SurveilStar User`s Manual
Contents
1. Configuration Name Give a name to the email notification server The console will add a default name automatically and administrators can customize it Server IP IP Address of the mail server Port Port of SMTP The default one is 25 SMTP Account SMTP account Password Password of the SMTP account Sender Address Address of the sender mailbox to send alert messages Display Name Display name of the sender Mailbox Collection Mailbox collection used to receive alert messages Separated with 106 Q Chapter11 SurveilStar Tools 11 1 2 Email Notification Settings Click the menu Tools gt Email Notification Settings administrators can view add and modify the settings El Add Click this button to create a new email notification setting x Delete Click this button to delete specific email notification setting Create a new email notification setting Email Notification Settings Report Settings Ei x Detailed Settings Name Mail Configurations Mail Configurations Email Subject Alert Message Max No of Alerts 100 Send Interval Min 30 To laddertoanita gmail com Send as attachment Unzip Password Alert Type Application Policy Website Policy Printin Computer Range The Whole Network a User Range The Whole Network m Email notification will be sent if any violation is detected within the specified computer range or user range Name Give a name to the email notification setting The consol2. Register Online Click Register Online button then the Register Code will be returned and displayed in the Register Code Regcode field And the product registration will be processed automatically Send Email Click Send Email button then email will be sent to your registered email address with Register Code Please copy and paste the Code into Register Code Regcode field then click Register button to confirm the registration 17 Q Chapter2 Deploy SurveilStar Employee Note 1 The Email Address is very important If you need to re register in the future new Register Code Regcode will be sent to the first registered email address 2 If your server cannot connect to Internet or other reasons please email us with your Serial Number SN and Computer ID we will help you process the registration individually Upgrade License If you are a registered user and now purchase license upgrade for monitoring more computers please simply repeat the steps above to upgrade license 2 5 Upgrade to the latest version 2 5 1 Upgrade Server and Console Download SurveilStar Upgrade Package on SurveilStar Server machine or download it from other computer and copy to SurveilStar Server Double click the upgrade package Then SurveilStar Server and SurveilStar Console on server machine if installed will be upgraded to latest version Note If you can t upgrade please exit all SurveilStar services at first You can open
3. AIX View and modify conditions setting Match any condition If you check this option results matching any of the condition will display Result Lists Choose asset properties you need to display Save Input a name to the query condition and click Save button then you can directly choose from the Name drop down box to find setting you saved before Delete Delete certain query conditions you saved Set Default Set the query condition to be a default one and it will only display the default query results next time you open assets management Note If you have chose instance properties of a certain asset to the query condition or the result list you cannot add instance properties of another asset 9 2 2 Hardware Changes View Hardware Changes Click menu Assets gt Hardware Changes then SurveilStar will show a list of computers which hardware 97 Q Chapter9 Assets changes with information of Type Time Compute Asset and Description Double click a certain computer or choose one and then right click and choose property then you can get detailed hardware change information of specified computer A0 12 04 01 T 2038 Anis DVD CD ROM Cie ete SAMSUNG SCHiS79 Card USB Device DVD CD ROM Name SAMSUNG SCH45 7 9 Card USE Device Hadia Type USB UNKNOWN Votre Manufacturer Standard CD ROM drives Description CD ROM Drive Query Hardware Changes Click query button
4. Backup when copy cut to Backup when copy cut from Backup before delete Minimum Size gt KB Maximum Size lt KB Application Document Policy Example Type of operation is simply divided into read modify and delete When allow to modify will be able to read and when allow to delete will be able to read and modify also Read documents Modify documents which Contains all operations other than read and delete such as create rename modify copy move and restore Only after checking this option will be effective to set Backup before modify and Backup when copy cut to below Delete documents Only after checking this option will be effective to set Backup before delete below Choose disk type of documents to control including Fixed Disk Floppy Disk DVD VCD ROM Removable Disk Network Disk and an unknown letter Specify name of documents need to control containing a path such as C Documents is available then all documents under the folder will be controlled Multiple setting is available by using semicolon or comma to be as a separator Support wildcard Back up source documents before modify to prevent important files from malicious or unintentional modification Backup when copy or cut documents to specified disk to check if they are copy or move to the illegal drive letter Backup when copy or cut documents from specified disk to check if they are copy or move from illegal drive
5. Console is installed on an administrator or supervisor s computer v Centrally control and monitor all agent computers v View all data and screen snapshots gathered from agent computers v Provide statistical and analysis report v Create control and surveillance policies 1 3 3 SurveilStar Agent Console is installed on an administrator or supervisor s computer v Execute management policies v Record users activities on the agent computers v Periodically send collected data to server 1 4 System Requirements Components Requirements Server OS Windows 2000 SP4 XP 2003 Vista 2008 Win7 Both 32 bit and 64 bit Minimum Processor Pentium 4 2G Memory 512 MB Free Disk Space 20 GB Recommended Processor dual core or quad cord Memory 4GB Free Disk Space 120 GB Console OS Windows 2000 XP 2003 Vista 2008 Win7 Both 32 bit and 64 bit Minimum Processor Pentium III 500 Memory 256 MB Free Disk Space 256 MB Recommended Processor Pentium 4 Memory 512 MB Free Disk Space 1 GB Agent OS Windows 2000 XP 2003 Vista 2008 Win7 Both 32 bit and 64 bit Minimum Processor celeron Il 433 Memory 512 MB Free Disk Space 512 MB Recommended Processor Pentium 4 Memory 1 GB Free Disk Space 1 GB SQL Server Basic MSDE SP4 SQL Server 2005 Express Recommended SQL Server 2005 SP1 SP2 SP3 Q Chapter2 Deploy SurveilStar Employee Chapter 2 Deploy SurveilStar Employee 2
6. on the upper right corner of hardware changes display area and specify search conditions including time range asset type change type and content to search specific hardware changes From aj 1 20 12 To 4 1 9012 Time All Day Range The Whole Network Asset Type Change Type Content 98 Q Chapter9 Assets 9 3 Software and Software Changes 9 3 1 Software View Software assets information Click menu Assets gt Software then SurveilStar will show a list of all monitored computers with information of Computer Name and its Operating System Double click a certain computer or choose one and then right click and choose property then you can get detailed software information of specified computer Query Assets Click query button on the upper right corner of software asset display area and specify search conditions including name range conditions and result lists to search specific software assets 9 3 2 Software Changes View Software Changes Click menu Assets gt Software Changes then SurveilStar will show a list of computers which software changes with information of Type Time Compute Asset and Description Double click a certain computer or choose one and then right click and choose property then you can get detailed software change information of specified computer Query Software Changes Click query button QY on the upper right corner of software changes display area and spec
7. All TCP UDP Note Traffic statistics only works for computers not for users 42 Q Chapter5 Logs Chapter 5 Logs 5 1 Basic Event Logs SurveilStar Employee Monitoring Software can record all kinds of basic events happened on the computers The recordable event types include Logon Logoff startup Shutdown Restart Hang up and Dial up Operations Event types Time Computer Group User will be recorded and description regarding the operation will be also displayed Select a computer or a group at first then specify your search condition including time and range basic event types and description Time can be All day Custom Rest Weekend and Working Time If you choose to custom time a time matrix dialog will pop up and you can select desired time Working Time can be changed by menu Classes Management gt Time Types depending on your need Below is an basic event log example of Kevin s computer Basic Event Application Web Document Shared File Printing Asset Change Policy System Basic Event Logs Operation Time Computer Group User Desoiption W Shutdown 2012 01 04 18 09 11 Kevin Admin ne Logoff 2012 01 04 18 09 11 Kevin Admin Kevin A user has logged off Username Kevin Ea Hangup 2012 01 04 16 23 17 Kevin Admin Vpn123 VPN hang up amp Dialup 2012 01 04 16 14 24 Kevin Admin Voni23 VPN dial up amp Hangup 2012 01 04 16 14 09 Kevin Admin Vpn123 VPN hang up amp Dialup 01
8. Lock Unlock hee Power Down Data Synchronization Restart Asset Information Uninstall Agent View Screen History E Remate Control Remote File Transfer 2 6 2 Uninstall Agent from the Client Computer Step 1 On client computer create Operate Code 1 In XP click Start gt Run type agt3tool ocularadv command into the run box In Vista or Windows 7 you can click Start and type agt3tool ocularadv directly in Search program and files box 2 Run the command and you will see the Agent Tool Jo Agent Tool Operate Generate Temporary dear all poli 30 Minute 7 Unlock Agent Exit Clear security password 3 Select Uninstall Agent and click the Generate button you will see the Opcode Validation dialog This code is used to generate a confirm code from the Console see next step 19 Q Chapter2 Deploy SurveilStar Employee Opcode Validation Enter Original Qpcode 964553634487 Please tell administrator to generate a confirmation code Confirmation Note DO NOT close this Check Confirm Code form in this step You need to return to this form later Step 2 On SurveilStar Console create Confirm Code 1 Go to SurveilStar Console click the menu Tools gt Agent Tool gt Confirm Code Generator you will see the Confirm Code Generator enter the Operate Code attained previous step into the Agent Operate Code text area Confirm Code Generator Confirm Code Ge
9. SurveilStar Employee Monitor User Manual Last updated April 10 2015 http www survelilstar com Contact Us support surveilstar com 2008 2015 SurveilStar Inc All Rights Reserved Q Table of Contents Index of Contents CHAPTER 1 INTRODUCING SURVEILSTAR ienisnnarii raceri anaE ETE E 3 E OVEREN eea aA NAA EAA AE EAA AAAA E E AAAA AN EAEAN AAEE AAA E A 3 L FEA UR E A A AAAA A A E T E 3 To PAK TO TUR E raa A E E A A oe ee etd es eion enon ea deen noesuaatesedoameeet 4 L4 STEM OUI IIE Ito cipy artiso n EE TA AEE AT E A E EAA E 5 CHAPTER 2 DEPLOY SURVEILSTAR EMPLOYEE sossiiiririirrerenessrirn kiiri neninn aE NENNEN ANEAN RANEA 6 2 1 INSTALUNG SURVEILSTAR SERVER si taitisusiusicitesuiicstclicuniea anne diesteaitiuic EAA EE EEEa 6 Zid INSTALUNG SURVEILSTAR CONSOLE iriiria annaas A A NE EA 11 2 3 INSTALLING SURVEILSTAR AGENT pirssrursrerrireisivrsrodssiandirniters tsion rinner roris rN EAEE ENTES EEA ANON NANTE ENEE EEE ENNEA EES 12 2A PEGER ra a E AA E AA A E A 17 2 5 UPGRADE TO THE LATEST VERSION es scsccscacsceasianttclmesaelicwseaadace lacencua evtisedn E TETE a TO 18 Lo UNN AN a A AT One A A A EAT TAS 18 CHAPTERS SURVEILSTAR CONSOLE sissie ciinii AE ANEETA NE TE TAE 22 3 1 LOGON SURVEILSTAR CONSOU Ease cecccctncassctevestesiewusenateceedsdletnesatatesedusaqucadtadewexedaslanectudedetie acutanaede veerudocsaeatass locas vecnatbareeiasdeents 22 3 2 SURVEILSTAR CONSOLE BRIEF INTRODUCTION cdccdocncictesudcncensauaduas
10. p amp 87d5903ct2bdaScPaec6d 764d9a0i6 setup exe icrosoft R SOL Server 2008 H2 Setup 16 56 4006 B6 Copyright ic Microsoft Corporation All rights reserved icrosoft cR MEI Framework CasPol 2 0 50727 5483 Extracting Files Copyright ic Microsoft Corporation All rights reserved SHC EE Microsoft Hs MEI Framework GCasPol 2 0 50 72 7 5484 Extracting File xe6 setup sql engine _core_inst msi ptiles sqls Copyright ec Microsoft Corporation Al rights reserved To Directory e7 6 d590 Sct S0bdabc2daebd Md JaN Success 5 Please wait while SQL Server 2008 R2 Setup processes the current operation atch ime SQL Server 2008 R2 Please wait while SOL Server 2008 R2 Setup processes the current operation T SOL Server 2008 R2 Setup a E m Setup Support Files Click Install te itall Setup Support files To install or update SOL Server 2008 R2 these files are required Setup Support Files The following components are required for SOL Server Setup Feature Name Status o Setup Support Files In Progress ExecuteStardard Timings Vorkflow Q Chapter2 Deploy SurveilStar Employee SQL Server 2008 R2 Setup Install _SoiSupgort_KatmarhM_Cous2 Action CreateShortcuts Creating shortcuts 6 ie Setup SurveilStar V3 Installing Please wait while Setup installs SurveilStar V3 on your computer Finishing installation 10 Q Chapter2 Deploy SurveilStar Employ
11. E eu a Yo GE aw a ye Gl aOR Gmi Yu E emoten one yu Gl kama aH yo B veces pm FC hentian Inho Diria G5 Be Windows kuhna aj Chapter11 SurveilStar Tools Lish HAOK Ge E Adress MAS Adres Grup Apert Lia Apmared inatall Cate Vere Daya tine 7 ee el re Es ba eT EE PM tikes LL HEI A M mil EEn Ses LAA lil E ELI EIF IIRA MIT lowe Bee ies AS g LI OO Moing LIRR is Le p O ME i B THRE TIBS PEE ST il CAFEER iki ERLHEE EZALE IS WL Hg AGS EEA BAe LS p Hz ee a se ee OSE LS j WLG GAE T HiH ere Mba ee LAUA ELIEN EBARA WHn DHAT ibs MMA LATNA 0 a eS e wera eee Le p Pee i G MLS ewes IBS SS HLA EAA dimn Dia eH DLH aa LHA a Piri Cik 1 MAD Adder Comper Prd Appeared Taha CTE TARAM Mine eo Ga Le li ed Administrators can delete or uninstall one or more agents to better manage the licenses 4 Delete Click this button to delete needless agents Deletion will uninstall the agent while reducing the number of license al Uninstall Click this button to uninstall needless agents Uninstallation will not reduce the license quantity Condition Administrators can quickly locate computer information needed based on the query conditions All By IP address By last appeared date By agent ID By name Offline for days gt Search all computers installed agent module by default Search agent computers by a specific IP range Set the date range a
12. Right click on an asset change log and click Property to view the detailed information of the selected log Asset Changes Time Computer Log Type 2012401409 14 27 22 Kevin Software Changes Operation Type Change Description FileZilla Client 3 5 3 53 Q Chapter5 Logs 5 8 Policy Logs Working discipline is very important to any companies However not everyone in the workplace will fully obey working discipline SurveilStar can create flexible policies to control and monitor employees PC and web activities and reduce discipline break maximally After the policies are applied to the employees computers IT manager can easily find out the employees who try to break the policy rules and his intention SurveilStar can record Alert Level Time Computer Group User Policy Type and description Select a computer or a group then specify search conditions including lowest level policy type and content Lowest Level Alert level can be Low Important and Critical Choose the lowest level that you want to record If Low Level is chosen then any alert will be recorded and if Important is chosen only Important and Critical alert will be recorded Policy Type Select policy type to search All SurveilStar supported policy types are listed As to the detailed information of each policy you may need to refer to policy chapters respectively that will be discussed later Content Search operation behaviors on ag
13. 01 09 12 56 38 2012 01 09 09 24 10 2012 01 09 09 11 36 2012 01 04 16 10 49 2017 01 04 09 16 36 2012 01 04 09 16 26 2011 12 31 13 37 13 2011 12 29 19 07 52 2011 12 29 19 07 47 2011 12 29 11 44 46 Computer Kevin Kevin Kevin Kevin Kevin Kevin Kevin Kevin Kevin Kevin Kevin Kevin Kevin Kevin Kevin Kevin Kevin Kevin Kevin Kevin Group Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Type Software Changes Software Changes Software Changes Software Changes Software Changes Hardware Changes Software Changes Software Changes Software Changes Hardware Changes Software Changes Hardware Changes Hardware Changes Software Changes Hardware Changes Hardware Changes Hardware Changes Hardware Changes Hardware Changes Hardware Changes Description Security Update for Microsoft NET Framew Update for Outlook 2007 Junk Email Filter Update for Microsoft Office 2007 suites KB WinPcap 412 VSO Downloader 2 0 7 3 Disk 2 Partition 0 Filezilla Client 3 5 3 FileZilla Chent 3 5 3 FileZilla Client 3 52 Disk 52 Partition 0 Microsoft AppLocale Disk 2 Partition 0 Disk 2 Partition 0 TVPN Generic STORAGE DEVICE USB Device 056 P 0 0GB K NTFS 92 208 Disk 50 Partition 0 Disk 0 Partition 1 C NTFS 101 2GB O NTFS 95 368 E M Disk 0 Partition 0 Disk 0 Partrtion 1
14. 168 149 192 168 168 149 192 168 168 176 192 168 18 447 192 168 168 196 192 168 1866 Aam ee Applicaton Categones Appkaton ldantty 2012 05 04 094100 2012 05 04 Oa 2012 05 04 0941202 2012 05 04 d2 M 2012 05 04 04307 2012 05 04 04240 2017 05 04 Cob 2 m12 03 04 4242 2012 05 04 15 32 36 2012 05 04 235 2012 05 04 15 3540 2012 05 04 09010 2012 05 04 M a A A Pe dA ae 2012 05 04 01 M12 03 04 G26 2012 05 04 4103 M01 2405 04 e235 2012 03 01 Gs 2012 05 04 04 241 2012 405 06 02 22 12 03 04 sis 2012 05 04 15 32 38 M1205 04 4236 M12 03 04 133347 2012 05 04 ed 2 M12 05 04 EH 4 A Pe A Od Webste C 2012 04 18 2012 04 18 miw 2012 04 18 2012 04 18 201 7 4 19 2012 04 18 2012 04 18 2012 44 23 2012 04 23 2012 04 18 2012 44 24 2012 18 2012 04 18 2012 05 03 ne ee Category Last Click the button to check last modified time of all categories and Modified libraries Query Click the button and select computer range category library synchronized state and agent state to query specific synchronize information 11 5 3 Server Time Management The stability and security of server will be seriously affected as much functionality depends on the accuracy of server time If server cannot validate accuracy of server time click menu Tools gt Server Management gt Server Time to confirm the current server time is correct and then click Trust Server lime Current server time is
15. 2 01 04 16 11 44 Kevin Admin sone Vonl23 VPN dial up Logon 2012 01 04 09 05 28 Kevin Admin Kevin A user has logged on Username Kevin Startup 2012 01 04 09 03 29 Kevin Admin W Shutdown 2011 12 31 18 01 05 Kevin Admin Logoff 2011 12 31 18 01 05 Kevin Admin Kevin A user has logged off Username Kevin Logon 4011 12 31 09 10 31 Kevin Admin Kevin A user has logged on Username Kevin W Startup 2011 12 31 09 07 47 Kevin Admin i i Shutdown 2011 12 30 18 19 12 Kevin Admin s Logoff 2011 12 30 18 19 12 Kevin Admin Kevin A user has logged off Username Kevin Logon 2011 12 30 08 58 09 Kevin Admin Kevin A user has logged on Username Kevin W Startup 2011 12 29 18 54 38 Kevin Admin W Shutdown 2011 12 29 18 52 52 Kevin Admin p Logoff 2011 12 29 18 52 52 Kevin Admin Kevin A user has logged off Username Kevin Logon 2011 12 29 09 01 08 Kevin Admin Kevin A user has logged on Username Kevin W Startup 2011 12 29 09 00 00 Kevin Admin an 5 2 Application Logs Select a computer or a group at first then specify your search conditions including time and range application path or title and applicaiton name Path Title Search application logs using application path or title 43 Q Chapter5 Logs Application Click button to import application list add application process name or specify application classes There are four buttons in the dialog which are Import Add Application Classes List and Delete A
16. Computer User List Switch computer list to user list or vice versa User list will show you all the logged in users as well as user group information Main Menu Navigator Under the tool bar You can navigate to some main functions quickly Subordinate Menu Navigator Under Main Menu Navigator You can navigate to specific functions quickly Data Display The most important part All kinds of data will be displayed in this area Whole Network Information about total online users and server IP address Typical Signs at Computer List H The agent computer is being monitored normally 4 The agent computer is not monitored The computer has been shut down or the computer is offline from internet now It s also possible that firewall has blocked the communication between agent and server in this case please change firewall settings The agent has been uninstalled from the computer ea r The agent computer is being monitored normally and the computer 1s curretnly idle now Typical Signs at User List The user is online now and being monitored normally a The user is off line from internet now The user is away from the computer now 3 2 2 Chart Search and Property Some of the functions also provides chart search and property functions and user interface will be a little different The following example is Application Statistics 24 Chapter3 SurveilStar Console oxi 2 S0 O8 600 BSA a Cerca et
17. EA nits cHe Sabpect gt 39ER From Host teket anmct com To Sulgect Fupioads Al Sethi tat General Registration License erm IFD mepe k gmirata lame Reg tration Gode E E i P Records about sending mails Records about receiving mails Has attachment Click this icon to view or save attachment files Right click on an email monitoring record and you can view property with information in detail 84 Q Chapter7 Monitoring Note Email monitoring supports SMTP POP3 Email Webmail Exchange Email and Lotus Notes Email It will record mails sending and receiving of SMTP POP3 and Exchange mails and will only record mails sending but not receiving of Webmail and Lotus Notes Email currently 7 3 Screen Snapshot Monitoring Click menu Monitoring gt Screen Snapshot then select a certain computer and SurveilStar will show a picture of the entire screen and display exact actions immediately Below is a screen snapshot example of monitored computer Eo Ehad MiP erect tog S meme Poy Ga Adanced poio iF Montong B Mantenince i Amer Screen Snapshot Instant Message Erai Screen Snaoshot o0 ooo ka Go C ww permagcomy wv i Price l s0 a730 Adobe Photoshop Lightroom 3 5 Coca essence E FEN Har a cre risala N aa iiis Save current frame The current screen snapshot can be saved as JPG or BMP files Click the button then give a file name choose a type and a d
18. Program to uninstall SurveilStar Server If you have installed SurveilStar Console on multiple computers and want to remove all of them you may need to uninstall the console one by one 2 6 4 Uninstall SurveilStar Server Note Before uninstalling SurveilStar Server all SurveilStar Consoles should be closed first On the desktop of Windows system click Start gt All Programs gt SurveilStar gt Uninstall SurveilStar or go to Control Panel gt Add Remove Program to uninstall SurveilStar Server Uninstalling SurveilStar server doesn t affect Microsoft SQL Server If you don t need SQL Server any more you may need to uninstall it manually from Control Panel 21 Q Chapter3 SurveilStar Console Chapter 3 SurveilStar Console 3 1 Log on SurveilStar Console Log on SurveilStar Console Click Start gt All Programs gt SurveilStar gt SurveilStar V3 Console to launch SurveilStar console logon dialog Server 192 168 28 163 Account admin Fassword Server Enter SurveilStar Server s IP address or computer name Account The default administrator account is admin and the default auditor account is audit IT Manager or supervisor can create multiple accounts and assign different priliveges to meet different requirements After console logon you can use menu Tools gt Accounts to create accounts Password Enter password of the account you entered The default password of adm
19. SS The Whelan Hetwork ax ly er Berets tog Sy nase Poncy Gy Advanced Poke EF hetomp Basc Appkaton Web Traffe Application Statistics kuani Time ara Tere fier coe Sj rheme Eepinen EXE IIBg nt enr Tha Network 30 j 33 E 1168 18 95 The chart is only available in Statistics The search functions is available in Statistics Logs Instant Messages Emails etc You may specify computer user time range classes etc to search Depending on different functions you can use different search inquires a ET ie para paaka Lops piis iani itg piaia Auets Chas Maxigerent Toob Wiw Hab Ex HaaoecgdTga a axia Rhad dF eveccs tor Ay Base Pokey Gi Advanced Pokcy am 54 The Whole Hetarik E Show Mpoki e Diae Applicaton pa Web Sone MBR Application Policy 82098008 r Tirra Fl n ee Tha Whole Watwark 130 33 192 168 18 99 Property is only available in Policies and Advance Policies In property area you can set detailed controlling policy according to your need Different policies have different options 25 Q Chapter3 SurveilStar Console 3 3 Computer Group and User Group 3 3 1 View Basic Information In SurveilStar Console IT manager can click menu Statistics gt Basic Information to view basic information of computer computer group user and user group 1 Computer Basic Information Select a computer and the status and basic information will be displayed i
