existing keys. Create a backup (export) of the existing keys and store those at a secure location before importing the new keys.

 

  • Click Scan > Import / Export Key File.
  • On the Import Key File section, click the Choose Files icon.
  • Navigate to the location of the exported key and select the key file.
  • Click Import.

               

Warning: If you didn't do the previously mentioned steps then you will have to reinstall the agents since the keys won’t match--Or manually fix the key on the agent, then reboot it.

 

TESTING/COMPARING:

 

(a) iCSP Neural Keys - how to compare them and replace the Agents key details

(b) iCSP Neural - how to downgrade

(c) iCSP Neural - how to uninstall an agent from USB when USB is blocked due to the enforcement driver (edited)

 

COMPARING

 

  • On the Agent, check the registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ndevsec
  • Download (from the iCSP Neural Web UI) the agent install package (it will be found under Assets). Open that and look in the ini file for the RSA_N value, that should match the RSA_N value from the installed Agent directory
  • You can modify the registry key on the client to match the public_key.ini value, and then reboot the agent.

 

Steps:

  • Get the RSA_N: content from the public_key.ini file and replace it in the registry path of the windows client machine.
  • Now scan USB on scanner station 6.1.4, and you should be able open it on the client machine. NOTE: DO NOT REBOOT THE NEURAL UNIT or the key will change in the current 6.1.4 build that some customers already upgraded to

 

DOWNGRADING

 

If you need to downgrade the iCSP Neural unit from iCSP 6.1.4, ensure you have the correct key, then login to the unit and run the following to downgrade

 

  • Enable
  • Installed-systems load http://cdnup.bluecoat.com/latest/icsp_6_1_3-254821.bcsi
  • Reboot when prompted
  • Ensure when the unit boots back up, you select the 6.1.3 version
  • Upload the key back to the iCSP Neural Web UI

               

UNINSTALLING AGENTS

If we have mismatched Agents (keys are different) and you need to remove that agent,Modify the driver to allow start and stop, reboot, remove, reboot, reinstall

  • Set the value of Start at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndevsec to 3(on demand).
  • Reboot the system
  • The driver is not loaded and is not running.
  • You can then uninstall the agent.