ACUMEN AiD User Manual
Contents
1. ACUMEN me select lock unlock Screen Information Computer information such as computer name IP address and online status will be display when mouse moved over a monitoring screen Navigate to computer tree By right click on the monitoring screen and select navigate to computer tree it will take the administrators to the computer s location on computer tree 7 5 Search Screen History Select Monitoring gt search screen to search recorded screen history Search condition includes Item Description From To Search screen history with begin and end date Name or IP Search computer screen by computer name or IP Address address IP range Range Search computer screen history by a computer or computer group History log include the following Item Description ACUMEN Date Computer Session Start Time End Time File Name Recording date of the screen history Each new day will generate a new record Computer name of the computer Session ID if one user logon session ID will be display as 0 Each session will have an own log file for snapshot history Note For Windows Visa first session start at 1 Start time and end time of the screen snapshot history The file name shows as lt SQLs it represents that the screen snapshot data is stored inside the SQL Server 7 6 Screen History Viewer To view screen history double click on one of the search resulting or highlight a record and click on2. Microsoft SQL Server Native Client Microsoft Sync Framework 2 0 Provider Services E VMware Tools T Microsoft Sync Framework 2 0 Core Componen Microsoft SQL Server 2005 Express Edition T Google Chrome Company name TEC SOLUTIONS UMIT MICROSOFT CORPOR MICROSOFT CORPOR WIN RAR GMBH MICROSOFT CORPOR MICROSOFT CORPOR MICROSOFT CORPOR MICROSOFT MICROSOFT CORPOR MICROSOFT CORPOR MICROSOFT CORPOR MICROSOFT CORPOR VMWARE INC MICROSOFT CORPOR MICROSOFT CORPOR GOOGLE INC Version 3 20 4 20 0 6 11 1 404 9 00 4035 9 00 4035 2 1 0 6 10 1129 0 9 00 2047 9 00 4035 2 0 1578 0 7 8 5 7026 2 0 1578 0 9 3 4035 00 21 0 1180 Size 350 860 KB 90 516 KB 213 200 KB 4 052 KB 39 452 KB 23 005 KB 679 KB 1 465 KB 1 496 KB 83 406 KB 4 292 KB 2 328 KB 21 019 KB 959 KB 210 952 KB 334 344 KB Path C Program Files TEC IPguard3 c Program Files Microsoft SQL Server 90 Setup Bootstrap C Program Files WinRAR c Program Files Microsoft SQL Server 90 Setup Bootstrap c Program Files Microsoft SQL Server C Program Files Microsoft SQL Server c Program Files Microsoft SQL Server C Program Files VMware VMware Tool c Program Files Microsoft SQL Server If software failed to obtain installation path administrators can select correct path manually 1 application path relative path window Click on the butto
3. Acumen Int Corp 6F No 207 3 Sec 3 Beisin Rd Sindian Dist At UMEN New Taipei City 23143 Taiwan Tel 886 0 2 8913 22 33 Fax 886 0 2 8913 22 55 sales acumenin com www acumenin com ACUMEN AiD User Manual Data Security ACUMEN i y Copyright Copyright Copyright 2014 Acumen Int Corp All rights reserved No part of this document may be reproduced stored in a retrieval system transmitted in any form or by any means electronic mechanical photocopying recording chemical handwriting or otherwise or translated into any language or computer language without the prior permission in writing of Acumen Int Corp Note The information in this document is subject to change without notice and should not be construed as a commitment by Acumen Int Corp While every effort has been made to assure the accuracy of the information contained herein Acumen Int Corp assumes no responsibility for errors or omissions Acumen Int Corp assumes no liability for errors in this document or damages resulting from the use of the information contained in this document ACUMEN Index Talige le Ul os O dees 7 ST 7 1 2 Feature Introduction ssssssessnsnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnmnnn nnn 8 Installation and Deployment sssssnnnnnnnnnnnnunnnnnnnnnnnnnnnnnnnnnnnnn 11 2 1 eege 11 2 2 Hardware Software Requirement cccessseeeeeeeeeeeeeeeeeeeeeeeeeeeees 13 2 3 Installation EE 15
4. 13 Ordinal Name ID IP Address MAC Address Group of Agent Last Appeared Install 2 1 E LUFFY 082F0B0 65538 192 168 0 144 00 0C 29 AA 5A 36 19 Undiassified 2012 09 06 15 34 31 2012 d 2 E LAB OFFICE2003 65906 192 168 0 146 00 0C 29 72 48 89 192 Unclassified 2012 07 31 14 29 09 2012 d 3 E LEO 14989549 65953 192 168 0 234 00 0C 29 73 40 D9 192 Undassified 2012 09 05 15 17 49 2012 d 4 E cHT 2A24AAC7 65959 192 168 0 147 00 0C 29 1E BA 37 10 test 2012 08 08 18 10 12 2012 d 5 E DeLL xp 66027 192 168 0 131 00 0B DB 67 84 CB 192 Unclassified 2012 08 22 18 09 23 2012 2 6 EI TEc41eo 66070 192 168 0 126 40 2C F4 1 28 80 E Undassified 2012 08 28 09 50 57 2012 LI 7 Pi amer 66109 192 168 0 219 00 0C 29 DC 52 FA 19 Unclassified 2012 09 03 14 10 18 2012 Li 8 LUFFY NB 66125 192 168 0 125 00 26 18 7D 5 F 192 Undassified 2012 09 03 14 26 26 2012 D m E PC Identification Info E Ordinal OS Hard Disk ID MAC Address Computer First Appeared Authorization a 20 Computer management includes the following Items a Name ID IP Address MAC Address Group of Agent Last Appeared Install Date Description Icon represent computer has a valid license For computer without this icon please refer to Authorization at bottom of the window to verify license usage Agent computer name if computer name been renamed on the computer tree it will be display in bracket Unique computer ID assigne
5. 2 3 1 System Installation BEE 15 2 4 System UDG AG E 15 2 4 1 Upgrade Server and Console 15 2 4 2 Agent Component Upgrade 15 2 5 Removal ccssescecciastcedcncecasssssasaancessnactasantiascaseceansesacassdcsscacnesadancstaceteens 15 2 5 1 Remove Agents 16 2 5 2 Uninstall Server and CGonsole 16 EE 17 3 1 Console Login een en eee ee eee 17 3 1 1 Console e EE 17 3 1 2 Change PASSWOrd D 18 3 2 Console Introduction sssssssssssnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnmnnn nnna 18 3 3 Computer and User Operation ssssssssnnsnnnnnnnunnnnnnnnnnnnnnnnnnnnnnn nnne 21 3 3 1 Basic INGIMANON BE 21 SEENEN A EAEE Ka a 23 Eee oT EE 24 39A Delete noria a 24 e ENEE 25 329 0 EINEN 25 3 3 7 Data Stegen 25 ACUMEN me 3 4 er e 25 E NOUNCIA 110 E 25 3 4 2 Lock Unlock SEET eege le 26 3 4 3 Log off user Shutdown and reboot nsnsneneeeeeeeeee nenene eenen ennnen nnen 26 3 9 Other FEatU ES ssrin aa 26 3 5 1 IMPO EXO OPT EE 26 3 5 2 Print and Print EE 27 A SaS S ncnion a a 28 4 1 Application Statistic Report sssssssnnnennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 28 4 2 Website E 31 D Evon E CN 33 5 1 Basic Event LOGS arises cncesscct cn ticcccenensevccencesvecnsbeaedandiavenseceeessieasecend 34 5 2 Application e E 36 5 3 Website Browsing LO ereeugeegeuieerengeegeteseegegeESeeeNen EES 37 5 4 Document Operation LOQ 2 ccsceeeeeeeeeeeeeeneeeeeeeeeeseseeeeeaeeneneeees 38 5 5 Shared File Log eeegeeeegereege
6. 9 10 EM To iW 2012 9 10 Bv Manager name description Manager column shows list of administrators operation log per administrators can be view by selecting a specific administrator Audit logs provided print export save and delete feature Item Print Print Preview Export Delete Description Select File gt Print Print Preview to print or view current logs Select File gt Export or right click on data panel and select export to export logs Delete logs by right click on data panel select Delete and delete by Selected record Record of current page or All Matched Records 12 3 Using Audit Console ACUMEN Audit Log Audit logs include login info administrator s operation logs policy edit delete logs agent screen viewing logs remote logs and administrators account modification logs Audit logs include the following Item Time Computer IP Address User Manager Description Description Recorded time for corresponding operation Logon Computer Name Logon Computer IP Address User logon to the computer Logon administrators account name Description of the operation log Audit Log Query Auditors can use the search panel to search for specific logs Item From To Manager name Description Description Search for logs between From and To date Search logs by console logon account name Search log by specific keyword ACUMEN tC es Create A
7. ACUMEN 1 _ MD Introduction 1 1 Preface Corporate information becomes more important under the era of intellectual economy The critical factor for success is to protect information effectively With the fast growth in information technology internet becomes an important channel to communicate between customers and corporations Despite its convenience information is more easily leaked As important information leakage brings loss to corporations a comprehensive control of computer usage is important It controls and reduces the risk of loss caused by leakage of the confidential information and or abuse of corporate resources and intellectual property More and more employees spend their time in browsing websites that are unrelated to work during working hour Such behavior decreases productivity Many employees may think that the office computers are their personal property they can do whatever they want with the computers Corporations should control and monitor their behaviors in order to enhance productivity and minimize the risk of misuse of computer resources According to researches of the Gartner Group and Forrester Research nearly 50 of time within the MIS department has been spent on computer installation and software upgrading which occupy a large proportion of the computer cost System administrators spend 70 80 of time working on daily maintenance tasks which increase the cost of computers Moreover productivity dr
8. ACUMEN Server 127 0 0 1 y Account Admin Password Remember Password Auto Logon OK Cancel Login screen include the following Item Description Server AiD server IP address Account Default administrator login account set as admin and Audit account as audit Administrators can create multiple account with different credentials by go to Tools gt Account in console Password Admin account s default password set as blank password may be changed by go to Tools gt Change Password in console ACUMEN _ rr Tr ltem Description Remember Remember password used to logon Password Remember password setting can be removed by go to Tools gt Options gt Console Setting gt Basic Settings gt Login Settings and unselect Remember Password Auto Logon Auto Logon will automatically login to console using last successful logon user s detail Auto Logon setting can be removed by go to Tools gt Options gt Console Setting gt Basic Settings gt Login Settings and unselect Auto Logon Tool gt Re logon allows administrators to logon to another AiD server or logon to AiD server as using another user account 3 1 2 Change Password Once logon to console password can be change in Tools gt Change Password it require users to enter old password new password and confirm new password to make change effective 3 2 Console Introduction Fol
9. Share In shared folder tab administrators can view shared folder information ACUMEN zz EE and also has the ability to remotely stop sharing Session Select this mode to view user access information to the share folder Information includes User Computer Type Open File Connected Time Idle Time and Guest Open Files Select this mode to view current shared folder accessibility information include Open File Access By Locked and Mode System administrators can right click on target file and select Close Open File or Close All Open Files 8 1 8 Schedule Tasks Select Maintenance gt Schedule Tasks to view agent computer s schedule list including Name Schedule Application Next Run Time Last Run Time Status Last Result and Creator Right click on the schedule and task record can delete any unauthorized schedule and tasks ltem Description Only active under user mode select target schedule task to view related information 8 1 9 Users and Groups Select maintenance gt User and Groups to view all local users and group on the agent computer The information include name full name and description ACUMEN OO Eee Items Description Only active under user mode select target user and group to view related information 8 1 10 Software Management Right click on Maintenance gt Software Management to view list of installed software on agent computer Right click on list to remote
10. Windows Automatic Update Description Restrict user to use chat ActiveX Restrict user to use Media ActiveX Generally this kind of ActiveX is applied for playing music or video on Internet Prohibit this option to stop user listening or watching online media Some online games may require installing its ActiveX Prohibit this option to stop user playing online game This ActiveX is required for playing FLASH Prohibit this option to make the FLASH file cannot be played properly Description Block PrintScreen Keystroke usage Prevent user to restore system from agent to non agent state Using this option to prohibit the system restore function Block Windows Automatic Updates ACUMEN O E Policy Example Requirement IP settings cannot be changed by end user However it should be allowed when the computer is out of office for business trip 1 Add a policy to block Change IP MAC Property 2 Add another policy to allow Change IP MAC Property with option Only offline checked Result According to the policy matching mechanism the second policy has higher priority therefore second policy will be matched first when the computer determined as offline status the policy 2 will be invoked and the user should be able to change the IP settings However if the computer determined as online status conditions specified in policy not satisfied then policy 1 will proceed to be matched As the condition satisfied policy 1 i
11. 17 03 48 el 2012 09 07 17 01 36 E 2012 09 07 17 01 21 2 2012 09 07 17 00 13 Si 2012 09 07 17 00 08 el 2012 09 07 16 59 47 E 2012 09 07 16 59 21 Computer POLAREBE POLARBE POLARBE POLARBE POLARBE POLARBE POLARBE POLAREBE POLARBE POLARBE POLARBE LUFFY 08 LUFFY 08 LUFFY 08 POLARBE LUFFY 08 POLARBE POLARBE POLAREE POLARBE IP Address 192 168 0 111 192 168 0 111 192 168 0 111 192 168 0 111 192 168 0 111 192 168 0 111 192 168 0 111 192 168 0 111 192 168 0 111 192 168 0 111 192 168 0 111 127 0 0 1 127 0 0 1 127 0 0 1 192 168 0 111 127 0 0 1 192 168 0 111 192 168 0 111 192 168 0 111 192 168 0 111 User PolarBear PolarBear PolarBear PolarBear PolarBear PolarBear PolarBear PolarBear PolarBear PolarBear PolarBear Administrator Administrator Administrator PolarBear Administrator PolarBear PolarBear PolarBear PolarBear Manager Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Admin Description Account Logon Account Logoff Account Logon Account Logoff Account Logon Account Logoff Account Logon Account Logon Account Logon Account Logoff Account Logon Account Logoff Account Logon Account Logoff Account Logon Account Logon Account Logoff Account Logon Account Logoff Account Logon e Audit log From qr w amp F 2012
12. 406 KB C Program Files Microsoft S Microsoft SQL Server Native Client MICROSOFT CORPOR 9 00 4035 4 292 KB c Program Files Microsoft Si ke Microsoft Sync Framework 2 0 Provider Services MICROSOFT CORPOR 2 0 1578 0 2 328 KB VMware Tools VMWARE INC 7 8 5 7026 21 019 KB C Program Files VMware V E Microsoft Sync Framework 2 0 Core Componen MICROSOFT CORPOR 2 0 1578 0 959 KB Microsoft SQL Server 2005 Express Edition MICROSOFT CORPOR 9 3 4035 00 210 952KB_ c Program Files Microsoft Sil T Google Chrome GOOGLE INC 21 0 1180 334 344 KB Computer 88 User lt m Ready Test Machine IP 192 168 0 144 192 168 0 144 The follow are methods to uninstall software Item Description Default Uninstall Using the uninstall feature provided by software If feature not available the item will be gray out ACUMEN O Advance Uninstall Uninstall Example Uninstall by using information provide by AiD agent and remove all related file Select software for example Yahoo Messenger since default uninstall not available uninstall using advance install option Software Management Name Pguard3 f Microsoft NET Framework 2 0 Microsoft SQL Server 2005 WB WinRAR 4 20 32 bit E Debugging Tools for Windows x86 T Microsoft SQL Server Setup Support Files Engli Microsoft SQL Server VSS Writer SyncToy 2 1 x86 MSXML 6 0 Parser Microsoft SQL Server Management Studio Expr