20. Snapshot Policy In SurveilStar Console click menu Policies gt Screen Snapshot then click Add button to create a screen snapshot policy Then you will see Property panel on the right as the picture below In the following example Screen Snapshot will always record Property q Xx Property Value sear ren onat Time Working Time Mode Record Only offline E Empey Tine Dei anlei sat Application _ sAll gt Interval Sec 15 Application Set applications to record the default is all and you can specify what you care to record Interval Set regular interval for the screen snapshot It is 15s by default which means every 15 seconds takes a screen Only effectively under the Record mode Set different recording frequency for different applications Do frequent records on some most used applications and the nonessential programs not record or less Note The smaller screen recording time interval the greater amount of data generated It s important to adjust the screen recording interval base on actual need of appropriate time 6 7 Logging Policy In SurveilStar Console click menu Policies gt Logging click Add button to create a logging policy Startup Shutdown Basic event logs about system startup or shutdown Logon Logoff Basic event logs about user logon or logoff Dial Basic event logs about dial Policy Control Logs about strategy alarm Hardware Changes Hardware change logs
21. SurveilStar Agent should be deployed to computers that are required to be monitored and controlled The Agent can be installed in silence mode and run in stealth mode There are 3 ways to deploy SurveilStar Agent to computers Direct Installation Remote Installation and Logon Script Installation Choose the installation method to view details 2 4 1 Direct Installation 2 4 2 Remote Installation 2 4 3 Logon Script Installation 2 3 1 Direct Installation Adopting the Direct Installation method you need to install the Agent one by one following these steps 1 Create SurveilStar Agent setup file On the desktop of the server click Start gt All Programs gt SurveilStar gt Agent Installation Generator Control Panel al Agent Rem ote Installer i Domain user lo on script installer g P Devices and Printers Default Programs Dara SurveilStar V3 a Help and Support VideoLAN J WinRAR h programs and files C Create Setup File Installation Package Settings AAA Server IF Name 192 168 28 163 A Save in Ji Surveil Star E 2 g E Ea I Silent Installat 7 Name Date modified Advanced Settings J DATA 4 10 2015 9 56 AM Try the following account if I do not have sufficient permissions to run setup file ht Debug 4 9 2015 1 22 PM 4 9 2015 1 24 PM Domain User name b i ae L LegenScript 4 9 2015 1 14 PM Password di Patch 4 9 2015 1 25 PM a Save Save
22. all you can manually edit the time period if you need x Delete Click this icon to delete time categories you added Note You cannot delete the four default time types 102 Q Chapter10 Categories 10 4 IP Categories Click menu Categories gt IPs then you will see three default IP categories All Intranet and Internet IF Categories Categories ES CO 0 0 0 0 255 255 255 255 Intranet Internet The system will automatically generate the IP address range of Intranet according to the server s IP and administrator can modify the range of Intranet and system will automatically generate another IP address range for Internet IP addresses outside the Intranet are considered as Internet IP In addition to the system defined IP categories administrators can add and manage additional IP categories and enter an IP address range Er Add Click this icon to add an additional IP category and enter a name to it x Delete Click this icon to delete IP categories you added Note LAN and Extranet are not showed in the IP categories but do in the Traffic Statistics Network Advanced Policies and Bandwidth Advanced Policies 10 5 Port Categories Click menu Categories gt Ports then you will see seven default categories All ICMP TCP UDP Email Web and Network share 103 Q Chapter10 Categories Port Categories Categories Ei All ICMP TCR ICMP TCP 0 65535 UDP 0
23. be same as current policy and you need to save it to take affect Imported policy can be assigned to different computer or group as you like 4 Real time snapshot can be save as JPG and BMP pictures Click Save Current Frame on the upper right to export real time 31 Q Chapter3 SurveilStar Console 5 Instant Messages Maintanence including applications processes performance etc and Assest including software hardware and their change Classes including application class time types class website class etc can be exported to html xls and csv files 6 Emails can be exported to html xls and csv files as well as eml files 2 Print and Print Preview If necessary you can print the recorded data for a future review You can right click on data display area and click Print or Print Preview You can also use menu File gt Print or File gt Print Preview 32 Q Chapter4 Statistics Chapter 4 Statistics SurveilStar provides application statistics web statistics and traffic statistics 4 1 Application Statistics Click menu Statistics gt Application then select a computer or a group or entire network and SurveilStar will analysis all recorded application logs and generate a stastistics immediately There are three buttons on the upper right corner of data display area B IT manager can select application statistics modes Currently there are four modes available They are By Class By Name By Detail an
24. cycle E Full screen monitoring Click the icon or double click the screen of one monitored computer can take full screen 33 Choose certain computer s or computer group s to monitor the real time screen Es Close multi screen monitoring Right click on the real time screen of one certain computer and choose Lock and you will be able to see the computer screen snapshot on any multi screen monitoring page And you can also send message to specified compute via Send notify message 7 5 Search Screen History Click menu Monitoring gt Search Screen History then specify search conditions including time range and name or IP address and click Search Records of screen snapshots including ordinal date computer sessions beginning and ending time will show below and IT managers can quickly find screen history they need In the following example screen history records range between March 27 2012 and March 28 2012 of computer which IP address is 192 168 18 125 will display 86 Snapshot History Search Condition Begin Mame or IP address rdi Date he S100 2017 03 28 2 2012 03 27 Chapter7 Monitoring W 3 27 2012 g 192 168 18 125 Ending Time 1455514 18 00 05 Beginning Ti 09 00 13 09 05 14 Computer Anita Anita 3 28 2012 B File Name lt SOL gt lt SQL gt Name or IP address Sessions File name Name Name of computer you want to search Support fuzzy query IP
25. doc WISIS EE TEMP fy Vdeo converter dg F Create SWL 12 31 11 20 25 SERVER Serer 192 155 186 178 REWIN PC Sy deoc ormerner Ldocx MIGIS LEG TEMP Sy Vader omer ldo Right click on any shared files log and click Property to view detailed information of operation on this shared file Shared File Logs Time Computer Operation Type File Name File Type Remote P Remote Name Path PO11 12 28 15 49 48 SERVER Create agent exe File 192 168 18 178 KEVIN PC 192 168 18 99 TEMP agent exe 5 6 Printing Logs Select a computer or a group at first then specify your search conditions including time and range printer type printer name connected PC task pages application and has backup Printer Type Supported printer types include local printer shared printer network printer and virtual printer such as Adobe PDF Converter Printer Enter name of the printer to search Wild card 1s not accepted Connected PC It refers to the PC where the printer is connected If it s a local printer then PC itself is the connected PC If it s a shared printer then the remote computer with printer shared is the connected PC ususally you can enter IP address Task Enter file name of the printed documents to search Wild card 1s accepted Pages Specify printing page to search You can check if there is any printing abuse 50 Q Application Has Backup Chapter5 Logs Sp
26. in Step 2 4 Run LgnManV3 exe Double click the LgnManV3 exe executable file to open the Script Manager The Logon Script Manager will automatically scan and show all computer users within the domain 15 Q Chapter2 Deploy SurveilStar Employee 8 Logon Scripts Hanager 3 0 806 BME E3 Wiser list cos O E zhangwej LISER Domain Users O E vinping LISER Domain Users CL vanck LISER Domain Users OE wulh USER Domain Users OW wun IP GLgon 3 exe USER Domain Users C1 wucl USER Domain Users C1 wenhui USER Domain Users gg wangii SER Domain Users OE wanagyan SER Domain Users CI wangliang LISER Domain Users OI test IP GLonYS exe LISER Domain Users LC E renbo USER Domain Users Ol E print USER Domain Users OE panby USER Domain Users OE mahy USER Domain Users OE uoma USER Domain Users Cf liurg USER Domain Users O liim USER Domain Users O lihp USER Domain Users O E kuangjun ADMIN Domain Admi CL kuangjunz LISER Domain Users CL amp kuangjun LISER Domain Users O krbtgt USER Domain Users O jiangzb USER Domain Users O E nuyu USER Domain Users ma t f Remove Scripts Set Scripts Inset Scripts Refresh List lose 5 Select computers Tick the check box before the user name to select computers You can select multiple users so that the installation can be done at one time 6 Set installation script to target computers When the selection of target computers is finished click the Set Script
27. in the assets change log Software Changes Software change logs in the assets change log Application Logs about specified applications Visible window Set application with visible window to be recorded or not Application Specify application to record or not and you can also select a category in the classification of application Support wildcard Window Title Change Window title change does not record by default but can add policy to set record also for the specified applications 68 Q Application Web Website Document Disk Type File Name Application Printing Printer Type Application Shared File Logs File Name IP Range Email Send Receive From To EmailSize gt KB EmailSize lt KB Not Record Content Unrecord Attachment Instant Message Tools Not record content Application Statistics Web Statistics Traffic Statistics Chapter6 Policies and Advanced Policies Specify name of application which window title changes by manually entered or select a category in the classification of the application Support wildcard The web browsing logs can set to be not recorded but also the specified site can set to be recorded or not Manually enter the website address and can also select the website category from the classification Support wildcard Logs about document operation meaning that certain documents can set to be not recorded to ensure that all logs recorded are useful Include hard disk fl
28. letter Back up source documents before delete to prevent the loss of important documents because of incorrect operation Only after selecting backup can set the minimum and maximum size below and documents will be backed up within this range The minimum size of backup The maximum size of backup documents Specify the application operated to documents This is an example which can help you better understand Document Policy The requirement is that IT manager would like to specify some important documents to back up before delete or modify by users To achieve this you can create a document policy like below 1 Create a document policy 2 Select the Allow mode and check the operation of modify and delete 3 Specify the File Name and check Backup before modify and Backup before delete Afterwards documents contained specified keywords can be normal used but will be backed up if they are 77 Q Chapter6 Policies and Advanced Policies modified or deleted IT manager can view or save the backup using menu Logs gt Document in SurveilStar Console Note Backup may produce large amounts of data So precise positioning is needed to avoid gobs of useless documents 6 17 Print Policy Advanced In SurveilStar Console click menu Advanced gt Print click Add button to create a printing policy Printer type Type of printer is simply divided into local printer shared printer network printer and virtual prin
29. of a domain or open the admin share of it Click Cancel Installation to cancel the installation of the target host IF vou want to relogon input the account and click Logon Domaini JUser name Administrator Password kkkt Don t show it again Cancel Installation 2 The admin account is not shared via network To see if the admin account the ADMIN folder is shared you may use Command Prompt to check out the Status On the desktop of Windows click Start gt All Programs gt Accessories gt Command Prompt input the command line net share and you will see if the ADMIN folder is shared Below is an example ce Command Prompt icrosoft Windows KP Version 5 1 2600 CC Copyright 1985 2001 Microsoft Corp C2 Documents and Settings Administrator net share Share name Resource Remark Default share Remote IPC Default share C SWINDOWS Remote Admin ES E N Default share arketing Flan D 5Marketing Plan Top Secrets D 5 op Secrets Mon s C Documents and Settings Al1 Users Documents The command completed successfully If the ADMIN is not listed you can input net share ADMIN to activate the account sharing Below is an example 14 Q Chapter2 Deploy SurveilStar Employee Command Prompt Microsoft Windows AP Version 5 1 2668 lt C gt Copyright 1985 2001 Microsoft Corp C 5Documents and Settings Administrator gt net share ADMINS Share name ADMINS G2 WINDOWS Remote Adm
30. or CTRL key to move multiple computers or users at one time 3 Deleted Group and Unauthorized Group Deleted computer will be listed in Deleted group you can still use console to view all the data of deleted computer If you want to restore this computer to original group simply right click the deleted group and click restore If original group doesn t exist any more the computer will be restored to Unclassified group If there 1s no deleted computer Deleted group won t be displayed If the number of the agent installed on computers is more than your purchased license then some of the agents will be listed in Unauthorized group and the computers can t be monitored If you want to monitor these computers you may need to upgrade your license If the license 1s not yet fully used Unauthorized group won t be displayed 28 Q Chapter3 SurveilStar Console 3 3 3 Search Computer or User In computer list or user list right click on any point of the area and click Find to search computer or user or group You can also use menu File gt Find or press CTRL F key You can type displayed name computer name displayed username username IP address etc to search Then you can double click the result to open target computer or user or group Below is an example of searching users Find Condition Name ke Ordinal Name User Last Active Time Last Online a 1 anvsott ke anvsoft ke 2012 01 01 13 54 46 2012 0 1 01 2 Kevin K
31. policy 1 and the status matches policy 1 thus IP Mac propery can t be changed Note Change IP MAC Property System Restore and Netshare are only available to computers and inavailable to Users 6 3 Device Policy In SurveilStar Console click menu Policies gt Device click Add button to create a device policy Then you will see Property settings like the picture below 61 Chapter6 Policies and Advanced Policies Properties q x Properties Value Name Block Wireless Time All Da E Action Alet Alert Seventy Waming Message You are not allow Take effect while offline E Expiration Time lt Never Expire Storage E Communication Int eae E USB Device Network Devices E Others Wireless network Select al ia Audio equipments Virtual DVD CD R E Wireless network Anynewdevices E Description S51D teclink_111 The device control policies support the followings Storage Communication Interface Device Dial USB Device Network Devices and other devices Storage Floppy DVD CD ROM Burning Device Tape Movable Devices Limit the usage of floppy If you want to block Floppy check this option and set Action to lt Block gt Limit the usage of DVD ROM CD ROM and BD ROM If you want to block CD DVD Blu ray drives check this option and set Action to lt Block gt Then DVD drive CD drive
32. port classes Traffic Statistics Protocol Al Total Intranet To Internet To at All 25 6 G 14 8 G 10 8 G TCP 21 86 14 66 70G 4 UDP 3 86 24 9 M 3 76 Traffic Statistics by Computer IP Classes Using this mode IT manager can quickly compare the network traffic among the groups or the computers If a group or the whole network is selected you can click expand button to view the network traffic of each computer Traffic Statistics a a Computer AKTotal Intranet To Intemet To z a PFM 6 96 5 76 1 26 wy Server 586 586 340 9 K Fh AVC 37G 156 226 aby eBay 316 702 8 M 246 a ty JP 2 56 557 9 M 206 uly Developers 156 113M 146 aly Admin 11G 3224 M 817 7 M ah Design 566 3 M 105 4 M 480 9 M gy Channels 191 6 M 15M 190 1 M oly Mar 13k 5 KA rea mam hi Pie Chart Traffic Statistics by Computer Port Classes Using this mode IT manager can quickly find out which computer or group uses most traffic via certain ports 41 Q Chapter4 Statistics including TCP and UDP If a group or the whole network is selected you can click expand button to view more details Traffic Statistics 3 Computer AK Total TCP Total UDP Total Soe ety PFM 696G 69G 151M ol Server 5 86 586 0B ey AVC 376 34G 263 6 M q gy eBay 316 136 176 1 py IP 256 1 26 136 ty Developers 156 11G 4278 7 M ey Admin 116 11G 63M wy Design 586 3 M 5834 M 29M gy Channels 191 6 M 189 3M 23M cal Mar 1AM 132A KA IIRA ws Pie Chart q x
33. search a specific website and its category via any of these three attributes name of the application file name and description 101 Q Chapter10 Categories Move to Right click on selected website or category and click Move To select target category and click OK You can use SHIFT or CTRL key to move multiple websites or categories at one time 10 3 Time Types Categories Click menu Categories gt Time Types then you will see four default time types All Day Working Time Rest and Weekend i m x 4 Time Types Pesce Working Time Rest Weekend The administrator can modify these time types according to business actual working hours Click on a certain type to view time period and edit the range Blue shows the time range belongs to specific time class For example in the picture above working time hours are from 9 00 am to 6 00 pm from Monday to Friday In the time setting area on the right you choose the time range first and then set it to be blue or white You can click All to choose the whole day or click Mon to Sat to choose a specific day or you can choose anytime of all days and then set it to be blue or white In addition to the system defined categories the administrator can add and manage additional time categories Es Add Click this icon to add an additional time category and enter a name to it The default time range is
34. showed below If server time is abnormal dick the Trust button to confirm the server time if you trustit 2012 05 07 14 49 Trust 115 Q Chapter11 SurveilStar Tools 11 5 4 Agent Update Management Click menu Tools gt Server Management gt Agent Update Management select computer range and update the agent version to the latest or lower version E Agent Update Management Update Pack Update Settings Aleve agent downgrade to brae version Yer 3 24 0316 20 49 48 BB Destnbubon Period Sun Sat 0 00 odd Range BES Multi Lang t t F E fF d Elgh Channels u Hh Developers o Hgh Unclassified mE ehay H Design Fst Mac Hyh SurveiStar Paty PFM Pelt Server Hh Admin p Ad ave d fleets Logistics 11 6 Agent Tools Name Agnes Song Lee Ary Misa Li Alay bonny Zeng SERVER Jenny kaja Wang Zhnang Darsy Liu Wao Menger Shirley Larol far Nhult Lang Design ebay Developers Developers Server PFM blac eBay eBay Developers lac AVL birr A i IP Addes 192 168 158 159 192 166 158 145 192 168 183 195 192168 1 102 192 166 15 154 9216818599 192165 18 058 192 1581513 192 168 158 170 192 166 158 100 19216815145 192 168 198 176 192 166 185 199 2 a a y Vernon 3 24 0316 20 323276 3 24 0316 20 3 24 0220 20 3 24 0516 20 3 24 0316 20 3 23 2916 20 3 24 0316 20 3 24 0316 20 24 0316 20 3 24 0316 20 3 24 03
35. this icon Files can transfer from certain remote computer to the local one successfully Abort Transferring When transferring you can click menu Transfer gt Stop or click this icon to abort and it will display information with file transfer fails View Support to view as Large Icon Small Icon List and Details Local view and remote view should not be at root directory or cannot transfer files remotely Note Even you have set password on client you can get remote control through User Authorization But if you have created a remote control policy and set remote control to allow mode and checked authorization is required you choose user authorization as the only method to remote control and remote file transfer 93 Q Chapter9 Assets Chapter 9 Assets 9 1 Assets Classes Management SurveilStar assets management provides IT manager a better way to administer company assets including software and hardware providing a comprehensive assets change report to IT manager with the information of Operation Type Time Computer Group Type and Description and so on It does help to find out any abnormal change and take actions to prevent any potential harm 9 1 1 Description of Asset Classes and Asset Properties Asset Classes Asset classes of client machines include class of computer hardware software and custom Computer Some description of client computers including User computer name etc Hardware
36. to better administer company assets including software and hardware SurveilStar can record all installed software software change as well as all existed hardware and hardware change Asset change logs help IT manager to easily find out any abnormal software change and hardware change in earlier time and take actions to prevent any potential harm Recorded asset change information include Operation Type Time Computer Group Type and Description Select a computer or a group at first then specify your search conditions including assest type operation type and description Type Select hardware change or software change or both of them 52 Q Chapter5 Logs Operation Type Supported operation types are Add Delete and Change Software upgrade or downgrade will be displayed as Change Description Enter software name or hardware name to search Enter file name of the printed documents to search Wild card 1s accepted After specifying your search conditions click Search button to view the result Asset Change Logs Operaton Type io Add ic Delete Gadd T Add Add S Delete TO Change fy Add i Delete Add iy Add Delete S Add iL Add Delete Delete Change SF Add S Change T Delete Time 2012 01 11 14 49 12 2012 01 11 14 43 58 2012 01 11 14 43 58 2012 01 11 11 51 27 2017 01 11 11 51 40 2012 01 09 14 32 42 2012 01 09 142722 2012 01 09 14 27 21 2012 01 09 14 27 19 2012 01 09 13 78 47 2012
37. 01 06 1108 11 Kean Admin Kevin Cucusoft Video Converter OVD to pedi wwcucusefLcam do 2012 01 06 S Ei Kein Admin kenn WSO Software Video Converter amd Bura wwawseo solhwaretr 2012 01 06 10 41 12 Kevin Admin Kean Google Trends for Websites waww any v tnends google com websites q www any video conver 2002 01 06 Iik Kevin Admin Kevin Google Trends for Websites wwenany v trends googlecom websites q www any video conver Right click on any website and you can choose to print open URL and view property In the property dialog you can view Time Computer User Website Browser URL and Window Title as well as go to previous or next log directly 2012 01 06 11 52 44 Computer Kevin User KEVIN Website www ifreesmith com Browser firefox Exe URL www freesmith com Window Title Freesmith Freeware Free video converter video player freeware for windows Mozilla Firefox 5 4 Document Logs Document usage tracking is important to a company it helps IT manager to know all the document usage logs Once any confidential documents are leaked out IT manager can track the leakage source easily using SurveilStar s document logs 47 Q Chapter5 Logs SurveilStar has powerful document usage recording functions and can record all operations on documents including Microsoft Office Documents like Word doc docx Excel xls xlsx and Powerpoint ppt pptx Images like JPG BMP PNG GIF etc Text t
38. 1 Installing SurveilStar Server 2 2 Installing SurveilStar Console 2 3 Installing SurveilStar Agent 2 1 Installing SurveilStar Server SurveilStar Employee Monitoring software needs to work with Microsoft SQL Server to store and feed the collected data Please note that SurveilStar s setup file includes SQL Server 2008 Express Edition as the built in database engine it has a 2GB storage capacity limitation Microsoft SQL Server 2008 R2 Express is a powerful and reliable data management system that delivers a rich set of features data protection and performance The SQL Server can be deployed on a dedicated computer or any computer deemed appropriate to be used as a data server Please make sure you install SQL server and SurveilStar server in the same machine System Requirements OS Windows 7 Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 CPU Computer with Intel or compatible 1GHz or faster processor 2 GHz or faster is recommended for 32 bit systems 1 4 GHz or faster processor for 64 bit systems Memory Minimum of 512 MB of RAM 2 GB or more is recommended Hard Disk Space 2 2 GB or more SQL Server Requirement Note Before installing SQL Server 2008 R2 Express you may need to update Windows Installer Net Framework and Windows PowerShell 1 Download and install Microsoft Net Framework 3 5 SP1 2 Download and install Windows Installer 4 5 3 Download and install Windows Powe
