Sie sind auf Seite 1von 338

Preface

Preface

Thank you for purchasing iNetSec Smart Finder.


This document provides information on the proper usage and precautions for iNetSec Smart
Finder. Please read this document carefully before using iNetSec Smart Finder.
Displaying/printing this document requires Adobe® Reader® 9.0 or later versions from Adobe
Systems Inc.
June 2014

Microsoft, Windows, Windows Server, Windows Vista, Internet Explorer, and SQL Server are
either registered trademarks or trademarks of Microsoft Corporation in the United States and/or
other countries.
Red Hat is a registered trademark of Red Hat, Inc. www.redhat.com in the U.S. and other
countries.
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
Adobe, Reader, Adobe AIR and AIR are trademarks or registered trademarks of Adobe Systems
Incorporated in the United States and/or other countries.
Mac and Mac OS are trademarks of Apple Inc.
Intel, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation.
Other company names and product names are the trademarks or registered trademarks of the
respective companies.
Trademark symbols (®, TM) may not be given to all the applicable names such as company
names, system names and product names described in this document.
The screen examples in this document are created according to Microsoft Corporation
guidelines.
Adobe® AIR®. Copyright © 2007-2010. Adobe Systems Incorporated. All Rights Reserved.
© PFU LIMITED 2013 - 2014

i
Preface

Purpose of Document
This document describes iNetSec Smart Finder.

Category Structure Content

Product Chapter 1 Overview Chapter 1 provides an overview of iNetSec Smart


Understanding Finder.
Chapter 2 System Requirements Chapter 2 describes the system requirements.
Introduction and Chapter 3 Introduction Chapter 3 introduces the Manager and the
Operation Sensor.
Chapter 4 The Manager Chapter 4 describes the Manager Operations.
Operations
Chapter 5 Sensor Operations Chapter 5 describes Sensor Operations.
Application Chapter 6 Application Monitoring Chapter 6 describes Application Monitoring.
Monitoring
Chart Functions Chapter 7 Chart Installation, Chapter 7 describes iNetSec Smart Finder Chart
Setup and Operations installation, setup, and operations.
Maintenance & Chapter 8 Maintenance Chapter 8 describes the operations for
Removal maintenance of the configured system.
Chapter 9 Removal Chapter 9 describes how to remove the Sensor
and uninstall the Manager.
Reference Chapter 10 Commands Chapter 10 describes the commands in the
Manager.
Chapter 11 Error Messages Chapter 11 describes the error messages for the
Manager.
Appendix A File Format Appendix A describes the file format used in
iNetSec Smart Finder.
The Manager Appendix B Changing Settings Appendix B describes how to manage
Configuration after Starting Operation communication port settings on the Manager.
Specifications Appendix C Specifications Appendix C describes iNetSec Smart Finder
specifications.
Language/Time Appendix D Time Zone Appendix D describes the time zone for iNetSec
Zone Smart Finder.
Monitor Port Appendix E Monitor Port Appendix E describes the monitor port
Connection Connection connection.
Configuration of Appendix F Management Window Appendix F describes the configuration of the
the Manager Manager interface windows.
Interface
Glossary Glossary Glossary defines the terminology for iNetSec
Smart Finder.

ii
Preface

Abbreviations
The following shows the abbreviations of operating system names used in this document:
Operating System Name Abbreviations

Windows Vista® Business Windows Vista Windows (*)


Windows Server® 2008 Standard Windows Server 2008
Windows Server® 2008 Standard without Hyper-V™
Windows Server® 2008 Enterprise
Windows Server® 2008 Enterprise without Hyper-V™
Windows Server® 2008 R2 Standard Windows Server 2008 R2
Windows Server® 2008 R2 Standard without Hyper-V™
Windows Server® 2008 R2 Enterprise
Windows Server® 2008 R2 Enterprise without Hyper-V™
Windows Server® 2012 Standard Windows Server 2012
Windows Server® 2012 R2 Standard Windows Server 2012 R2
Windows® 7 Home Premium operating system Windows 7
Windows® 7 Professional operating system
Windows® 7 Enterprise operating system
Windows® 7 Ultimate operating system
Windows® 7 Home Premium 64-bit edition operating system
Windows® 7 Professional 64-bit edition operating system
Windows® 7 Enterprise 64-bit edition operating system
Windows® 7 Ultimate 64-bit edition operating system

*: The following descriptions are applied to determine the operating system type:
Operating system used in a 32-bit environment: 32-bit Edition
Operating system used in a 64-bit environment: 64-bit Edition

Web Browser Name Abbreviations

Windows® Internet Explorer® 11.0 Internet Explorer 11


Windows® Internet Explorer® 10.0 Internet Explorer 10
Windows® Internet Explorer® 9.0 Internet Explorer 9
Windows® Internet Explorer® 8.0 Internet Explorer 8
Windows® Internet Explorer® 7.0 Internet Explorer 7

Application Name Abbreviations

Microsoft® Internet Information Service IIS


Microsoft® .NET Framework 3.5 SP1 .NET Framework
Microsoft® SQL Server® 2008 R2 Express Edition SQL Server

iii
Preface

Description Rules

Italic Type
Italic type indicates a variable value.
Example:

http://<Sensor IP address>/index.html

Date and Time Format


Dates and times are displayed in either of the following formats:
 MMDDYYYYhhmmss
 MMDDYYYYhhmmss tt

"YYYY" represents the year in 4 digits. "MM" represents the month (01 to 12) in 2 digits. If "M"
is described, the month of 1 to 12 is indicated. "DD" represents the day (01 to 31) in 2 digits. If
"D" is described, the day of 1 to 31 is indicated.
"hh" represents the hour (00 to 24). "mm" represents the minute (00 to 59). "ss" represents
the second (00 to 59). "tt" represents AM or PM when the 12-hour clock is used.
±hh:mm indicates the time difference from UTC.