13. Backup using AiD Console c ceeeeeeeeeeeeeeeeeeeeneeeeeeeeeeeeees 101 10 2 1 Backup Data ee E 101 10 2 2 Backup and Load Data 103 WOON AAE A A E A 104 11 1 Account Manageme ntt ccccceseseeeeeeeeeeeeeeeeeeeeeeeneeeeeeeeeeeeeeeees 104 11 2 Computer Management ccccccceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeees 107 11 2 1 Computer Management 107 11 2 2 Re assign Agent RE 110 11 3 Synchronization Configuration s ssassssssssnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 111 11 3 1 Import Active Directory Domain 111 11 3 2 View Synchronization Confguraion 112 11 4 Alert E e LE 112 11 5 Email Notification Settings ssceceeeeeeeeeeeeeeeeeeneeeeeeeeeeeeees 112 11 5 1 Email Notification Server EE 112 11 5 2 Email Notification Gettngs AEN 114 11 6 Policy En E 115 11 7 Agent TOO RE 116 11 8 SOR VOR Vu 117 11 9 Category Synchronization Management eseseeeeeees 117 11 10 Agent Update Management 2 2 ccseeeeeeeeeeeeeeeeneeeeeeeeeeeeaes 117 ACUMEN mm T111 OptiONM TN 118 TEA Se e ie a ae eE a a a EE AE 118 TUT ee Server EE E SE E 120 K L Te EE 124 12 1 Login to Audit Console cc cecceteeeeeeee cece ee ee ee eeeeeeeeeeeeeeeeeeeeeeeeees 124 12 2 Audit Console Interface cccccseseceeessseeeeseeeseesseeseeeneeseaes 124 12 3 Using Audit Console cccccceteeeeeteeeeeeeeeeeeeeeeeeeeneeneneeeeeeeeeeees 125 13 Technical SUD DOME EE 128
14. CC to manager in order to send else block all out going mails Policy 1 Add a policy to block all emails 2 Set a policy with action set to Allow Recipient set to manager acumen com check Just match a recipient 6 13 IM File Policy IM file policy can effectively restrict computers within the organization sending confidential files via IM applications IM File policy supports the following IM applications QQ MSN SKYPE TM UC RTX Yahoo POPO Google Talk ICQ LSC FETINO Ali 263EM FeiQ Policy includes Item Description File Control Enable file control feature File Name Restrict outgoing file name contain keyword defined wild card can be used ACUMEN _ rr rr Item Description Limited Size Activated when action set to block and will restrict will gt KB size greater than value define Value must in between 0 and 100000 Backup File Enable file backup feature backup file can be view in Events log gt Document Min Backup When backup file selected min backup size and max Size gt KB backup size will be used to determine when to perform Max Backup backup action Files size outside max and min value will Size lt KB not be backed up Image Restriction Enable control on image sharing Backup File Enable image backup feature backup files can be view in Events Log gt Document Tools Select to control specific IM Application IM Policy Example Requirement Enterpris
15. Create a new backup task Cancel Task Cancel current backup task Properties View backup task detail information i Note Backup task only allow one process at any given time No new backup task can be added while a backup task is progress 10 2 2 Backup and Load Data AiD version 3 2x is downward compatible with backup logs from version 3 0 and 3 1 Administrators can go to Tools gt Server Management gt Backup Management to load or backup Logs Load Backups Go to Backup Management window and click on Load Backup button to load backed up logs System can load up to 10 logs at once log files are displayed in date format Loaded data can be view via console and it will affect current data structure Remove Backup When loaded data no longer required it can be remove from the backup management window Administrators can click on one or multiple loaded record and click on Remove backup button to remove loaded data ACUMEN O Eo 11 Tools 11 1 Account Management Administrators account has the highest level of authority of the entire system this account can be used to add new administrators and set its authorities Go to Tools gt Account to add remove and change passwords for created account Item Description f Add an account with descriptions amp Delete account except admin account f gt Disable an account except admin account Enable a disabled account Change account password by default account set
16. Intrusion Detection policies Category Referring to authority to change category settings management Delete Referring to authority to delete logs Backup Referring to authority to perform backup and review Setting Referring to the authority to set include and exclude IP ranges Generate Referring to the authority to generate agent Confirmation Code confirmation code for Agent Manage Encrypted Disk categorization Referring to the remote maintenance rights Referring to the authority to operating on Asset Referring to authority to set up intrusion detection Referring to disk encryption policy setting and ACUMEN EE Item Description Format as Referring to the authority to create encrypted disk Encrypted Disk Email Report Referring to authority to set up email alert report Agent Update Referring to authority to access agent update Management management feature Computer Referring to the authority to access computer Management management This feature will only be effective when All Computer and Users in Range tab is selected Administrators should not assign unnecessary authority to any account 11 2 Computer Management Computer management can be used to view the latest AiD license information And use resolve conflicts between agents 11 2 1 Computer Management Go to Tools gt Computers to enter computer management feature ACUMEN mm Condition all D PC Authorization Info 2
17. Preview All data logs in Console can be print by select File gt Print to preview print go to File gt Print Preview ACUMEN O MD l 4 Statistics AiD can produce statistic report on application usage internet browsing and network usage as guideline for employees working performance 4 1 Application Statistic Report Application statistics provide powerful statistical result in computer daily operations and application usage The statistical data can be used as reference by managerial personnel to assess employees working behavior To generate statistic report go to Statistic gt Application then select date and time range computer or group By default system will query on today s application usage Button Descriptions Items Description Mode Button can be change to By Category By Class By Name or By Group Expend Button only active when mode changed to By Category its use to expand all sub categories The button will display in gray when the button is not active Display Button Set to display top 10 20 self define number of records Button will display in gray when not available Running time and active time displayed by default running time is the time computer has been run since start up Active time means actual time in computer operation There are four different type of Application Statistics 1 By Category In category management administrators can categorize used applicati
18. automatically record attachments Click in content panel to view attachments Size of the mail Click on email record and view its content in content panel Recorded emails can export by following steps below Right click on email record and select export EML file email will be export as outlook elm file format which is readable by using outlook Multiple file export also supported Search Email Search conditions Item Type Send Receive Description To specify which email type to search from email type include SMTP POP3 Mail Webmail Exchange Lotus Note To search send or received mails ACUMEN Item From Description Search by using sender email address To Subject Content Attachment Size Search by using receiver email address administrators can specify receiver email in To CC or BCC Search email subject with specific keyword Search email content with specific keyword Check to list emails with attachment and enter keyword to list emails with attachment include specific keyword in attachment name Search by size of email 7 3 Real time screen snapshot Administrators can monitor agent computer screen or users screen by go to Monitoring gt Screen Snapshot Item Description Save current screen to image format If a computer logged on with two or more users or a user logged into two or more computers administrators can select which screen to di
19. click on category button Click on expend button to see detail statistics for computer within a Bar Chart HM 13 20 2o Mo P xplorer IA d E iexplore exe 9 20 j ET sthelper2 exe 8 00 y B OC ont exe 6 40 El TeamViewer exe 5 20 V E WQexe C chrome exe 240 d CT YahooMessenger exe 1 20 oO Gel Fit ACUMEN i EE te Pie Chart OConsole3 exe Explorer EXE iexplore exe sdhelper2 exe OControl3 exe Team iewer exe Leg cmd exe chrome exe YahooMessenger exe Sp RUUUDRRURRR BERS 55 4 2 Website Statistics Web statistics provide employees website browsing details Report will help administrators identify end users browsing pattern and correct inappropriate behaviors Button Description ltems Description Mode button uses to search By Category By detail or By Group Expend Button only apply when mode set to By Category its use to expand all sub categories The button will display in gray when the button is not applicable Display Button Set to display top 10 20 self define number of records Button will display in gray when not applicable There are 3 modes in Website Statistics ACUMEN 1 By Category To generate website statistics report by category administrators need to predefine a website category in category management By default all website will be class under unclassified in descending order By Detail By Details will display
20. input Item Description Add Website In the root of the category tree select Operation gt Add to Category add a category Sub category can be created with ina category Add Website Once category created right click on the right panel select Add gt Website to add a new website identity wild card supported in the website field Import Website Websites can be imported from text file with Name Website as format For example Facebook facebook Yahoo yahoo After text file created go to Operation gt Import website to perform import Or right click on right panel select Add gt Import website to import Find Select Operation gt Find to search for a website with its category Find can use to search on name and Website filed ACUMEN zl Eee Website can be added by right click on website event logs and select add to website category 9 3 Removable Storage Category To accommodate corporate control over its removable storage device administrators can categorize removable storage devices into different categories and assign different access authorities There are two types of removable storage device encrypted disk and non encrypted disk encrypted disk referring to storage device encrypted by AiD and can only be used on computers with AiD installed Encryption can be done via AiD console Select categories gt Removable Storage to add new category Removable Storage Information Removable
21. set up email server ltem Description ACUMEN Setting List Button Descriptions Item p o5 gt HX Add Modify and delete Email Notification Server Description Add new email notification server Delete email notification server Modify email notification server Move up Move Down Mark as default email notification server Cancel default email notification server status Mail alert sending policy adopt top down approach if condition match email will be send using matched setting else no email alert will be send Field Require for Email Notification Server Item Configuration Name Server IP Port SMTP Account Password Secure Connection SSL Description Name of the mail server setting IP address or server name of the mail server SMTP port Port 25 set as default Account used to login to server Password of the account Select This server requires a secure connection to send email via SSL protocol ACUMEN mme Sender Address Senders email address Display Name Senders display name Mail box used to receive email alert such as Mailbox Collection gmail com pchome com tw Example Due to corporate policy company email server can not send receive mails from other main domains Therefore AiD alert emails need to deliver to an additional email domain to notify offsite administrators 1 Set an mail server configuration setting and use companyname com as matched mai
22. storage information can be obtained by following methods Item Description Agent When removable storage device plug into the agent computer device information will be placed under unclassified category Administrators can further categorize removable storage information Console Removable storage device information can be gathered by plug into AiD console computer Go to Operation gt View Local Removable Storage Info to view attached device information icon indicated removable device information not store in category ACUMEN eee Item Description Manually refresh local removable storage disk information E Set classes assign device into a specific category 4 Set volume ID for the device A Save removable storage device information to category Remark Use to store additional removable storage device information Disk Encryption Administrators need to plug in USB device to console computer in order to create encrypted disk Go to Operation gt View Local Removable Storage Info to view USB information Click on button to format a removable storage device into encrypted disk All information on disk will be formatted and encrypted disk can only use on AiD agent computer Indicated removable storage device is encrypted disk but information not stored in category click er to save information Covert Encrypted Disk to Non encrypted Disk Following methods can be used to restore encrypted disk to non encrypted
23. to confirm action in order to reduce disoperation 11 2 2 Re assign Agent ID Re assign agent will be required under following situation 1 When two agent computers swap its hard drive or new operating system installed using image file rather than new installation Replacing faulty hard drive or network card may result new agent ID generated Procedure to reassign 1 2 Click on device information highlighted with red text Click on S button in the PC Identification Info Panel A Create a new agent ID for a specific PC and computer will appear under unclassified group B Move selected PC ID to a specified agent agent ID can be manually input or select by click on Button When move computer name of the computer will be changed ACUMEN 11 3 Synchronization Configuration Active directory group structures can be imported to AiD data structure When agent install it will automatically report to group defined in Active Directory 11 3 1 Import Active Directory Domain Steps as followed 1 Login to AD Domain Go to Tools gt Synchronization Configuration gt Import Domain Organization and enter required information If console computer is already login to the domain click on default button to import domain name View Domain Group Structure Once logon to the domain computer and users can be view in the domain structure window Select Import Computers Select computer or groups to im
24. will become effective when agent in offline status By default the expiry date setting is Never Expired and policy will always be effective before expiry date Click on button to set the expiry date Expire date cannot be earlier than the current date Expired policy will be displayed in dark grey and Expiring Time displayed in red ACUMEN 3 type of actions ltem Allow Block Ignore Description Allow mode will perform defined action Block mode will block defined action Neither allows or block an operation but it can still trigger events such as warning or alert When agent computer violate policies following alert action can be triggered Items Alert Warning Lock Computer Description When a policy with alert option is violated console will receive a popup message to alert administrator The minimum popup alert level can be set at Tools gt Option gt Real Time Alert gt Popup Alert Bubble There are three types of alert namely Low Important and Critical When a policy with warning option is violated dialog box will pop up on the agent computer The content of the warning message can be customized When a policy with lock computer action is violated agent computer will be locked To unlock go to Control gt Unlock or highlight the target agent from the network tree and then right click to select from the menu Control gt Unlock Policy Priority Policy Hierarchy is si
