EtherSensor Version

EtherSensor Version

Data sources and objects capture
 EtherSensor EtherCAP service:
  [*]The pssdk6.sys traffic interception driver was changed. The old version sometimes resulted in BSOD.
  [*]URI parsing logic was changed in the HTTP protocol parser.
  [*]FTP protocol parser was updated: sometimes it resulted in the crash of the ethcapsvc.exe service.
  [*]SMTP protocol parser was updated: multiline server responses for the WELCOME and other commands had been processed incorrectly.
  [*]TCP connections without proper ending according to RFC are now logged with the "warning" status.

Captured objects analysis:
  [*]Recognition validity and processing efficiency for Lotus Notes messages are now higher.
  [*]The (CHECK-MESSAGE-ID) message filter condition for message duplicate filtering by the Message-ID field was updated.
  [+]The X-Sensor-Lotus-MessageId header is now checked for the LOTUS protocol.
  [*]The message filter condition for message filtering by IP addresses was updated. The address check type for "any" addresses was added.
<rule enabled="true">
   <c name="ip"
      value="" />
   <action name="drop" />
  [+]The SAVE RAW DATA action was added to the message filter. This message can be used to save source (original) data of the message.
  [+]You can now attach source data to the message:
<rule enabled="1">
 <comment>For all HTTP objects save original data.</comment>
   <c name="protocol" value="http" />
 <action name="save-raw-data" value="true" />
  [+]The following detectors were updated: CV (,,,,,,,,,,,, (Google Hangouts web message interception was added), gorod55,,,,,,,,,,, smsmms (,,,,,,,,,,
  [+]Reconstruction of files downloaded in parts over the HTTP protocol was added.
  [+]An error was fixed with accidentally switching to demo mode with an active license: module license expiration dates were checked incorrectly.

Delivering analysis results to consumer system:
  [+]Message headers now include the current EtherSensor UHID: the X-Sensor-UHID header.
  [-]An error was fixed in SMTP transport. Sometimes closed connections were used to send messages to archive.

  [*]Incorrectly closed TCP connections are now logged with the "warning" status. A special rule is created in the default configuration of the watcher service which logs such messages to a separate file.
<LogRule output="file://capstrange.log"
 <Channel name="CAPMAIN" loglevels="error, warning, criterr" />
  [-]An error was fixed with the calculation of module expiration time in the logging system messages.
  [-]An error was fixed with getting the full path to the message log file.
  [-]An error was fixed with saving statistics which sometimes resulted in memory leaks.

Configuration console:
  [*]mconsole.exe, kppsreport.exe, perfmonitor.exe utilities were integrated into a single EtherSensor management application - mconsole.exe.
  [+]The Ctrl+S hotkey was added to save a modified configuration.
  [+]All EtherSensor services can now be stopped, started and restarted at once.
  [+]A EtherSensor diagnostic report can now be unpacked to a separate directory.
  [+]Message and HTTP query filters can now be re-formatted to improve filter readability.
  [-]An error was fixed with filter display (incorrect filter encoding).
  [-]An error was fixed with getting the full path to the message log file.
  [-]An error was fixed with performance counter update.
  [-]An error was fixed with license load and display. Sometimes the application crashed.
  [-]An error was fixed with saving filefrop profile settings.

Back to the news section ›
Site map | Search | Privacy Policy | Terms of Use | Contact Us
Copyright © 2000—2024 Microolap Technologies LTD. All Rights Reserved.
All trademarks are the sole property of their respective owners.