Samsung Series 7 Ultra (730U3E) - Absolute Software Lojack module in BIOS

Hello everyone,

I have just purchased a brand new Samsung Series 7 Ultra ultrabook (NP730U3E-S02IT).

As soon as I have received it, I have done the following:

- Backed up the original disk image with Acronis True Image
- Wiped the disk, set to MBR
- Disabled Secure Boot and UEFI, set to CSM
- Installed my copy of Windows 7 Professional

Everything went smoothly, but I noticed an unknown process running after the installation : "rpcnet.exe".

After some research, I have discovered it is a process injected in my Windows installation by a BIOS module known as "Persistence Module" and belonging to the Absolute Software Lojack for Laptops solution.

Now, as much as I may consider this solution useful or not, I'd really love to have the right to decide if this module should be enabled or not.

There is no option in the BIOS to enable/disable it.

First of all, I'd like to know: how many of you Samsung owners have this process running? Did you know about this? Do you accept it?

I want to understand if I activated this thing unwillingly for some reason (don't think so).

If anyone is interested in deeper technical information, I can provide other details.

Thanks to everyone for your attention.

Cheers!

 

It's wrong to say that the BIOS injects the program into Windows but Windows probably downloaded the program as one of the updates in order to support the functionality built into the BIOS (but it won't work unless you pay money).

See my suggestion here about how to stop the program running.

John

 

Hi John,

thanks for your reply.

I politely disagree with your first statement

There is plenty of evidence that it is a BIOS module which is, on boot time, actively inspecting the file system and - if certain conditions are met - "repairing" this process and related files.

We are talking about:

- rpcnet.exe
- rpcnet.dll
- rpcnetp.exe
- rpcnetp.dll

So, I'm quite sure those guys didn't come from any update, but were indeed injected.

Regarding your suggestion, it might work or not, depending on the auto-repair capabilities of this module.

However, I believe the point of this is: why is this activated on my laptop? I never did anything to do so, at least willingly.

I wonder if the reinstall was interpreted as a "tampering" by the module and triggered the installation.

I'm now trying to restore the original Windows 8 image, and see if it gets injected in there also.

Right now, in the Windows 8 image there is only "rcpnetp.exe" and no trace of "rpcnet.exe".

Thanks for your time!

spindoctor_mo

 

I stand corrected. For Lojack to work, it would need to get itself working even if the drive was wiped and Windows reinstalled. Hence the clever work by the BIOS.

I suspect that Samsung took the easy route and left out the BIOS switch.

John

 

Hello John,

yes, indeed, that's my opinion as well.

Good news is that I was able to get in touch with Absolute, which is being very cooperative in understanding the reason of this unwanted activation.

When I'll have some more definitive answers, I'll post them back, so that the information is available to anyone who encounters the same issue.

Cheers

spindoctor_mo

 

Hello everyone,

I finally solved this issue, thanks to Absolute's excellent support organization which fully cooperated to solve.

The bottom line is that if "rpcnet" or any related module is present, and you do not have an active Absolute product, an accidental activation must have happened.

Now the module has been disabled on my laptop, and no files can be seen both running as processes or on the filesystem.

I am not sure if it happened to me because of some action on my side (don't think so), or it's an issue specific to my laptop model (NP730U3E-S02IT), BIOS P04ABW.

Cheers

spindoctor_mo

 

Thanks for the update.

How did you disable the module? (In case anyone else has this problem).

John

 

Hello John,

as far as I know, the only way is to contact Absolute Software.

They can issue a deactivation command (given that the agent is accidentally active, it will be able to receive that).

They will need your serial number to verify if the agent is indeed active.

I understand this might sound a bit uncomfortable, but I can say Absolute really made great efforts to make up for what it seems to be an unwanted activation due to how the system image (or BIOS?) was built.

Cheers

spindoctor_mo

 

Wow, thanks for sharing this, spindoctor.

 

Just disturbing!

Whatever you wanna blame the BIOS or Samsung bloatware.

 

Hi oled,

well, considering the amount of hits you get in Google if you search for "rpcnet.exe" or "rpcnetp.exe"... several people experienced this, with different brands.

Sometimes they apply clever workarounds to prevent it from running (as John suggested), but the point is that it shouldn't be there unless you are actively using an Absolute product.

Probably a significant amount of users just ignore it, and leave it there.

The technology itself seems effective, but it MUST be under control of the end user.

Cheers

spindoctor_mo