Jump to content

HP Notebook Tracking and Recovery Service

» Contact HP
Products & Services
Support & Drivers
Solutions
How to Buy

Frequently Asked Questions

Content starts here

HP 1 year Notebook Tracking and Recovery Service UL724E
Compatibility: View complete compatibility list

Product Overview

» What is HP Tracking and Recovery Service?

This service provides Computer Theft Recovery, Data Protection and Secure IT Asset Management. The product is centrally managed by your IT department, and designed for customers with remote and mobile users. In the area of computer theft, the product deters theft, minimises computer drift and recovers stolen computers. If your computer is stolen, the Recovery Team works with law enforcement to track and recover it. The remote data deletion function (“Data Delete”) enables customers to remotely delete sensitive data on target computers that have been stolen or lost. It can also be used for lifecycle management to ensure that computers are left clean and free of sensitive data at the end of their life or lease. For IT asset management, this new service gives IT staff visibility to up to 100% of their connected computer assets, including the 40% of computer assets that Gartner Group says are unaccounted for at any given point in time.

» How does HP Tracking and recovery service remotely track and protect computers?

This service tracks the location of your computer using a small and undetectable software agent (“Computrace Agent”), enabling the computer to report its location to the confidential and secure Monitoring Centre each day it connects to the Internet. As well as collecting location data, the Computrace Agent also collects user, hardware and software information to help you track and manage your remote assets. You can also set up a Data Delete request so that sensitive data on a stolen or missing computer is deleted the next time the computer calls in to the Monitoring Centre.

» How do I view information about my computer assets?

Users (typically IT departments) are able to view various asset management modules via the online Customer Centre website (“Customer Centre”). These modules (or reports) allow IT to better enable their organisation in the area of IT Asset Management.

» How does HP Tracking and Recovery service work?

The service is more than just software – it’s like having your own security team watching over your computer. Here’s how it works:

  • The Computrace agent must be installed for the service to work – the agent is installed via a standard MSI and can be deployed using traditional software deployment tools or via imaging. The client software is small, stealthy and hidden on the computer.
  • Your computer reports location, user, hardware and software information to the confidential, secure Monitoring Centre every day it connects to the Internet.
  • You track and manage your computer assets, including remote/mobile computers, using reports, alerts and administration functions from the secure Customer Centre website.
  • If your computer is stolen, the full-service Recovery Team works with local law enforcement agencies to track and recover it.
  • There is a Data Delete function that can be performed on your stolen computer to keep sensitive data from falling into the wrong hands. (For further details, see the Data Delete section below.)

Computrace Agent

» Can the Computrace Agent be removed?

The Computrace Agent is extremely difficult to remove. The HP Tracking and Recovery service incorporates a self-healing technology that we call “persistence”, which essentially rebuilds the agent software installation even if the agent service is deleted by conventional means.

The self-healing function is not resident within the file system and is more difficult to detect and remove than “normal” software. The persistent and self-healing portion of the software is difficult to remove because it is stealthy. The software is normally removed only by an authorised user with the correct password. The self-healing feature will repair the service installation in newly formatted and installed operating systems as well as freshly imaged systems. This “persistent” design is maximized in laptops with the persistence module in the firmware.

» What needs to be in place for the agent to be persistent?

There are two levels of persistence for the Computrace agent. The highest level of persistence occurs when the persistent module is embedded into the firmware of the computer. In this solution, there is no additional hardware or software configuration needed for the agent to be persistent.

» Can the Computrace Agent be detected?

The Computrace Agent is very difficult to detect. The Computrace software runs as a non-descript service, and is not listed as an application. As well, the product does not show up on the programs menu listing or as a system tray icon.

» What is the footprint, or size, of the agent?

The Computrace agent has a very small footprint, requiring less than 100KB of disk space.

» Will the agent degrade our network, or clog it up?

Computrace agent communications require very little bandwidth and should have a negligible effect on your network traffic. A typical agent call requires less than 200KB of bandwidth.

» Is the agent easy to install?

The Computrace agent is installed via a standard MSI and can be deployed using traditional software deployment tools or via imaging. The install of the Computrace agent also activates the self-healing capability in the BIOS (see the ‘”Can the Computrace Agent be removed?” section above).

Connectivity

» How often does the Computrace Agent contact the Monitoring Center?

The call frequency is typically set to once daily and is automatically reset to call every 15 minutes after a computer has been reported stolen or lost.

» Can the Computrace Agent work through firewalls (including personal firewalls) to reach the Internet?

Yes. The goal is as close to zero-configuration as possible. In some configurations, older versions of the Computrace agent require the user to permit Internet access the first time it attempted to contact the Monitoring Center. Newer versions of our agent enhance the zero-configuration paradigm so that this first connection permission is not required.

» Will the Computrace Agent work with a DSL or cable Internet service?

