Internet Logging Software

Monopoly money comes in many flavors: 7, Vista, XP, 2K, ME, 98, etc.

Moderators: Flying Fox, Ryu Connor

Internet Logging Software

Postposted on Fri May 13, 2011 10:46 am

So at work we have a machine employees use that has been getting viruses like clockwork during a specific shift. I would like to get a better idea of exactly when it is happening, so I can track down which user is the cause. Does anyone have any recommendations for software capable of logging web traffic on the machine? I've got a pretty good idea what the employee(s) is(are) doing, but I'd like to prove it.

I tried a bit of searching, but most result sets are clogged with noise from either enterprise security software, or parental control filters.
Desktop: FX-8350 | 32 GB | XFX Radeon 6950 | Windows 7 x64
Laptop: i7 740QM | 12 GB | Mobility Radeon 5850 | Windows 8.1.1.1.1 x64
SuperSpy
Gerbil Jedi
Gold subscriber
 
 
Posts: 1592
Joined: Thu Sep 12, 2002 9:34 pm
Location: TR Forums

Re: Internet Logging Software

Postposted on Fri May 13, 2011 10:56 am

Can you not simply pull up the IE history?
Think for yourself, schmuck!
i5-2500K@4.3|Asus P8P67-LE|8GB DDR3-1600|Powercolor R7850 2G|1.5TB 7200.11|1988 Model M|Saitek X-45 & P880|Logitech MX 518|Dell 2209WA|Sennheiser PC151|Asus Xonar DX
bthylafh
Grand Gerbil Poohbah
 
Posts: 3171
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: Internet Logging Software

Postposted on Fri May 13, 2011 11:01 am

Buy the full version of MalwareBytes Anti-Malware and install it on the problem box. The logs it generates will ID URL and time, making it easy to ID the perp.
Life is hard; but it's harder if you're stupid. Big Al.
Captain Ned
Global Moderator
Gold subscriber
 
 
Posts: 20311
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Internet Logging Software

Postposted on Fri May 13, 2011 12:19 pm

bthylafh wrote:Can you not simply pull up the IE history?


Nope, the involved party knows enough to nuke the (Firefox) history.

If it were up to me I would just go full madmin and downgrade the default user from admin to normal user (or guest) and wash my hands of the issue, but powers that be want timestamps and hard proof.
Desktop: FX-8350 | 32 GB | XFX Radeon 6950 | Windows 7 x64
Laptop: i7 740QM | 12 GB | Mobility Radeon 5850 | Windows 8.1.1.1.1 x64
SuperSpy
Gerbil Jedi
Gold subscriber
 
 
Posts: 1592
Joined: Thu Sep 12, 2002 9:34 pm
Location: TR Forums

Re: Internet Logging Software

Postposted on Mon May 16, 2011 8:45 am

Can you use a hardware appliance?
Usacomp2k3
Gerbil God
 
Posts: 21301
Joined: Thu Apr 01, 2004 4:53 pm
Location: Orlando, FL

Re: Internet Logging Software

Postposted on Mon May 16, 2011 5:45 pm

It strikes me you should be able to use Software Restriction Policies to prevent Firefox from running on that box. Force them to use IE and disable the History Erasing.

Computer Configuration > Adminstrative Templates > Windows Components > Internet Explorer > Delete Browsing History > Prevent Deleting Web sites that the User has Visted

- There are many more in that subfolder that would make the life of the perpetrator quite hard.

If this is a Windows 7 box I'd highly recommend AppLocker to disable the use of Firefox, but if you only have XP or Vista then Software Restriction Policies (SRP) should work.

I could put up a hypothetical SRP policy that would work if this idea seems like it might fit the bill.
"Welcome back my friends to the show that never ends. We're so glad you could attend. Come inside! Come inside!"
Ryu Connor
Global Moderator
Gold subscriber
 
 
Posts: 3546
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA

Re: Internet Logging Software

Postposted on Tue May 17, 2011 8:48 am

I normally stay away from IE on non-Vista/7 machines, but I'll try that setting for IE (and uninstall/hide FF)
Desktop: FX-8350 | 32 GB | XFX Radeon 6950 | Windows 7 x64
Laptop: i7 740QM | 12 GB | Mobility Radeon 5850 | Windows 8.1.1.1.1 x64
SuperSpy
Gerbil Jedi
Gold subscriber
 
 
Posts: 1592
Joined: Thu Sep 12, 2002 9:34 pm
Location: TR Forums

Re: Internet Logging Software

Postposted on Tue May 17, 2011 9:41 am

There's an .MSI version of Firefox available from a third party, and the installer includes .ADM files so you can control the thing with group policy. Maybe it has a setting to disable clearing history.
Think for yourself, schmuck!
i5-2500K@4.3|Asus P8P67-LE|8GB DDR3-1600|Powercolor R7850 2G|1.5TB 7200.11|1988 Model M|Saitek X-45 & P880|Logitech MX 518|Dell 2209WA|Sennheiser PC151|Asus Xonar DX
bthylafh
Grand Gerbil Poohbah
 
Posts: 3171
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: Internet Logging Software

Postposted on Tue May 17, 2011 9:59 am

Yay, another chance to pimp pfSense, Snort, Squidguard, and Lightsquid running on a spare box in your network! You could also get other types of IPS/IDS (IBM Proventia, for example), but pfSense is free and will work exceptionally well for what you're trying to do.

Try it today!

It's also a fun project to do to earn those golden overtime hours!
Calm seas never made a skilled mariner.
drsauced
Graphmaster Gerbil
 
Posts: 1470
Joined: Mon Apr 21, 2003 1:38 pm
Location: Here!


Return to Windows

Who is online

Users browsing this forum: No registered users and 3 guests