Appendix B: Configuration Tabs

The Evidence Log Tab

Introduction

When your system is attacked, RealSecure Desktop Protector can capture evidence files

 

that record network traffic from the intruding system. Evidence files record the specific

 

packet that set off a protection response. This can be a good way to investigate intrusions

 

without using a lot of disk space for records.

Evidence files

Evidence files are located in the installation directory folder. For example, if you installed

 

Desktop Protector in the Program Files directory on the C: drive, the evidence files are in

 

C:\Program Files\ISS\BlackICE. The file extension for all evidence log files is *.enc.

 

Note: If you upgraded to RealSecure Desktop Protector 3.5 from BlackICE Agent, your

 

evidence log files are still stored in C:\Program Files\Network ICE\BlackICE.

 

Evidence files are encoded as trace files. To view the contents of these files, you must have

 

a decoding application, such as Network Monitor (included with the Windows NT Server

 

and Windows 2000).

 

The Evidence Log tab controls the size and grouping of each evidence file set. For more

 

information about tracking evidence of intrusions, see “Collecting Evidence Files” on

 

page 52.

 

 

 

Note: Evidence files are not the same as packet logs. Packet logs are a capture of all

 

inbound and outbound traffic on the system. An evidence file focuses on the traffic

 

associated with specific attacks.

Evidence Log

This table describes the available log file settings:

settings

 

 

 

 

 

 

 

 

This setting...

Has this effect...

 

 

 

 

 

Logging enabled

Instructs Desktop Protector to collect evidence files for

 

 

suspicious events. If Desktop Protector is remotely installed

 

 

from ICEcap, this option is disabled by default. If Desktop

 

 

Protector is installed manually, this setting is enabled by

 

 

default.

 

 

 

 

 

File prefix

Specifies the prefix for the evidence file names. To place a

 

 

date stamp (format YYYYMMDD) and number (NN) in the

 

 

file name, enter %d after the selected prefix. For example, if

 

 

you enter evd (the default file prefix), the file names will look

 

 

like this: evdYYYYMMDD-NN.enc. The time is in 24-hour

 

 

format in Greenwich Mean Time (GMT).

 

 

 

 

 

Maximum size (in

Controls how big each evidence file can get. For best

 

kilobytes)

results, keep this value under 2048 kilobytes (2 MB). To

 

 

ensure that the file fits on a floppy disk, consider using a

 

 

maximum size of 1400 kilobytes (the default).

 

 

 

 

 

Maximum

Limits the number of files Desktop Protector generates in

 

number of files

the specified collection time period. For example, if the

 

 

maximum number of files is 32 (the default value), Desktop

 

 

Protector does not generate more than 32 evidence files in

 

 

any 24-hour period.

 

 

 

 

 

 

 

 

Table 22: Evidence log tab settings

74

Page 81 Page 83
Page 82
Image 82
Internet Security Systems Desktop Protector, 3.5 manual Evidence Log Tab
Page 81 Page 83

3.5, Desktop Protector specifications

Internet Security Systems Desktop Protector 3.5 is a robust cybersecurity solution designed to provide comprehensive protection for personal computers and workstations. As cyber threats continue to evolve, this software aims to protect users against malware, phishing, and other malicious attacks with its advanced feature set and technologies.

One of the main features of Desktop Protector 3.5 is its real-time scanning capability. It constantly monitors files and applications on the system for any signs of malicious activity. This proactive approach ensures that harmful software is detected and neutralized before it can execute, providing users with peace of mind as they navigate the internet or access sensitive information.

Another significant feature is the integrated firewall. This firewall effectively controls incoming and outgoing traffic, offering an additional layer of protection by blocking unauthorized access to the user's network. Users can configure the firewall settings to tailor their security level according to their specific needs, ensuring flexibility and adaptability.

Desktop Protector 3.5 also incorporates advanced heuristic analysis technology. Unlike traditional antivirus solutions that rely primarily on known malware signatures, heuristic analysis examines the behavior of files and applications. This allows the software to identify and block new or unknown threats based on their potential behavior, significantly enhancing its detection capabilities.

The software's user-friendly interface makes it accessible to users of all technical backgrounds. With straightforward navigation and intuitive controls, even those who are not tech-savvy can efficiently manage their security settings and monitor their system's health.

Moreover, Desktop Protector 3.5 offers automated updates, ensuring that the security software remains current with the latest threat definitions and security patches. This feature guarantees that users are always safeguarded against emerging threats without requiring manual intervention.

Another noteworthy characteristic is its low system impact; Desktop Protector 3.5 is designed to operate seamlessly in the background. Users can work, play, or browse the internet without experiencing noticeable lag or performance issues, making it an ideal security solution for both personal and professional environments.

With its combination of powerful features, advanced technologies, and user-centric design, Internet Security Systems Desktop Protector 3.5 stands out as a reliable choice for anyone seeking to enhance their cybersecurity posture in an increasingly digital world.
Top Page Image Contents