Yes. Computrace will work over a dial-up connection or with any Internet connection (e.g., cable, DSL, wireless).

Data Delete Overview

» What is Data Delete?

The remote data deletion function (“Data Delete”) of HP Tracking and Recovery service enables customers to remotely delete sensitive data on target computers that have been stolen or lost. If your computer goes missing, you can set up a Data Delete request so that sensitive data on the computer is deleted the next time the computer calls in to the Monitoring Center. It can also be used for lifecycle management to ensure that computers are left clean and free of sensitive data at the end of their life or lease.

» How do I perform a Data Delete?

In order to use the Data Delete service, customers first sign a Pre-Authorization agreement. Customers who wish to use the data delete service must nominate a member of their own staff and complete a signed document to authorize control of this feature.

» Once Data Delete is pre-authorised, how do I request a Data Delete?

When a computer is lost or stolen, or when it’s ready to be disposed of or returned to a leasing company, and you wish to delete data on the remote computer, you can initiate Data Delete as follows:

  1. An authorized Data Delete Administrator, logs into the Customer Center and selects the computer for deletion.
  2. When that computer next connects to the Internet, the Data Delete operation will be launched. When the Data Delete completes, a logfile, containing a list of deleted files and directories, is uploaded to the Customer Center. An authorised Data Delete Administrator logs into the Customer Center, notes that the Data Delete is complete and views the logfile to confirm the deletion.

» Can the data be recovered from fixed disks/magnetic media once it has been deleted?

No. The data is not recoverable. The Data Delete operation uses an algorithm that far exceeds the recommendations documented by the United States National Institute of Standards and Technology. For further details, see NIST Special Publication 800-88: Guidelines for Media Sanitization: Recommendations of the National Institute of Standards and Technology, referenced here. The "NIST 800-88" document provides the specifications for wiping disk storage to guarantee that all data previously contained on that magnetic media is permanently erased. When most computers delete a file, the computer does not actually remove the contents of the file but rather simply unlinks the file from the file directory system, leaving the contents of the file in the disk sectors. This data will remain there until the operating system re-uses the same sectors when writing new data. Until the old data is overwritten (which may take months or even longer) it can be recovered by programs that read disk sectors directly, such as forensic software. In addition, even if a sector is overwritten, the phenomenon of data remanence (the residual physical representation of data that has been in some way erased) can make deleted data forensically recoverable. In order to be sure that a file has been deleted properly, it is necessary to overwrite the data sectors of that file. It is not sufficient to erase or format the drive, as there are numerous tools available to recover “lost” data on disk drives.

This specification requires that every single location on a magnetic media device is written to three individual times, first by writing a fixed value (0x00) once, then its complement value (0xff) once, and finally random values once. The used Data Delete algorithm exceeds this standard by overwriting the data 7 times (rather than 3) and by performing additional operations. The algorithm:

  1. Overwrites the target area 7 times – the first 6 writes with an alternating pattern of 1s and 0s and the final write with a random value
  2. Writes random data to the file
  3. Changes the file attributes to “directory”
  4. Changes file date/time stamp to a fixed value
  5. Sets the file size to “0”
  6. Changes the file name to a randomly-generated file name
  7. Removes the new file name from the directory

» Does Data Delete Adhere to the US Department of Defense 5220.22-M Magnetic Media Sanitizing Standard?

No. There are no software-only solutions that adhere to this standard, as it requires physical destruction of the media by disintegrating, incinerating, pulverizing, shredding or melting the disk drive.

» Do I have to delete the whole drive or can I choose specific files or directories?

The Data Delete service is currently offered with 3 levels of Data Delete:

  1. File- or Directory-Specific Data Delete (PC Only) – User chooses specific files, filetypes and/or directories to be deleted – the computer will remain operational after the Data Delete process, assuming the user does not delete OS directories. For instance, you could choose to delete everything in the “My Documents” directory and all Word, Excel, Powerpoint and PDF documents, regardless of where they are on the drive. To use the File/Directory level option, you must first create a Data Delete policy from the Administration->Data Delete menu.
  2. Full Data Delete Excluding the Operating System (OS) – all files excluding the OS removed from the hard drive – the computer will remain operational after the Data Delete process.
  3. Full Data Delete With Operating System (OS) – all non-OS files and some of the OS files removed from the hard drive. All user files (including programs and data) will be wiped and enough of the OS files to stop the computer from booting but some OS files will remain. The computer will not be operational when the Data Delete process completes.
In the case of a full deletion with OS, the Data Delete is a 2 phase operation – first all files except the OS are deleted, a logfile is uploaded listing all the files deleted and then the OS deletion is launched. As the Computrace Agent will not be able to call once the OS deletion is in progress, the Data Delete is set to Complete after the non-OS deletion is complete.

» Which operating systems is Data Delete compatible with?

