Chapter 4: Configuring RealSecure Desktop Protector

Collecting Evidence Files

Introduction

RealSecure Desktop Protector can capture network traffic attributed to an intrusion and

 

place that information into an evidence file. Desktop Protector captures and decodes each

 

packet coming into the system, so it can generate files that contain detailed information

 

about the intruder's network traffic.

Where are my

Desktop Protector evidence files are stored in the installation directory folder. For

evidence files?

example, if you install Desktop Protector in the Program Files directory on the C: drive,

 

the evidence files are located in C:\Program Files\ISS\BlackICE. Each file has an

 

*.enc extension.

 

Note: If you upgraded to RealSecure Desktop Protector 3.5 from a previous version of

 

BlackICE, your evidence log files are still stored in C:\Program Files\Network

 

ICE\BlackICE.

Evidence file format

The evidence and packet log files are trace files. You must have a trace file decoding

 

application to view the contents of these files. Many networking and security product

 

companies produce such decoders. Some shareware decoders are also available on the

 

Internet. If you are using Windows NT or Windows 2000 Server, you can install the

 

Network Monitoring service, which includes Network Monitor, a decoding application.

 

See the Windows NT or Windows 2000 documentation for more information.

Procedure

To collect evidence files:

1.From the Main Menu, select ToolsÆEdit BlackICE Settings.

2.Select the Evidence Log tab.

3.Select Logging Enabled.

4.In the File prefix box, specify the prefix for the evidence file names.

To place a date stamp (format YYYYMMDD) and number (NN) in the file name, enter %d after the prefix. For example, if you enter evd%d, the file names will look like this: evdYYYYMMDD-NN.enc. The time is in 24-hour format in Greenwich Mean Time (GMT).

5.In the Maximum Size box, specify how large each evidence file can get.

Note: For best results, keep this value smaller than 2048 kilobytes (2 MB).

6.In the Maximum Number of Files box, choose how many files Desktop Protector can generate in the specified collection time period.

Note: For example, if the maximum number of files is 32 (the default value), Desktop Protector does not generate more than 32 evidence files in any 24-hour period.

Clearing evidence

To delete evidence logs:

logs

 

 

 

Note: Clearing evidence log data does not affect the Desktop Protector intrusion

 

detection and firewall functions.

 

1.

From the Main Menu, click ToolsÆClear Files.

 

 

The Files to Delete window appears.

 

2.

Select Evidence logs.

52

Page 59 Page 61
Page 60
Image 60
Internet Security Systems Desktop Protector, 3.5 Collecting Evidence Files, Select Logging Enabled, Select Evidence logs
Page 59 Page 61

3.5, Desktop Protector specifications

Internet Security Systems Desktop Protector 3.5 is a robust cybersecurity solution designed to provide comprehensive protection for personal computers and workstations. As cyber threats continue to evolve, this software aims to protect users against malware, phishing, and other malicious attacks with its advanced feature set and technologies.

One of the main features of Desktop Protector 3.5 is its real-time scanning capability. It constantly monitors files and applications on the system for any signs of malicious activity. This proactive approach ensures that harmful software is detected and neutralized before it can execute, providing users with peace of mind as they navigate the internet or access sensitive information.

Another significant feature is the integrated firewall. This firewall effectively controls incoming and outgoing traffic, offering an additional layer of protection by blocking unauthorized access to the user's network. Users can configure the firewall settings to tailor their security level according to their specific needs, ensuring flexibility and adaptability.

Desktop Protector 3.5 also incorporates advanced heuristic analysis technology. Unlike traditional antivirus solutions that rely primarily on known malware signatures, heuristic analysis examines the behavior of files and applications. This allows the software to identify and block new or unknown threats based on their potential behavior, significantly enhancing its detection capabilities.

The software's user-friendly interface makes it accessible to users of all technical backgrounds. With straightforward navigation and intuitive controls, even those who are not tech-savvy can efficiently manage their security settings and monitor their system's health.

Moreover, Desktop Protector 3.5 offers automated updates, ensuring that the security software remains current with the latest threat definitions and security patches. This feature guarantees that users are always safeguarded against emerging threats without requiring manual intervention.

Another noteworthy characteristic is its low system impact; Desktop Protector 3.5 is designed to operate seamlessly in the background. Users can work, play, or browse the internet without experiencing noticeable lag or performance issues, making it an ideal security solution for both personal and professional environments.

With its combination of powerful features, advanced technologies, and user-centric design, Internet Security Systems Desktop Protector 3.5 stands out as a reliable choice for anyone seeking to enhance their cybersecurity posture in an increasingly digital world.
Top Page Image Contents