39. 16 20 3239 21 6 20 223291620 3 24 0716 20 3 24 0220 20 3 24 0316 20 T y es Pa ee RAL Lise J SurveilStar Agent Tools includes Confirm Code Generator and Agent Offline Utility 11 6 1 When the agent computers fail to connect to the server for example disable the network card or a business trip but temporary need to clear policies or uninstall the agent by now is unable to establish the corresponding strategy through console Users can directly make use of agent tools to temporary clear all policies unlock agent clear security password and uninstall agent through Agent Tools Confirm Code Generator As to the detailed steps please refer to the chapter Uninstall SurveilStar 11 6 2 When the agent computer is offline and permanently need to uninstall agent or clear all policies for agent Agent Offline Utility clinking menu Tools gt Agent Tools gt Agent Offline Utility 116 Q Chapter11 SurveilStar Tools Agent Offline Utility Choose Operation Choose to uninstall agent or temporarily dear all polocies for agent Permanently uninstall agent C Temporarily dear all policies for agent Duration Min Time Effective se Tip n W434 ere mre 2077 05 07 11 7 Options 2012 05 08 Click menu Tools gt Options to view and modify the default values of console and server 11 7 1 Log Viewing Log Query Result Close Settings Real time Info Screen Monitori
40. 5535 and UDP port from 0 to 65535 and ICMP You can not only manually add the port or port range individual but also can specify category from the port classification by Enter a specified port should proceeded by TCP or UDP to distinguish TCP port or UDP port and if not it will consider to be a TCP port Direction Direction of network traffic when communicate Traffic from client computers to other machines is defined as sending traffic on the contrary as receiving traffic Limited Speed Limit traffic size with KB s as the unit which is invalid under the Unlimited Traffic mode lt KB s If Limited Traffic mode is selected when the speed exceeds the limit set to the client in the specified IP and port range or in the specified direction the client will pause the download upload until the average flow rate below a specified value so as to achieve the purpose of limiting traffic If Ignore mode is selected limiting the speed is invalid until you set the action alarm warning or lock computer When the speed exceeds the limit set to the client in the specified IP and port range or in the specified direction it will trigger the action set but will not limit traffic Bandwidth Policy Example This is an example which can help you better understand Bandwidth Policy The requirement is that when employee is on work ftp download is forbidden To achieve this you can create a bandwidth policy like below 1 Create
41. 65535 UDF Email Web Network share You are only allowed to modify and manage the port range of Email Web and Network share categories but not to the others In addition to the system defined Port categories administrators can add and manage additional Port categories and enter a port range E Add Click this icon to add an additional Port category and enter a name to it x Delete Click this icon to delete Port categories you added 104 Q Chapter11 SurveilStar Tools Chapter 11 SurveilStar Tools 11 1 Email Notification Settings SurveilStar can send alerts to specific mailbox once setting email notification helping IT manager to better administer usage of computers and assure their security whitin the enterprise 11 1 1 Settings of Email Notification Server Before using the email notification function administrators should set the email notification server first by clicking menu Tools gt Options and then choose Settings of Email Notification Server Options Console Settings settings of Email Notification Server Setting List Log Viewing ae ie Setting Real time Info Real time Alert Name From Matched Email E Server settings 7 Mail Server Anita gmail com hotmail com Data Cleanup Management Ranc Connection Directory Performance Error Log Automatically rem Settings of Email Notit Setting List There are six buttons on the upper right corner of the list Es
42. Add Click this button to create a new mail server 4 Delete Click this button to delete specific mail server Modify View and modify specific mail notification server P Sort up Move up the currently selected mail server Default setting would maintain at the bottom of the list and cannot be moved IL Sort down Move down the currently selected server Default setting would maintain at the bottom of the list and cannot be moved 105 Q Chapter11 SurveilStar Tools J Make Default Setting Make the currently selected mail server to be the default one Once successfully color of the default mail server would turn blue and the Matched Email would change to lt All gt automatically Cancle default setting Cancel default setting of specific mail server Note From top to bottom to match the mail server settings And 1f the rule matches use this setting to send a mail If all of the settings do not match would not send any mail Create a new mail server Basic Info Configuration Name Mail Server Send Server Info SMTP server IP Port SMTP Account Password This server requires a secure connection SSL Sender Mail Info Sender Address aris qmail com Display Name Anita Matched Mailbox Mailbox Collection amail com hotmail com Please input the email suffix collection in this field and separate each email suffix with a 55 E G hotmail com gmail com Proxy Settings Test
43. EVIN PC Thumbs db Wo 6S EOS TEMP Thumbs db F Create 2012 01 09 15 5744 SERVER Sarees 192 165 1873 EEVIN PC Thumbs db W92 168 18 99 TEMPS T humbdb A Modify M20 4 15 5703 SERVER Servet 192 168 18 178 REVIN PC Bussiness Fiial ppt VWES2 T6818 OF TEMP Business Rivals ppt F Create 202 014 15 5703 SERVER Servet 132 155 185 175 REVIM PC Business Frvels ppt WET 18954 TEMP Business Rivals ppt a Madly 2 0 i 2 3 SERVER Servet 182 088 15075 EEH PE taup av ire cnet VASP eR Se UPLOAD cetup_ av fret emelt Create SOF 0 6 2h SERVER Server 192068 18 178 REVIM PC eeiup_ov_free_cnet coe VS TE UPLOAD setup sv free crete 3 Delete 01 22 31 11 58 10 SERVER Serer 192 165 1807S REVIN Pl Srveilstar upade doc WISP igiissg TEMP irea upgrade dock Wl Modify Wii i 31 11TA SERVER Server 192 968 95 178 REVIN PC Srveilstar upgrade doce W163 oo TEMP Srvectctar upgrade dor Create 2000 12 41 11 7742 SERVER Serer 132 15318 Te REWIN PC veilstar upprade dock WEG 61 FS TEMP frea apgrede dock Mi Modify 21 12 31 11 22508 SERVER Servet 13215518173 REVIN PC SvaUpgraded 23 2916 20 2ip W163 16 09 TEMP StU p graded 25291620 zip _ Create 2011 12 31 112208 SERVER Serier 19215518178 KEWIHM PC Sve pgraded 23 2916 20 zip WEE BS IEG TEMP Ss Upgrades 23 291 6 zip Delete M1 12 31 112105 SERVER Server 19265 15 hs REVIN Pt yVideoConverter 1 docx W021 899 TEMP fy VideoC onverter l docn ai Modify O01 12 31 Led SERVER Server 192 168 5178 REVIN PC f ideo Convener
44. FARA IRE PFMPtU exe Fi Jenny Zeng product software Right click on an application log and you can view property And click Previous or Next button to view previous or next log Time 2012 01 10 11 07 33 Computer Amanda User Amanda Application AuralYDConvPro exe Type Start Path E Program Files Aura4ou Aura DVD Ripper Professional AuraDVDConvProexe Window Title 5 3 Website Logs SurveilStar Employee Monitoring Software can record all visited websites and detailed information including Visit Time Computer Group User Caption HTML Tile and URL Even if the users delete website browsing history on their computers the visited websites will still be recorded 45 Q Chapter5 Logs SurveilStar supports monitoring all kinds of web browsers including Internet Explorer IE Mozilla Firefox Google Chrome Apple Safari Opera Maxthon Avant Browser K Meleon AOL Desktop Sleipnir and many other browsers Website Visit Monitoring function can easily help you to find whether your employees spend time on unrelated websites such as online videos online games porn websites shopping websites etc Select a computer or a group at first then specify your search conditions including time and range URL or windows title Windows Title Enter your desired word or phrase to search website title Any visited websites that include the word or phrase will be listed Please note that wild card is not acce
45. Hardware classes of client machines including CPU Memory Modem Disk etc Software Software classes of client machines including Antivirus Application Microsoft Patches OS Windows etc Custom Define assets that cannot be automatically monitored such as switches routers desk etc Asset Properties Asset properties include class property and instance property Class property Statistical properties of certain class of assets Instance property Specific instance properties of an asset class Note 1 Computer class only includes class property because there is always only one computer 2 Software class and hardware include both class property and instance property 3 Custom class only includes instance property because assets belong to it are user defined 9 1 2 Asset Classes Management Asset classes management will display all properties of different asset classes Administrator can view all the attributes of a certain class of asset or manually add asset property Click menu Assets gt Asset Classes Management then the asset classes management window will show with all assets on the left and a list of properties on the right Property in the black font is class property and in the blue font is instance property 94 Q fil Asset Classes Management Qperation view E Xx SE Hardware Sef 1354 Controller Ml Battery g BIOS Bluetooth Y Bus Sa Cache cru j S Disk Drive Disk Parti
46. Setup File in File name w A Savais ty e Exe Files exe Cancel 12 Q Chapter2 Deploy SurveilStar Employee Server IP Name IP address of the server Static IP and Dynamic DNS are supported Silent Installation Check this option to install agent without showing any visible interface Account info Installing SurveilStar Agent requires administrator privilege Then you can try the account to run the setup file Save Setup File in Choose a folder to save the setup file and give it a file name 2 Copy the setup file to target computers agent exe Ocular Agent V3 3 27 1226 0 In 3 Double click the setup file to install the Agent 2 3 2 Remote Installation Remote Installation can easily deploy SurveilStar Agent to a massive number of computers in remote and batch mode 1 Launch the remote installer On the desktop of the server click Start gt All Programs gt SurveilStar gt Agent Remote Installer 2 Scan network to find computers By default SurveilStar only scans computers from the server s network segment If you want to extend the searching area go to menu File gt Scanning Settings and specify an IP range All computers available for remote installation will be listed with host name domain name operating system IP address and install status 2 Remotelnstaller Version 3 1 8 2527 For Windows NT 4 0 2000 XP KB File Operation About oe 2 H A Host Install Host Domai
47. TRL key to move multiple applications or categories at one time 10 2 Website Categories Click menu Categories gt Websites then you will see a window shows website categories information with all the categories on the left and detailed websites on the right All website categories and website identities should be added manually O E Qperton ew ee xs dB Wetrite Categories Harn Website ee AB evn bey thet cleae coen eevee iy ho then cae I nann aA ABP rn ty helper cg poate tty E pres coger werent ABD seve mpa dhed copy cee fare rae E oe 2 Fone A Bey iS Mats Cj Mirar CO SO Erer O hieni es O extend Petrrotlny i Tint D Velen E ara ae birg epia Pa bU Pay Cp CT D idm Pma AB ydh dekr ee You can add delete find move to and show properties if you need to better manage websites Choose root directory of website categories and then click the icon or right click and choose Add to create a new category and enter a name for it Choose certain category and add sub categories the same as above EF Add new category Choose a certain category and then click this icon or right click and choose F Add new website l l Add gt Website enter a name and the website address to add new website identity identity Support wildcard x Delete If you want to delete specific category sub category or certain website click the icon or right click on the item and then choose Delete Find Click the icon to
48. Task Manager click Processes tab and you should be able to find OControl3 exe if console installed OGuard3 exe and OServer3 exe choose them and click End Process Then run the upgrade package again 2 5 2 Upgrade Console only Log on to SurveilStar Console and it would track and upgrade to the latest version automatically 2 5 3 Upgrade Agent SurveilStar agents won t upgrade automatically after the SurveilStar server has been successfully upgraded You can upgrade via menu Tools gt Server Management gt Agent Update Management 2 6 Uninstalling Note If you want to remove the entire SurveilStar PC Internet monitoring system including Agents Consoles and Server please delete all SurveilStar Agents first Otherwise the deployed SurveilStar Agents will continue to run in those computers even though the SurveilStar Server is removed 6 2 6 1 Uninstall SurveilStar Agent from SurveilStar Console 2 6 2 Uninstall SurveilStar Agent from the Client Computer 2 6 3 Uninstall SurveilStar Console 2 6 4 Uninstall SurveilStar Server 18 Q Chapter2 Deploy SurveilStar Employee 2 6 1 Uninstall SurveilStar Agent from SurveilStar Console Only IT manager or senior supervisor with administrator access to SurveilStar Console can uninstall SurveilStar Agent Login to the SurveilStar Console right click on any selected computer or the entire network and choose Uninstall Agent from the pop up menu 2 Notify
49. Type of Operating System Open file Quality Connected Time Idle Time and Guest IT manager can close the session or close all sessions by right clicking specified items L Open Files Display with files opened by remote accessing computers and show detailed information including Name of Open file Assessed By Locked and Mode IT manager can close the open file or close all open files by right clicking specified items B Sessions It is available only in user mode If a user logs on to two or more computers at the same time administrator can view and manage real time shared folders of specified one via this button 8 1 8 Scheduled Tasks Click menu Maintenance gt Scheduled Tasks then select a certain computer and SurveilStar will show a list of scheduled tasks of client machine including Name Schedule Application Next Run Time Last Run Time status Last Result and Creator There is one button on the upper right corner of data display area B Sessions and it is available only in user mode If a user logs on to two or more computers at the same time administrator can view scheduled tasks of specified one via this button Delete Task IT manager can delete illegal scheduled tasks through the console remotely Select certain item and right click then choose Delete to manage scheduled tasks of agent machines 8 1 9 Users and Groups Click menu Maintenance gt Users and Groups then select a certain computer a
50. a Thay be SE eee See eel eur Feed figebe Favs CH Adobe Fuss E Pipe eels Ure Bae ee pee apap lest pat Liar Adobe Upetoter Hurip Leah Adobe trup Adab t flah Piper kision ire Adobe AR iriti fgebe Di tarvtared C55 Legt hiri gpi Agie Gripen pei i h kopie birir adphe E iht Peyar beiak Wn herotud Patia Adobe Flach E Mayer hialo Adobe AN Cbg Laentchen Adober E Fuh E Payer Fatali Ure Farki Adebe mug hgdebe AN britney Fos i Se E P PE y r iai baa You can add delete find move to and show properties if you need to better manage applications Add Choose root directory of application categories and then click the icon or right click 5 and choose Add to create a new category and enter a name for it Choose certain category and add sub categories the same as above x Delete If you want to delete specific category sub category or certain application click the icon or right click on the item and then choose Delete Q Find Click the icon to search a specific application and its category via any of these three attributes name of the application file name and description 100 Q Chapter10 Categories Property Double click a certain application or choose one and then click this icon then you can get detailed application information about the application as the picture below Move to Right click on selected application or category and click Move To select target group and click OK You can use SHIFT or C
51. a bandwidth policy 2 Select the Limited Traffic mode set IP Range as all set Port Range as TCP 21 set Limited Speed as OKB s Afterwards ftp download will not be allowed to employees during working time Note Bandwidth Policy is available only for the computer but invalid for the user 6 12 Network Policy Advanced In SurveilStar Console click menu Advanced gt Network click Add button to create a network policy Direction Physical communication direction including bi directional outbound and inbound Client machine actively connects to other computers is defined as outbound and on the contrary as inbound 72 Q Chapter6 Policies and Advanced Policies Port Range Set port range used in the communication which is all by default including TCP port from 0 to 65535 and UDP port from 0 to 65535 and ICMP You can not only manually add the port or port range individual but also can specify category from the port classification by Enter a specified port should proceeded by TCP or UDP to distinguish TCP port or UDP port and if not it will consider to be a TCP port IP Range Set IP address range of the communication computers which is all by default You can not only manually add one by one but also can specify category from the network address classification by Remote host has agent installed To judge whether the remote host is agent or not It would not judge if not checked Only after checkin
52. adacdadeudysiniiessiacanneseiussed S E ATAA NENTA E AA NS 23 3 3 COMPUTER GROUP AND USER GROUP acess oncksasictccdinseveedaiwendesdeaseveastecsdbalaeauiasovitedendsedasideatcaaiavedsedaiseetesdieteaatersenseacdermeianest 26 A 0s 62 6 0 Basra ne a ne E E E ee ee A E E nee 30 35 IY FUNCTIONS cesia acces sre EEE de se EE eae calanande cada untae E AE O E 31 CHAPTER G STATISTICS vosscscscseccvccceccavsauvacunateintetectwesenasnacanteasenteeretesncadcoveresecssdeseaesavasantelevtevetussevesstannsaverssaneesadannansssecante 33 AL POP PUIG RIO STATISTICS retyse sees ne testes urs Giese ane i EE E E EEE A EE N EES A A 33 Aa ANERE TA T ae E E E A estes ale A A AAA ceed eee 36 A TRA IC TATE aea A E E A atone 39 CHAPTER S LOGS auucgrn orii EE NEET cheese uiawedbeenseavasasanssatieucesees 43 5L PA EVENTO S orra a E E E E E A E T E E E EAA E ee 43 ope ame 22 aN 0 LOC rn A EA AE E AE E AO AN EA OANE 43 Sa ETEO E E AE E TA E ES 45 A DOTEN GS e a A E E EA S E E AAA AA 47 e AARE PILE EO a E A A E N E a O E A an aa stn E E E N 49 e PROIN LOCS a ate a a A A E A E wand A A A 50 57 AGP AANG E a AE A NAA EE A O A EE A AAT 52 o PO DO aa E E A E ee E A E S 54 S SMI VENT LOGE rran E EE E E A E E E TE 55 CHAPTER 6 POLICIES AND ADVANCED POLICIES sessesssessecesecsescsesseesecseessecsseoseccseseccssecssssecesecseecsecsseseesseeseesseoseeese 56 6 1 GERENAL INTRODUCTION OF POLICIES sais sassasaicenadsatwnseesniannseyaxdenoasssaedeondainiwawaasGedudeonaeden
53. address A specified IP address or a range of IP addresses are available Number of computer users If screen data is stored in SQL database file name would be lt SQL gt If screen data stored in the SCREEN directory file name would be the same as data of screen Double click a certain item or choose one and then click View to view detailed information of certain screen history 7 6 View Screen History Interface of screen history viewer Double click a certain item or choose one and then click View button when searching screen history Screen history viewer is very intuitive and easy to use and comes with powerful search functions As to screen history viewer s interface please refer to the picture below 87 Q Chapter7 Monitoring Gil Screen History Vaewer 2012 03 27 O05 Ja 18004 Password 7 2012 03 27 G9005 14 AHITA PC PY 192 16818125 Menu Entries to all screen history viewer s functions 2 Tool Bar Entries to the most widely used functions in screen history viewer 3 Search Field Choose search conditions including Application User and Screen to quickly locate screenshot you need 4 Time Scales Time scales of screen history 5 Screen display area Display history of screen snapshot Click menu Tools gt Save As Video Files and then you can export screen history into video files to your computer 88 Q Chapter9 Assets Chapter 8 Maintenance 9 Surveilstar can b
54. ages If you select a group all the online computers in the group will receive this message The message will be displayed on computer s screen and will be always in the front Users can simply click OK to close this notification We will have a meeting at 4 30 this afternoon 3 4 2 Lock Computer and Unlock When an IT manager notices that agent computer is abnormal or the user is doing something wrong he can lock the computer Once the computer is locked mouse and keyboard on the locked computer can t be used And a dialog shown as below will be displayed on the screen of the locked computer A You are locked by system If you need to unlock this computer now select the computer at first then use menu Control gt Unlock Please note that both locking and unlocking require password You can also lock multiple computers or a group of computers 30 Q Chapter3 SurveilStar Console 3 4 3 Log Off Power Down and Restart IT manager can also remotely log off shut down or restart the agent computers if necessary Simply use menu Control gt Log Off Control gt Power Down or Control gt Restart to take the actions respectively 3 5 Auxiliary Functions You can export any recorded contents like applications logs documents logs web logs assest change logs application statistics web statistics instant messages emails etc as web pages htm html Microsoft Excel files xls and CSV csv files You can also pr
55. ailbox is disabled so standardize the usage of email but also control outgoing mail strictly To achieve this a set of strategies is a good choice For example 1 Create an email policy and set block to all emails 2 Create another email policy and add specified sender of email to Allow mode such as from teclink com hk Afterwards only email address contains teclink com hk can be successfully sent Note 1 Email policy is available only for the computer but invalid for the user 2 Email policy can only support to control email sending but not receiving And temporarily does not support webmail and Lotus mail sending control 6 14 IM File Policy Advanced In SurveilStar Console click menu Advanced gt IM File click Add button to create an IM file policy File Name Control name of files when transfer by instant messaging tools and multiple setting is available by using semicolon or comma to be as a separator Support wildcard Limited Size gt KB Only effective in the Block mode Set a limited size then file size greater than or equal to the value 1s forbidden The value ranges from 0 to 100000 KB Backup Choose whether to backup the sending files IT manager can view or save the backup using menu Logs gt Document in SurveilStar Console Only after selecting backup can set the minimum and maximum size below and files will be backed up within this range Minimum Size gt KB The minimum size of ba
56. ame time administrator can view and manage system services of specified one via this button Start or Stop Services IT manager can start or stop services through console remotely Select certain service and right click then choose Start or Stop to change status of the service of agent machines You can also right click and choose a startup type to specified service from the three types Automatic Manual and Disabled 8 1 6 Disk Click menu Maintenance gt Disk Management then select a certain computer and SurveilStar will show a list of disk partitions and usage of client machine including Volume File System Capacity Free Space 90 Q Chapter9 Assets and Usage There is one button on the upper right corner of data display area Sessions and it is available only in user mode If a user logs on to two or more computers at the same time administrator can view disk condition of specified one via this button 8 1 7 Shared Folders Click menu Maintenance gt Shared Folders then select a certain computer and SurveilStar will show folders shared condition of client machine including Folders Path Agent Connections and Comment iz Shares Display with folders shared by certain monitored and IT manager can stop sharing by right clicking specified items amp Sessions Display with detailed information about remote machines which access to shared folders on certain agent computer including User Computer IP address
57. asic Information Trafic IP Adcress 12 169 5150 197 166 158 176 13116218147 19116618153 1521615155 SIIH 1521618165 19716415155 1921681817 197 168 1599 19216818 178 1927 160 18 113 192 160 5144 19216818 167 19716414153 Select a user name to view user s basic information D5 Widows 7 Heme Primam E Widows 7 Uitimate Edition 3 Wiridows AP Professional 32 Windows MP Professional Ii Vidoes 7 Home Prerna E Widows AP Profesional 33 _ Windows AP Professional 3 Windows T Utimate Edition 3 Windows MP Professional Ki Windows AP Professional 3i Widows 7 UStumuste Ecietion Windows MP Professional Bi Wedows 7 triste Edition 3 Andes MP Professional 32 _ Windows AP Professional 37 a T 1 Rumning O Giir i Offline L Rannig 1 ming 1 Ranning 1 Henning 1 Pusrininey g Offline 1 Ranningfida 1 Ranning 1 Menning 1 Ruining 1 Renning 0 Offine The Whole Network 31 39 27 ee ee ee oe os IAEE Rey 20 adhat Rev 20 JIENA Revo TARAL Rev 20 729 2916 Fev 20 S316 Rey 20 J232916 Rev 20 LAAG Rev BS Revd ISIE Revs SST 2306 Rev LEZE Resi 3232916 Rev 20 323 2916 Flee TERIS Rev fe 192 168 18 59 Q Chapter3 SurveilStar Console Heer Mi d T Audit Events Log A Basic Policy W The Whole Network MET EFT Unclassified a Basic Application Web Traffic CS Administrator 3 S ES Basic Information fi anv 2 Name Va