The Data Delete service (and the Computrace Agent) is currently offered on the 32-bit versions of Windows 2000, XP, Windows Server 2003 and all 32 and 64 bit editions of Windows Vista, and on Mac OSX10.2, 10.3 and 10.4. It is not supported on Windows ME, 98 or 95. Furthermore, the computer must be running Computrace Agent version 804 or above.

» What if there are multiple partitions on the hard-drive?

Data Delete will delete multiple partitions depending on which level of Data Delete is selected.

» How do I know if the Data Delete was successful?

The Data Delete process creates an audit log verifying which files have been deleted. This audit log will be uploaded to the Monitoring Server and will be available within the Customer Center.

» What safeguards are in place to ensure that only authorised users can launch Data Delete?

A number of checks and balances have been put in place to ensure only those personnel whom the Corporation authorizes are entitled to request the Data Delete service. Firstly, the signing officers of the company specify, in the Data Delete pre-authorization agreement, the Administrator-level Customer Center users (“Data Delete Administrators”) who are authorized to request a Data Delete. Secondly, these Data Delete Administrators are provided with a physical RSA SecurID® token, or receive an Authorization Code by e-mail for each Data Delete operation. Finally, the Data Delete administrator's email address must not have been changed in the preceding 72 hours. This last restriction applies only to accounts using emailed authorization codes. To initiate the Data Delete from Customer Center, the Data Delete Administrator logs in, launches the Request Data Delete screen, selects the computer and Data Delete options, enters either the value on the RSA SecurID® token display (which changes every 60 seconds) or their Authorization Code, and then reenters their Customer Center password to validate the Data Delete request. To sum up, the following safeguards are in place to prevent unauthorized Data Delete requests being performed:

  1. A Pre-Authorization agreement must have been completed in full and signed, with originals sent to the team for the Data Delete request screen to be visible in the Customer Center.
  2. The logged in Customer Center user must have been identified as an Authorized Data Delete administrator in the Pre-Authorization agreement.
  3. The logged in Customer Center user must have Administrator-level access to the Customer Center.
  4. The logged in Customer Center user must have obtained a physical RSA SecurID® key-chain token or unique Authorization Code. Both tokens and authorization codes are linked to a specific Customer Center user and are not interchangeable between different users in an account or between different accounts.
  5. The password entered by the Customer Center user on the Data Delete Request screen must match the password for the current logged in Customer Center user.
  6. If using RSA SecurID® tokens, the token value (time dependent) entered on the Data Delete Request screen must match the value on Absolute’s RSA server for that specific Customer Center user.

If all the above conditions are satisfied, Data Delete will be set to run for that computer on the next Computrace Agent call. In addition to these safeguards, an email is sent to the signing officers on the Pre-Authorisation agreement when a Data Delete is requested, launched and completed.

» Can HP Tracking and Recovery service run Data Delete on my computers without my permission?

No. HP cannot run Data Delete as it requires both a Data Delete RSA SecurID® token or a requested Authorization Code, which only the customer possesses, and a login/password.

» Can I evaluate Data Delete without a token?

Yes. The process is as follows:

  • Contact Absolute to get an Evaluation account setup – you will then be provided with an administrator level login to the Customer Center and access to the Computrace agent.
  • Install the agent on the computer where you wish to evaluate Data Delete.
  • Have your company’s Signing officers sign the Data Delete evaluation form (available in the Customer Center Documentation section) and send to Absolute specifying the authorised user’s (Data Delete Administrator) Customer Center login.
  • The pre-authorisation agreement will be entered into our internal system and an evaluation token will be assigned temporarily to your account – Absolute will contact you and set a time for the evaluation.
  • At the appointed time, Absolute will talk you through the process of logging into the Customer Center and setting up a Data Delete request – when you’re prompted for the SecurID token value, Absolute will provide it over the phone. (In a real non-evaluation situation, you will have the token and NOT Absolute).
  • Agent makes a call and Data Delete is launched – the status can be viewed from the Customer Center - when complete a logfile is uploaded to the Customer Center and can be viewed.

» Is my data protected if the thief never logs onto the Internet?

Currently no, but the reality is that the vast majority of stolen computers find their way back onto the Internet fairly quickly, so Data Delete can usually be activated.

» If a thief reloads the operating system, why do we need Data Delete, since the data will be deleted anyway?

Internal theft accounts for up to 70% of all laptop thefts. In such a scenario, the user will know all the passwords and will not need to reinstall the operating system. When an operating system is reinstalled, on the other hand, the sensitive data has not been fully removed and there are many widely available tools that can be used to recover the data.

Data Delete will remove the data to Department of Defence and NATO specifications, ensuring the data can not be recovered. Also, performing a Data Delete on a stolen computer also provides the customer with an audit of what files have been deleted. This verification is very important in terms of regulatory compliance.

