After installing the Level 1 agent, you can start penetrating deeper into the network or hard drive. However, even Level 1 agents are not intended to survive a reboot, since they are kept in temporary position in the memory. The advantage of this temporary position is that after a reboot, most proof disappears that an exploitation has occurred, but the cost is the inconvenience of redoing all previous tasks each time you come back to the network. To survive a system reboot without redoing all the same tasks, Core Impact's Level 1 agent has a persistent feature that allows it to survive reboots; find this feature by right-clicking the agent. This feature allows the agents to be installed where they can survive after reboot and restart.
The primary purpose of the agent is to perform tasks under the control of the attacker on a target system, not necessarily to stay hidden. To achieve a good stealth level, a kernel rootkit such as Hacker Defender is strongly recommended. Modern kernel rootkits can hide files, port, processes, and registries from users' software. Combining a rootkit with an agent provides the attacker or administrator with a powerful hidden remote administration toolkit. The process of installing the rootkit can be automated by using macros available in Core Impact. The Upload File and Load Driver modules can be very useful in this situation.