A new feature introduced in ApplicationServer XG v10.5 is the ability for a process running on the server to instruct the client to deploy an application on the client.
This can be useful in a variety of ways, for example opening a document copied from the server to the client machine (via driver redirection) where the application to view the document only resides on the client.
Please note that this feature is currently only available for the 2X Windows Client, however in future versions support will be added for the other clients.
Some end users may now be concerned that if the server becomes infected it could also infect the client. This is very unlikely to happen unless the malware knows how to deal with 2X protocols and applications, but lets assume this is the case. There are still a few options which the user can take to protect himself:
- The user can allow or deny any application to be deployed. By default the client is set to allow deployment.
- The user can set the client so that he is prompted whenever the server tries to deploy an application. The user can decide whether to allow or deny a particular application to start at that point in time. By default this option is set to prompt the user.
The administrator may also disable any remote commands being sent from the server.
How it works
With the server components we are distributing a tiny application called 2XRemoteExec.exe. This application will read its command line arguments and pass the target application information to the 2X Shell. The 2X Shell checks if the server is allowed to deploy remote applications. If the shell is allowed this information is sent to the client.
The client checks the client side settings and tries to deploy the application.
The actual result will then be sent all the way back to the 2XRemoteExec application, which will pop up a message if the application was not started unless it was set to stay silent (ideal for batch processing).