25. 6 7 Logging Policy By default system has a preset policy to log all events except windows title ACUMEN tC le change Policy can be used to add or remove recording items according to corporate need Policy Items ltems Description Startup Shutdow System startup shutdown logs found in basic event logs n Logon Logoff Logon Logoff log found in Basic Event log Dial Dial log found in Basic Event log Policy Control Policy alert log Hardware Hardware changes log Change Software Change Software changes log Application Application usage log not record application usage log Visible It means the application with windows Window Application Application can be manually input or select from application category Window Title By default windows title change not recorded Policy can Change be add to record the changes based on different applications optional Application Administrators can monitor windows change on specified applications Wild card supported Browsing Website browsing Website URL can be select from website category or manually input Document Document Operation Logs ACUMEN ltems Description Disk Type Includes Fixed Floppy DVD CDROM Removable Network and unknown disk types File Name Set not to record filename contain specific keyword Supports wildcard input e g not record txt log Application Application used to operate on files Printing Print Logs Printer Type Types of pri
26. 64 KB 20 OKB lt D DER ze LUFFY_USB 7 815 184 KB Remote File Transfer Interface It includes menu bar toolbar local and remote view panels and status bar Refer to the screen capture above the left hand side panel is local view and the right hand side panel is for remote computer Double click to navigate through the folder structure or enter path in the text box above File Operation Administrators can directly click the folder and access sub folders or select ACUMEN File gt Up to move up to previous level also folder or file path can be input in the address bar Basic file operations such as create rename delete are available in this function File Transfer Item Description Local to Remote Send file from console to agent computer Remote to Local Send file from agent computer to console computer Terminate Go to Transfer gt Stop to stop file sending process Status Transfer will display file transfer failed Drag and drop can be use to transfer files however no operation can be perform during transfer Display Mode Both local and remote view support Large Small List and Details display Note Remote transfer cannot perform when both console and agent computer are in root folder ACUMEN O ERR 9 Category Management Category management allows administrators to predefine categories and reduce effort in generating statistic report Category includes applic
27. Export Export Data AiD s statistics report event logs policies instant message contents emails and asset management can be exported and saved as HTML Text CSV Excel computer must be installed Microsofts Excel program first files 1 Export Current Page To export current page logs right click on event logs and select Export gt Records of current Page By default page size is set at 20 rows per page to change maximum page display go to Tools gt Options gt Console Settings gt Log viewing gt Number of records display per ACUMEN mme page 2 Export All Match Records To export all match record right click on the event logs select Export gt All matched records Exported document can be stored in CSV HTML or Excel format Note Microsoft office required for export in HTML and Excel format Import Export Policies Import policy generally used to synchronize policies between AiD servers policies can be import to a computer or group of computers To import policy select a group or a computer from the computer tree right click on the policy panel and select a XML file to import To export policies right click on policy setting panel and select Export Export Selected Export All to export policies to XML format Export Export all polices set for a specific computer or group Export Selected Export only the select policy Export All Export all policies in the server 3 5 2 Print and Print
28. Files Ist F Fie C Program Files WinRARyarnew dat F File C Program Files WinRAR ReadMe txt V File GE ne aE K pm Files Microsoft S V File C Program Files WinRAR Uninstall exe xander Roshal S A d File C Program Files WinRAR Wninstall Ist Stegen d File C Program Files WinRAR UnRAR exe Alexander Roshal F File C Program Files WinRAR WhatsNew txt Program Files VMware Vi v File C Program Files WinRAR WinCon SFX Jee L Dranram ElesW ieb AR WinR Ap chm Lol Program Files Microsoft Si _unnstat ge _ TT a Computer 8 User m r Ready Test Machine IP 192 168 0 144 192 168 0 144 8 2 Remote Control 8 2 1 Remote Control Remote control is established from AiD console to control agent computers it help administrators to resolve remote computer s problem with immediate effect Select an agent computer from the network tree select Maintenance gt Remote Control or right click on agent computer in the network tree and select Control gt Remote Control There are 2 authentication methods to grant remote control 1 Agent user authentication Select a target computer and go to Maintenance gt Remote Control a window will appear on console to verify remote control task by selecting YES an authorization window will appear in console user requires to ACUMEN mm select YES to accept remote control 2 Password Authentication Select a target computer and go to Maintenance gt
29. IStory 2 s cecceeccccccnesnennnseeeesnneneceennenneness 76 7 6 Screen History Viewe l 2 ssceeeeeceeeeeeseeeeeneeseeeeeeeeeseeeeeeeeeenenees 77 8 Remote Maintenance ccccccceeecesneeeeeseeeeeeeeeeeeeeeeeeeneeeeess 81 8 1 Remote Maintenance 2 sceeeeeeeeeeeeeeeeeenseeeeeeeeeseeeeeeneeeeseenees 81 8 1 1 PRD CVO eegene ees geegent eegenen eeng 81 CN AE 81 8 1 3 EN edu Ee 82 BWA Devic Ee e cscs tee toy bets She eee nape ey Sep hcpes dae eee bebe cee beeen Depress taciee 83 NR 83 CN pease erties ei cere eer ecm eege eege 84 8 1 7 Shared Folders E 84 8 1 8 Schedule Iasks AEN 85 8 19 Users and GroUDS esii ere eer rer er e eer eee eer ere 85 CNL TEE Le TE 86 8 2 Remote Control i iaccs case dicccetececoceateacccacetececnecsetececaieteeneedecocesetecncnecs 88 8 2 1 Remote Control 88 ACUMEN 9 10 11 8 2 2 Remote File Transfer ee EE 90 Category Management ccccccccsssssssssssseeeeeeeesseeeeeeesessneeneeees 92 9 1 Application Category eekeEREERERSSKREREREEEEEEEEEEEEEREREEEREEEEEE EEN 92 9 2 Website Category E 93 9 3 Removable Storage Category ccccccccceceeeseseeeeeeeeeeseeeeeeeeeeneseeees 94 9 4 Time Type Category cccccccseseeeeseeeeeceeeeeeeeeneenaneeeeeeeeseseaeeeaeaeenenees 98 Database BaGkup wssccscccecceccccscseswcesceccsessecesteteencrnssseresbaceaceeee 99 10 1 Backup using SQL Stuio cccecceceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeees 99 10 2
30. Remote Control a message daillog box will appear to request for password and enter correct password to perform remote control This method requires to preset password on the agent computer to preset password Press ctrl alt shift ocularrm a popup window will appear in the agent computer input the password twice to confirm To protect agent against preset password authentication administrators can set a policy in Remote Control Policy to enforce all authorization must be granted from agent even agent computer password preset Remote Control Interface When entering remote control mode Remote Controlling will appear on console Item Description Zoom In Zoom out Full screen or press F12 Color mode Allow copy and paste between agent computer and console Lock agent computer mouse and keyboard ok B amp B Bf A Enable Disable control ACUMEN mm E Show or hide local cursor To send short cut keys to agent computer right click on the remote control window and select send Ctrl Alt Del Ctrl Esc or F12 8 2 2 Remote File Transfer Remote file transfer can be used to transfer files between console and agent computers in order to increase work efficiency There are 2 types of remote file transfer authentication which same as remote control Sr SHR LUFFY 95268F24D 10 x SIE ES RAN PIPESE ad 2 99 EEE ES ZS ES EE ZS Ss 31 EH tas OKB ze OKB 10 474 348 KB e C 8 377 8
31. UFFY 082FOB04F Databases T od New Query od Script Database as gt E Name D O ot se Diagrams OC j O Rename Shrink gt T Q Delete o BackUp ms d oc Refresh Restore gt immability od Properties u OCULARS_ DATA 20120822 OCULARS_DATA 20120823 T OCULARS_DATA 20120824 OCULARS_DATA 20120827 T OCULARS_DATA 20120828 OCULARS_DATA 20120829 T OCULARS_DATA 20120830 OCULARS_DATA 201206831 u OCULARS_DATA 20120903 Generate Scripts E E RR RR amp EB amp amp RR RR l l RR 1 Once Database successful detached backup OCULAR3 MDF and OCULAR3_Log LDF 2 Attach OCULARS database after backup completed and restore service Alternatively backup can be performed by follow steps below 1 Stop AiD server and SQL server service 2 Backup main OCULAR3 MDF and OCULAR3_LOG LDF from AiD folder 3 Start SQL server service and AiD service respectively ACUMEN mm Backup Log Database AiD logs are stored in DATA folder of the installation folder in daily format For example data for 2010 06 20 will be stored in OCULAR3_DATA 20100620 MDF OCULAR3_DATA 20100620_Log LDF OCULAR3_DATA 20100620 X MDF OCULAR3_DATA 20100620 X_Log To perform backup follow steps below 1 Stop AiD server service and MSSQL SERVER service 2 Backup MDF and LDF files for the desire date 3 Start AiD server service and MSSQL SERVER service 10 2 Backup using AiD Console 10 2 1 Backup Dat
32. View Interface The screen snapshot viewer include menu bar tool bar search bar time line display panel and the status bar ACUMEN O 6 BP 40 8 2010 06 29 09 48 15 13 38 13 aa 2010 06 29 09 48 15 JDELL 17YW715 IP 192 168 1 Display Administrators can use time line to navigate through the screen snapshot clips or control play status with tool bar View Administrators can use the view bar to perform zoom in and out and display full screen Play Speed Play speed can be changed by go to View gt Play Speed There are 3 type of play speed Slow Normal and Fast ACUMEN Search Bar Search Bar can be user to search screen history by application window change user timeline and screen number Item Application User Screen Lock Criteria s Time Line Export Description Name of the application used to play screen history of selected application In the event of multi user screen recorded User field can be used to search a specific user s screen history In the event of multi screen recorded Screen field can be used to display a specific screen history By select this item will only display screen match application User and Screen condition Display the current time frame drag the slider to a designated location and view screen of the moment When mouse is over the time line information such as Time User Application and Caption will appear S
33. Win2000 XP x86 x64 2003 x86 x64 Vista x86 x64 Win 2008 x86 x64 Win7 x86 x64 Win 2008 R2 Minimum Requirement Pentium III 500 256MBRAM 256MB available HDD Space Recommend Requirement Pentium4 512MB RAM 1GB available HDD Space OS Win 2000 XP x86 x64 2003 x86 x64 Vista x86 x64 Win2008 x86 x64 Win7 x86 x64 Win 2008 R2 Minimum Requirement Celeron III 500 512MB RAM 512MB available HDD Space Recommend Requirement Pentium 4 512MBRAM 1GB available HDD Space Note KB 891861 required when installing server component on Windows 2000 SP4 ACUMEN tite 2 3 Installation 2 3 1 System Installation Please select document according to your Microsoft SQL Server Version AiD installation with SQL 2000 SP4 pdf AiD installation with SQL 2005 express sp2 pdf AiD installation with SQL 2008 express padf AiD console installation pdf CheckCode pdf Remote Installation Requirement pdf AD script deployment paf 2 4 System Upgrade 2 4 1 Upgrade Server and Console Please refer to the attached document to upgrade your product Product upgrade pdf 2 4 2 Agent Component Upgrade After server successfully updated agent update file will not be dispatch to end point computers it requires administrators activation in order to dispatch update files to agents To activate agent dispatch feature go to AiD console gt Server Management gt Agent Update Management to se
34. a Logs Data backup can be performed using the interface provided in the AiD consoles to prevent insufficient storage space on server computer Go to Tools gt Server Management gt Backup Management to open Backup Management Add New Backup Task Click on new backup task button and follow steps below 1 Select required data type include basic event log document operation log browsing log print log screen event log etc 2 Set backup data start date and end date 3 Select backup path ACUMEN O 4 Check delete original data if release storage space required 5 Press Ok to begin backup Backup data will be stored in daily formats for example data for 2010 10 27 backup file name will be OCULAR3_DATA 20101027 MDF and OCULAR3_DATA 20101027 LDF L Note When Delete Original Data selected data will be deleted after backup Administrators will no long have access to the deleted data unless data restore to the database Backup Task List Backup Task List include the following information Item Description Beginning Date Backup perform with in this period End Date Backup to Backup destination folder Delete to original Delete original data after backup data Start Time End Time spend for backup task Time Status Backup status include cancel successful or failed Following action can be performed in the backup task list Item Description refresh Refresh Task List ACUMEN mm New Backup Task
35. age Alert on plugin of external storage device also record Device name of the plugin device Unplug Storage Alert on unplug device Device Plug in Alert on communication device plug in and also record Communication name of the plugin device Device Unplug Alert on unplug communication device Communication Device ACUMEN _ FT rr Item Description Software Change Alert when software added removed change made System Service Alert when system service changes include add or Change remove service Startup Item Alert when any startup item is added removed and Change modified System Time Alert when system time changed change Computer Name Alert when computer name changed Change Network Alert on change of the network communication Configuration Change Low Disk Space Alert when agent computer do have sufficient disk space Disk Space MB Set minimum hard disk space level System alert include detailed description that help administrators to identify location of the computer 6 12 Email Policy Email policy used to prevent confidential information leak via Email Policy only applies to outgoing emails using exchange and standard email protocol It cannot control mail sending via webmail and lotus note Policy includes the following Item Description ACUMEN Item From To Just Match a Recipient Subject Has Attachment Attachment Email Size gt KB Description Senders of the em
