Personal computing discussed

Moderators: renee, Flying Fox, Ryu Connor

 
SuperSpy
Minister of Gerbil Affairs
Topic Author
Posts: 2403
Joined: Thu Sep 12, 2002 9:34 pm
Location: TR Forums

Internet Logging Software

Fri May 13, 2011 10:46 am

So at work we have a machine employees use that has been getting viruses like clockwork during a specific shift. I would like to get a better idea of exactly when it is happening, so I can track down which user is the cause. Does anyone have any recommendations for software capable of logging web traffic on the machine? I've got a pretty good idea what the employee(s) is(are) doing, but I'd like to prove it.

I tried a bit of searching, but most result sets are clogged with noise from either enterprise security software, or parental control filters.
Desktop: i7-4790K @4.8 GHz | 32 GB | EVGA Gefore 1060 | Windows 10 x64
Laptop: MacBook Pro 2017 2.9GHz | 16 GB | Radeon Pro 560
 
bthylafh
Maximum Gerbil
Posts: 4320
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: Internet Logging Software

Fri May 13, 2011 10:56 am

Can you not simply pull up the IE history?
Hakkaa päälle!
i7-8700K|Asus Z-370 Pro|32GB DDR4|Asus Radeon RX-580|Samsung 960 EVO 1TB|1988 Model M||Logitech MX 518 & F310|Samsung C24FG70|Dell 2209WA|ATH-M50x
 
Captain Ned
Global Moderator
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Internet Logging Software

Fri May 13, 2011 11:01 am

Buy the full version of MalwareBytes Anti-Malware and install it on the problem box. The logs it generates will ID URL and time, making it easy to ID the perp.
What we have today is way too much pluribus and not enough unum.
 
SuperSpy
Minister of Gerbil Affairs
Topic Author
Posts: 2403
Joined: Thu Sep 12, 2002 9:34 pm
Location: TR Forums

Re: Internet Logging Software

Fri May 13, 2011 12:19 pm

bthylafh wrote:
Can you not simply pull up the IE history?


Nope, the involved party knows enough to nuke the (Firefox) history.

If it were up to me I would just go full madmin and downgrade the default user from admin to normal user (or guest) and wash my hands of the issue, but powers that be want timestamps and hard proof.
Desktop: i7-4790K @4.8 GHz | 32 GB | EVGA Gefore 1060 | Windows 10 x64
Laptop: MacBook Pro 2017 2.9GHz | 16 GB | Radeon Pro 560
 
Usacomp2k3
Gerbil God
Posts: 23043
Joined: Thu Apr 01, 2004 4:53 pm
Location: Orlando, FL
Contact:

Re: Internet Logging Software

Mon May 16, 2011 8:45 am

Can you use a hardware appliance?
 
Ryu Connor
Global Moderator
Posts: 4369
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Re: Internet Logging Software

Mon May 16, 2011 5:45 pm

It strikes me you should be able to use Software Restriction Policies to prevent Firefox from running on that box. Force them to use IE and disable the History Erasing.

Computer Configuration > Adminstrative Templates > Windows Components > Internet Explorer > Delete Browsing History > Prevent Deleting Web sites that the User has Visted

- There are many more in that subfolder that would make the life of the perpetrator quite hard.

If this is a Windows 7 box I'd highly recommend AppLocker to disable the use of Firefox, but if you only have XP or Vista then Software Restriction Policies (SRP) should work.

I could put up a hypothetical SRP policy that would work if this idea seems like it might fit the bill.
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
SuperSpy
Minister of Gerbil Affairs
Topic Author
Posts: 2403
Joined: Thu Sep 12, 2002 9:34 pm
Location: TR Forums

Re: Internet Logging Software

Tue May 17, 2011 8:48 am

I normally stay away from IE on non-Vista/7 machines, but I'll try that setting for IE (and uninstall/hide FF)
Desktop: i7-4790K @4.8 GHz | 32 GB | EVGA Gefore 1060 | Windows 10 x64
Laptop: MacBook Pro 2017 2.9GHz | 16 GB | Radeon Pro 560
 
bthylafh
Maximum Gerbil
Posts: 4320
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: Internet Logging Software

Tue May 17, 2011 9:41 am

There's an .MSI version of Firefox available from a third party, and the installer includes .ADM files so you can control the thing with group policy. Maybe it has a setting to disable clearing history.
Hakkaa päälle!
i7-8700K|Asus Z-370 Pro|32GB DDR4|Asus Radeon RX-580|Samsung 960 EVO 1TB|1988 Model M||Logitech MX 518 & F310|Samsung C24FG70|Dell 2209WA|ATH-M50x
 
drsauced
Gerbil Jedi
Posts: 1543
Joined: Mon Apr 21, 2003 1:38 pm
Location: Here!

Re: Internet Logging Software

Tue May 17, 2011 9:59 am

Yay, another chance to pimp pfSense, Snort, Squidguard, and Lightsquid running on a spare box in your network! You could also get other types of IPS/IDS (IBM Proventia, for example), but pfSense is free and will work exceptionally well for what you're trying to do.

Try it today!

It's also a fun project to do to earn those golden overtime hours!
Calm seas never made a skilled mariner. But, sadly I'm an A's fan.

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On