Brackets ([ ]) and Vertical Bars (|)


Brackets indicate that the arguments within them may be omitted.
Vertical bars indicate that the arguments are selectable.
Example:

 [-h On|Off]
The default response is Off. 
On: Import with an item name in the first line.
Off: Import with no item name in the first line.

IP Address and "xxx.xxx.xxx.xxx" Format


IP address in IPv4 format. The format is "xxx.xxx.xxx.xxx". "xxx" represents a numeric value
between 0 - 255.

Network Address and "xxx.xxx.xxx.xxx/yy" Format


Network address in IPv4 format. The format is "xxx.xxx.xxx.xxx/yy". "xxx" represents a
numeric value between 0 - 255. "yy" represents a numeric value between 8 - 31.

iv
Contents

Contents
Preface ......................................................................................................................... i

Chapter 1 Overview ................................................................................................ 1


1.1 What is iNetSec Smart Finder? ............................................................................2
1.2 iNetSec Smart Finder Features ............................................................................3
1.3 iNetSec Smart Finder Functions .........................................................................4

Chapter 2 System Requirements .......................................................................... 8


2.1 System Requirements for the Manager ..............................................................9
2.2 System Requirements for Chart ........................................................................10
2.3 Required Software ..............................................................................................11
2.3.1 Client Device ..........................................................................................11
2.3.2 Computer to Access the Manager ........................................................11
2.3.3 Computer to Configure Sensor Settings .............................................11
2.3.4 Licenses ..................................................................................................12

Chapter 3 Introduction ......................................................................................... 13


3.1 System Configuration Flow for iNetSec Smart Finder ....................................14
3.2 The Manager Installation ....................................................................................15
3.2.1 Verifying System Requirements ...........................................................15
3.2.2 Confirm environment setting before installation ................................16
3.2.3 Installing the Manager ...........................................................................18
3.2.4 Installation Confirmation .......................................................................23
3.3 User Registration ................................................................................................24
3.4 Sensor Installation ..............................................................................................25
3.4.1 Logging in to the Sensor .......................................................................26
3.4.2 Configuring Settings for the Sensor ....................................................27
3.4.3 Installing the Sensor ..............................................................................28
3.4.3.1 Installation without Monitor Ports ..............................................28
3.4.3.2 Installation with Monitor Ports ...................................................29
3.4.4 Checking Operation after Installing the Sensor ..................................29
3.5 Segment Group Creation and Assignment ......................................................30
3.6 Creation of Whitelists .........................................................................................31
3.6.1 Collecting Device Information ..............................................................31
3.6.2 Importing Device Information ...............................................................33
3.7 Changing Segments to Blocking Mode ............................................................33
3.8 Operation Mode Settings of Application Monitoring and Behavioral IPS
(Malware Detection) ............................................................................................34

v
Contents

Chapter 4 The Manager Operations .................................................................... 36


4.1 Logging in to the Manager .................................................................................37
4.1.1 Login .......................................................................................................37
4.1.2 Management Window ............................................................................38
4.1.3 Logout .....................................................................................................39
4.2 Managing Connected Devices ...........................................................................40
4.2.1 Devices Window .....................................................................................40
4.2.2 Displaying Device Information .............................................................42
4.2.2.1 Filtering Device Information .......................................................42
4.2.2.2 Displaying Device List .................................................................43
4.2.2.3 Displaying Selected Items in Network Device Lists .................47
4.2.3 Selecting and Operating Devices .........................................................48
4.2.4 Device Information Updating and Registering ....................................49
4.2.5 Importing Device Information from a File ............................................54
4.2.6 Exporting Device Information to a File ................................................55
4.3 Application Management ...................................................................................55
4.4 The Sensor Management ...................................................................................56
4.4.1 The Sensors Window .............................................................................56
4.4.1.1 The Sensor List Tab ....................................................................56
4.4.1.2 Segment List Tab .........................................................................57
4.4.2 Sensor Information Management .........................................................58
4.4.2.1 Displaying Sensor List ................................................................58
4.4.2.2 Updating Sensor Information .....................................................60
4.4.2.3 Deleting Sensor Information .......................................................61
4.4.2.4 Exporting Sensor Information to a File .....................................62
4.4.3 Managing Segment Information ...........................................................62
4.4.3.1 Displaying Segment List .............................................................62
4.4.3.2 Changing Segment Operation Mode ..........................................63
4.4.3.3 Changing Application Monitoring Mode ....................................64
4.4.3.4 Changing Behavioral IPS (Malware Detection) Mode ...............64
4.4.3.5 Segment License .........................................................................65
4.4.3.6 Updating Segment Information ..................................................65
4.4.3.7 Changing Segment Settings .......................................................66
4.5 User Management ...............................................................................................68
4.5.1 Users Window ........................................................................................68
4.5.1.1 User List .......................................................................................69
4.5.2 Adding and Updating Users ..................................................................70
4.5.3 Deleting Users ........................................................................................73
4.6 Segment Group Management ............................................................................74
4.6.1 Segment Groups Window .....................................................................74
4.6.1.1 Display of Segment Group List ..................................................75
4.6.2 Adding and Changing Segment Groups ..............................................75