36. ail this field support wild card multiple sender can be separated by or Recipients of the email this field support wild card multiple recipients can be separated by or In the event of multiple recipients system will only match one recipient to proceed with record not record action Control subject of the email and this field support wild card and multiple keywords can be separated by or Restrict if email include attachments When Has attachment checked this field can be used to restrict attachments with certain keywords this field support wild card and multiple keywords can be separated by or Used to control email size default set to 0 implies not all mails are restricted Email Policy 1 Requirement Corporate request to prohibit outgoing email with certain keyword in attachment file name to prevent confidential information leakage via email Policy Add a policy with action set to block Check has attachment and enter keyword in the attachment text box Email Policy 2 Requirement Some enterprise only allow employees to send emails using company ACUMEN O tC el email server email sending via any other mail server will be blocked Policy 1 Add a policy to block all emails 2 Add a policy to specify sender by setting Action to Allow Sender with domain e g acumen com Email Policy 3 Requirement All mail must
37. ation website removable device IP port and time type categories 9 1 Application Category Go to Categories gt Application to open application category window unclassified and windows application categories are default categories All applications are collect from agent computers and place in unclassified group Applications can t be added manually and shall place related application into same directory By default windows application category is empty and it require administrators to manually sort and move windows application into this category Application category include the following Item Description Add In category tree select Operation gt Add to add a category Sub category can be created with in a category Move To Once category created right click on the category and select Move To to perform move or alternatively drag and drop the application to target category Ctrl and Shift can be used to move multiple categories Find Select Operation gt Find to search for an application with its category Find can use to search on Application name file name or description filed ACUMEN O EEE Note Delete and add sub category cannot performed on windows application and unclassified category 9 2 Website Category Website category can be form according corporate s need Go to Categories gt Websites to open website category management window categories and website information require manual
38. be used to restrict employees printing confidential information and reduces print cost ACUMEN Print Policy includes the following Item Printer Type Printer Description Print Task Application Record Mode Max Record Page Description There are 4 printer type local printer shared printer network printer and virtual printer If printer type not selected all 4 types of policy will be automatically included Printer description referring to name of the printer It can be used to specify printer connected to other computers for example server implies all printers connected to server is prohibited Print task support wild cards multiple values can be separated by or Specify print application To record printed content change mode to record By default all pages of printed content are recorded Administrators can adjust accordingly Printed content can be view in Events Log gt document Print Policy Example Requirement Restrict end user printing to prevent confidential information leakage or abusing print resource Policy Add a policy to restrict printing by set action to Block printer type select local Printer shared printer network printer and virtual printer 6 16 Removable Storage Policy ACUMEN To prevent information leakage via removable devices policy can be set to prohibit removable storage device usage File encryption can be applied o
39. c policy type can be selected from the drop down menu Content Keyword can be used to search description field This column support wildcard search 5 10 System Logs System logs record AiD system activities such as sever start up shut down illegal intrusions and agent errors To view System Logs go to Event Log gt System Y Note Inthe event of AiD server or agent errors administrators can refer to system log to find out for possible cause ACUMEN 6 Policy 6 1 Policy Introduction Administrators can limit computer accessibility or network usage of agent computer by applying policies Common policy descriptions Item Name Time Action Related Action Only take effect offline Expiration time Description Self defined name to describe the policy It is irrelevant to the actual function of the policy When adding a new policy the system will add a default name to the policy name of the policy can be changed Policy become effective during specified time period time can be set in Category gt Time Types If no suitable time type available select Custom and set the time range from the popup time grid 3 types of action Ignore Allow Block Policy related action include alert warning and lock computer detail description will be discuss in follow section When no active communications between server and agent for more than 3 minutes agent will change its status to offline Offline policy
40. ck any exe file with in E drive UDISK CRROMS can be used to represent USB device and CD ROM drive 4 Warning Block by path may effect end user daily routine ACUMEN EE y 6 5 Website Policy Web policy effectively controls user website access Web policies can be used to restrict access to prohibited websites Website URL can be directly input or select from Website category Wild cards can be used in the URL for example Yahoo com gt mail gt game gt com mail Web Policy Example To prevent user access prohibited websites web policy can be set to prohibit websites access or to allow specified websites The following example is used to allow access to specified websites 1 Block All website simply use 2 Set another policy to allow specific website By set up policies above only authorized website can be access 6 6 Screen Snapshot Policy Screen snapshot function can record all operations behavior in agent computers By default screen recording is off it required administrators activation to record end point computer screens Policy Items ltem Description Application By default application set to ALL Administrators can change setting according to its need Interval Sec By default screen interval set to 15 seconds Valid interval range is between 1 and 999 seconds Note Shorter the interval larger HDD space required please set interval accordingly
41. creen can be exported by go to Tools gt Save as Video There are 4 way to find and save screen history Item Time From To Application User All Description Export screen history between specific start and end time Export screen history for a specific application Export screen history for a specific user Export all screen history ACUMEN i wT ACUMEN __ EEE te 8 Remote Maintenance IT Department engineers spend approximately 70 80 of their time on daily maintenance tasks Remote Maintenance help IT engineers to real time check computers status and information It also allow engineer to solve the technical issues with immediate effect it also save time and resources especially to the computers in remote site 8 1 Remote Maintenance 8 1 1 Application Select Maintenance gt Application to check agent computer application status The active application is highlighted in blue Item Description For concurrent sessions on terminal Server or users logon to a server computer at the same time click this button to view specific user s application running status Track Button to allow application list perform automatic refresh To change refresh interval go to Tools gt Options gt Real time info gt Maintenance End Task Application task can be terminated by right click on the task list and select End Task 8 1 2 Processes Go to Maintenance gt Processes can view Agent comput
42. ct USB access right Automatically encrypt or decrypt files copy to USB storage device encrypted file on device will be unreadable in non authorized computers ACUMEN O M 2 Installation and Deployment 2 1 Basic Structure AiD consists of three major components agent component server component and console component Components can be installed independently on the network environment Agent Component Installed on end user computer to collect operation logs and execute defined policies Server Components Used to store system information agents logs and policies Generally server component installed on high performance servers with massive hard disk storage space Console Component Used to view system log set policies and instant maintenance Console component can be installed on administrator s compute or on the same computer as the server component Basic system architecture Branch BI Sep DE em E ep office a Tae cb er e PC201 1 I Gis am s e P PC101 4 S e PC202 P eo ee I D HQ _ e al U e AiD s network structure based on TCP IP protocol LAN can be extended via VPN or the World Wide Web Computers on the networks can be centrally manage and control via above mentioned set up Server component s basic feature includes Manage and communicate with end point computers Collect and store retrieved information from end point compute
43. d by server Agent computer s IP address Agent computers MAC address Group agent computer belongs to Last time agent computer appear online Agent installed time ACUMEN Items Version Days Offline Description Version of AiD agent Number of days agent appear offline Click on any record to view PC identification information in bottom panel PC Identification Info include the following Item E OS Hard Disk ID MAC Address Computer First Appeared Description Indicate agent computer is current bind to this record Operating system of agent computer Hard Disk ID of agent computer MAC address of agent computer Computer Name Time of agent first appear online The following are search condition Item All By IP Address By Last Appear Time By Agent ID By Name Offline for gt days Description Search computer install with agent Search computer by IP range Search by last appearance date Search by Agent ID assigned by server Search by computer name and field support wild card search Used to locate computer had been offline more than specific days ACUMEN Icon Description Item Description 2 Export information as HTML xls or csv file format Print Computer Authorization Info 2 Preview Print x Delete used to regain unused license key GG Uninstall this action will not reduce license count For Delete and Uninstall action a prompt window will appear
44. dress will be shown in the column Referring to the file name been accessed Referring to the path use to access shares folder file ACUMEN Search Criteria Items Time and Range Shared File Operation Type Source File Name Path Destination File Name Path Remote Host IP Name 5 6 Print Log Description Common search criteria By default set to display all operation type to narrow search result go to search panel and change setting in operation type Search using input file name this field support wild card search Referring to the path use to connect to the share folder Only apply when operation type is rename Operated file name Operated path Computer name or IP address of the remote computer Print log record shows print job performed by agent computer to view go to Event Log gt Printing Print log include the following items Item Printer Type Print Task Printer name Description Include local shared network and virtual printer Generally file name of the print job displayed Name of the printer used to print ACUMEN _ re Item Description Pages Total pages printed Title Windows title of the print task Application Application use to print View backup printed content On activation printed content will be stored to AiD server Clip icon H in event log indicate printed content is available To view backup printed content double click on the event log in the p
45. ent end users changing system settings and maliciously destroy system as well as strengthen end point security ACUMEN me Basic policy achieve by change registry value Basic policy and device policy are triggered by state change of the computer or device Basic policy controls the following Control Panel Computer Management Network IP Mac Binding ActiveX control etc Control include the following Item Description Control Panel All functions on Control Panel Modify Display Restrict users to change the theme desktop screen Properties saver and appearance Add Printer Restrict user to add printers Delete Printer Restrict user to delete printers Fast Switching Restrict to fast switch user in windows XP only Computer User in XP Computer Management includes Item Description Device Manager Restrict user to use Device Manager Disk Management Restrict user to use Disk Management Local Users and Restrict user to use Local users and groups Groups Service Management Restrict user to use Service Management Other Computer Restrict user to use Event Viewer Performance Logs and Alerts and Shared Folders which located in Managemen aoee Computers Management System include the following ACUMEN Item Task Manager Regedit CMD Run Application in the Run of Registry Run Application in the RunOnce of Registry Description Restrict user to use Task Manager Restrict user to use Regedit Re
46. er s processes ACUMEN including Filename PID time Session CPU CPU Time Memory Virtual Memory Priority Handle Thread Count and Path Item Time Path Other Control Button Item Description Startup time of the process Details path of the process Other properties are like the processes running in Explorer exe their meanings are similar Description Only active under user mode select target process to view processes status Track button allow process list perform automatic refresh To change refresh interval go to Tools gt Options gt Real time info gt Maintenance End Process Select any processes from Processes List right click and select End process to stop the process 8 1 3 Performance Select Maintenance gt Performance to view agent computers performance status including CPU Usage Memory Usage Physical Memory Commit and Kernel Memory These real time data is exactly same as Performance in Windows Task Manager ACUMEN OR EEE Item Description Only active under user mode select target performance to view performance status Track button allow Performance list perform automatic refresh To change refresh interval go to Tools gt Options gt Real time info gt Maintenance 8 1 4 Device Manager Select Maintenance gt Device Manager to view agent computer s devices Include Processor DVD CD ROM Drive Keyboard Mouse and Network adapters
47. er verification or check code error Critical Communication error between server and agent due to range exclusion Automatically remove agent ACUMEN _ Eee Item Description Automatically Check this option to remove agent not log on for a remove agent specific day period when it s not logs on ACUMEN mm 12 Audit Console Like agent event logs all administrators operation are recorded and record logs can be access from audit console 12 1 Login to Audit Console Logon to AiD as usual in the account field enter audit and leave password field as blank to logon to audit console Loi Acumen AiD Logon E CDACUMEN Server 127 0 0 1 D Account Admin Password Remember Password Auto Logon OK Cancel 12 2 Audit Console Interface Audit console include the following title bar menu bar tool bar administrators column data panel search panel and status bar ACUMEN mm o en vm R E eE File Tools View Help A ai S38 Manager wax 2 Manager Admin Audit E test AdUser a Audit Logs Time E 2012 09 10 09 34 15 E 2012 09 07 18 14 52 E 2012 09 07 17 48 33 el 2012 09 07 17 47 30 E 2012 09 07 17 47 19 Si 2012 09 07 17 47 15 3 2012 09 07 17 47 15 E 2012 09 07 17 43 32 el 2012 09 07 17 35 38 2 2012 09 07 17 33 31 E 2012 09 07 17 29 35 E 2012 09 07 17 25 28 Si 2012 09 07 17 25 14 E 2012 09 07