58. ation policy Then you will see Property settings like the picture below In the following example you can see that all the applications sorted into Entertainment application class are blocked in all time alert and warning message are also set for administrator and users 64 Q Chapter6 Policies and Advanced Policies ax Alert Severity Low Waming rr Waming Message Lock Computer IE Take effect while offi TEI Expiration Time lt Never Expire gt Application sohutv exe thundery Application Ef sohutv exe Ef thunderva exe Ef xmp exe Ef sohuva exe Ef tudouva exe EY filmeveryday exe Ef uutran exe EY yigidient exe Ef pipiplayer exe Ef ppap exe Display hierarchical relationship There are four buttons in the dialog which are Import Add Application Classes List and Delete It s just the same as the setting dialog that was previously discussed in Application Logs chapter Please check Application Logs for more information 65 Q Chapter6 Policies and Advanced Policies 1 Direct Input Application Name In the Application Setting windows click the button to input the application name directly e g thunderva exe If the user changes the application name to thunder123 exe it makes the policy not effective anymore because the input only matched with a string To avoid this problem use the following method 2 2 Select from Application Categories In the Application Setti
59. ations and many more You can even lock the target computer if potential sabotage is out there Protect intellectual property and business secrets Prevent and stop sabotage and data theft Prevent Internet email abuse Reduce workplace slackers Improve efficiency and productivity 1 2 Features SurveilStar provides unmatched and comprehensive features to help you solve most of the intractable problems which are caused by the extensive use of computers in offices Features What you can do with it Application Management Blocks specified applications Records application running Gets intuitive statistical report Website Management Records all the details of erery visit Blocks unwanted websites Gets accurate statistical report on site visit Network Management Blocks unauthorized connection Stops network intrusion intruder Gets intrusion notification Specifies permitted computers or IPs IM Management Records who they talk to Records how long they spend on chatting Shows who chats most Blocks file transfer via application Screen Monitoring Real time screen monitoring VCR stytle payback Multi screen monitoring Q Chapter1 Introducing SurveilStar Email Management Records emails in and out Blocks specified attachment sending Blocks specified users from sending emails Blocks sending emails to specified domains recipients Document Management Limits file access Records all document operations Backs up fi
60. c and generate a stastistics immediately There are four buttons on the upper right corner of data display area IT manager can select traffic statistics modes Currently there are six modes available They are By IP By Port By IP Classes By Port Classes By Computer IP Classes and By Computer Port Classes Select network direction sent or received Expand sub classes or computers in a group View all networking traffic or check top 10 or 20 traffic items There are six website statistics modes Traffic Statistics by IP Traffic Statistics by IP will list traffic sum total TCP traffic and total UDP traffic of each IP 39 Traffic Statistics by Port Using this mode networking traffic of both TCP and UDP will be listed in descending order If you find Q Chapter4 Statistics Traffic Statistics IP Address Al Total TCP Total UDP Total 192 168 18 99 5 7 G 57G OB 4 19 168 18 164 556 556 OB 1 192 168 18 254 316 316 OB 223 255 176 204 521 7 M 521 7 M OB 130 158 6 86 483 8 M 483 8 M OB 119 147 178 15 389 6 M 389 6 M OB 130 158 6 83 270 5 M 270 5 M OB 4 130 158 6 87 267 9 M 267 9 M OB 70 34 209 70 179 5 M 179 5 M OB 133 60 196 145 178 4 M 178 4 M OB 4 70 34 209 66 166 8 M 166 8 M OB 137 275 99 249 157 2 M 157 2M 0B 4 83 169 50 180 134 0 M 134 0 M OB 19 168 68 254 123 6 M 98 7 M 24 9 M 411310747 121 100 0 M 100 0 M 0B abnormal networking traffic from some certain ports you can block or li
61. can view property with information in detail Property Mage E JEE Aai Bo de oe eet the tee i i Instant Message Computer User Tool Type Ta Local ID Local Nickname Contact ID Contact Nickname Sentences Q Chapter7 Monitoring Screen Snapshot Instant Massage Erai Instant Message Tons Competer Local User Contact User Beginning Time Ending Tim Statarants ey sKvPE Agm areveoltp rachel pery MOLE HA MOLTO ae a haere igne arevsott jp Kisteche Samual J0LA 0F 3i 1525 EST SE Agnes anveottjp emye MEU OMS EA seve Agnes anevsottjp bpa Panjani 02 03 14 130603 22 07 31 150730 14 Ehte Agn anecottjp TE Sohu A207 113 02 03 30 eS 17 GA SKYE Agnes anveott jp TK Manna Bers 2203 30 iLa WA l Eate Agni anveett jp te Freonceseo SULPOF3L10TIS DALLAS 7 SKYPE mgrind antip TE Dihan O 2012 02 32 11g P01 F 0F 3E VALI 2 Ere ayn arepott jp amr HOLAAA IENS OSL ENG e Ei sYPE Agnei arvtoftjp AHV Translsborm Q0L2 07 30 IPM MLD pA EE Agnes anytoftjp Aliender Pols M2013 ARELAS Mas Eysevee Agnes anvoothip GESERT of SHE MLEOR 12 192709 ALDF IIANAI 2 Eip gnas anvecttjp Mindi Toney SPE LE TRS MEL Timpe Agnes anveottjp TE Toney Ahuja SOL 413 13 165751 Hiina J severe Agnes anor tp TE Richa SL 2 05 13 ii MSF 15 SS od SE Agnei anveottjp ale Iqbal BU20 13124982 MPG 8668 SEA Agiti anapalp duleranhred ALOL 10S M1019 TS a eh aKYFE Agnes anveeltjp Abu Abduvah DU2G 130kMIS DOG of EMsKvRE mney a
62. causdadnaedeantenssdebsabadoaateesoasndacsedseancows 56 oa BA POO rape cect a T cere ag E A A E E eee ess dea asedeeee 59 Ce D FNC aa A A A A T E T TA 61 oA RP UNC TMI POLIC orere EEEE E E T A EE 64 CS WERTE POLICI ornari A E E E aecenueem 66 O6 SCREEN SNAPSHOT POLICY ssspsireereri stiri ra E ESEON ETO SAANANE EVENAAR EEA 68 Ge ES C11 CA POLIC A A ATEA AEE AE E OT A EEA TTA eee 68 D e REMOTE CONTROL POLICY srpspaieteit ti inier e ERE E NANEN E ET EET EE IT NEEE EEEE 70 CE AER ONC e E E E ean anne seein E E E E 70 6 10 AGENT CONFIGURATION POLICY norisei a a a a a 71 6 11 BANDWIDTH POLICY ADVANCED juxeactoncessisdeeiicscudessivewlaacieaoaeabeaca inde elevessayabiada wellauduasioiacusadavacsanunsawiaiequiatveunases tanstaneutedantis 72 6 12 NETWORK POLICY ROVING Daa scasaacssieciey anrodscars cnn fo5aacssrnnaiaiats a ners caste a sa ales AEEA SA aaare tear ced EN TE Eai ESNEA iai 72 6 13 VENIAM POUIGY ADVANCED pt iseareatherraasnversectatinsrsnnre oni oh asses aaa e aaa ada RR 74 UI EU POI SE cere cacece ica caieesz vente arainn ETEEN AEAEE KERRE ORAS ANR EENEI EEEREN deena EAEEREN 75 6 15 JPEOAD CONTROLPOLICY ADVANCED icaccisancniccsnsssnueiaainagesacuussnsdadciadaiuueasancaldansnbuedanese aaia a A a 76 6 16 DOCUMENT POLICY ADVANCED scssxsssdeesninassonsnsendnesnsasendwediondosinsammsenwsevasedlesqenineeceittesieed amassenesaendnnseacvansuanadaneraeesioneesladmnasaesuie 77 6 17 PRINT PONCY ADVANCED cx ccisicisedunusathconniaensact
63. ce Managemen Restrict user to use Event Viewer Performance Logs and Alerts and Shared Folders which located in Computers Management Restrict user to use Task Manager When this option is checked and policy execution action is set to lt Block gt Task Manager on agent computers will be hidden Restrict user to use Regedit Limit access to Command Prompt In Windows 95 98 and ME it s command exe and in NT or later systems it s cmd exe When this option is checked and policy execution action is set to lt Block gt the process under Run will not be run when OS is starting up Log off or restart is required for effective RunOnce means that the process only run once when OS is starting up it will not be run again in the next startup When this option is checked and policy execution action is set to lt Block gt the process under RunOnce will not be run nextime the OS is starting up Log off or restart is required for effective Restrict user to modify the network property property Display my network places Modify internet options Default netshare Netshare Add netshare IP Mac Binding Change IP MAC Property When this option is checked and policy execution action is set to lt Block gt My Network Places will be hidden from agent computer Log off or restart is required for effective Restrict user to modify Internet Options settings When this option is checked and policy execution action
64. ck menu Maintenance gt Processes then select a certain computer and SurveilStar will show a list of all running processes including File Name PID Time Session ID CPU CPU Time Memory Virtual memory priority Handle Thread Count and Path There are two buttons on the upper right corner of data display area B Sessions and it is available only in user mode If a user logs on to two or more computers at the same time administrator can view real time processes list of specified one via this button Stop track If you click this button process list of monitored computer will automatically refresh and display You can check and modify the interval by Tools gt Options gt information End Process IT manager can end processes through console remotely Select process not available and right click then choose End Process to close specified process 89 Q Chapter9 Assets 8 1 3 Performance Click menu Maintenance gt Performance then select a certain computer and SurveilStar will show a list of its performance including CPU Usage Memory Usage Sum Physical Memory Commit and Kernal Memory There are two buttons on the upper right corner of data display area B Sessions and it is available only in user mode If a user logs on to two or more computers at the same time administrator can view performance of specified one via this button Stop track If you click this button performance of specified computer w
65. ckup files Maximum Size lt KB The maximum size of backup files Tools Choose instant messaging tools to control such as MSN YAHOO Google Talk SKYPE TM UC RTX POPO ICQ QQ and so on You can checking All to control all IM tools IM File Policy Example The requirement is that when employee is on work file contains specified keywords cannot be sent via instant messaging tools To achieve this a set of strategies is a good choice For example 1 Create an IM File policy to allow but make a backup when files sent via IM tools 2 Create another IM File policy and add specified keywords for File Name Afterwards only flies do not contain specified keywords can be successfully sent and backup IT manager can check if sending files are legal through document logs 75 Q Chapter6 Policies and Advanced Policies 6 15 Upload Control Policy Advanced In SurveilStar Console click menu Advanced gt Upload Control click Add button to create an upload control policy Transfer Type Http protocol Limit Size gt Byte Website Ftp protocol Limit Size gt Byte File Name IP Range Upload Control Policy Example The default 1s Upload No other option Check the option and SurveilStar would control upload via Http protocol Only enabled under Block mode Block upload if file exceeds designated size The default 1s 102400 Byte Control uploading or submitting files to designated website By default it is s
66. d By Group a Expand sub classes or computers users in a group It s not available to Detail Mode View all records top 10 records top 20 records or custom display recording numbers There are four application statistics modes Application Statistics by Category If you want to generate application statistics by categories you may need to sort the applications into classes according to your need Click menu Classes Management gt Applications to manage your application classes There will be 3 columns which are Class Time and Percent By default both time and percent will be listed in descending order Basic Web Traffic Application Statistics Class Time X Percent C Running Time 296 58 59 _ Active Time 2353 48 03 100 Browsers 1200 24 45 51 0 Unclassified 45 49 42 19 4 __ Adobe 21 20 52 g0 CIM Tools 18 53 08 8 0 _ MS Office 11 32 34 49 C File Tools 08 51 28 3 1 __ DVDSmith 02 08 07 0 9 _ Anvsoft 01 48 46 0 7 C Download amp Upload 01 11 22 0 5 __ Developers 01 00 19 0 4 C Others 02 18 09 0 9 Under the data display area you will see a chart for the application statistics above Bar Chart or Pie Chart can be used 33 Q Chapter4 Statistics Bar Chart Da Chart a x ME 15 2410 Fis Ci Dreisi d Upka E Dion Ba Ont Pie Chart EOCOBSEOEEE Application Statistics by Name Application statistics by name will show you detailed application names Using this you can
67. d hardware information of specified computer W Asset Information Anita Operation Show View rl A 3 Em Nar Content lt p Es BEJ Surremiary ANITA PC i 3 fab Logon Lir Arita PE Anita aon BE Doran WORKGROUP Oe ee een Fajlast Scanned Time 2012 04 01 1420 38 fab Machine Marne AMITA FC ot Dek Partition E Display Adapter Ej Notebook ia I a DVD CD ROM Doia Keyboand H ag Leger al Disk DEE Memory pie Modem E a Wiomior amp BB Motherboard E PA Houte oE Neterork Adapter F FF Ports 0 Sound Card il HE System Sigi M ot USS controller Choose certain hardware asset you would like to know and its properties will show on the right You can add new property to custom assets via Operation gt Property You can view other assets via Show gt All or Show gt Software Query Hardware Assets Click query button GY on the upper right corner of hardware asset display area and specify search conditions including name range conditions and result lists to search specific hardware assets 96 Q Chapter9 Assets Query Conditions Hame Range The whole Network Conditons SetDefaut x Range Range about compute It is computers within the whole network by default and you can click to choose one certain group of computers Add button Click this button you open a window for condition setting including properties logic and value Delete button Delete conditions setting
68. ding Time Computer User Printer Connected PC Task Paper Size Orientation Pages Recorded Pages Application and Window Title Below is an example of printing Any Video Converter homapage to PDF with Adobe PDF Converter s virtual printer 51 Q Chapter5 Logs Time 2012 01 11 13 41 27 Computer Kevin User Kevin Printer Adobe PDF Virtual Printer Connected PC KEVIN PC Task Video Cony ew Painted File Paper Size Letter Save Printed File Orientation Portrait Pages 2 Recorded Pages 2 Application and Window Title firefox exe Video Converter DVD Ripper Any Video converter The versatile video converter for iPod iPhone PSP Zune cell OK Cancel Help Note Printing task has a backup copy You can click copy button to view printed file or save printed file View Printed File Click View Printed File to open printing viewer You can zoom in or zoom out view slide one by one and save the picture in the viewer as JPG file Save Printed File The printed files are saved as JPG files Every page will be saved as a JPG picture So there will be multiple JPG pictures when there are multiple pages in the printed task 5 7 Asset Change Logs In a company there may be some software changes and hardware changes Some changes do not matter but some changes may bring critical problems Thus software management and hardware management are very important It also helps IT manager
69. e Penta lie oa ee Rasmils Fone a keny PERT RIS sel 23E Cilike JAR AppOats Roaeming heer Faced Che iret Chntuidi nes Ince Er Ai Ei FAHI LEE Uber Appa Rm Pil fine ft Det ura Lega D Amkadi PFM Arania POR prii docr SES Cilk Amandi Omiiiegp POMA arma Fume WTR DLE POR iiil daca ferry Priel FE Local Sate THEE Cie VRS ApphatrlecaliGecgle Feed thepma ae Dipa Teele fack Dhang Taree lopert Ihing oltre je Ee BE Cellestien l peme Ford notepad oe Eran non arin do bach FRB SADDLE Se o Pabetiacrerh Teese ee fae Adobe Drea fe Guoging Developer AheOFT mihia dll SEB hitpulPO2I6E 1191 2 eenphost Pbehancerk opatem Checktinesd Ope Agnes ip Areeec4t jp Papel eS boss IAEE CG Ueno jo el ta Be Fed freio Bury ny Bhs rry C Disg Laa ehas 4idrrerestra ein KaPi LIEKE hipi payment ebam en eiaa Peeri rcheom e e eBuny ede Diets benny PFR RIS Preferences Adee Cale IRE eppGats lLoceiGoogle Faved chr one eae SUE SLE eg Kenn denin ein docbeiug dl JE ER eae un Perhari Deea mp EEEE Adobe Onegrrectun henri PFR IRIS ton Sa SCS Calend Appia Aoamingi ina Paced firelon eae bos iliam Yate AgnH JP Amatia FiealP lp et EE icpregqeirm Mbetiecalieealplayper Heal Fened Fie P hey tat Disisy Lea cay Adme sani APill LIE itp b bulk ebr tem veo ebay Pirih cheorettat hey Ey bhreage Right click on a document log and click Property to view detailed information of this document operation Time Computer User Operation Type File Name File Type Size Drive Path Application and Wind
70. e confirmation code for agent gt Email Report Agent Update Management SS Authority to operate computers and users Including Add Computer User Group Delete Computer User Group Rename Computer User Group Move Computer User Group Move Computer User and Rename Computer User and other authorities Control Authority to control agents Including Notify Lock Unlock Log Off and Power Down Restart and other authorities Statistics Log Policy Authority to view statistics results Including Application Statistics Website Statistics and Traffic Statistics Authority to view specific logs Including Basic Events Log Application Log Web Log Document Operation Log Printing Log Asset Changes Log Policy Log System Events Log Backups and Shared File Log Authority to view and modify policies Including Basic Policy Application Policy Website Policy Device Policy Screen Monitoring Policy Bandwidth Policy Logging Policy Email Policy IM File Policy and other policies 109 Q Chapter11 SurveilStar Tools Monitoring Authority to view and export results of monitoring Including Screen Snapshot Email Instant Message View Screen History and Export Screen History Maintenance Authority of maintenance operation to remote computers Including View Remote Information Remote Operating Remote Control and Remote File Transfer Assets Management Authority of assets management Including Qu
71. e default directory Restore current contents to the default installation path A New directory settings Click the button and choose a new path to specific data type Please note that New settings will not be effective until the server is restarted Set the process capability of server The range is between 0 and 100 Server will change the process capability dynamically based on the load Choose process mode of server from one of the three levels Normal Low and High Normal The average occupancy rate of the server for the database process is 30 Low The average occupancy rate of the server for the database process is 10 High The average occupancy rate of the server for the database process is 50 In General in the dynamic mode the better the performance of server is the more the process capabilities are 118 Q Chapter11 SurveilStar Tools Error Log Logs gt System Only when you enable the function can check error logs while agent is being Event validated in the console by clicking the menu If enable choose a lowest level of error message to log from one of the five All Low Moderate High and Critical All Log all error messages Low Log when response from agent is not expected results Moderate Log when license is unauthorized High Log when Serial Number is wrong Critical Log when computer excludes the range and cannot get server verification The stability and security of server will be seriously affected as m
72. e hate wien EEO SERENAN EE TAE EEEE een ENTE SEE 112 TLS SERVER MANAGEMENT sevsin Teener e AAE E EEE EE E S A E a 112 A AN TO a A EAA O A E ATE 116 E OPTION A E E E AEA E AEE EE OE E E O E EE OA 117 Q Chapter1 Introducing SurveilStar Chapter 1 Introducing SurveilStar 1 1 Overview SurveilStar powerful IT management software is used to protect your valuable data mange employee s computer usage and online activity and ease system management It effectively safeguards intellectual property improves work productivity and reduces IT management workload for organizations of all sizes SurveilStar records and controls all computer and Internet activities emails web sites chats and instant messages program activities document operations removable devices printers and many more Stealth mode all around records and reports real time multi screen snapshot monitoring dynamic PC Internet control strategies all these combine to build a complete solution for protecting your intellectual properties and business secrets reducing slackers prevent Internet and email abuse and related potential legal liability and improve productivity What s important SurveilStar puts you in control Whatever you can monitor you can control it You can control certain computer s access to websites filter outgoing files via IM block email attachment disable movable device drive cancel unauthorized file sharing prevent changing system configur
73. e used as centralized computer maintenance system to manage and control monitored computers hardware and software assets with remote control having a secure and full remote access to any monitored computer giving a hand to resolve their computer problems quickly and remotely rather than making long distance suggestions They also have a freedom to control and manage client through console including applications processes performance devices services disks shared folders scheduled tasks users and groups and software 8 1 Remote Computer Maintenance 8 1 1 Applications Click menu Maintenance gt Applications then select a certain computer and SurveilStar will show a list of all running applications with the currently active application displayed in dark blue bold There are two buttons on the upper right corner of data display area B Sessions If a computer is logged in two or more users or a user logs on to two or more computers at the same time administrator can view real time application list of specified one via this button Stop track If you click this button application list of monitored computer will automatically refresh and display You can check and modify the interval by Tools gt Options gt information End Task IT manager can end application tasks through console remotely Select application not available and right click then choose End Task to close specified application 8 1 2 Processes Cli
74. e will add a default name automatically and administrators can customize it Email Subject Give subject to the report sending mails Max No of Alerts Each mail contains a maximum number of alert information Alert Exceeds the number will be sent in next mail The default value is 100 Min Alert Level Choose one of the three alert level Low High and Critical Send Interval Min Specify the time interval for sending mails The default value is 30 Min To Email address to receive the alert notification Send Test Email Test the mailbox above can receive alert notification mail or not Send as attachment Check this to send notification mails as attachment If not mails will send as text Unzip Password Send a zip file as an attachment and the file can unzip it with the password 107 Q Chapter11 SurveilStar Tools Alert Type Select alert type from the alert type list including Application Policy Website Policy and Printing Policy and so on Computer Range Specify computer range of email notification User Range Specify user range 11 2 Accounts Management System administrators have the highest authorities and can use all the functionality within the system They can allow other managers to perform certain management functions by creating new administrators Click menu Tools gt Accounts M then the accounts management window will show with all the currently existed administrators on the left and 4 functional mod
75. echtm WS 2002 00 06 14 21 41 Kean Admin Kevan Free PowerPoint to AVI Free PowerPo 9 wan elfectmatra con PowerPoint Video Converter Fr i OL 14 02 Kean Admin Kean ppt te video converter Google Search httpay wenw google com schents psy abechl enine i 2002 01 06 14 19 08 Kean Admin Kevin PowerPoint to Video Converter Free dow 9 wenwoliseft com ppt softwarehiral WB 2012 00 08 14 1886 Kevin Admin Kevin Hilisoft Video Converter DVD Ripper Pa wennliceft com i 2012 00 06 14 1728 Kean Admin Kean PowerPoint te Video convert PowerPak wewdvd ppt cideshow com ppt to videos g 2002 01 06 14 17 17 Kean Admin Kean ppt te video converter Google Search hitips wew google com Sechent psy abithls enire g 2012 00 06 14 15 39 Kean Admin Kevan ppt te video converter Google Search http www geogle com Sechent psy abihi eniris E 2012 01 06 14 1404 Kean Admin Kean PPT te OVD Converter Convert Powe wanwwondershare comy pro pptidvd pro htiml We 2002 01 06 14 03 27 Kein Admin Kean 4Videosolt Video Converter Tools Best wawbvideosoft com 8 2012 01 06 11 54 32 Kevin Admin Kevin Download Video Teals DYD Tooli Pow wawJleroolt com BS 22 01 06 11 5244 Kean Audion Kean Freesmuth Freeware Free video convert www ireesmithecom i 2012 01 06 11 19 32 Kevin Admin Kein Cucusoft Video Converter DVD to ipod i waw googiecem we 2012 00 06 11 1827 Kevin Audinnin Kevin Cucuooft Video Converter DVD te ipod i wawcucueef_com 2 2012
76. ecify printing application to search Many applications allow users to print and here you can search the printing logs from your specific applications Click button to open the setting dialog The settings are same as what is explained in former chapter of Application Logs In printing policy you can enable recording printed contents Once printing recording is enabled there will a backup copy for any printed documents In printing logs the printed files which has a backup copy will be displayed sightly different Below is an example of files printed by a virtual printer di Virtual Printer After specifying your search conditions click Search button to view the result Printing Logs Panter Type Time Computer Group Liser Printing Task Panter Name Pages Caption Apphcation cg Vua Pomer 2012 01 11 134127 Kein Admin Kevin Video Converter OVD Rip Adobe PDF Z Video Converter fireloxexe iQ Shared Pinter 2012 01 11 Liam Kevin Admin Kevin Microsoft Word Anveoft VISAIS IEN N Brother 1 Arviot Contact WINWORD ERE A Virtual Printer 2012 01 11 12 45 kevin Admin kevin WaZ IESI wwr Adobe FDF 3 Adobe Drearmwe Dreanweaverere D Shared Printer 2002 01 12 13751 Kevin Admin Kevin Test Page VIS2 16518113 Brother 1 Add Printer explorerene gai Shared Printer 012 01 11 13117 Kevin Admin Kevin Test Page VWISZIGSIESVOKT OOF l Add Printer explorer ene Right click on a printing log and click Property to view detailed information inclu
