asked on
Using HBSS 4.5 as a local monitoring tool
I've been asked to configure HIPS to monitor tasks/events on a local machine. This request comes of a possible security violation and we want to monitor everything this user is doing for a while.. I've set HIPS to Log All but it's only giving me info that woulb be considered an intrusion.. I've even set Application Blocking to Learn mode, in hope it would log more.. I need to capture everything this user is doing.. Basically I need HIPS to log the Task manager.. Is there a way to get HIPS or any module in HBSS to log all event/Tasks that are bing executed?
I personally think HBSS may not be the tool they need in accomplishing this issue but I needed to ask around before makeing the argument..
I personally think HBSS may not be the tool they need in accomplishing this issue but I needed to ask around before makeing the argument..
Anti-Virus AppsSecurity
Last Comment
hotrobb
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Yeah I agree, I had to make sure I wasn't missing something.. I have to ask when you say connecting to the machines "Event Viewer Remotely", in what context were you speaking of? I'm not sure of a way to conect to it remptly with out and RDP session or somthing similar that would alert the user of the monitoring..
Hiya
If you open Event Viewer and choose Action, Connect to another computer, you can then download the event logs
Cheers
Si
If you open Event Viewer and choose Action, Connect to another computer, you can then download the event logs
Cheers
Si
ASKER
Right, I remeber now.. Thanks for the info..