48. es maybe allow IM application as communication tool However file name containing certain keyword must prohibit and outgoing files must be backed up Policy 1 Seta policy to enable backup feature by check file control and backup file box 2 Seta policy to block out going file by Keyword with action set to block file control box checked and enter keyword in file name field Sending file with keyword in file name will be blocked successful transferred can be viewed in document event logs ACUMEN 6 14 Document Operation Policy Document Operation Policy can effectively prevent unauthorized user access confidential information and reduce risk of confidential information leakage Document Operation Policy includes the following ltem Operation Type Read Modify Delete Disk Type File Name Backup Before Modify Backup When Copy Cut To Backup When Copy Cut From Backup Before Delete Description There are 3 types of operation type Read Modify and Delete Allow modify will allow read Allow Delete will allow Read and Modify Read Files Include create rename modify copy move and restore Read and delete operating type not included Delete File By default its set to all disk types At least one disk type need to be selected else system will set disk type to All Ctrl A short cut key can be used on disk type field to select unselect all disk type File name that require restr
49. esgeereugeseeeg eege EA CEEEg 40 5 6 Print LOO E 41 5 7 Removable Storage LOGS 2 sssceeccsesceeeeneeeeeeeeeeeeeeeeeeaeeeenenees 43 B S ole KEE geed 44 5 10 System LOGS wi oeccncee cicncncscceneucesenacenearanccensnnceseccanceestaeacseonenacnceaeest 45 6 POMCI E 46 6 1 Policy Ipttegduetotesesgeeees eeggechebrk eege ech 46 G2 BASIC DT 48 6 3 Device Control PONCY euggpeskesesgeeteesg eegsebegeEet Age See EEEEu EE 52 6 4 Application POMC E 56 6 5 Websteed EEN 57 6 6 Screen Snapshot PoOLicy 22 cccececeeeeeeeeeeeeneeeeeeeeeeeeeeeeeeneeeenenees 57 ACUMEN mme 6 7 Logging tee E 57 6 8 Remote Control Policy cceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeneneeeeenees 60 6 9 Al rt POMC E 61 6 12 Email POUCY secscccs cece cccnteccccescencreceteectecceecetenacesecaascccsnecesx oncasaceceatens 62 6 13 IM File te 64 6 14 Document Operation PoOliCy ssssssssnnnnnnnnnnunnnnnnnnnnnnnnnnnnnnnnn nnna 66 6 15 Print Oger Eegen Eed 67 6 16 Removable Storage PoOiCy cccecccceeeeeeeneeeeeeeeeeeeeeeeeeeeeeeneeees 68 Ta WMOTUO TUNG sirere ana EE 71 7 1 Instant Message Monitoring ccccceceeeeeeneeeeeeeeeeeeeeeeeeeeeneeeeees 71 7 2 Email NeputorptsssegesersesegesgergessguegtegegegrgeeNeC eege 72 7 3 Real time screen SNAPSHOL 2 ccccceceeeeeeeeeeeeneeeeeeeeeeeeeeeeeeaeeneneeees 74 7 4 Multi Screen Monitoring 2 ccceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeaeeeeneeees 75 7 5 Search Screen H
50. etc Item Description i 4 Device List Checking method By Type By Connection and Show Hidden Devices Only active under user mode select target device manager to view device information Disable Enable Devices Select target device right click to select Disable or Enable to control agent computer s devices 8 1 5 Services Select Maintenance gt Service to view agent computers system services information including Name Description Status Startup Type Log on as and Path Item Description Only active under user mode select target service to view the Service information ACUMEN Ss Ss Remote Control Administrators can make changes to agent computer by right click on the service name and select start stop or change start up type to automatic manual Disable 8 1 6 Disk Select Maintenance gt Disk to view check the agent computer s disk usage situation including disk Volume File System Capacity Free Space and Usage Item Description Only active under user mode select target disk to view disk information 8 1 7 Shared Folders Select Maintenance gt Shared Folders to view agent computer s network shared information including shared folders shared Path Agent Connections and Comments Item Description Gi Shared View Button Session View Button LI Open File View Button Only active under user mode select target user to view shard folder information
51. format 1 Format disk on computer without AiD agent i Encrypted disk can be used as normal disk on AiD agent computer However when the disk plug into computer without agents install system will prompt to format the disk and formatted disk will be restore to its original format ACUMEN mm Eee 2 Use console to convert encrypted disk to non encrypted disk Plug in USB device to console computer and go to Operation gt View Local Removable Storage Info to view USB information Select a removable storage device and press button to convert it back to non encrypted disk Once encryption completed displayed icon will change back to To move device from console computer click on to safely remove Note To eject device we recommend end user click on Safely Eject Hardware icon on the system tray Removable Storage Device Description Removable Storage Device includes USB device Removable Hard disk memory cards smart cards Device listing has the following fields Item Description Volume ID Each removable device has a volume ID to identify that specific device Description Description of the device generally its preset by manufacturer Remark Administrators can input additional information for this device Volume Size of the device Capacity Type Indicate disk encryption status will show blank for non encrypted disk ACUMEN Item Partition Format Volume Label Usage Records Find De
52. from category list or manual input Application Search 1 Manually input application name In search panel gt Application input exe name such as msn exe or game exe 2 Select from category Go to search panel and click on the button next to the application input box To search a single category click on Application category list button select category on the right hand side of the application library window and press ok to continue To search a single application select category on the left hand side of the application library window then select application process 5 3 Website Browsing Log Website browsing logs shows all website visited by agent computers logs can be view by go to Event Logs gt Browsing Website browsing logs support browsers such as IE Google Chrome Firefox Netscape Opera etc Website browsing logs include the following information ltem Description Title Webpage title URL Detailed website address ACUMEN mme Note Right click on the logs and select Open URL it will connect to the browsed page Search Criteria ltem Description Time and Range Common searching criteria URL URL field can be manually input or select from the category this field also supports wild card Window Title Search by windows title 5 4 Document Operation Log Document operation log shows agent computer s document operation activity Administrator can use operation log to track back infor
53. h condition must fulfill in order to pass policy condition Y Note To tightly control removable storage usage apply the following 1 Set all storage devices to read only mode 2 Enable removable access right by group or by computer for example each department only have access to a specific category of device As result USB storage can be use within the department and unknown USB devices will be inaccessible YCaution In the event of both document policy and removable storage policy applied Document policy has priority over removable storage policy For example Set removable storage policy to encrypt and document policy to prohibit copy Word documents to removable storage device Word document will be prohibits copy to removable storage device and any other documents type will be store in encrypted format ACUMEN O EEE 7 Monitoring 7 1 Instant Message Monitoring Instant Message Monitoring can be used to monitor and record IM conversations Supported IM Applications Instant Message monitoring support the following IM applications QQ TM MSN Messenger ICQ Yahoo Messenger UC POPO Skype RTX Google Talk Lotus Sametime Ali Fetion 263EM FeiQ OfficelM MSNLite and LIMC Instant Message Logs include the following Item Tools Computer Local User User Participants Start Time End Time Message Type Conversation Characters Description IM application used Computer used User logon to the com
54. h remote control policy agent s computers can be control remotely There are two types of Remote Control Policy Remote Control and Remote File Transfer Remote control or remote files transfer option need to be check in order to set policies blow Item Authorization is required Manager Name Console IP Address Description This option is only enabled under the mode Allow If checked all remote control access rights must be granted by agent computer user If not checked administrator can access remote computer without authorization and logon by using pre defined password Only specified account name can perform remote control Only console from specified IP address can perform remote control ACUMEN O Console Name Administrator need to use specified computer to logon to console in order to perform remote control Separate multiple console IP address console name and manager name by or 6 9 Alert Policy Alert policy is used to monitor changes from hardware software and other system settings AiD will alert to console when changes occur This feature helps administrators to get a real time update on computer status on the network Alert policy include the following Item Description Hardware hardware installed or removed alert Change Lock Lock computer when hardware changes Computer Plug in Device Alert on plugin external devices Unplug Device Alert on unplug external devices Plugin Stor
55. ibited from connecting to the server Connection Bandwidth setting between server and agent Active Polling Used to limited bandwidth between agent and server range between 1 102400 kb s This setting may be handy for VPN network setup Server will actively scan end points 8235 port and retrieve data Directory Directory Setting Set Directory List of directories storing AiD information s include data cache patches backups etc Listing are the default directory changes will apply after restart AiD server service Press on to select new directory ACUMEN Item Description Restore Press on to restore to default directory Directory Performance Fixed Mode Maximum simultaneous connection server allows range Dynamic Mode set between 0 100 Server will automatically adjust its loading Loading refer to the loading of database process Normal loading set at 30 high at 50 and low at 10 By default system set at dynamic mode server process level at Normal Real time screen monitoring and remote control are not bounded by this setting Error Log Log Error messages while agent is being validated Lowest level of error message to log Will record error logs when this option selected Error logs can be view at Event Logs gt System Lowest recording level All Report all error logs Low Report unexpected result from agent Moderate Exceed license key limit High Agent serial numb
56. iction Field allow file path input e work to restrict documents within work folder Backup files to AiD server before modifying file Backup files to AiD server before copy or cut to Backup files to AiD server before Copy Cut from Backup file before delete ACUMEN _ FT rr Item Description Minimum File When backup file selected min backup size and max Size gt KB gt backup size will be used to determine when to perform Maximum Eile backup action Files size outside max and min value will Size lt KB not be backed up Application Specify application used to operate on the document Document Policy Example 1 Requirement Files folders from shared network drive are restricted to a group of users Restricted group will have read access and prohibit from modify and delete Policy Add a policy Action set to Block Operation Type select delete and modify File Name set to desired path file name Document Policy Example 2 Requirement Prevent file operation error backup files before modify or delete Policy Add a policy Action set to allow operation type select modify and delete check backup before modify and backup before delete To restrict backup action to certain folder input folder name in file name field Y Note File backup may require massive amount of storage space please set the policy to folder level to reduce unnecessary backup file 6 15 Print Policy Print policy can
57. ified and go to Statistics gt Basic hold Ctrl or Shift button to select multiple computers and move at once 3 3 3 Search Administrators can used search feature to find desired computer or user and view its related information Search Computer and User Search function can be found by go to File gt Find In the search window it support fuzzy search on user name Computer name IP Address MAC Address or all above mentioned field Click on the search result it computer basic information will be display on data panel 3 3 4 Delete Computer computer group user user group can be deleted by go to File gt Delete Deleting computer group will uninstall Agents on selected group or selected computers Deleted computer will be placed into deleted group and history logs are available for query Computer in the deleted group will not take up license count In the event of reinstall AiD agent onto deleted computer computer will automatically fall into its original group ACUMEN me 3 3 5 Restore Restore found in File gt Restore feature can be used to restore computer in deleted group to its original group After restore process license will be calculated regardless of agent activation status 3 3 6 Rename For management purposes administrators have the ability to rename computers into meaningful names To rename computer go to File gt Rename it will make change on the console immediately 3 3 7 Data Sync Pr
58. iority sync setting gives a computer first priority to sync policy and data with server To activate this feature right click on the target computer gt Data Synchronization gt Priority to Sync Data Note system will only allow one computer set as priority computer per server 3 4 Control Administrators control active agents via AiD console component however console can only control agent computer in running state Note Control does not work in user mode 3 4 1 Notification Console component can send notifications to agents on the network Follow steps below to send notification message 1 Select group or a computer name 2 Go to Control gt Notify 3 To send pre define message click on to select message or type in any ACUMEN mme message in the content window 3 4 2 Lock Unlock Computer AiD has the ability to lock an agent computer or group of computer s to prevent further misbehave event occurs To lock computer go to Control gt Lock locked computer will not have control over mouse and keyboard To unlock go to Control gt Unlock to enable mouse and keyboard of the locked computer 3 4 3 Log off user Shutdown and reboot AiD has the ability to power down log off restart agent s computer To perform above mentioned actions go to Control gt Log Off Power Down Restart 3 5 Other Features The following are the descriptions of common features that share with all modules 3 5 1 Import
59. l box 2 Set another mail server configuration setting and use gmail com as matched mail box Set this mail server setting as default 11 5 2 Email Notification Settings Go to Tools gt Email Notification Setting to add modify and delete mail report settings Item Description E Add report setting x Delete report setting Email alert require the following information ltem Description Name Name of the mail configuration setting Email Subject Subject of email ACUMEN Item Max No of Alerts Min Alert Level Send Interval Minute To Send Test Email Send as Attachment Unzip Password Alert Type Computer Range User Range Description Maximum alert of each email Alerts exceed this defined number will be send in next mail Minimum alert level alert will be sent if policy alert level is equal or above defined level Alert level includes Low High and Critical Mail setting interval 30 minute been set as default Alert receiver email address Send test mail to verify setting Send alert in attachment format Set password to the compressed file Set email alert type type include application alert system alert website alert etc Alert computer range Alert user range NOTE Computer range and user range are in OR relationship One of the status match email will be sent Mail sending status can be found in Event Logs gt System 11 6 Policy Manager Policy Manager can be found at To