77. ed number of days Specify days between 5 and 365 Set different days for keeping for different data type from one of the three settings Global Setting All and Custom Global Setting Follow the global setting All Keep all data of specific data type Custom Specify days to certain data type Search Range Specify a search range When there is agent not actively connected to the correct server the server would start initiative polling searching agents in the range Exclude Range Specify an exclude range Agents in the range are not allowed to connect to the server Connection Bandwidth Specify the limit sending and receiving speed between server and agent Generally settings between server and agent Active Poling Directory Directory Objects Directory Settings Performance Fixed Mode Dynamic Mode use in VPN networks If enable the server will take initiative connection to agents within authorized licenses by port 8235 Records including data cache emails screen backups and print are stored in following default installation path and directories DATA ZTEMP MAIL SCREEN DOC and PRINT Administrators can change the directory but the previous data will not move to the new one automatically Need to stop the service first and move manually and then restart the service In our latest version 3 24 we store many records in SQL Server directly and do not use directories MAIL SCREEN DOC PRINT any more A Restor
78. ee 7 Complete the SQL Server 2008 amp SurveilStar setup Click Finish to exit setup if Setup SurveilStar V3 Completing the SurveilStar V3 Setup Wizard Setup has finished installing SurveilStar V3 on your computer The application may be launched by selecting the installed icons Click Finish to exit Setup Other SQL Server Options SurveilStar can also work with free SQL servers including Microsoft SQL Server 2000 Desktop Engine MSDE 2000 SQL Server 2005 Express Edition and SQL Server 2008 or R2 Express Edition as well as work with professional SQL Servers including SQL Server 2000 SP4 SQL Server 2005 SP1 or above and SQL Server 2008 or R2 or above You can choose the one you need 2 2 Installing SurveilStar Console The installation of SurveilStar Console uses the same setup file as installing the SurveilStar Server Select SurveilStar Console when prompted to select components and then proceed CET Select Components Which components should be installed Select the components you want to install dear the components you do not want to install Click Next when you are ready to continue Instalator Brver gng Lonsole Console Installation Only Custom Installation TP eicroasatt SOL Server 2008 Express Eqito E Install Agent Module on Local Computer Current selection requires atleast 34 5 MB of disk space 11 Q Chapter2 Deploy SurveilStar Employee 2 3 Installing SurveilStar Agent
79. eesceusscesacsceuacesscessessucsesens 92 CHOPTER S SSE US E E E EEA E T O ii 94 9 1 ASSETS CLASSES MANAGEMENT siiesasunereussdasnitadexducssieivicsaenenausdsiesinddvaciandsbos sluvensnentasiaenvnasensbniecsawaslsapnnaaniuasnaieeddansasentxauebarsiasnsatres 94 9 2 HARDWARE AND HARDWARE CHANGES occsi apstensdaaawaoautadintmeceaeunulytraaw adds sareinnyexammwndianseviedsanebecsuanrnnimeietanwevaranansemouaueRennvends 96 9 3 SOFTWARE AND SOFTWARE CHANGES ccacaw cvatranisycarcasissiadnat nonnisi do ANNASA NE NNNNA SAKANTE ONEAN NSSE TNA a Aai 99 a OTOA E a A NE EAA I AEE AEE OA EEE E AE AET AANE 99 CHAPTER 10 CAEG OR IES aeran EEAO ETEN EATE 100 10 1 APPLICATION CATEGORIES casouranpn insanrn EN nanen EEE NEEE EEEE AE AT EAEE E EEOAE EER E TETE AE 100 WOT WEBSITE CATE CORES arra EEE EEE AEAEE E A EE EEA E 101 10 3 TIME TYPES CATEGORIES srarsisrroisisissnn ves reri EEn ETA ENRE EA AAE OEE EATA T aS 102 ec IPCA GRE en E EA A E A AEEA ORN 103 10S PORT CATEGORIE Sarona Oe ene E E AE TE 103 CHAPTER 11 SURVEILSTAR TOOLS ic vse coin ra E R aesaeaaat 105 TLL EMAL NOTIFICATION SETTINGS wcictwsadgvasccecnvasneuse ET E EE E EAN NE EE EINA 105 TL2 ACCOUNTS MANAGEMENT tees cess osc rene nn ctsotvcte semarriceawebta AEE N EAEE EEE T 108 11 3 COMPUTERS MANAGEMENT ssssisisesssisesnsissssrsusokissdnusssntss anis dsad sdai s overo NN NESANS SEESE NINOS ESSEEN ESSEE Daise disina ino 110 11 4 ALERT MANAGEMENT ices seb cic verso steno ina nc pareo caer ens areata ata a
80. ent computers and the policy types he tries to break After specifying your search conditions click Search button to view the result Policy Logs Alert Level Time Computer Group User Policy Description A Low 2012 01 12 11 37 45 Kevin Admin Kevin Application Policy Action Block Alert Warning Applicatio A Low 2012 01 12 11 37 15 Kevin Admin Kevin Application Policy Acton Block Alert Warning Applicatio A Low 2012 01 12 11 35 20 Kevin Admin Kevin Web Policy Action Block Alert Warning URL anvso A Low 2012 01 12 11 33 25 kevin Admin Kevin Web Policy Action Block Alert Warning URL anvso A Low 2012 01 12 11 32 53 Kevin Admin Kevin Web Policy Achon Block Alert Warning URL anvso Right click on a policy log and click Property to view the detailed information Property Alert Time 2012 01 12 11 32 53 Computer Kevin User Kevin Alert Level Low Policy Type Web Policy Content Action Block Alert Waming URL anvsott com ID 0 54 Q Chapter5 Logs In the example above we can find out that the website anvsoft com is blocked and the user Kevin tried to visit this website Both alert and warning are enabled alert will pop on SurveilStar Console while warning message will be sent to the user Kevin when he tried to open the blocked website anvsoft com 5 9 System Event Logs Surveilstar Employee Monitoring Software itself is a integrated software system and has various events SurveilStar system
81. erface of remote file transfer please refer to the picture below krj emis File Transfer Eann Eie Traster Ti Go hiia Cipy JPU Go EB BAAG TI KE AL 27955 EB KB Free Space L202 588 KB TAH 172 KB 13 904 4 KB UKE Fie System PREFS NTFS PIERS E Bernote Mim ic Gir fie CH ii Hae Berto h Bs Fbesil L bse Setter 6 05 irage a Osc EL tet aeb E Testis Ep Videos E Vitware 206 Gh VhEvareit Oipscky O KE H KE KE D KH paie Bh SO EH a7 623 028 KB et Si Je KB m 3 aS RB 103 6124 KB a7 623 05 KB 3391 Tis KE 2 2 6h KB all IN 24 EB 124 465 172 KB Free Soace D KE I KE KE KE id 347 KB B Ge et KE es APE ee BD Sean e EE iJ 678 294 KE 27 AUL ed EE 84 Si at KE 44 S70 Bib KE i Od ee EB Birn od kE Ready Transiermig fie LOTH vaw BCT File Do some simple operations including new folder rename and delete Be at root directory or when the file is transferring cannot make such operations Transfer 33 Transfer files from Specify path of local and remote machines and choose files need to be local to remote transferred then click Transfer gt Local to Remote on menu or click this icon Files can transfer from local computer to remote one successfully Transfer files from Specify path of the local and remote machines and choose files need to be 2a remote to local transferred then click Transfer gt Remote to Local on menu or click
82. ery Define Asset Property Modify Asset Property and Software copyright Management Computer Management Authority of computer management All Classes Management Authority of categories management Including Application Categories Website Categories Time Type IP Categories and Port Categories Delete Authority to delete specific records Including Delete Logs Delete Instant Message and Delete Emails Backup Authority to backup and review logs Setting Authority to set agent search range and exclude range of the agent Generate confirmation Authority to generate confirmation code for agent code for agent Email Report Authority to send email report Agent Update Authority to update agents Management 11 3 Computers Management There would be many agent computers in a company and it would be quite difficult to get information of each one or to control all the agents without computer management function And sometimes we need to quickly check number of currently used license and the scope Computer management helps IT management to better control computers within the whole network Click menu Tools gt Computers then the computers management window will show with the entire agent installed computers and their detailed information 110 Q Computern Management Condon al z PE Aurthoruater iis Ordinal Hire a 7 Gl cam aya Y2 Ol AFD oa Yi B Eme SH Ye G ae a Js C aTa area y7 G WRSOFT P DN yi
83. es cannot be played properly Others PrintScreen keystroke When this option is checked and policy execution action is set to lt Block gt users can t use PrintScreen key to print screen any more When this option is checked and policy execution action is set to lt Block gt system System Restore restore won t be allowed This can prevent users from uninstalling SurveilStar Agent via system restore Windows automatic When this option is checked and policy execution action is set to lt Block gt update Windows automatic updates will be turned off Basic Policy Example This is an example which can help you better understand basic policy The requirement is that when the employee is on work in the company changing his IP MAC property is not allowed but when he is off work or on a business trip changing his IP MAC property is allowed To achieve this you can create two basic policies like below 1 Create a basic policy and set change IP Mac property to lt Block gt 2 Create another basic policy set change IP Mac property to lt Allow gt and check Only offline option According to policy priority the policy 2 1s created after policy 1 and will be listed above Thus policy 2 has higher priority When the computer is offline the status matches the policy 2 IP Mac property can be changed and surveilstar won t judge policy 1 any more When the computer is online the status doesn t match the policy 2 and SurveilStar continue to judge
84. es plug in 1f the Action is set to lt Block gt all new devices cannot be used Device Policy Example 1 Some companies policies not allow staff listening music or playing online game during office hours In this case System administrator can set a policy to prohibit the use of Audio 1 Choose computer from the left list and then create a device policy 2 Properties Time lt Working Time gt Action lt Block gt Check lt Audio equipments gt under Others Then audio equipments of selected computers would be disabled Device Policy Example 2 The requirement is that the company only allow employees to use the company s internal wireless network and would like to block some other wireless networks Then you can set the device policy to prohibit connection to these wireless networks 1 Choose computer from the left list and then create a device policy 2 Properties Action lt Block gt Check lt Wireless network gt under Others 3 Description Fill in the wireless network information such as SSID teclink 11 BSSID aa 77 dd 00 88 SSID teclink 10 BSSID aa ee dd 00 88 After setting is successful the client can not connect to a wireless network called teclink 11 while Network Address 1s aa 77 dd 00 88 b wireless network called teclink 10 c wireless network which Network Address is aa ee dd 00 88 6 4 Application Policy In SurveilStar Console click menu Policies gt Application click Add button to create an applic
85. et to all http sites Input format is www google com but not http www google com Support wildcard input Support man mon or as separator for multiple inputs Check the option and SurveilStar would control upload via Ftp protocol Only enabled under Block mode Block upload if upload file exceeds designated size The default is 102400 Byte Specify file name Support wildcard input Support or as separator for multiple inputs Control uploading or submitting files to designated IP Range By default it is set lt All gt This is an example which can help you better understand Upload Control Policy The requirement is that IT manager doesn t allow employees to upload files exceeds 500KB to all http sites When any PC is trying to break the policy a warning message would pop up To achieve this you can create a Upload Control Policy like below 1 Choose The Whole Network from the left computer list click menu Advanced gt Upload Control to create upload control policy 2 Set Action gt Block Check Warning option and input the warning message Check Http protocol and set Limite Size to 500 3 Save the policy 76 Q Chapter6 Policies and Advanced Policies 6 16 Document Policy Advanced In SurveilStar Console click menu Advanced gt Document click Add button to create a document policy Operation Type Read Modify Delete Disk Type File Name Backup before modify
86. etailed location for the frame you want to save Sessions If a computer is logged in two or more users or a user logs on to two or more computers at the same time the administrator can choose anyone to view a screenshot via the session button Fit size Display the screen snapshot in an appropriate size to the window E Original size Display the screen snapshot in its original size Stop track If you click this button and it turns to be screen snapshots will automatically refresh and display You can check and modify the interval of tracing frames by Tools gt Options gt information Right click the frame anywhere and you can choose Fit to Window Original Size Trace and Full Screen instead buttons above 7 4 Multi Screen Monitoring Click menu Monitoring gt Multi Screen then choose size of the screen matrix screen snapshots of different monitored computers will automatically refresh and display You can check and modify the interval of tracing frames by Tools gt Options gt information 85 Q Chapter7 Monitoring Below is a multi screen monitoring example of monitored computers showing a screen matrix in 2 x 2 TE Mate perena ipg a E F SS LL j Hog i a a E om is K First page of the monitored computers iA Previous page of the monitored computes nm Next page of the monitored computers Lai End page of the monitored computers Ww Auto
87. event log function is used to record all Surveilstar system events including server startup server shutdown agent IP conflict serial number identification failure invalid connection and communication error between server and agent computers SurveilStar System Event Logs help IT manager to maintain and keep SurveilStar system s health and provide hints for solving problems Select a computer or a group at first then specify your search conditions including time and range event content etc SurveilStar System Event Logs works for the whole network and selecting a computer or a user 1s meaningless Content You can search system event words such as shutdown startup conflict identificaiton etc or simply leave it blank System Event Logs Time Description Fre 2012 01 12 03 26 52 Server Startup Fry 2012 01 12 03 23 21 Server Shutdown Fh 2011 12 30 14 75 25 Agent 192 166 18 167 authentication failure Reason SN identification failure Fre 2011 12 30 14 24 58 Agent 192 168 186 167 authentication failure Reason SN identification failure In the example above the information indicates that on the agent computer 192 168 18 167 the agent installed on the computer may be created by another server Then the IT manager can install new agent computer on this PC to solve the problem 55 Q Chapter6 Policies and Advanced Policies Chapter 6 Policies and Advanced Policies 6 1 Gerenal Introduction of Policies Administrator can li
88. event the illegal operation on client machine Alert when network configuration of client machine changes which facilitates the administrator to estimate debar and repair network problems Not only the alarm type but also the specific description will show to help administrators quickly locate the problem occurred and solve the problem 6 10 Agent Configuration Policy Agent configuration policy is considered as supplement to other policy settings and contains some commonly used agent control functions In SurveilStar Console click menu Policies gt Agent Configuration click Add button select the target function from the keywords provided to create an agent configuration policy Please note that different functions have different properties depending on the specific availability More details about keyword and content of agent configuration not yet included in the existing categories please contact us support surveilstar com 71 Q Chapter6 Policies and Advanced Policies 6 11 Bandwidth Policy Advanced In SurveilStar Console click menu Advanced gt Bandwidth click Add button to create a bandwidth policy IP Range Set IP address range of the communication computers which is all by default You can not only manually add one by one but also can specify category from the network address classification by Port Range Set port range used in the communication which is all by default including TCP port from 0 to 6
89. evin 2012 01 04 16 03 33 20 12 01 04 3 3 4 Delete Computer or User If you don t want to monitor a computer or a group any more you can simply right click on the computer or the group and click Delete You will be asked to enter password to take this action After entering password correctly the selected computer or all the computers in the selected group will be deleted Please note that deleting the computer or the group will also uninstall the agent in the computer or in the computers of the group and the license authorizations on deleted computer or group will be also taken back You can use such recycled license to monitor other computers if necessary Deleting user only deletes usre information and won t delete the license authorization When the user log on once again SurveilStar Console will display the user information again 3 3 5 Rename Computer User or group You can right click on a computer a group or a username and click rename Or select the item first then user menu File gt Rename to rename to what you like 29 Q Chapter3 SurveilStar Console 3 4 Basic Control SurveilStar s basic computer control functions including notification computer locking and unlocking remote power down remote log off and remote restart Note Agent must be running in order to control the computers And it only works for computers not for users 3 4 1 Notify Select a computer click menu Control gt Notify to send mess
90. g this option can be able to set the following attributes Belong to the group Control communication between client machines belong to the same group Which means the current group and not only does not include subgroups but also not contain the upper layer of the group Belong to selected group s Control communication between client machines belong to selected group Only after checking this can you specify the group of agent below Group of Agent Specify the group of agent Only after setting the group can you choose whether to include subgroup or not below Include subgroup Choose whether to include subgroup in the selected group s Network Policy Example There are two examples which can help you better understand Network Policy First One The requirement is that when employee is on work ftp download is forbidden To achieve this you can create a network policy like below 1 Create a network policy 2 Select the Block mode set IP Range as all set Port Range as TCP 21 Afterwards ftp download will not be allowed to employees during working time Second One The requirement is that computers of some departments across the enterprise should be very important and sector outside is not allowed to connect To achieve this a set of strategies is a good choice For example 1 Create a network policy and set network block to all IP range 2 Create another network policy and add specified agents belong t
91. han group priority policy on top has higher priority than the policy below When a policy found in higher priority it will be executed and the policies in lower priority will be ignored The priority of the policies from high to low is as below User Policy gt User Group Policy gt Computer Policy gt Computer Group Policy gt Whole Network Policy When a policy is inherited from a parent object it will be displayed in light green background and can t be modified in child object If the policy can be customized by entering words then you can use wild card Multiple strings can be entered and you should use half size or to separate Up to 3 wild card is allowed Show all policies Select a computer a user or a group Click menu Policies gt Show All Policies to see what policies are applied 58 Q Chapter6 Policies and Advanced Policies to selected object Click the Expand or Collapse button a g to view or hide all policies 6 2 Basic Policy In SurveilStar Console click menu Policies gt Basic click Add button to create a basic policy Then you will see Property settings like the picture below Properties q x Properties Value Name SY S_management Time All De tal Action Alert E Alert Severity High Waning E Waming Message ee Take effect while offi E Expiration Time lt Never Expire gt E Control Panel E Computers Mana System Tak Manage
92. hen matched in accordance with their relationships At the same time Chapter6 Policies and Advanced Policies The agent computer will be treated as offline status when the agent PC can t communicate with the server over 3 minutes due to shutdown network problem etc Check this option if you want the policy to be effective only when the computers are offline Usually selected when agnet user is for business trip or under network failure conditions Create a new policy Move up the selected policy Move down the selected policy Delete the selected policy Cancel the newly created policy or cancel policy modification Apply the newly created or modified policy The policy execution action is set to Allow The policy execution action is set to Block The policy execution action is set to Ignore The policy execution action 1s set to No Action lt Alert gt is enabled lt Warning gt is enabled lt Lock Computer gt is enabled lt Take effect while offline gt is enabled The policy would only be effective only when the computers are offline lt Expiration Time gt is enabled The policy would be expired and invaild on specified date different computers group or users group inherit their parents policies IT manager or supervisor can create user policy computer policy group policy and whole network policy Please note that User policy has higher priority than computer policy self policy has higher priority t
93. how loaded backup records with date path and size Click Load Backup button then choose path of backup files and select data need to load and then click Load and OK to start loading backups You can load up to 12 backups at the same time Remove Backup Choose one or more backup files do not need and click Remove Backup to delete 11 5 2 Category Sync Management Click menu Tools gt Server Management gt Category Sync Management to check synchronize information including Computer IP Address Application Identity Website Categories Website Identity IP Categories Port Categories and Time Type 114 Chapter11 SurveilStar Tools Backups Management Category Management Took SE Query Export gy Print 3 Print Preview 2 Refresh a x Task Backup Management Backup Task Load Category Sync Management E Syochromre Information Synchronize Information CW Ji J2 Wi TE 45 We Y7 Wa Wo yi Yli Y12 iy 13 Jii 15 Cag 4 Computer buit Lang Cirystal Multi Lang Agnes huth Lang Nancy bulti Lang Juliette uth Lang Sun eBay Anry Sao ehay Dary Liu tBay Huang Jian eBay Wang Zhong Design Song Lee Desepn Li Song MMac Shirkey hlae Lite hac Kara hlsc Carmen There are two buttons on the upper right corner IP Address 192 168 18477 197 168 18 159 192 168 168 156 192 168 18 164 192 168 18 200 192 168 156 135 192 168 18 100 192 168 168 110 192 168 18 170 192 168
94. ify search conditions including time range asset type change type and content to search specific software changes Note Software and Software Changes is just the same as hardware asset that was previously discussed Please check last section Hardware and Hardware Changes for more information 9 4 Custom Assets After defining new asset classes or adding new properties click menu Assets gt Custom then you can add properties or delete to better manage specified assets There are three buttons on the upper right corner of custom asset display area Q Query button Specify search conditions including name range conditions and result lists F Add button Click this button to add properties to custom assets a Delete button Delete properties of certain custom assets 99 Q Chapter10 Categories Chapter 10 Categories Sort your applications websites time types network address and network ports into categories 10 1 Application Categories By default all applications will be divided into two categories unclassified and systems which are all can t be deleted or renamed and sub group can t be created According to different requirements IT manager or supervisor can easily sort applications into different classes for convenient management Systems Applications which are associated with operating system In order to avoid serious problems system related applications are alone in one group to separate from o
95. ill automatically refresh and display You can check and modify the interval by Tools gt Options gt information 8 1 4 Devices Manager Click menu Maintenance gt Devices Manager then select a certain computer and SurveilStar will show a list of hardware devices on the client machine including CPU Disk drives Keyboards Network adapters and System devices and so on There are two buttons on the upper right corner of data display area IT manager can select modes to display the list Currently there are two modes available display by type and display by connection And you can also choose to display hidden devices or not via this icon B Sessions and it is available only in user mode If a user logs on to two or more computers at the same time administrator can view and manage devices of specified one via this button Enable or Disable Devices IT manager can enable or disable devices through console remotely Select certain device and right click then choose Enable or Disable to manage devices of client machines 8 1 5 Services Click menu Maintenance gt Services then select a certain computer and SurveilStar will show a list of system services on the client machine including Name Description Status Startup Type Log on identity and Path There is one button on the upper right corner of data display area B Sessions and it is available only in user mode If a user logs on to two or more computers at the s
