Dependencies and limitations when using third-party information security tools

<< Click to Display Table of Contents >>

Navigation:  Installation of Microolap EtherSensor > Microolap EtherSensor Ethernet Connection >

Dependencies and limitations when using third-party information security tools

To ensure smooth operation of Microolap EtherSensor it is necessary to account for compatibility with third-party information security tools and other infrastructure components:

By default, Microolap EtherSensor is installed in the C:\Program Files\Microolap EtherSensor folder. Administrators can choose to install to another folder. The folder where Microolap EtherSensor is installed contains work subfolders. Exclude this folder and all its subfolders from the paths monitored by antivirus software, search indexers and integrity control tools. No software should block creating, deleting, moving or modifying files in these folders.

Microolap EtherSensor includes the following Windows services: EtherSensor EtherCAP, EtherSensor ICAP, EtherSensor LotusTXN, EtherSensor Analyser, EtherSensor Transfer, EtherSensor Watcher, and EtherSensor Updater, which is the update service. These services should be running with local system rights, as they require access to kernel functions.

Microolap EtherSensor needs to send SMTP, FTP, SMB, SYSLOG or IMAP messages to the remote server; otherwise, it may work incorrectly. Information security tools should not check, modify or limit connections to the server to which Microolap EtherSensor sends the data. Similarly, information security tools should not prevent the EtherSensor Transfer service from opening connections to ports used to send messages.

Microolap EtherSensor requires a connection to an NDIS system module. Third-party information security tools should not prevent the EtherSensor EtherCAP service from using functions to access this module.

During installation and regular work, Microolap EtherSensor processes use calls that require special privileges. The OS security policy should allow Microolap EtherSensor to perform operations with drivers, control processes and access network interfaces.

During interception, Microolap EtherSensor can manipulate large amounts of data in work folders. The file system of the Microolap EtherSensor runtime environment should have enough free space to write and store the data.

When working with large network streams  , we recommend mounting the [INSTALLDIR]\data folder as a separate partition on a RAID controller optimized for access speed and write operations (raid10).