60. low screen capture displayed first page after logon ACUMEN O LES File Control Statistics Logs Policies Advanced Monitoring Maintenance Assets Categories Tools View Help Computer SJ The Whole Network r Unclassified h Deleted 1 af Computer 88 User ex 2980 08 699 988 54 2 vax 4 B Statistics E Events Log amp Basic Policy P Advanced Policy amp P Monitoring EI Maintenance gt Application Web Treffic Basic Information B Name IP Address gy Unclassified IP MAC os Sessions Stat D m b Console includes the following Items Tool Bar Menu Bar Computer List User List Navigation Main Menu Navigation Sub Menu Function Button Panel Data Display Panel Description System menu Display short cuts of common functions Situate at left hand side panel of the console display all computer and group information Situate at left hand side panel of the console tab can be switch between computer list and user list Underneath menu bar is quick switch between main functions Quick access to the functions falling under navigation menu Function buttons such as data sorting add delete apply policy etc Area display all data ACUMEN _ rr ltems Description Chart Panel Only available for statistics report to show result in chart format Search Panel Search Panel only available for Statistics Report Event Logs Instant Message Emails Property Panel Available for setting policy p
61. m Volume ID 5 Select Ok to make change and close Change Removable Storage Device ID window 9 4 Time Type Category Administrators can predefine time type to facilitate search and report generation There are 4 time types available All Day Working Time Rest and Weekend Time type can be modified by corporate working hours click on a time type and change its range on the time grid Item Description Add Time Type Click on E button to add new time type by default all new time type is set to all day Administrators need to change time zone manually Time grid cover in Blue indicates time selected ACUMEN O Delete Time Click on X to delete time type predefine time type cannot Type be deleted 10 Database Backup 10 1 Backup using SQL Studio Backup Main Database To prevent database crash from any unexpected causes we recommend backup should be performed basic setup in completed Please follow steps below to backup AiD main database 1 Stop AiD server service and any other application using OCULAR3 Database 2 Start SQL Management Studio 3 Right click on OCULAR3 Database and select Tasks gt Detach ACUMEN mm R Microsoft SQL Server Management Studio Express File Edit View Tools Window Community Help Di New Query L GG iol lt oe Object Explorer iX Summary ee Wee E io LUFFY 082FOBO04F SQL Server 9 0 4035 LUFFY Databases System Databases OCULAR3 g E we GE L
62. mation leakage Document operation log can be view by go to Event Log gt document Logs include the following information ltem Description Operation Type Include create copy move rename restore delete access modify upload download burn File Name Name of operated document Size Size of the operated document Path Display detail document path when operation type shows copy move rename ACUMEN Item Desk type Application Title Description Drive location of the document such as fixed floppy DVD CD Rom Removable When operation type shows copy or move this filed will show from path and to path disk of the document Name of the application used to access document Windows title while operating on the document In document control and IM control policy can be set to backup documents When event triggered document will be backup to AiD server and a clip will appear on the event log to indicate backup files are available To view backup document double click on the event log in the pop up window click on Copy button to view or save backup file To export multiple files right click on event log select Export backup file and choose current record selected record or all matched records to export Search condition includes the following fields Item Time and Range Operation Type Drive File Name Path Description Common search criteria By default set to display all operation ty
63. ment Management Record all document operation activities include operations on various type of storage device and document file type Record shared file modification and deletion Complex policy settings allows to control document read modify and delete operation Backup important file before copy modify and delete Print Management Record and log all print task Record printed content as image Control print events ACUMEN O Device Management Control all computer external devices Control all newly added device Screen Snapshot Management Real time viewing of end user computer screen snapshots Record end user screen activities recording interval can be set per application Convert screen history into WMV format for replay purposes E mail Management Record sent and received email with complete content and attachments Control Email sending by defined policy Instant Message Management Completely record instant message conversation time contact person and content Control file sending using instant message application Backup sent file Remote Maintenance Instant view of end user computer information and perform remote assistance Remotely connect to end user computer and perform remote control Ability to remote file transfer Storage Device Management Record USB storage device s usage within the network ACUMEN i environment Set read and write authority to restri
64. milar to firewall policy can consist of many rules Policy matching rules adopting top down mechanism and policy for group or individual computer will inherit policy from parent group Administrators can apply policy to Whole Network Group Computer and Users Policy priority as follow from highest to lowest User Policy gt User Group Policy gt Computer Policy gt Computer Group Policy ACUMEN O Inherited Policy will display with light green background and cannot be modified in lower tree structure Policy can support wild cards multiple check value can be separate by or sign Button Description Items Description DI Add click this button to add a new policy A UP move up selected policy d Down move down selected policy CG Delete delete selected policy 9 Restore cancel new added policy or any modified settings ei Save gt click this button to save all new added or modified settings wf Indicates that the policy mode is allow x Indicates that the policy mode is block Indicates that the policy mode is ignore Indication that the policy mode is inaction D Indicates that the policy with alert setting GI Indicates that the policy with warning setting Indicates that policy with lock computer setting D Indicates that policy with expiring time setting 6 2 Basic Policy Basic policy can be used to regulate computer operation authority and also prev
65. n files coped to removable storage device encrypted file will be readable to authorized agent computer Removable Storage Policy Item Storage Type Readable Auto Decryption Writeable Auto Encryption Removable Storage Description By default storage type set to All storage type can be change to encrypted or non encrypted If storage type selected policy set will only apply to selected storage type By enable this feature document will be access in read only mode Below settings are depended on activation of this feature Automatic decrypt encrypted files on storage device when file copy to local hard disk or network drive via windows explorer Decryption will not perform is other application used to copy file from storage device Allow any application copy or create files on storage device When this feature not activated delete or modify action to storage device will be prohibited Auto encryption feature depend on activation of this feature Only allow windows explorer write copy document to the removable storage device and encrypt automatically By default its set to all referring to all removable storage device The field can be used for one single device or group of device ACUMEN _ rr ltem Description Description Description of the removable storage such as brand name model name Use as keyword to identity removable storage device When description and storage type are set bot
66. n next to path field and a window will appear with From the list select an application and relative path will show in the Confirm the path and system will re analysis application information Uninstall performed once click on OK button ACUMEN O Console so File Control Statistics Logs Policies Advanced Monitoring Maintenance Assets Categories Tools View Help d a nar E x g BS WinRAR 4 20 32 bit SZ eh S Computer X ke R V The Whole Network Path C Program Files WinRAR Modify Path P 5 ks Users and Groups S ef D Information of Installation Items P B 49 Unclassiti 8 g ADTEST Type Value Remarks d DELL XP J Folder C Program Files WinRAR th d LAB OFFICE2 Vi File C Program Files WinRAR Default SFX 3 LEO 1498954 7 File C Program Files WinRAR Descript ion Program Files TEC Pguar Sg LUFFY NB MI File C Program Files WinRAR File _Id diz TEC LEO VJ File C Program Files WinRAR License txt Program Files Microsoft Si d Test Machine v File C Program Files WinRAR Order bm Program Files WinRAR EI Deleted 1 F File C Program Files WinRAR Rar exe Alexander Roshal L i File C Program Files WinRAR Bar txt Program Files Microsoft gd V File C Program Files WinRAR RarExt dll Alexander Roshal Files Mi RSI F File C Program Files WinRAR RarExt64 dll Alexander Roshal rogram Files Microso V File C Program Files WinRAR Rar
67. n searching criteria Types are display in the above table Querying description field it supports wild card search and keyword search ACUMEN e lll 5 2 Application Logs Application logs can be found at Event Log gt Application it records all start and stop activities of all application on agent computer The following are the items in application log Item Description Start Stop Record all agent computer s application start and stop operation Window Change Record window change activities when user switch window Title change When user change window within an application title change will be recorded Note Due to massive amount log created by window change and title change feature the recording feature need to be activated at Basic Policy gt Logging gt Window Title Change Application Log includes the following Item Description Operation Type Start stop and title change Application Exe file name of the application Path When operation type is start up or stop path column will display path of the exe file Title When operation is title change window change title column display title window name of current window ACUMEN O E By default application logs will display all logs recorded administrators can use search panel set search criteria Item Description Path Title Search by application path or title Application Search by application s exe file name fields value can be select
68. nter used to print Application Application used to print Shared File Logs Shared files log File Name Shared file name Support wildcard IP Range IP Range of computers remote access agents shared files Email Email Logs Email Type Standard mail Webmail Exchange Lotus Send Receive From To Just match a recipient Email Size gt kKB Email Size lt KB Do Not Log Body Email direction send or receive Sender s email address support wild card Recipient s email address support wild card In the event of multiple recipients system will only match one recipient to proceed with record not record action Exclude email size exceeds specific KB Exclude email size less than specific KB This option only enabled under Record mode When it s checked email content will not be logged ACUMEN Items Do Not Record Attachment Description This option only enabled under Record mode When it s checked email attachments will not be logged Email logs will display attachments icon but attachments cannot be retrieved Instant Message Instant Message Logs Tools Specify instant message application Do not Log This option only available when mode is Record When Attachment activated attachment will not be recorded Application Application usage statistics Statistics Web Statistics Traffic Statistics Website usage Network traffic usage 6 8 Remote Control Policy Wit
69. ol remote PC by default ACUMEN Items Real time Alert Alert Window Bubble Setting Agent Offline Alert Abnormal Agent Alert Description Number of alert will be display system default at 500 Pop up alert window display on console Trigger level are Low High and Critical Pop up alert when agent offline over specified days system default at 10 days Pop up alert when abnormal agent appear 11 11 2 Server Settings Server setting includes the following Item Patches Install patches on new agents automatically Download patches automatically Description Select this option to install downloaded patch to new agent computers Download new windows patches automatically Data Cleanup Global Setting By default this feature not enabled Keep all data server will not delete any data Keep data within a specified number days system default set to 30 days ACUMEN Item Description Custom Allow to set data retention days separately Settings i e e g Can select to inherit from global settings or define retain days Management Range Search Range Only allow PC s within the search range to connect to server Exclusion Range Set server control IP ranges Server will actively scan IP range for new agents Only allow computer included in search range to connect to connect the server Server will not actively scan computers in listed range And computer in listed IP range will be proh
70. ols gt Policy Manager From this window administrators can easily identify policy status ACUMEN me 11 7 Agent Tool Confirm Code Generator Confirm code generator can be used to remove policy when end user is out of administrators condole Follow steps below to clear end user policy 1 On agent computer hold Ctrl Alt Shift and enter ocularat to open dialog window 2 Select Clear all policies and generate OP Code Operation Code 3 In popup window take down the original OP code and send it back to administrator 4 Administrators must go to Tools gt Agent Tools gt Confirm Code Generator to parse Operation Code Info 5 Administrator needs to confirm information submitted and click on Generate button to generate confirmation code 6 Replay confirmation code to end user to remove all policies Agent Offline Utility Agent offline utility can be used to temporary clear policy or uninstall agents Steps as followed 1 Administrators can go to Tools gt Agent Tools gt Agent Offline Utility to generate exe file to temporally remove policies or uninstall agents 2 Select available options and press next to enter effective executions effective execution time and password password can be empty 3 Once setting completed select export path and click on Next button to generate EXE file End users can run the EXE file to remove agent or temporarily disable policies ACUMEN me 11 8 Serve
71. omputer tree can be changed by default computer name will be used User login name For domain users domain user name will be displayed Agent status Running Offline Uninstalled Last communication time between AiD Agent and Server Last time computer was record as activate Last user logon to agent computer status also displayed In the event of user logon to multiple computers last logon computer column will show time and computer user logged on 4 User Group Basic Information Select a group to list users in that group and expand Button can be used to expand all subgroups 3 3 2 Grouping By default all new agent computers fall into unclassified group group structure can be create for easy maintenance purposes Create New Group In computer panel select The Whole Network and go to File gt New Group to create new group in computer tree Computers can be drag and drop into created group Administrators can repeat this process to create multiple computer or user groups Note Unclassified group been set as default group for both ACUMEN O computer and users Unclassified group cannot be modify delete or create sub group within it Assign and Change Group To assign computers or users to a group follow steps below 1 Select computer or user and go to File gt Move and choose target group 2 Drag and drop computer into targeted group Note To move multiple computers select unclass