96. in Ho limit Manual caching of documents The command completed successfully 3 There is no shared folder in the target computer Even though it s remote installation there should be a file folder that can be used by remote user to store the program files of the Agent Please make sure the target computer has at least one file folder is shared or you may need to create one on that computer Note Remote Installation only works on Windows NT4 0 2000 XP systems Remote Installation can fail sometimes due to the Windows NT local security settings When Remote Installation fails the best way is adopting the Direct Installation 2 3 3 Logon Script Installation If the local area network LAN of your company has a domain server you can use this method to deploy the Agent to computers within the LAN 1 Download Script Manager You can download Script Manger in either rar or zip file format Download Script Manager in rar file format Download Script Manager in zip file format 2 Put the Script Manager file folder to domain server You may unzip the download RAR or ZIP package file and then copy the Script Manager folder to the domain server This folder should contain these files and document LgnManV3 exe IPGLgnV3 exe and Readme txt 3 Create a setup file of SurveilStar Agent To create such agent please refer to Direct Installation The Agent setup file should be saved to the Script Manager folder as described
97. in and audit are null Re logon When you need to reconnect to the server or connect to another server or need to logon console as another manager click Tools gt Re logon to launch SurveilStar console logon dialog Change Password Click Tools gt Change Password and enter your personal password The default password of admin and audit are null After valid verification you change your password successfully as the picture below 22 Q Chapter3 SurveilStar Console Change Password Account Anita Old Password Peer New Password e eseee Confirm s ee8 Note IT manager and supervisor should take care of the password 3 2 SurveilStar Console Brief Introduction 3 2 1 Basic interface of SurveilStar Console SurveilStar Console is very intuitive and easy to use yet powerful and customizable It also comes with powerful search functions Policies atcha be ne Assets Classes Management Took Wew Help Ai Unclassified J ty Deleted 1 fy Unclassified ay AVC Wi Computer Si User Rei The Whole Network 31 39 The Whole Network 31 29 _ Q __ 192 168 18 99 23 Q Chapter3 SurveilStar Console 1 Menu Entries to all SurveilStar Console s functions 2 Tool Bar Entries to the most widely used functions in SurveilStar Console 3 Computer List On the left of the Console window it will show you all the computers with agent installed as well as basic group information 4
98. ing policies won t be judged Block Block a certain operation If the policy mode the operation matches is Block then the operation is blocked and the coming policies won t be judged Ingore The operation won t be allowed nor blocked but it can trigger events such as warning or alert Once the current No Action policy completed system continues to search the following related policies For example the first policy is setting all doc with Ignore mode and alert the second policy is prohibiting copy doc files Whenaccessing the doc files the first policy matched 1 e alert popup and then the following second policy will also be matched too and determine the accessing action is copy or not If it 1s copy action prohibited No Action The operation won t be allowed nor blocked but it can trigger events such as warning or alert Once the current Ignore policy completed the following policies will not be executed For example the first policy is setting the mode for USB device as Inaction and the second policy is prohibiting USB device When USB device is plugged in the first policy matched Since the modeis Inaction it will not be blocked but the following second policy will not be matched Enable or disable alert to SurveilStar Console and Server When a user s operation matches a certain policy agent computer will send alert information to SurveilStar server and alert will also pop up in SurveilStar console to remind IT manager o
99. int those contents By exporting and printing you can have a basic review on your employee s behaviors Besides Depending on the data you want to export the supported output file types may be a little different If you want to export as xls files Microsoft Excel must be installed at first 1 Export in Import Exporting the recorded data is very simple Right click on the data display and choose Export Then you can choose Records of Current Page or All Matched Records Or you can menu File gt Export You can also specify search conditions at first then export the search result oe Records of Current Page Export the IM contents All Matched Records ga Print E Print Preview Delete 7 pie Proper Li You can also select a certain record and right click on it to export selected record only To import policy choose corresponding policy type at first Then right click on data display area and click Import 1 Statistics including web statistics application statistics and traffic statistics can be exported to html xls csv and mht files 2 Logs including basic event logs application logs web logs document logs printing logs shared files logs assest change logs policy logs and system logs can be exported to html xls and csv files 3 Policies and advanced policies can be exported as xml file Exported policies can be imported to SurveilStar Console again The policy type must
100. inting task Application Specify the application used for printing out 78 Q Watermark Setting Watermark Types Parameters settings Page margins Advanced Settings Image Watermark Example Watermark Settings Preview Types of Chapter6 Policies and Advanced Policies Watermark content and display Only enabled when you set Mode gt Apply Image Watermark or Text Watermark Image Watermark Simply choose a picture from PC Text Watermark Set watermark text font size and color Performace Prior in quality by default or Prior in speed Only enabled when you set Location to be On the top of the content Transparency watermark transparency support 0 100 default is 80 Tilt Horizontal Tilted to the left or Tilted to the right Location Watermark position relative to the content of the document you can choose Placed under the content or On the top of the content Layout mode Mode of segmentation or Area mode to deside the watermark number Default is Mode of segmentation Mode of segmentation Set number of watermarks default number is 3x3 Area mode Set size of watermark default size is 3cm x 3cm Watermark margins margins between watermark Mode of segmentation Watermark margin is in percentage display Area mode Display margin left right top and buttom Page margins setting when printing Advanced Settings allows you to print some additional information Printing Wate
101. is set to lt Block gt Netshare is prohibited When this option is checked and policy execution action is set to lt Block gt users can t share local documents When this option is checked and policy execution action is set to lt Block gt users can t add new netshare for file sharing Prohibit user to change IP Mac settings When this option is checked and policy execution action is set to lt Block gt SurveilStar would record current IP MAC information It will be resumed to reserved IP MAC settings if any modifications are made You need to disable the policy before you are going to change IP Mac 60 Q Chapter6 Policies and Advanced Policies ActiveX Chat ActiveX Many IM tools will install chat ActiveX When this option is checked and policy execution action is set to lt Block gt users can t use chat activeX when they are using IM tools to chat Generally playing music or watching videos online may require installing media Media ActiveX Activex When this option is checked and policy execution action is set to lt Block gt it would stop user listening or watching online media Game ActiveX Some online games may require installing game activeX When this option is checked and policy execution action is set to lt Block gt users can t play such internet games any more Flash ActiveX This ActiveX is required for playing flash files When this option is checked and policy execution action is set to lt Block gt flash fil
102. keywords of name of attachment to search mails you want If not all mails with or without attachment will be shown Set range of email size and search mails according to size of them After specifying your search conditions click Search button to view the result Below is a search result example of Email Monitoring Click Previous or Next button at the right upper corner to view previous or next email monitoring records q T Aud m Events Lag aN Bai Poicy ib Advanced Poke F Honbwing A Mainterance gl asset Sge Saget kaant Mesmege Emad Email Oo i Time Computer Subject To Fromm Seu HIO 11S Arta fugined Res eters LELEE EI MIDA ARM Anita Zuplned Plceeticketuere 36408 D a POT dirita Re Miba e a jer a a GORE Ef A g irita Foe Mkb Fyon Heason cngless Surmciiterian TRE ET 2 2 PLES dirita Re Mes larace Zdenuk Pereira Surmeititer Sep Tab EPE 22 0 Mi ihe Anita Fuploads Hoxttichetars 67 08 ETE s2 00 Mihi nita Sygpirsdt Hositichetars AJKE PT SM 2 00 2i ob Anita Chose 3 0KB O MI A nita Close TOKE Fra PaE i Ope Arete Cherie 3 0K8 Fani PTE 2h eae rta Ovener Updaie 33EE Zaj 201 709 2G 0 3 Area Camer Uplate 24K Zaj A A H rli Cirt 2 0KE Pat ae EOL Arba Chota 20KE SRL 0 E Auris Ri esta IT Hack leek chlo sunaa Ges bIARG 27 00 26 H Aneta Cipt 3 0KB j POLI 2h A inta nar Update 3 3KH mi 22 0 OS dirita Cleve 3 0KH ETE JHH 11 14 fineta Fupicad Ficttistetine Laks ET 22 03 73
103. know the exact application names that your employees used and how much time they spent on it Below is an example of top 10 applications Basic Application Web Traffic Application Statistics Application Time X Percent C Running Time 2965 58 59 _ Active Time 2335 48 03 100 _ firefox exe 6 55 24 36 9 C chrome exe 17 23 35 TAX E i Explorer EXE 14 40 49 6 2 C Dreamweaver exe 12 56 17 5 5 C Big Ant exe 12 51 18 5 5 _ devenv exe 12 04 25 5 1 C_JIEXPLORE EXE 10 10 55 iJ Photoshop ece 0605 43 2 6 onre yt ey ee LAS Pie Chart n x firefox exe chome ere Explorer EXE Drea vere Big AnLexe deveny exe IEXPLORE_EXE aee POWERPNT E Others J CI E E EN mm E LJ E 34 Q Chapter4 Statistics Note This mode actually records application process names Application Statistics by Detail This mode is similar to Name mode However what it records is application description which may be different from application process name For example if two users are using QQ 2010 and QQ 2011 Application Statistics by Details will treat them as different applications while Application Statistics by Name will treat them as same application because the processes name are QQ exe Application Statistics by Group Using this mode IT manager can easily find out the percentage of a certain computer or a group which uses the applications in a specific application class Application Classes sh
104. l pop up on the remote desktop and ask for permission Password Authorization For password authorization you should set a remote control password on the client machine first The method is to press keybords shift alt ctrl at the same time and then input ocularrm then a password input box will show then input the password and click OK Select a certain computer and click menu Maintenance gt Remote Control and then input the password If it matches you can control the specified client successfully Interface of Remote Control If the client machine is being remote controlled it is Remote Controlling that would show on the upper right corner of the screen i Control the display of color ET Lock and unlock keyboard and mouse of client computer being controlled fe Control whether to allow clipboard operations between the console and the client computer Right click the window title of the remote control interface you can send Ctrl Alt Del Ctrl ESC or F12 instruction if you need 8 2 2 Remote File Transfer Remote file transfer allows IT managers to easily and quickly connect to remote monitored computers and transfer files without other tools 92 Q Select a certain computer then click menu Maintenance gt Remote File Transfer There are two methods the Chapter9 Assets same as remote control User Authorization and Password Authorization Interface of Remote File Transfer As to int
105. les before any changes Print Management Controls which printers can be used to print Specifies who can print Records print activity and print contents Device Management Blocks unpermitted devices Blocks any unrecognized devices Only authorized devices can be used Bandwidth Management Gets statistical report on traffic consumption Allocates bandwidth fully and rationally Limits incoming and outgoing traffic rate IT Asset Management Provides IT asset inventory Manages updates and patches Centrally distributes software Detects system vulnerabilities Remote Management Diagnoses problems for monitored PCs Gives remote operation demonstration Makes it easy for remote assistance 1 3 Basic Structure SurveilStar has three components server console and agent Administrators can install different components on the computers they want to manage Console Server It is used to store management policies and the data gathered from agent computers Console It is used to set policy view data and gather statistics Agent It is used to collect data and execute management policies Q Chapter1 Introducing SurveilStar 1 3 1 SurveilStar Server Server is installed on a computer with high storage capacity and high performance Y Monitor agent computers and distribute polices automatically Y Store the data gathered from agent computers v Manage collected data and back up data periodically 1 3 2 SurveilStar Console
106. lue iy fi inisiiinibiabaih t Name Amanda 4 ANNSOET t User Amanda E AIRERA Status Online amp Anvsoft Last Online 2012 01 04 15 11 35 G ftike Ei 1 lalla l tact Actwe Time 2012 01 04 15 11 35 Ei a anwstaff i E t Last Logon Computer Amanda Ariel J P i rea W Amanda 2012 01 04 09 02 43 4 User Group Information Select a user group to view the user group s basic information In the same way if you choose The Whole Network you can click Expand button to unfold the user groups and view users information in this group 3 3 2 Group Operation By default all computers and users will be listed in Unclassified group Unclassified group can t be deleted or renamed sub group can t be created in Unclassified group neither According to different requirements IT manager or supervisor can easily sort computers or users into different groups for convenient management 1 Create New Group In computer list select The Whole Network or a certain group right click and click New Group Sub group can be created in currently existed group Then give a name to the group and a computer group will be created You can create user group in the same way in user list 2 Move To Desired Group Now you can drag and drop desired computer to desired group Or right click on selected computer and click Move To select target group and click OK In the same way you can move a user to another user group You can use SHIFT
107. m in descending order You can also check top 10 visited website or top 20 visited website to see which websites are visited most Web Statistics by Group Using this mode IT manager can easily find out the percentage of a certain computer or a group which visits the websites in a specific websites class Websites Classes should be selected at first 37 Q Chapter4 Statistics Web Classes All 8 Website Class i Undassified After Website classes are selected click OK to apply Then click Search button again to generate your desired web statistics 38 Q Web Statistics Computer ey AC fy PRM wa eBay A Admin fy Dewelopert fy Mag ty Cunnah rile fy Design iy Server allier ieme wy Total Poe Chat Chapter4 Statistics a ao Al Seach En Amoi Shopping Socal Wet Mai IAN wiit HIA pania fiajaT fia Haidi ARE E i LAE kieta aed It piai iari iiti BEEE ii H13 Lea F Lua etra It kial eel F a bores piii id 46 36 OSES PrE area O00 30 MTER MEENT MELA Enpe astral MER SD kIT H TELF Mi EL a ee prik OFLE HA WEH LR Doig LEPEH i TRL AE Bra G75 Sid ooh fia ibaa rat ttt mian ien E LEi aa inian i rantan n i600 Ehini Whi EA aE Hotta ihe pe tet iiki Lane Or pho 14 MTs Diii DiE PaE d a hocks herako bist 4 3 Traffic Statistics Click menu Statistics gt Traffic then select a computer or a group or entire network and SurveilStar will analysis all recorded network traffi
108. mit the ports Traffic Statistics Protocol Al Tota Intranet To Internet To ah TCP 445 14 56 14 36 OB 4 TCP 80 5 0 6 319 0 M 4 7 G ath TCP 443 15 6 OB 156 4 UDP 1863 316 7 M 0B 318 7 M ath TCP 8087 157 2 M JB 157 2 M a TCP 8080 1339 M OB 133 9 M ah TCP139 105 5 M 105 3 M OB ath TCP 9237 102 9 M 102 9 M 0E ah TCP 22 87 4 M OB 87 4 M UDP 11845 80 7 M OB 80 7 M UDP 37798 fe M OB 18 2 M UDP 9000 719 M 0B 71 9 M th TCP 30411 37 5 M OB 37 5 M UDP 11850 36 5 M 0B 36 5 M 4 UDP 28343 35 8 M OF 35 8 M Traffic Statistics by IP Classes You can sort different IP classes into different Network Address Classes Click menu Classes Managements gt Network Address to sort your IP addresses By default SurveilStar sort IP address from 192 168 0 1 to 192 168 255 254 as Intranet and other IP addresses as Internet Below is an example of Intranet network traffic and Internet network traffic 40 Q Chapter4 Statistics Traffic Statistics IP Address Al Total 7 TCP Total UDP Total AAI 25 6 G 71 86 386 le faa 148G 148G 249M ath Internet 10 86 706 376 Traffic Statistics by Port Classes You can sort different port classes into different Network Port Classes Click menu Classes Managements gt Network Address to sort the ports By default SurveilStar provides ICMP TCP UDP Email Web Network Share and allows you to add customized port classes Below is a simple traffic statistics of TCP and UDP
109. mit the use of computer and network resource on agent computer by setting policies to control staffs and childs computer usage and improve productivity Basic policies Basic Policy Device Policy Application Policy Website Policy Screen Monitoring Logging Policy Remote Control Policy Agent Configuration Policy Alert Policy Advanced policies Bandwidth Policy Network Policy Email Policy IM File Policy Upload Control Policy Document Policy Print Policy Watermark Setting Policy Assgin monitored users operation privileges on Control Panel Computer Managements System Network IP Mac ActiveX and other operations protect the safety of monitored computers Define what devices can be used or not Define what applications can be used or not Define what websites can be visited or not Decide whether to record screen snapshot and if enabled set recording interval Check what logs you need to record By default all kinds of logs will be recorded Decide whether remote computers can be controlled and if enabled set remote controlling method Commonly used agent control functions Set real time alerts when software change hardware change or system settings change happens so that IT manager can find any changes and take actions quickly Control bandwidth including upload and download speed of monitored computers Control communication between agent computer and any invalid computers ensure network safe
110. n os IPaddress Install Status gg MARKETINGTEAM MSHOME Wines 192 166 16 102 INSTALLATION CANCELED gg KEYINLEE WORKGROUP sot 192 166 16 105 OS SHUT AMY SOPFT wines 192 166 16 105 gg ZINYOL MSHOME Wines 192 166 16 108 INSTALLATION CANCELED OS SHUTEC O4F50 AN SOFT WwinesP 192 165 185 109 gg fae Teie H Se 192 165 185 111 gg 192 1668 18 112 aaa 192 168 185 112 OS 192 1668 16 115 192 168 185 113 3 Select computers to install SurveilStar Agent Tick the checkbox before the computer host name that you want to install the Agent on it and then click the menu Operation gt Install to start remote installation or click the install icon alternatively Why does Remote Installation fail and how to fix it 1 Administrator privilege needed If the target computer is protected by password you need to provide the administrator name and password of 13 L O that computer to proceed the installation or the remote installation would fail View the Remote Installation Logon Dialogue Box below Failed in installation Do you want to re lopon Errors in installation Cannot logon the target host Target IP 192 168 18 102 Host name MaRKETINGTESM Reasons 1 Qccess denied The user not allowed to access the Service Manage 2 The target host is not a member of any domain and the share named adming is not opend Solution 1 Log on with the right user that who have enough access right 2 Set the target host a member
111. n User The time when agent computer is active last time The time when agent is installed on this computer IP address and MAC address The username which is used to log on this computer last time 26 Chapter3 SurveilStar Console Q 2 Computer Group Basic Information In computer list choose a computer group status of all the computers in this group will be displayed in data display area ak F Events ton dA Bas Poky gb Advanced Poker dP Honkorng B Hantenarce ai asser b P 5 ani Basic Information a 2 gly Design Marne IP Address Os Gemis Stars Vernon Epig Developer Nancy 19216818153 Windows XP Professional 22 1 Ranning 373 296 Rev M bee eBay Y imanda 1316815155 Windows 7 Home Premism Em 1 Renning I 23 2906 Rev pi YD eite 192 168 183 164 Windows XP Profesional 37 1 Raning 333 316 Rey20 i Fiy 19216418165 Windows XP Professional 32 1 Banning 323 2906 fev 2 a i Server T lenny 19216818158 Windows 7 Ultimate Edition 3 1 Running 3 23 2516 Rev 20 gly Unclassifeed Dore 19215418171 Windows XP Professional 32 0 Offline 373 2725 Rev gy Deleted 1 If you choose The Whole Network all the computers will be displayed in data display area click Expand button the group will be unfolded gly Admin te ANT a ay Chane i giy Design mi Developers giy eBay gi a a qh hier E PEM E wh Dii gly Urclaperied gly Deleted 1 Basic Information 3 User B
112. n data display area computer te m Audit 3 Events Log Ta Basic Policy b Advanced amp The Whole Network Basc E ea a Adain Basi Application We Tra T Egy AVC i amp e Basic Information Oi Bes i Ariel oo Carey Name value jo somes Mame Vivien ae 3 Lycia Computer ANW ES 3 t IP Address 192 168 18 155 T Ee a y TA t Status Running m A Version 3 23 2916 20 fe A Channels F ae Design t OS Windows AP Professional 32 bit English a Boot Time 2012 01 04 09 04 27 H Developers dae eBay Last Online 2012 01 04 14 52 56 J a Jp t Last Active Time 2012 01 04 14 52 19 H Mac t Installed Time 2011 12 16 14 31 57 owe PEM IP MAC 00 19 66 85 80 9E 192 168 18 155 fg Server Last Logon User ANVSOFT i Unclassified amp ANVSOFT 2012 01 04 09 04 35 wey Deleted 1 Name The name displayed in the computer list If necessary change it to your desired name By default it s same as computer name Computer Computer name IP Address IP address Status Agent computer s running status It may be Running Running Idel Offline or Unuinstalled Version Version of installed agent OS Agent computer s operation system It includes OS type OS edition OS bit and system language Boot Time Agent computer s boot time It s available only when Status is Running Last Online The time when agent can communicate with server last time Last Active Time Installed Time IP MAC Last Logo
113. nd SurveilStar will show local users with Name Full Name Description and groups of users with Name and Description There is one button on the upper right corner of data display area 91 Q Chapter9 Assets Sessions and it is available only in user mode If a user logs on to two or more computers at the same time administrator can check users and groups of specified one via this button 8 2 Remote Control and Remote File Transfer By setting the remote control policy client machine can choose whether to be remote controlled and if enabled select the controlling type There are two types Remote Control and Remote File Transfer 8 2 1 Remote Control Remote control allows IT managers get access to any monitored computer and give a hand to quickly resolve their computer hardware and software problems remotely as if they were standing right there Once connected the administrators will be able to view desktop screen of client machines They then have a freedom to control client through console viewing the machine malfunctions remotely and fixing the system problem quickly Select a certain computer then click menu Maintenance gt Remote Control There are two types to remote control and you can choose one from User Authorization and Password Authorization User Authorization Select a computer and click menu Maintenance gt Remote Control then a confirmation dialog box will show and then click yes Then a dialog box wil
114. nd search agent computers if the last appeared date included in the range Help to quickly search computers which do not appear for a period of time Search computer by a unique agent ID Search computer by computer name Support fuzzy query Search computers which have been offline for certain days PC Authorization Info Name ID IP Address MAC Address Group of Agent This icon indicates that the computer license is authoried Computers without this icon means outside the license range Computer name showed in console ID number of agent computers Each computer gets an ID from server to be the only sign of that computer IP address of agent computers MAC address of agent computers Group of agent computers 111 Q Chapter11 SurveilStar Tools Last Appeared Last appeared date of agent computers Version Agent version information of monitored computers Days Offline Days offline of agent computers PC Identification Info Detailed information of specific PC includes OS Hard Disk ID MAC Address Computer Name and First Appeared Time Authorities Check purchased and currently used license quantity 11 4 Alert Management Computer alert helps IT management to know what happen in the whole network and quickly locate the problem and ensure security within enterprise Click menu Tools gt Alert then the Alert window will show with detailed alert information including Alert Security Time Computer Gr