» Is the Data Delete feature mainly for internal theft?

Not necessarily. To many organisations, protecting the sensitive data on the computer is more important than recovering the actual computer. Data Delete will provide this data level protection even after a common thief reinstalls an operating system.

» How long does it take to perform a Data Delete?

The time it takes to perform a Data Delete varies according to the amount of data to be deleted and the speed of the computer. Typically, a Data Delete can take anywhere from 2 minutes to 10 hours.

» Can a Data Delete be stopped?

Once the Data Delete process has begun, it can’t be stopped. If a computer is rebooted during this time, the Data Delete process will continue where it left off. If Data Delete has been scheduled on a stolen computer, but has not yet been initiated, you can cancel the Data Delete process from the Customer Center.

Encryption, Cables and Other Protection Methods

» I have encryption – why do I need HP Tracking and Recovery service?

Encryption is a good start, but it does not address all aspects of data protection. Gartner Group estimates that 70% of corporate computer crime in North America occurs as a result of “inside jobs”. In this scenario, encryption offers little protection as the employee will have access to the encryption keys and hence the data. HP Tracking and Recovery service, on the other hand, provides the customer with an audit log of exactly which sensitive data has been deleted. This allows customers to verify that the sensitive data has been removed from the stolen laptop which is very important for regulatory compliance.

» I have encryption software and Computrace agent in the firmware. Will I have to worry about compatibility?

Computers that have the Computrace agent embedded in the firmware should have no compatibility issues with encryption products.

» Which encryption vendors are HP Tracking and Recovery service compatible with?

HP Tracking and Recovery service is fully compatible with all file-level encryption products.

» I have locks and cables – why do I need HP Tracking and Recovery service?

Locks and cables are somewhat effective as a visible deterrent to external theft, but in practice, cables can very easily be ripped out of a secured laptop with a good, strong tug – with no tools necessary. Further, cables act as no deterrent whatsoever to the majority of laptop theft, which is committed by internal employees, who possess keys to the cable locks. As well, locks and cables do not offer protection for remote and mobile users as the lock will not be in use when the user is travelling, for example.

» I have asset tags – why do I need HP Tracking and Recovery service?

Asset tags have proven to be an ineffective theft deterrent: the tag is simply removed by the thief after the computer is stolen.

» I am considering RFID – why do I need HP Tracking and Recovery service?

RFID requires that the assets RFID tag be within close proximity to an RFID reader. These readers are expensive and require significant resources to implement. Also, once a laptop is removed from close proximity to a reader it can not be tracked.

Monitoring Center

» What if your server is unavailable when the agent tries to call?

If the Computrace agent is unable to connect to the Monitoring Center during its regularly scheduled time, it will attempt to call every 15 minutes until successful.

» How do I know that the Monitoring Center and the Customer Center is safeguarded against access to unauthorised users?

The Monitoring Center can only be accessed via client-initiated Computrace agent communications. Access requires two-way authentication ensuring only valid Computrace agents can access the server. All agent communications are encrypted with RC4 128-bit encryption. All customers’call statistics and asset tracking data is logically partitioned into separate accounts. Access to this data via the Customer Centre requires user authentication on a secure login page requiring a username and password. Authorzsation is handled via user profile setup. Admin users have the ability to restrict power and guest users to groups of Electronic Serial Numbers (ESNs).

» What type of data is being collected by the Computrace agent?

The Computrace agent has the ability to gather the following four categories of information, which are primarily data points to allow us to recover lost or stolen computers and to provide asset management of your computers:

  • Location: phone number, local IP address, routable IP address, MAC address, date, time.
  • User: Electronic Serial Number (ESN), user name, computer name, e-mail address.
  • Hardware*: Basic system information: processor type, processor speed, hard disk size, hard disk space available, RAM size, computer make/model/serial number, number of CPUs, BIOS version (PC), BIOS date (PC), networking device description (PC).
  • Storage information: logical drive summary (drive name, type, file system, total size and available space), storage device (ATA, ATAPI/SCSI – e.g., hard drive, CD/DVD, PC), floppy/removable drive, tape drive, RAM disk, network drive, other device, hard disk model, serial number, firmware revision (for SMART-enabled hard disks). Also, hard disk attributes for NT/2000/XP: raw read error rate, spin up time, start/stop count, reallocated sector count, seek error rate, power on hours count, spin retry count, calibration retry count, power cycle count.
  • Printer information: printer attribute, name, driver name, port, share name, server name.
  • Video system and monitor information: video device description and resolution, video display colour depth, monitor type & manufacturer, and monitor refresh rate.
  • Modem information: modem model, port (if available), speed rating: maximum baud rate (if available), networking device description.
  • Software: operating system, service packs for operating systems, software application, version, program & publisher; virus protection title & version, virus protection definition title & definition description.