72. ons ACUMEN mme into different categories By producing category statistics report it can help managerial personnel to understand employees working behaviors Select Mode Button gt By Category the following information will show Item Description Category Self define category in category management Time Time spend on the application of the category in descending order Percentage Percentage of time spend on the application with in the category in descending order 2 By Name Generate statistics report by selecting Mode gt By Name report include display application name time spend and percentage of select computer or computer group 3 By Detail List By Detail produced very similar report as By Name except By Detail list application by exe name rather than by applications It implies two different version of Skype will be display as two separate records 4 By Group By Group is used to generate report on a computer or group of computer s application usage within a category Category details can be defined in categories settings For example to generate Instant Message Application usage report following steps below ACUMEN Create IM group in category management Move all IM related applications in to IM group Select computer group Click on Search to generate result o o Fb oO DW group Charts included in statistics report In the search panel add categories buy
73. op up window click on Copy button to view or save printed content Click Copy and select to View Printed File to open the printed file Viewer can be used to examine content by enlarge shrink and drag it Viewer also support change page feature to allow administrators view multiple pages Printed content can be exported to jpg format Batch Exports To export multiple files right click on event log select Export printed content and choose current record selected record or all matched records to export Search Criteria Item Description Time and Range Common search criteria Printer Type Default to list all printed records to narrow search result select one printer in printer type field Printer Search by using printer name Computers For local printer computer name displayed For network print IP address displayed ACUMEN Item Task Page Application Has Backup Description Search printing task field and support wild card search Search by number of pages printed can be used to calculate total page printed Search by application used to print By tick the check box search record will display event logs with printed contents 5 7 Removable Storage Logs Removable storage logs display storage device activities on agent computer To view removable storage logs go to Event log gt removable storage logs Removable Storage Logs include the following Item Type Disk Type Volume ID Descrip
74. ops when computer problems cannot be solved immediately Therefore it is necessary to reduce the workload of system administrators on minor tasks to increase their productivity so that they can concentrate on computer management tasks and information system enhancement AiD is powerful software to solve the above problems for corporations AiD can monitor and record the utilization of every computer Its functions include daily operation statistics policy management screen snapshot real time recording asset management system patch management software distribution and remote control etc AiD can automatically record screen snapshots record computer utilization and playback records With all these functions corporations can realize the computer resources utilization secure corporation information and enhance productivity ACUMEN o M 1 2 Feature Introduction AiD provides effective monitoring and managing capabilities to help corporates minimize their risks in information security AiD is an application to effectively monitor and manage corporate network activities including AiD main feature includes Application Management Record application usage logs Statistics report on application usage time or percentage Restrict application usage Website Management Record browsed website s URL and title Statistics report on website browsed time and percentage Restrict website domain or page access Docu
75. pe to narrow search result go to search panel and change setting in operation type By default set to display all disk type to narrow search result change setting in disk type in search panel Search using file name entered this field support wild card search Search using document path this field support wild card search ACUMEN Item Destination Drive File Name Path Size Application Has Backup Description Only apply for event log with copy and move as operation type By default set to display all disk type to narrow search result change setting in disk type in search panel Search using input file name this field support wild card search Search using document path this field support wild card search Search file size between input range Search by name of the application this field can input manually or select from the category list By default not selected select this item will display logs with backup file in AiD server 5 5 Shared File Log Shared file log shows document operation on the shared folder of agent computer file access by 3 party computers will be recorded To view shared file log go to gt event log gt Share File Shared file logs include the following items ITEM Operation Type Remote Host Source File Path Description Include Create rename delete modify Access copy and move not supported Referring to computer accessing shared folder IP ad
76. port into AiD server Select Target group Click on button to select import to computer or user group Import Click on Import button to perform import If select nodes are set to import different group structure than active directory system will prompt to overwrite current group structure ACUMEN O zz EE 11 3 2 View Synchronization Configuration To view synchronization configuration details go to Tools gt Synchronization Configuration gt View Synchronization Configuration Imported node can be delete or modify from this window 11 4 Alert Message Alert message records all alerts triggered by policy it can be view by go to Tools gt Alert When alert occurs a pop up window will appear on console click on the pop up window to all alerts By default maximum alert display set to 500 records administrators can go to Tools gt Options gt Real time Alert gt Number of alerts will be displayed to change maximum record display Alert message will be cleared when administrators re login to console To query alerts go to Event logs gt Policy 11 5 Email Notification Settings Email Notification Alert can be send via email and administrators can get a grip on the network environment in real time 11 5 1 Email Notification Server Emails Notification Server need to be set before administrators can receive alert via email go to Tools gt Options gt Settings and setup of Email Notification Server to
77. puter User of the IM application Nick name of the IM conversation Start time of the conversation End time of the conversation Normal chat or group chat Number of chat statement Number of characters in the conversation ACUMEN Save IM Content Content can be view in console conversation content can be exported for further reference To export stored content right click and select export IM conversation Contents can be export to Excel or HTML format Export multiple conversation also supported Search Conversation Search criteria as followed ltem Description Tool Select different type of IM application from the drop down menu By default set as All User ID or Search for IM content using user id or nickname Nickname Content Search conversation content using keyword 7 2 Email Monitoring Email monitoring supports following email types Standard mail Exchange mail Web mail and Lotus mail Emails send and received via standard email protocol and exchange mail will be recorded Mail sent via Webmail and Lotus mail will not be recorded Email Logs Email Logs include the following ACUMEN Item Send Receive Subject From To Attachment Size Content Save emails Description Represent send mail Represent received mail Subject of the mail Sender s mail address Receivers email address CC and BCC also recorded ll represent attachments available Email logs will
78. r Time Incorrect server time may affect the correctness of recorded logs therefore system time monitoring mechanism was built to monitor and prevent server time error System will prompt an alert message to administrators to confirm current time Server time can be verify by go to Tools gt Server Management gt Server Time 11 9 Category Synchronization Management In the event of category information change server will perform synchronization to agent computers By go to Tools gt Server Management gt Category Sync Management administrators can glance over the category sync status Item Description Q Query to locate a specific computer Display last synchronization time of each category 11 10 Agent Update Management AiD upgrade includes AiD server and agent upgrade Once server upgrade completed agent computer will receive an install upgrade file dispatched by server system reboot required to complete upgrade process Automatic dispatch and install option required activation Go to Tools gt Server Management gt Agent Update Management to set up upgrade ACUMEN mm details Item Description Upgrade Settings Allow agent Allow agent computer to downgrade agent version when downgrade to server lower version than agent lower version Stop the upgrade Agent shall automatically upgrade to the latest version when upgrade unless this feature selected package changed Distribution Period Only dispatch
79. rs Provide easy to use interface to manage view category and search recorded logs ACUMEN me Console component s basic feature includes View and audit recorded log collected from end point computers Statistic analysis and export end point computer logs Real time monitoring and system management to end point computers Define Apply monitor and management policies Agent component s basic feature includes Execute various type of policies defined by administrator Collect all end point operation logs Routinely sending retrieved data back to server Monitoring end point computer activities by following administrator s command Monitor and control end point computer per administrators request 2 2 Hardware Software Requirement Microsoft SQL database is a pre requisite for any AiD server installation Chat below shows each AiD components minimum requirement Component Basic Requirement Database SQL Server 2000 SP4 MSDE SP4 SQL Server 2005 SP1 x86 x64 SQL Server 2005 Express SP1 x86 x64 SQL Server 2008 x86 x64 SQL Server 2008 Express x86 x64 SQL Server 2008 R2 ACUMEN _ rrr Component Server Console Agent Basic Requirement OS Win2000 SP4 Win 2003 SP1 x86 x64 Win 2008 x86 x64 Win 2008 R2 Minimum Requirement Pentium4 2G 512MB RAM 20GB HDD Space Recommend Requirement Pentium4 dual core or quad core 4GB RAM 120GB HDD Space OS
80. s invoked the user should not be able to change the IP settings Note Basic policy s IP MAC Binding System Recovery Netshare only apply to computer 6 3 Device Control Policy Device control mainly use to control various type of external device attached to the computer system The device control policies support the followings Storage Communication Device Dial USB Device Network Device and other devices Device include the following Item Description Floppy Floppy Drive Control Cannot use floppy if it is prohibited CD Rom DVD CD ROM Burning Device The burning disks action but the device still can read Type Tape drive Control ACUMEN Movable Device Portable Device Includes USB Flash drive removable drive memory stick smart card MO and ZIP drive control But not includes the device with IDE SCSI and SATA interface Smart Phone Device Communication Device Item COM LTP USB Controller SCSI Controller 1394 Controller Infrared PCMCIA Bluetooth MODEM Direct Line Dial up Item Dial up connection Description COM Port LPT Port USB Controller SCSI Controller 1394 Controller Infrared Device Control PCMCIA Card Bluetooth device Modem Device Direct connection between computers using USB cable COM Port or Serial Cable Description Dial up connection control ACUMEN EEE USB device Item Description USB Keyboard Control USB Keyboard USB Mou
81. s to view computer computer group user or user group information 1 Computer Basic Information Select a computer in computer panel at the same time data panel will display detail information of selected computer ACUMEN Item Name Computer IP Address Status Version OS Last Online Last Active Time Installed time IP MAC Last Logon User Description Displayed name in the Computer Tree can be changed By default computer name will be used Computer name Computere IP address Agent status Running Offline Uninstalled AiD agent version Operating System Last communication time between AiD Agent and Server Last time computer was record as activate Agent installed time All IP MAC address of the Agent Last user logon to agent computer status also displayed In the event of multiple user logon to the agent computer console will display time and name of all user current logon to the system 2 Computer Group Information All computers under a group will display in the data panel when computer group selected By selecting The Whole Network and click on expend button information of all computers within the group will be displayed 3 User Basic Information Select a user in the user panel and user status will be displayed in the ACUMEN data panel Item Name User Status Last Online Last Active Time Last Logon Computer Description Displayed name in the c
82. scription Partition Type FAT FAT32 NTFS Volume label of the device Double click on the removable storage device record Usage Records button can be found in the pop up window Go to File gt Find to open search panel and search criteria as followed Item Volume ID Category Description Volume Label Storage Type Partition Format Remark Capacity Description Requires to enter full volume ID DO NOT support wild card search By default its set to unclassified administrators can change category accordingly Search the description of the device field supports wild card search Field support wild card search on volume Label Search for All Encrypted or Non encrypted devices Search by partition format such as FAT32 or NTFS Search on remark field support wild card Search USB between specify maximum and minimum size Search result can be drag into defined removable device categories ACUMEN O Change Volume ID In certain devices volume ID is preset as 0000 0000 therefore change volume ID feature can allow administrators change volume ID to different value Steps to change volume ID 1 Plugin a removable device to console computer 2 In AiD console go to Categories gt Removable Storage gt Operation gt Local Removable Storage Info 3 Clickon sign to set volume ID 4 To change Removable Storage Device ID window click on Generate button to generate a rando
83. se Control USB Mouse USB Modem Control USB Modem USB Image USB Image Device Control such as Webcam Digital Device Camera and Scanner USB Control USB DVD CD ROM DVD CDROM USB Storage USB Hard Disk USB LAN Adaptor Other USB Device Network Device Item Wireless LAN Adapter PnP Adapter USB PCMCIA Virtual LAN Adapter Others Item Control USB Storage Control Hard Disk Control LAN Adapter Control any USB device not mentioned Description Control Wireless LAN adapter Control PnP adapter Control virtual LAN adapter Description ACUMEN mme Audio Equipment Control audio video and game controller Virtual DVD CD Control virtual DVD CD Rom device ROM Any New Device Any new device unknown to the system Device Control Policy Example 1 Some companies policies not allow staff listening music or playing online game during office hours In this case System administrators can set a policy to prohibit the use of Audio Policy Adda policy to block Audio in Device Policy Device Control Policy Example 2 To prevent important files leakage System administrators can set a policy to prohibit the use of Burning devices removable device Policy Add a policy to block some Storage Floppy DVD CD ROM and Moveable Device Communication Bluetooth as File transfer between local computer and Mobile Phone PDA may be done through Bluetooth and USB devices USB Storage and USB Hard disk De