115. nerator You can generate a confirmation code of the agent Q Please input the operation code generated by agent Agent Operation Code 964353634487 Operation cod Remote host Uninstall Agent 2 Click the Parse button and then click the Generate button you will see the Confirm Code highlighted in blue colour in a result dialog Write down this code and go to the last step Confirmation Code Information Confirmation Code Info Confirmation code has been successfully generated Please send it to Q the agent user to complete the operation Confirmation Code 5449499 Q Chapter2 Deploy SurveilStar Employee Step 3 Back to client computer complete the un installation Now we are back to the client computer where the uninstall operation is waiting to be confirmed Go to the Check Confirm Code dialog enter the Confirm Code and then click the OK button Done Note both two ways of uninstalling an Agent do not delete the history data of this computer The uninstalled Agent will still appear in the Console marked in dark gray color To delete an Agent completely please click the Console menu Tools gt Computers select the computer name and then click the Delete button 2 6 3 Uninstall SurveilStar Console On the desktop of Windows system click Start gt All Programs gt SurveilStar gt Uninstall SurveilStar or go to Control Panel gt Add Remove
116. ng Maintenance Remote Control Real time Alert Alert Window Bubble Settings Alert Offline Alert Console Settings Number of records display per page The default value is 20 Choose whether to minimize all windows to the system tray area or close program and whether to prompt box when closing the main window Set time interval to track frames The default value is 2 Sec Set time interval to jump to next monitored computer automatically The default value is 30 Sec Set time interval to refresh application list The default value 1s 2 Sec Set time interval to refresh process list The default value is 2 Sec Set time interval to refresh performance info The default value is 2 Sec Choose whether to lock remote PC s keyboard and mouse and whether to control remote PC or not by default Number of alerts will be displayed The default value is 500 Choose whether to pop up alert bubble or not when contrary to policies Specified severity level from one of the three levels Low High and Critical Choose whether to alert when agent offline If so specify days to pop up alert message if agent is offline over the specified days 117 Chapter11 SurveilStar Tools Q Abnormal Agent Alert Choose whether to alert when there is abnormal agent 11 7 2 Server settings Data Cleanup Global Setting Keep all data All data will keep in the SQL server Custom Settings Management Range Keep all data within the specifi
117. ng windows click the button and the Application Categories Selection windows popup Check the application classes you want to control If the action is lt block gt the policyis still effective even user changes the application name later How to customize the Application categories please check Chapter 10 1 Application Categories 3 Control applications by running path Click button f and add the application path such as Block APPDIR D exe then SurveilStar will block all apps under Drive D And UDISKS stands for U disk CDROM stands for CDROM Such as APPDIR UDISK exe Control applications on U disk APPDIR CDROMS exe Control applications on CDROM Service Control SurveilStar can also control service running on agent PCs Simply click button and input the service name Input format service ServerName For example To disable the service bthserv then fill in service bthserv If the application is sorted into an application class even if the user change the application process name the policy will be still effective If you set lt Block gt to lt All gt applications the majority of the process would be disabled Please proceed with caution when setting policies 6 5 Website Policy In SurveilStar Console click menu Policies gt Web click Add button to create a web policy Then you will see Property panel on the right as the picture below In the following example you can see
118. nt gt Backups Management then the Backup Management window will show with currently existed backup task and detailed information i Backup Management n Backups Management Category Management Took i Gl pis oo Caneel Tapi ee heal LEDS Bac aL Ta oA a Le oof Rennes lt r iste kup Task Or Beginning Date Ending Date Back up to Delete th i Cyr 2012 05 05 2017 05 05 Es Sumveilstar Bac Backup Management E Backup Task Load Cateri Sync Management Synichronce Information mi F Time Type Message z H2 OSA 1525 8 8 8 6Iniormation Backing up 2002 05 07 15 25 29 Information Backing up database Surve tar DATA 20120305 HILOT 1525 32 Information Tabi BASIC LOG has been backed up 2012 05 07 15 25 32 Information Table DOC LOG has been backed up aUL2 05 07 15 25 32 Information Table DOC BAK CONTENT has been backed up 2012 05 07 15 25 32 Information Table URL LOG has been backed up 2012 05 07 15 25 33 Information Database ServeilStar DATA20120505 has been backed up 2012 05 07 15 25 33 Information Backup task completes successfully Click New Backup Task button then choose data type date range and backup path and then click OK backup will start All backup files will automatically be named according to the end date As the example below all data from May Ith to May 6th in 2012 will be backed up to E SurveilStar with the default name SurveilStar DATA 20120605 MDF If you need a duplicate backup select a different sto
119. ntrol MODEM Modem device Control Direct lines Dial Dial up Connection Direct connection control between two computers using USB cable COM port or Serial cables Dial up Connection Control USB Device USB Keyboard USB Keyboard Control USB Mouse USB Mouse Control USB Modem USB Modem Control USB Image Device USB Image Device Control such as Webcam Digital Camera and Scanner USB CDROM USB CDROM Control USB Storage USB Storage Control USB Hard disk USB Hard disk Control USB LAN Adapter USB LAN Adapter Control Other USB Devices Control other USB devices not mentioned above Network Devices Wireless LAN Adapter Wireless LAN Adapter control PnP Adapter PnP Adapter USB PCMCIA control USB PCMCIA Virtual LAN Adapter Virtual LAN Adapter control Others Audio equipments Vitual DVD CD ROM Audio video and game controller control Vitual DVD CD ROM control 63 Q Chapter6 Policies and Advanced Policies Wireless network Wireless network access control Control access to specified wireless network specified by device description You can also leave it blank for more wireless net Device description format SSID Wireless Network Name BSSID Network Address SSID and BSSID can set only one or both Supports wildcards and LAPS A multiple network device description can be separated by For example SSID teclink_11 BSSID aa 77 dd 00 88 SSID teclink 10 BSSID aa ee dd 00 88 Any new devices Any new devic
120. nviott jp Danek P02 OF 1 FLL 2007 03 17 SLI d TL SKYPE mney anevectt yp AMY Translation ML2OF 17353 MLA0IIIIMIH H Local User Contact User Abu_Abdurrahmaan Time 2002 03 13 09204225 2012 00 13 Seat Time Sender Mie ith fe CARTED I Wh AumesHi GP liig Abu_Absumabraan Hew are yo WERN AgnesPame thank ves Ard yoy DEITIES Abu_Ab urramaan fam Sire A hardelfah thane vou ENH Api _Abeturralematan Anita Google Talk Single chat 2012 03 05 14 36 34 2012 03 05 14 39 09 laddertoanita laddertoanita givenlee givenlee 13 characters 7 2 Email Monitoring Click menu Monitoring gt Email then select a certain computer or a group and specify search conditions including time and range email type send or receive email address subject content attachment and size 83 Q Chapter7 Monitoring Email Type Send Receive Email Address Subject Content Attachment Size Type of email is simply divided into SMTP POP3 Email Webmail Exchange Email and Lotus Notes Email It s all by default and you can choose one certain type to quickly search mails you want Search and scan sending mails or receiving mails only Search mails sending and receiving of specified email address Search mails according to the specified keywords in subject Search mails according to the specified keywords in contents Check this option if you only want to search mails with attachment and you can specify
121. o the same group to Allow mode Afterwards only computers within the same department can communicate with each other Before setting policies such type computers of the same department should set to be in the same group And if there are computers do not have agent installed in the department set a policy and add the IP range to Allow mode Note Network Policy is available only for the computer but invalid for the user 73 Q Chapter6 Policies and Advanced Policies 6 13 Email Policy Advanced In SurveilStar Console click menu Advanced gt Email click Add button to create an email policy Then you will see Property panel on the right as the picture below In the following example you can see that emails to anita gmail com or with attachment are blocked by the software From To Just match a recipient Subject Has Attachment Attachment Email Size gt KB Email Policy Example 1 Property aA x Property Value Name Email Policy Time All Day Mode Block Alert E Alert Level Low Waming Ig Waming Message Lock Computer E Only offline IA Expiring Time lt Always gt From oe To anita gmail com Just matcha recipiet E 2 Subject Has Attachment E Attachment Email Size gt KB 0 Control the address of sender and multiple setting is available by using semicolon or comma to be as a separator Control the address of recei
122. ohensieentans a A REEE AEE rE EE EENET 78 Q Table of Contents 6 18 WATERMARK SETTING POLICY ADVANCED scrrccssasncansicassinnsvnaauesenisuced satan cdadsewonsasesleteaaawy sdeuhaanevenusdsaaessaseanandeyaenssexeidaetes 78 CHAPTER 7 MONMORING siccerrissrcircreriaioreieroncar aneio rian NEER EEEE EENE 82 7 1 INSTANT MESSAGE IVIONITORING iiiissscscnbicasencesncasadastisessenencadnbinanesaascenal ddswntes sawn ebd davdeesinaaxanandsbascianedavasd odessevisnasa inwodpepaneate 82 Tide ERIC NO RUIN errata NE ET ack eects dap E EA eset eeta cee 83 7 3 SCREEN SNAPSHOT MONITORING ip soecescrcesissicsistennsacouste estes nasinnccealslin Bevinspeiadnweavtesinaciaw tains Saoites senauianastedsaudouwicwaadetdisponccaasdietneesencees 85 7 4 MULTI SCREEN MONITORING 0cksssasnnessonseeseurasvennscostavaasansevoesenedenntwesebtesveundonaciensuedsedennhnan le oun eerievensootonuesestsisadessoasernesieenss 85 TS SEARCH SCREEN HISTORY pats iac tet arpa estes sachet sere ctees egret neta ER E EA AT A 86 Ti AES REN TAS OY aoc cect cae steer castes O ee tate neue E eo ineeatbariocemuncee 87 CHAPTER 3 MAINTENANCE iris cacao cece cetce cto recea pen torte TE E TOT EENE NOTENE OEE 89 8 1 REMOTE COMPUTER MAINTENANCE sssssssssssnessssssesenrernsseensrtossseenscrosstensstorsttesscorssttrstossttensteossetusscosstterseerssernsecessereseeesst 89 8 2 REMOTE CONTROL AND REMOTE FILE TRANSFER cscsscscseccecssscscesescnsscccscuceceuscscensceceecuuscauucsceuuc
123. onvPro exe E Programms LAnyvsoft Any Vide CF Start 2 01 10 10 51 00 Nancy PFM Administrator any videco converta C Documents and Settings Admi Ch Stop 2012 01 10 10 50 47 Nancy PFN Administrator VideoConverterexe E Programmes Anvsoftany Vide CF Start 2012 01 10 10 50 07 Nancy PFM Administrator VideoConverterexe E Programms Anveoft Any Vide Ch Stop 2012 01 10 10 49 55 Nancy PFM Administrator DVOConvPro exe E ProgrammsiAnvectAny DVD FA Stop 2012 01 10 10 34 39 Juliette PFI puliette VideoConyPro exe Eny Video Converter Professio CF Start 2012 01 10 10 34 31 Juliette PFA juliette VideoConvPro exe E Any Video Converter Professio Ca Stop 2012 01 10 10 1304 Juliette FFEA juliette VideoConvProvexe E Ainy Video Converter Professio C Start 2012 01 10 10 11 58 Nancy PRM Administrator DVOConvPro exe E Programms AnveottiAny DVD CE Start 2012 01 10 1000814 Jenny PF TRIS pimpro exe F JennyZeng i product software Ch Stop 2012 01 10 1003 41 Amanda PFN Amanda AuraManager ece Ej Program Files Aura4 You Aura Ca Stop 2012 01 10 10 03 26 Jenny PF RIS pimpro exe FiJennyZeng product software i Ct Start 2012 01 10 10 00 39 Jenny PFA TRIS pimpro exe F WennyZeng product software CF Start 2012 01 10 05 59 48 Amanda PFM Amanda AuraManager coe E Program Files Aured You Aura CF Start 2012 01 10 02 57 43 Juliette PFI juliette VideoConvPro exe E Any Video Converter Professio CF Start 2012 01 10 0947 29 Jenny P
124. oppy disk CD ROMs removable disk network drive and an unknown letter For example files on the hard disk can set to be not recorded Set name of files need to be recorded or not Support wildcard Specify application operated to documents Logs about document printing Select type of printer need to be recorded or not Set application to print documents Logs about operation of shared file Document name of the shared operation Support wildcard IP address range of the computers which remote access to shared documents in the client computer Some of the machines can set to be not recorded Logs about email content Can set Not Record to the types of email you do not want to record Choose direction of email sent or receive Set address of sender and it will comply with the policy choosing to record the email or not Support wildcard Set address of receiver Support wildcard Set an email size and the policy will execute if email size greater than or equal to the value Set an email size and the policy will execute if email size less than or equal to the value Only effective in the Record mode If you check this content of email will not be recorded On the console cannot view content of the emails Only effective in the Record model If you check this attachments of email will not be recorded On the console will show with attachment but not be able to view and save To record some contents of chat tools based on
125. or Blu ray drive will be invisible This option doesn t work for virtual DVD BD ROM created by Deamon Tools or similar software If you want to block virtual DVD CD ROM refer to Other Devices in this chapter Limit the usage of CD burning DVD burning or Blu ray burning Check this option and set Action to lt Block gt and any burning actions will be blocked However disc reading is allowed If you want to block disc reading as well block DVD CD ROM Limit tape usage Limit the usage of any movable devices including removable disk memory stick IC card etc Check this option and set Mode to block if you want to block such devices 62 Q Non system Drives Portable Deives E g Smartphone Chapter6 Policies and Advanced Policies Limit the usage of any non system drives Check this option and set Action to lt Block gt if you want to block non system devices Limit the usage of any portable devices including iPad iPhone iPod PSP Walkman Zune BlackBerry Nexus One Samsung Mobiles Android mobiles Creative Zen Archos and more Check this option and set Action to lt Block gt if you don t want your employess to use such devices Communication Interface Device COM COM Ports Control LPT LTP Ports Control USB Controller USB Controller Control SCSI Controller SCSI Controller Control 1394 Controller 1394 Controller Control Infrared Infrared device Control PCMCIA PCMCIA Card Control Bluetooth Bluetooth device Co
126. ould be selected at first Applications Classes Running Time Actve Ti a If you have sorted your applications into classes you will see something like the picture below Appication Classes Selected ic Application Classes C Browsers i Windows Application IM Tools iy Undassified gt IM Tools i Entertainment f m E Browsers Ml Running Time W Actve Time ok cancel After Application classes are selected click OK to apply Then click Search button again to generate your desired application statistics 35 Q Chapter4 Statistics Application Statistics a Computer Running Ti w Active Time Browsers IM Toot Adobe aly AVC 65 11 03 55 34 49 34 2802 05 51 58 05 07 05 ey Developers 58 43 45 50 30 34 12 19 57 01 27 29 D035 gi FFM 44 11 04 40 00 57 26 00 16 01 42 36 00 11 00 gy eBay 28 55 00 19 404 12 41 59 02 26 29 01 11 31 l ay Admin 26 42 53 23 24 55 13 04 12 02 01 26 04 23 43 sy Design 18 78 32 15 57 47 04 25 28 02 10 42 04 52 34 gpa JP 18 23 44 16 59 17 OF 0222 01 30 17 03 1743 ty Channels 03 13 12 O5 02902 03 15 18 00 38 48 00 00 10 aly Mac 08 12 54 08 19 16 OF07 11 10 43 23 00 12 30 Ti sty Unclassified 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 wy Others 77 59 58 C0 nR 00 onanan onanan 00 00 00 z Pie Chart IM Tools Adobe 4 2 Website Statistics Click menu Statistics gt Web then select a computer or a group or entire network and SurveilStar will analysi
127. oup User and Policy Type Aat Security Computer Group Usar Information AA Low ao Yun AVC ANWSOFT Acton Add IP Mac information Cont System Alert Policy aN Low un AVE ANWSOFT Acton Add P Mac information Cont Systern Alert Policy A Low o Mie Gue Logistics Administrator Acton Delete startup item Content System Alert Policy AB Low Reta PFA BECK Achon Add startup tem Content Ch Systemi Alert Policy A Low ow Crystal Mult Lang ANVSOFT Acton Add startup tem Content Gr System Alert Policy Real time alert would display up to 500 records by default Administrators can adjust the number of alerts will be displayed via Tools gt Options gt Real time Alert gt Alert Window Note 1 Alert information records real time alert data which means that if you turn off the console or re logon to the console will automatically clear all records Administrators can query the alert information via Logs gt Policy 2 Administrators can choose pop up alert bubbles when alert occurred via Tools gt Options gt Real time Alert gt Bubble Settings Then alert information will pop up on the lower right corner of server computer 11 5 Server Management SurveilStar Server Management includes Backup Management Category Sync Management Server Time 112 Q Chapter11 SurveilStar Tools Management and Agent Update Management 11 5 1 Backup Management Backup Task Click menu Tools gt Server Manageme
128. ow Title If the file has been backed up you will find a Copy button and you can click it to save the attachment 48 Q Chapter5 Logs m O F File Operations Time 2012 01 11 09 46 37 Computer Amanda User Amanda Operation Type Modify File Name POM email docx File Type it PDM email docx 185 0KB See tase save Atacherent Drive Fixed Path C Users Amanda Desktop PDM email dace ee ey ant Wie Te WINWORD EXE POM email doce Microsoft Word When operation type is Copy Move or Rename both original path and target path will be displayed Path E workspace pdtconvert EPUBCode Debug Convert dll a TestConvert Testing 1 Debug Convert 5 5 Shared File Logs Select a computer or a group at first then specify search conditions including time and range operation type source file path and remote IP name Operation Type Supported shared files operation types are Create Rename Delete and Modify Source File File name of shared files operated by the remote computers File extension could be included as well Path The detailed location of shared files operated by remote computers Remote IP Name Type in remote IP address or remote computer name to search when the computer has operated on any shared files 49 Chapter5 Logs Q Shared File Logs Tyre Tene Computer Group Remote Host Source fle Path Aj Modify ALZA 155704 SERVEF Sercer 15258 15 17S R
129. ply which means that you would like to add watermark while printing you can make custom watermark settings to deside the content and display 81 Q Chapter7 Monitoring Chapter 7 Monitoring 7 1 Instant Message Monitoring SurveilStar Monitoring Software can record detailed instant message of mainstream IM tools including MSN YAHOO Google Talk SKYPE TM UC RTX POPO ICQ and QQ etc Click menu Monitoring gt Instant Message then select a certain computer or a group and specify search conditions including time and range IM tool UserID or Nickname and content Search hx Time and Range From 4k 4 2 26 2012 E To 3 27 2012 ar Time All Day i Range Anita Instant Message Tool el UserID or Nickname Content Tool Choose instant messaging tools to control such as MSN YAHOO Google Talk SKYPE TM UC RTX POPO ICQ QQ and so on You can checking All to control all IM tools UserID or Nickname Search chat and content of a specific account according to its User ID or nickname Content Search chat according to some keywords to quickly locate chats of interest After specifying your search conditions click Search button to view the result Below is a search result example of Instant Message Monitoring Click Previous or Next button at the right upper corner to view previous or next instant message monitoring records 82 ri i Minh Right click on an instant message monitoring record and you
130. pplications lt All gt Import Import an file that includes the application names you want to search For example if you want to find the logs of browser applications of Internet Explorer you can create a text file type the process name like 1explore exe Add Please add application process name like opera exe photoshop exe Wild card can be used such as shop exe Application Classes List You need to sort your applications into classes by menu Classes Management gt Applications at first Once applications Classes are created you can select an application from selected class or select a class directly Below is an example of selecting a class Delete Delete selected application name or application class After specifying your search conditions click Search button to view the result 44 Q Chapter5 Logs Basic Event Appication Web Document Shared Fie Printing Asset Change Policy System Application Logs Operton Type Time Computer Group Usar Application Path Title i CA Stop 2012 01 10 11 35 51 Amanda PFE Amanda AunsDVDConvPrs E Program FilesAurat ou Au CF Start 2012 01 10 11 07 33 Amanda PFM Amanda AuraDVDConvPro E Program Files Aurat You Aura Ca Stop 2012 01 10 10 56 11 Jenny PFM TRIS pimpro exe F JennyZeng product software Ca Stop 2012 01 10 10 56 01 Jenny PF IRS PFMPtU exe FJennyZeng product software CF Start 2012 01 10 10 53 06 Nancy PFM Administrator VideoC
131. pted here URL Click button to import website list add website address or specify website classes You will see a setting dialog like this Website lt All gt There are four buttons in the dialog which are Import Add Website Class List and Delete Import Import an file that includes the website list you want to search For example if you want to check whether anyone has visited surveilstar com you can create a text file type the website URLs like surveilstar com Add Please add a website URL Incomplete URL is also accepted Wild card can be also used such as soft com and net Website Class List You need to sort all kinds of websites into classes by menu Classes Management gt Websites at first Once Website Classes are created you can select an website URL from selected website class or select a class directly Below is an example of selecting a website class Delete Delete selected website URL or website class After specifying your search conditions click Search button to view the result 46 Q Chapter5 Logs Web Logs Tin Computer Group User Caption URL E 2012 01 06 14 24 57 Kevan Admin Kean eTinySoft Total Video Converter Total V www effectmatr com index him i 2002 01 06 14 23 35 Kevin Admin Kenn PowerPoint convert coftware EM Pow wew effectmato com PowerPoimt Video Converter in_ i 2012 01 06 14 203 Kean Admin Kean eTimySoft Total Video Converter Total Va wenweffectmatrix com ind
132. r Far ane il E E IP MAC binding lt All gt TEE Change IP MAC W E ActiveX lt All gt E Others lt All gt j Name 7 E Basic policy supports Control Panel Computers Management System Network IP MAC Binding ActiveX and other controls Control Panel Control Panel Modify display properties Add printers Delete printers Fast swithing user in XP Limit all the functions that are available in control panel Once this option is checked and policy execution action is set to lt Block gt user won t be able to open control panel and Control Panel will be removed from start menu Restrict users to change the theme desktop screensaver and appearance Limit user to add printers Limit user to delete printer Limit multiple users logon in XP by switching user This option is effective for Windows XP system only 59 Q Chapter6 Policies and Advanced Policies Computers Management Device Manager Disk management Local users and groups Service management Other computer managements System Task Manager Regedit CMD Run applications in the Run of registry Run applications in the RunOnce of registry Network Modify network Restrict user to use Device Manager Restrict user to use Disk Management such as adding deleting or resizing disk volume Limit access to local users and groups settings in Control Panel Restrict user to use Servi