84. splay by clicking this button Fit screen to window size Display screen in original size Track button Screen snapshot will automatically refresh To change refresh interval go to Tools gt Options gt Real time info and change value in Time interval to track ACUMEN eo ltem Description frame Stop tracking screen snapshot will be refresh To track a computer select target computer on the computer tree click Track button to start the real time tracking feature Screen snapshot will update when the target computer s screen changed The track mode can be stopped by clicking the Track button again 7 4 Multi Screen Monitoring Multi screen monitoring can monitor multiple screens at same time Multiple screen view can monitor from 2x2 4 screens to 4x 16 screens at ones After select desire view system will automatically refresh and rotate screens with in a specific time period Refresh time and interval can be modified in Tools gt Options gt Real time info Administrators can use function button to navigate through multi screen monitoring window Used to select different computer or computer group Used to auto switch screens Used to view screen in full screen mode Lock Screen Lock Screen can be applied to any computer on the screen monitoring view When screen lock applied screen will be excluded from the rotation and highlighted with yellow frame To lock unlock right click on the screen and
85. strict user to use CMD For Windows 98 it is Command In block mode process under Run will not be triggered when OS is starting up Log off or restart computer is required to activate policy RunOnce means process will only run once when OS started up and will not run again thereafter When mode set to block process under RunOnce will not be triggered Log off or restart computer is required to activate policy Network Include the following ltems Description Modify Network Properties Display My Network Places Modify Internet Option Default Netshare Netshare Add Netshares Restrict user to modify the network property My Network Places will be hidden when mode set to block Log off or restart computer is required to activate policy Restrict user to modify Internet Options settings When mode set to block the default Netshare will be blocked When mode set to block user cannot share folders or files When mode set to bloc user is not allowed to add Netshares ACUMEN IP MAC Binding ltem Change IP MAC Property Description Prohibit end user change network settings Feature can be used to prevent end user change IP MAC settings When policy set IP MAC will be saved and restore to saved value when change made ActiveX include the following ltem Chat ActiveX Media ActiveX Game Activex FLASH Activex Others Item Print Screen Stroke System Restore
86. t up distribution time and computer 2 5 Removal ACUMEN O EEO 2 5 1 Remove Agents There are two methods to remove AiD agent from the end user computer by administrators Console Removal Go to AiD console gt control gt uninstall agents to remove agent on computer no long require monitoring Agent Uninstaller Utility AiD console allow administrators to generate an offline uninstaller to remove agents on offline computers Follow steps below to generate uninstaller 1 In AiD console go to Tools gt Agent Tool gt Agent Offline Utility 2 Select Permanently uninstall agent and next 3 Set Parameters include maximum execution of the exe file effective time password save path 4 Execute the generated file on end user computer and AiD will be removed permanently Note Removing agent using agent uninstaller utility tool will not reduce license count in AiD console Manual deletion required to regain user license count 2 5 2 Uninstall Server and Console To uninstall AiD server and console go to Windows start menu gt all programs gt AiD gt uninstall AiD or uninstall via Control panel gt Add Remove programs ACUMEN e 3 Console 3 1 Console Login 3 1 1 Console Login Execute OConsole3 exe in AiD installed path or go to Start gt All Program files gt AiD Console AiD server needs to be in service in order to allow console access Acumen AiD Logon Ea
87. te logs right click on the event logs and select delete ACUMEN View Screen History In the event logs view administrators can right click on any record and select view screen history to view screen history closest to the select event Feature available to system equip with screen snapshot management module and screen recording activated 5 1 Basic Event Logs A basic event log shows systems startup shutdown login logoff dialup patch scanning and software distribution related information Go to basic event go to Logs gt Basic Event to view basic event logs The following table shows the basic operation types Item System startup shutdown User logon Logout Session Connected Disco nnected Dial Patch Management Software Deployment Description System referring to agent computer system and startup shutdown referring to operating system startup shutdown Every occurrences of user logon and logout Logs of remote session connection and disconnection When dial up agent will record dial and disconnect time logs When windows patch installed patch logs are recorded for future reference When system deployment task created target computer will record deployment status for future reference Basic event log include operation type time computer group user and description column ACUMEN Search Panel Criteria Item Time and Range Type Description Description Commo
88. tion Volume Label Remark Description Add or Delete Indicate if device encrypted blank mean non encrypted disk Unique key of storage device ID can be used to track down actual storage device Description of the storage device also name of the storage device Volume label of the storage device Remark can be added at removable storage category list ACUMEN Search Criteria Item Removable Storage Operation Type Removable Storage Type Description Query using volume ID volume can be manually input or select from the removable storage device category By default it is set to All Specific operation type can be selected from the drop down menu including Plug in and Plug out By default is set to all To narrow search result select encrypted or not encrypted 5 9 Policy Log Policy logs displays event triggered by policy policy log can be viewed by go to Event Log gt Policy Policy log include the following item Item Alert Level Policy Description Search Criteria Item Lowest Level Description There are three alert levels Low Important and Critical The alert level settings can be done in each policy The corresponding policy triggered by Agent Event information triggered policy Description By default it is set to All Alert level can be selected from the drop down menu including Low Important and Critical ACUMEN O Policy By default it is set to All Specifi
89. to blank There are 3 major areas account management Item Description General Assign administrators type and login mode Authorities Administrators authorities to each module logs and tools Range Used to assign administrators management range Computer Group and User Group ACUMEN General Item Super Administrator Only allow to logon one console ata time Only allow to log on specified PC or IP Authorities Item File Control Statistics Log Policy Monitoring Description Has full access to entire system No multiple logon allowed Can only log on to console via specific computer or IP Description Referring to the computer group and user group operations such as add move to delete group Also include export and print log feature Referring to control to agent computers include notify lock unlock computer log off power down Restart and uninstall agents Referring to authority of generating statistic report Referring to authorities to view event logs Referring to policy editing authorities Referring to authorities to view search and export Screen Snapshot Email IM Message logs ACUMEN Item Maintenance Asset Management Description Management module Patches Referring to authorities to patch management Vulnerability Referring to the authority to operate Vulnerability Software Referring to the authority of create package and Deployment dispatch package
90. udit Account Audit account can be created by go to Tools gt Accounts Items Description General Used to account details similar to console administrators setup Authorities Control authorities such export and delete File Authority to export and print Delete Authority to print Object Auditing target restrict auditors right in monitoring ACUMEN O M 13 Technical Support Thank you for choosing our product it s our commitment to provide quality technical server If there are any areas these user manual do not cover please contact with our technical support department and we will get back to you ASAP
91. uninstall software File Control Statistics Logs Policies Advanced Monitoring Maintenance Assets Categories Tools View Help PRESOR ERIA CEE ET ETNE ET n en S Ki Statistics events Log By Basic Policy GB Advanced Policy d Monitorine GB maintenance gt The Whole Networl B E test Applications Processes Performance Device Manager Services Disk Shared Folders Scheduled Tasks Users and Groups Gi Unclassified od ADTEST Software Management d DELL xP Name Company name Version Size Path d ebessi E Pguard3 TEC SOLUTIONS LIMIT 3 20 350 860KB C Program Files TEC IPguar H LU a NB 5 Microsoft NET Framework 2 0 MICROSOFT CORPOR 90 516 KB TEC LEO Kei Microsoft SQL Server 2005 MICROSOFT CORPOR 213 200 KB c Program Files Microsoft Si Test Machine JE WinRAR 4 20 32 bit WIN RAR GMBH 4 20 0 4 052 KB C Program Files WinRAR gt Deleted 1 E Debugging Tools for Windows x86 MICROSOFT CORPOR 6 11 1 404 39 452 KB Microsoft SQL Server Setup Support Files Engli MICROSOFT CORPOR 9 00 4035 23 005 KB c Program Files Microsoft Si Microsoft SQL Server VSS Writer MICROSOFT CORPOR 9 00 4035 679KB c Program Files Microsoft Si Microsoft Visual C 2008 Redistributable x8 MICROSOFT CORPOR 9 0 30729 10 444 KB T SyncToy 2 1 x86 MICROSOFT 2 10 1 465 KB T MSXML 6 0 Parser MICROSOFT CORPOR 6 10 1129 0 1 496 KB Microsoft SQL Server Management Studio Expr MICROSOFT CORPOR 9 00 2047 83
92. upgrade file to computer within defined time period Range Upgrade to computers in specified range Status Status of the computer define in the range 11 11 Option Go to Tools gt Option to view and modify current console and server s default value 11 11 1 Console Setting Console setting include the following items ltems Description Basic Setting Login Setting Includes remember password at login Auto Logon and alert when password is empty ACUMEN Items Close Setting Sound Setting Enable Sound Sound Type File Path Log Viewing Log query Result Real time Info Screen Monitoring Maintenance Remote Control Description Include minimized window to the system tray or close window and prompt when closing main window Select this to enable play sound when alert or notify occurs Alert or Notify Path of the Wav file support wav file less than 100kb Number of record displayed per page Time interval to track frames Sec screen refresh interval system default value at 2 seconds Time interval to jump to next PC automatically Sec Screen rotation period system default set to 30 seconds Show visible screen only Time interval to refresh application list system default at 2 seconds Time interval to refresh process list system default at 2 seconds Time interval to refresh performance info system default at 2 seconds Lock remote PC s keyboard and mouse by default Do not contr
93. urposes Status Bar Display current system status at bottom of this screen Color represent action of agent status Icon Color Description 3 LightBlue Active agent J Light Gray Computer is not on the network or switched off Dark Gray Agent uninstalled Fo Light Blue with Clock Active agent but user is away Color Representation of User Icon Icon Color Description amp Colored User on agent computer is active amp Light Gray User not logon to the agent computer System Logs and Search Conditions Event logs will include following common columns Column Description Time Event log time ACUMEN me Computer Name of the computer event occurred computer name can be found in the computer panel User User trigger the event user name can be found in the user panel Searching condition for event log and statistic reports Condition Description Time Zone Used to search event log within a given period To search between time range check on from and to check box to select starting and ending time 4 Used to select previous week Used to select next week Restore to previous setting Time Time type All Day Working Time Rest and Weekend can be found in Tools gt Classes Management gt Time Types Network Range Click on the right hand side button to select single computer or group of computers 3 3 Computer and User Operation 3 3 1 Basic Information Select from Statistics gt Basic will allow administrator
94. vice Control Policy Example 3 Per request of Sales department all USB devices must be prohibited except a specific brand Policy 1 Set group policy for sales department and block all moveable devices By set up the policy USB cannot longer be use Policy 2 Set group policy to sale department in policy allow removable device and add Kingston in description field to allow all device brand is ACUMEN me Kingston 6 4 Application Policy Many enterprises prohibit staff install own application or software such as BT chatting and online games software Application policy control can limit the use of unwanted applications To block an application administrators requires specify which application needs to be blocked The follow are 2 methods used to block applications 1 Block by Directly Input Application Name Administrators can block an application by adding name of the application such spider exe However when application name changed from spider exe to spider123 exe policy will not be able to block changed name application The above mentioned issue can be resolve by using following method 2 Block by Select Application from Application Category Administrators select an application from application category management By doing so block will be effective even executable name of application been changed 3 Block by Path Administrators can block application by path For example APPDIR e exe can be used to blo
95. visited website s URL along with time spend and percentage By Group In this mode it displays browsing time of each computer on one or more categories By default information displayed without any category All administrators can use search panel to list information by category Charts included in website report Bar Chart tA vax H M 0 50 0 45 0 40 0 35 0 30 0 25 0 20 0 15 0 10 0 05 tw me 740 mail yahoo com tw search bid yahoo com webmail mail 163 com finance qq com www bmw Com br hu me2 mail yahoo com Akog com tw men Com Fond bot com by mail google com Eit RUUUDRRDURRR ACUMEN i _ _ te Pie Chart Sanel hu mm 240 mail yahoo com tw search bad yahoo com webmail mail 163 com finance qq com www bmw com tw tw mg30_ mail yahoo com hk qq com 11 tw men Com Pond bot com hu mail google com Eit m m Pa m m Gel 5 Event Logs AiD records all operation logs from agent computers include user logon logout application log web log document operation log shared document log print log removable storage log asset changes log etc The follow functions are available for all event logs Item Description Print Print All logs can be print or print preview Preview Export Export logs according to administrators need Delete Delete selected delete record of current page and delete all matched record available To dele
Download Pdf Manuals
Related Search