133. r supervisor Meanwhile this alert will be also recorded in policy logs IT manager can use menu Tools gt Options gt Console Settings gt Real time Alert gt Popup alert bubble to enable or disable alert popup use menu Tools gt Alert to review real time alerts Choose alert severity if lt Alert gt is enabled Low Important and Critical are available Enable or disable warning message to show on agent PC Click button and set warning message if lt Warning gt is enabled When a user s operation matches a certain policy warning message will pop up on user s computer screen and warn him that he have done something blocked or deprecated Check this option to lock agent PC if the policy matched Then user can t do anything on this client computer IT manager can unlock the PC via menu Control gt Unlock on SurveilStar Console Set effective period of the policies Setting earlier time than current time is not allowed When the policy has expired the policy will be displayed in gray If Always is selected the policy won t be expired 57 Q Take effect while offline Buttons used in policies X S100000 a g Ti a Policy priority Usually there will be multiple policies applied to a certain computer or a group and there may be policy conflict problems Thus there will be a policy priority Policy adopted mechanism is similar to Firewall each goal can be combined from a number of policies and t
134. rShell 1 0 Installation Steps 1 Download SurveilStar Setup file and double click to launch the setup SurveilStar Server should be installed in the same computer with the SQL Server application If it pops up security warning message please click Yes or Run button to continue Q Chapter2 Deploy SurveilStar Employee jo Setup SurveilStar V3 Welcome to the SurveillStar V3 Setup Wizard This will install SurveilStar V3 3 27 1231 on your computer Itis recommended that you dose all other applications before continuing Tip You may need to install some related software free to ensure the normal operation of SurveilStar Click Next to continue or Cancel to exit Setup 2 Choose which components should be installed jo Setup SurveilStar V3 Select Components Which components should be installed Select the components you want to install dear the components you do not want to install Click Next when you are ready to continue 7 sveise V3 V3 Server i ge IP guid V3 Server Kernel Install Agent Module on Local Computer SurveilStar V3 Console Current selection requires at least 309 0 MB of disk space _ A SurveilStar V3 Server Kernal This option can t be unchecked It must be installed Microsoft SQL Server 2008 Express Edition Please check the explanation above Check it or not according to your environment If you have installed SQL Server 2005 Express or other SQL version please do no
135. rage path 113 Q Chapter11 SurveilStar Tools Create Backup Task Q You can create new backup tasks amd specify the data type that you want to back up from here Data Type te Efel Date Range A a Please specify the date range that you want to back up from here If Basic Events Log you don t check and specify the start date all data before the end date Ez E Document Operations Log will be backed up Web Log E H Printing Log Start Date W 5 1 2012 gir Application Log Policy Log System Events Log Screen history Back up to Instant Messaging Please select the directory which you want to save the backup up data E Email from here The directory used to save backup data is located on the PC Shared File Log which has SOL SERVER installed Asset Changes Log Path Application Statistics Website Statistics E Surveilstar M Traffic Statistics End Date 5 6 2012 al Delete original data Note You can choose whether to delete original data or not but should be careful enough Once delete you cannot check records you deleted on the console unless you load the backup data Load Administrators can load backup data into database to restore backup data and will not undermine existing data in SQL server Load Backup Click menu Tools gt Server Management gt Backups Management and choose Load then the Backup Management window will s
136. rmark Advanced Policy Image Watermark bi Content of the watermark Picture Browse Parameters seting Performance Prior in quality Transparency B B0 Te Tit Horizont Layout Mode of segmentation Number Row 1 Column 25 a pe Page margins Setting the page margins herel om lef i Right 1 Top 1 Bottom 1 79 Q Chapter6 Policies and Advanced Policies Text Watermark Example Lef 1 Right i wmevassm Page header Hrs A a Oa pi A TAAA HARTA EAA O nT Page header E Page footer F Left IM Right a a e y lran PAMA PEJPI 0 H paronia Page footer 80 Q Chapter6 Policies and Advanced Policies Watermark Setting Policy Example This is an example which can help you better understand Watermark Policy The requirement is that IT manager would like to add text watermark to all printing documents except Ann s computer To achieve this a set of strategies is a good choice For example 1 Choose The Whole Network from the left computer list click menu Advanced gt Watermark Settings to create a watermark policy 2 On the right watermark policy setting panel slect Mode gt Apply to all types of printer Then custom the text watermark content and display Save the policy 3 Choose Ann s computer from the left computer list create another watermark policy and set Mode gt Disable Save the policy Note Only if you set Mode gt Ap
137. s all recorded web visits and generate a stastistics immediately There are three buttons on the upper right corner of data display area B IT manager can select web statistics modes Currently there are three modes available They are By Class By Detail and By Group w Expand sub classes or computers users in a group View all website visits top 10 visited websites top 20 visited websites or custom display recording numbers There are three website statistics modes Web Statistics by Category If you want to generate web statistics by category you may need to sort the visited websites into classes according to your need Click menu Classes Management gt Websites to manage your website classes There will be 2 columns which are Website Class and Time By default time will be listed in descending order 36 Q Chapter4 Statistics Web Statistics Class Time Customer Support 27 39 43 4 Unclassified 23 56 23 Anvsott 14 25 14 2 Search Engine 07 39 22 News 06 56 47 Shopping 06 37 39 Mails 06 32 32 2 Social Networking 05 45 04 Forums amp Blog 05 03 05 E Shareware 02 02 47 Test 01 58 32 Ecommerce 01 5437 Videos 01 44 35 DvDSmith 01 35 48 Total 113 50 08 Under the data display area you will see a chart for the web statistics above Web Statistics by Detail Web Statistics by Detail will display all the visited websites respectively and the duration spent on the
138. s checked only files which have backup copy will be displayed And you can save the backup documents and check the details of the documents Document policy and IM file policy will be discussed in later chapters The following pictures indicate that the deleted modified and uploaded documents have been backed up Bi Delete Pi Modify Bin Upload After specifying your search conditions click Search button to view the result Document Operation Logs Tree at Access of fer ORES q Access j koem i Minify sj Meet W letit sj Moet Wj isty i Jj foes a Access J Doenioid a Micy Dranioed i hioi aj beoe w Misy q Atens d Oranii Tima LAA 5556 OeL2 Oh 11 Sas M01 2 01 11 S16 AI ss 2007 1 iis ALP T Geet A T O SNL POE 11 DESAF ALTA 1 OSS PHIAN Ses SLT OL 1 OSS O1 2 01 11 Sha O01 T 01 11 OO 5 WIH Oh a 2 0 1 ae S01 2 00 11 ss 0191 gaas ML Pet 1E OSE A Es 1 GS ALP EL wo Compete Group Tipar Source fia Fee Soe Patri Dik Tyros Appice Caphon ores ip Areeectt jp nihi ill BER cupregqeam feriveslicealplayeriqop end Fr Resif lay exe Agne iP ment jp Ranfl are EKER cprym fiesveahveesiplayer Ren Faced ReslPlry coe Sones JP Ainvrcdt jp nmi DEKE clpogeam hiervesheesipiyernpea Fed Resifi ene Agnes IF Armeccet jo ReriP Lry ese i kE ociyprogram herota esple Ren Fed ReslPlry sve Li Sang Denga pee Ejk Jhd ii kE C lkersongAppha Roaming Famed Tune ee Amimii PHT Amanha ERTA er h WES Co Us Amandi app lints ifsaming
139. s button at the bottom of the manager window 7 Auto installation When a selected computer logs on to the domain the preset script will run automatically to install SurveilStar Agent to that computer in stealth mode 16 Q Chapter2 Deploy SurveilStar Employee 2 4 Register Step 1 Open the registration form 1 On the server s desktop right click on the SurveilStar s Service Controller icon in the task tray and click Tools gt Register Reser Event logs Open setup directory Service Stop Refresh service w Auto start service when OS starts Close Service Controller 2 Provide password to log into the registration form Step 2 Enter serial number In the Serial Number section you will see the default SN for demo version You should replace the demo SN with the SN you purchased 1 Click the Upgrade button Note SurveilStar offers 30 day trial for enterprises to experience the software In the demo version you will see the days left for trial use and the serial number for the demo version 2 Enter serial number into the text box and click the OK button Now you will see the Demo is replace with the quantity of licenses you purchased for this serial number Step 3 Complete the registration There are two options to complete the registration Register Online and Send Email Please fill in the product registration information with Company Name Tel Contact Person and Email Address
140. t check this option Install Agent Module on Local Computer If you need to monitor the computer where Surveilstar server is installed please check this option Q SurveilStar V3 Console Chapter2 Deploy SurveilStar Employee If you want to install SurveilStar Console on server machine as well please check this option Please note that SurveilStar Console can be installed on different computers and should be only accessed by IT manager or supervisor Check all the information and click Install to continue the installation or click Back if you want to review or change any settings if setup SurveilStar V3 Ready to Install Setup is now ready to begin installing SurveilStar Y3 on your computer Click Install to continue with the installation or dick Back if you want to review or change any settings Destination location D Program Files x86 SurveilStar setup type Full Installation Server and Console Selected components SurveilStar V3 Server IP guard V3 Server Kernel Microsoft SOL Server 2008 Express Edition Install Agent Module on Local Computer SurveilStar V3 Console if Setup SurveilStar V3 Installing Please wait while Setup installs SurveilStar V3 on your computer Configuring database connection Q Chapter2 Deploy SurveilStar Employee 4 Installing SQL Server 2008 Express automatically Please do not close the popup It would take some time please wait
141. ter You can choose the type by checking or choose all by letting them to be blank Printer description Specified name of printer Application Specified application to print Record Mode Control to record content of print or not Maximum Recorded Pages Only effective if checking Record to the Record Mode above Control the maximum number of pages to record printing documents The more pages you record the greater amount of data generated And IT manager can view the record using menu Logs gt print in SurveilStar Console Printing Policy Example This is an example which can help you better understand Printing Policy The requirement is that IT manager would like to limit the use of all printers and only want printer HP to print documents To achieve this a set of strategies is a good choice For example 1 Create a printing policy to block all types of printer 2 Create another printing policy and set Allow mode to printer HP by specified printer description as HP Afterwards only printer HP can successfully print documents 6 18 Watermark Setting Policy Advanced In SurveilStar Console click menu Advanced gt Watermark Settings click Add button to create a watermark policy Printer Type All four printer types can be selected local printer shared printer network printer and virtual printer Check or choose all by letting them to be blank Printer description Name the selected printer Printing Task Name the pr
142. that all websites are blocked in all day alert and warning message are also set for administrator and users 66 Chapter6 Policies and Advanced Policies Property g Property Value Name Web block Time Al Day Mode Block Ale mw Alert Level Low Waming E Waming Message NO Lock Computer O Only offline E Expiring Time lt Always2 Website lt All gt Website Website lt All gt There are four buttons in the dialog which are Import Add Application Classes List and Delete It s just the same as the setting dialog that was previously discussed in Web Logs chapter Please check Web Logs for more information Web Policy Example In order to prevent staff from accessing to illegal websites website browsing policy can be set up to put a ban on or only allow to visit the specified websites If it is only some specified sites that you need to be allowed to a set of strategies is a good choice This is an example which can help you better understand Web Policy The requirement is that when employee is on work only some work related websites are allowed to visit To achieve this you can create two web policies like below 1 Create a web policy and set all websites to Block 2 Create another web policy and add specified websites to Allow Afterwards only some designated websites are allowed to visit 67 Q Chapter6 Policies and Advanced Policies 6 6 Screen
143. the need Select chat tools Only effective in the Record model If you check this the chat will not be recorded so cannot be able to view chat on the console Logs about application statistics Logs about web statistics Logs about traffic statistics 69 Q Chapter6 Policies and Advanced Policies Note If you do not need to record some of the logs you can add a policy setting Not Record to some certain logs and then save 6 8 Remote Control Policy In SurveilStar Console click menu Policies gt Remote Control click Add button to create a remote control policy Then you will see Property panel like the picture below In the following example you can see that only remote control is allowed all day and authorization 1s required Remote Control If you check this you choose the type to be remote control and enable administrators have a freedom to control your machine Remote File Transfer If you check this you choose the type to be remote file transfer and enable others transfer files to your machine Only after selecting at least one of the above two type of remote control can be able to set the following attributes Authorization is required Only effective in the Allow mode If you check this you choose user authorization as the only method to remote control If not user authorization and password authorization are available Manager Name To control administrator user logs in to the current console For e
144. thers and IT manager can move them to other categories Unclassified All applications that are not match to any classification IT manager can move them to other categories Click menu Categories gt Application then you will see a window shows detailed application categories information with all the categories on the left and detail information of specific class on the right ex At ps Ben Cobegorkes obs 9 Aniani B imatt G B Do Deiipiri LI Dnk i phs 5 mR G Ertertuanani Hg Fie Tey i ME i Sng G Sai 1 2 Sette G VMware Eo Mieke Appin Do Fre ead arr fa b chi appn Apple eteon D brt Plast Player JAAN hedietes Piotr A Aol __ Beebe Adi edi ee Adobe fap C50 My ee j Bortchreppeer Lipper gy Cheers adobe Updater Garbup Adshe flh Player Adee 5N irtir Bf ache mr a ae lehin A Jj Sdebe oct peia E dhe ira Baschet inat Peye J rphs Drier BBP Adcbhet Finit Payer _ adobe AIR Derbeg Lean Adebe Fa Pilar Feed E Adhe Fea Jiga AF file Fia Hita Tipe initi nhir er rar SAHM Wiggers Hotiim irt itr E acces dl cue Ents Orr le La Lay ee eet ep ene idoben Cleanup 200 er ae n he Lun Fihi is Fiep dobr SA pdre i Theater et Leeper ee ed Rep Hert Acrobetiro 10 Wieb Wie EEL metas Ful hemiin Pi HUA bc Artrni aoe aoe APA CAB IME TALL ERS Faces tee Selene wpe op eel alo oa Bootiirepper Appi mdcba E Fin Mrym htsa Lire sah bot es Pioen Epker Ber
145. tion i Display Adapter 3 DVD CD ROM l Fingerprint verification Ji Floppy Sf Image Device ja Infrared s Keyboard m Chapter9 Assets pi k Mamea Type B summary Text 2 Nurnber integer at Brief Text Lt Block Saxe Decimal 12 Nurnber of Blocks Decimal 14 Starting Offset Decimal ab Description Text E Type Tet Sh Bootable Yes No m Boot Partition Yeso Li Size Decimal at Marne Text There are five types of properties showed with different icons Text Integer E Decimal ki Date wh Yes or No Add Asset Click menu Operation gt Add Asset then Administrators can define assets that would not be automatically monitored Add Property In addition to system defined properties for assets administrators can manually custom attributes Choose specified asset Click menu Operation gt Add Property then you open the Asset Property window Choose a property type give a name to the new adding property and click OK then you add a new property to the asset successfully Q Chapter9 Assets 9 2 Hardware and Hardware Changes 9 2 1 Hardware View Hardware assets information Click menu Assets gt Hardware then SurveilStar will show a list of all monitored computers with information of Computer Name CPU Memory Disk Drive and Network Adapter Double click a certain computer or choose one and then right click and choose property then you can get detaile
146. ty Control email sending and receiving by sender receiver address attatchment etc and prevent email spams Control file transfer via instant messengers and back up transferred files Control the network upload behavior by way of HTTP or FTP including sending webmail uploading images forum posting and FTP upload etc Define document operation privileges and back up documents if necessary Control the usage of various printers Add Image Text watermark to documents printing out General properties of the policies All the policies have some properties in common Below we will have a brief introduction on these properties Name Set the policy name SurveilStar will automatically add a policy name when a policy is created You can customize the name to what you want We recommend you use a brief description of the policy as the policy name 56 Q Time Actions Alert amp Alert Severity Warning amp Warning Message Lock Computer Expiration Time Chapter6 Policies and Advanced Policies Specify time range that the policy will take effect You can select time types in the drop down list or customize time range by using menu Categories gt Time Types Select execution mode when all the conditions of the policy are met Supported modes include Allow Block Ingore and No Action Allow Allow to perform an operation If the policy mode the operation matches is Allow then the operation is allowed and the com
147. uch functionality depends on the accuracy of server time If server cannot validate accuracy of server time click menu Tools gt Server Management gt Server Time to confirm the current server time is correct and then click Trust Automatically Choose whether to remove agents automatically when they not logged on for some Remove Agent days If enable choose a lowest level of error message to log from one of the five All Low Moderate High and Critical If so specify days to remove if agents not logged on over the specified days 11 7 3 Settings of Email Notification Server This part has detailed description in Email Notification Settings Please check 119
148. ules on the right Accounts Management e cal General Authonties Computer Groups Name Description Type Admin Super administrator All authorities Anita g zengiang Logon E Only allow to log on one console at one time E Only allow to log on specified PC or IP Input PC name or IP fe g pe 1 192 168 1 1 kA Add administrator accounts amp Delete administrator accounts manually added System administrator Admin is not allowed to delete e Change password The 4 functional modules are General Authorities Computer Group and User Groups 108 General Authorities Computer Groups User Groups Chapter11 SurveilStar Tools Specify type of administrators and logon conditions Specify authorities of non system administrator accounts Specify management range of non system administrator accounts Only can assign one of Computer Groups and User Groups which means if you specify the computer groups you are not allowed to select user groups If you choose all the groups of computers you choose all the user groups also Authorities of administrator Accounts Management Name Description c Admin Anita a Fengliang File Ps S General Ashore H E File E E Control 4 Statistics fl Log H E Policy HE Monitoring H E Maintenance Gl Assets Management 7 E Computers Management H E All Classes Management a Delete G Backup H E Setting Generat
149. ver including address about Cc carbon copy and BCC blind carbon copy Execute the policy when match any of the receivers or all setting above Control the subject of sending mail Input rule is the same as the control of sender Control whether the sending mail has attachment or not Check this option if you only want to control emails with attachment If not all mails with or without attachment will be controlled Control name of attachment only after selecting Has Attachment above Input rule is the same as the control of sender Set an email size then the policy will execute if email size greater than or equal to the value Control the size of sending mail the default is 0 which means all There are two examples which can help you better understand Email Policy In order to protect private information and prevent staff from misusing e mail to send internal confidential information an email policy to control attachment with specified keywords is a good choice You can create an email policy like below 1 Create an email policy 74 Q Chapter6 Policies and Advanced Policies 2 Select the Block mode then check has attachment and input keywords in Attachment Afterwards emails with attachment and match the keywords will be blocked Email Policy Example 2 The requirement is that companies want to restrict the sender of emails which only allow employees to use the specified internal mailbox to send mail but the other m
150. vice Plug out Communication Device Software change System service change Startup item change System time change Computer name change Network Configuration Change Please note that Note Chapter6 Policies and Advanced Policies Check this option to lock computer when hardware changes Alert when plug in computer peripherals and will record name of the device Alert when plug out computer peripherals corresponding to plug in Alert when plug in storage devices and will record name of the device Remind the administrator to prevent the illegal use of external storage devices Alert when plug out storage devices corresponding to the storage device plug in Alert when plug in communication device and will record name of the device Remind the administrator to prevent the illegal use of external communication devices Alert when plug out communication device corresponding to the communication device plug in Alert when any of software assets changes which will facilitate the administrator to maintain computer software assets and estimate debar and repair the failure of computer software problem within the network Alert when system service of client machine changes to help administrator to solve problems caused by virus or system Alert when startup item of client machine changes Alert when system time of client machine changes Alert when computer name of client machine changes Remind the administrator to pr
151. xample can restrict method of remote control to the specify client machine of some certain administrator user Need to force the confirmation The administrator account can set by Tools gt Accounts Console IP Address Control computer s IP address range on under current console For example you can restrict computers which IP on a designated range to remote control function by logging into the SurveilStar console If the input is from 0 0 0 1 to 255 255 255 255 or do not enter or is not a valid IP address system would understand as all IP addresses and to represent by lt All gt Console Name To control the name of the computer logs in to the console Note Manager Name Console IP Address and Console Name support a semicolon or comma to be as a 9 separator So multiple setting 1s available 6 9 Alert Policy In SurveilStar Console click menu Policies gt Alert click Add button to create an alert policy Then you will see Property panel on the right as the picture below In the following example you can see that system would alert when hardware changes Hardware change Set alert or not when any of hardware assets changes which will facilitate the administrator to maintain computer hardware assets and estimate debar and repair the failure of computer hardware problem within the network 70 Q Lock Computer Plug in Plug out Plug in Storage Device Plug out Storage Device Plug in Communication De
152. xt PDF pdf HTML files htm html php etc Ebooks epub chm and any other kinds of document files Meanwhile SurveilStar will record all kinds of operation types including Create Copy Move and more Select a computer or a group at first then specify your search conditions including time and range operation type drive source file path size application etc Operation Type SurveilStar s document logs function supports all kinds of operation types including Create Copy Move Rename Restore Delete Access Modify Upload Download and Burn Drive The type of the drive where the operated documents locate in Supported drive types include Fixed Drive Floppy BD ROM DVD ROM CD ROM Removable Drive and Network Drive Source File Path Size Application has backup File name of operated document File extension could be included as well The datailed location of the operated document When Operation Type is Copy Move or Rename SurveilStar will record original path and target path Specify file size to search the operated documents Search operated documents with specific application which is used to open the documents Click button to open the setting dialog The settings are same as what is explained in previous chapter of Application Logs When using document policy or IM file policy we can enable backing up the operated documents or sent received files via instant messgeners Once this option 1
Download Pdf Manuals
Related Search