vi
Contents

4.6.3 Deleting Segment Groups .....................................................................77


4.7 Viewing Event Information .................................................................................78
4.7.1 Event Viewer Window ............................................................................78
4.7.1.1 Events List Items .........................................................................79
4.7.2 Deleting Event Information ...................................................................79
4.7.3 Exporting the Event Information to a File ............................................79
4.8 The Manager System Configuration .................................................................80
4.8.1 System Configuration Window .............................................................80
4.8.2 User Specific Settings ...........................................................................81
4.8.3 Segment Group Specific Settings ........................................................82
4.8.3.1 Notification ...................................................................................83
4.8.3.2 IP Address Change Notification - Exception Setting 
Window .........................................................................................86
4.8.3.3 Block/Approve Devices ...............................................................88
4.8.3.4 OS Type Based Policy .................................................................90
4.8.3.5 Automatic Approval for MAC Address (Vendor ID) Settings ...92
4.8.3.6 Automatic Approval Settings for IP Address Window .............94
4.8.3.7 Client Notification Message ........................................................96
4.8.3.8 Network Definition .....................................................................100
4.8.3.9 Blocking and Approving Application .......................................101
4.8.4 System Settings ...................................................................................103
4.8.4.1 License Settings ........................................................................105
4.8.4.2 Device Dictionary Registration .................................................105
4.9 Registration Form Window ..............................................................................106
4.9.1 Client Device Registration ..................................................................106
4.9.2 Registration Window on the Manager ................................................107
4.9.3 Blocking Notification Windows ..........................................................109
4.9.4 Modifying Notification Window Design .............................................112
4.9.5 Unblocking Connections .....................................................................113
4.10 Using External Registration Form ...................................................................114
4.11 Notes on Operation ...........................................................................................120

Chapter 5 Sensor Operations ............................................................................ 123


5.1 Components of the Sensor ..............................................................................124
5.2 Starting the Sensor ...........................................................................................125
5.3 Stopping the Sensor .........................................................................................127
5.4 Initializing the Sensor .......................................................................................128
5.5 Sensor Basic Settings Window .......................................................................129
5.5.1 3 Port Configuration ............................................................................130
5.5.2 Tagged VLAN Configuration ...............................................................132
5.6 Exporting/Importing Sensor Basic Information .............................................136
5.7 Erasing Data from the Sensors .......................................................................137

vii
Contents

Chapter 6 Application Monitoring ..................................................................... 138


6.1 What is Application Monitoring? .....................................................................139
6.1.1 Application Monitoring Features ........................................................139
6.1.2 Application Dictionary and Application List .....................................139
6.2 Operations .........................................................................................................143
6.2.1 Visualizing and Managing Applications ............................................143
6.2.2 Selecting Application Information Items ...........................................148
6.2.3 Exporting and Importing an Application List ....................................149
6.2.4 Updating the Application Dictionary ..................................................150
6.2.5 Device User Operation ........................................................................151

Chapter 7 Chart Installation, Setup and Operations ....................................... 152


7.1 What are Charts? ..............................................................................................153
7.2 Features of Charts ............................................................................................154
7.2.1 Number and Structure of Devices ......................................................154
7.2.2 Amount of Printed Pages ....................................................................155
7.2.3 Device Uptime and Power Consumption ...........................................156
7.3 Installing Chart ..................................................................................................157
7.3.1 Installing Chart .....................................................................................157
7.4 Logging in to Chart ...........................................................................................160
7.4.1 Chart Login Window ............................................................................160
7.4.2 Chart Main Window ..............................................................................161
7.5 Summary Display ..............................................................................................164
7.5.1 Summary window ................................................................................164
7.6 Detailed Information .........................................................................................168
7.6.1 Device List Window .............................................................................168
7.6.2 Printer Usage Window .........................................................................171
7.6.3 Power Consumption Window .............................................................174
7.6.4 Uptime Window ....................................................................................177
7.6.5 Device Information Window ................................................................179
7.6.6 Filter settings Window .........................................................................183
7.6.7 Configure Columns Window ...............................................................184
7.7 Saving to a CSV File .........................................................................................186
7.7.1 Saving to a CSV File (Summary Window) ..........................................187
7.7.2 Saving to a CSV File (Device List Window) .......................................188
7.7.3 Saving to a CSV File (Printer Usage Window) ...................................191
7.7.4 Saving to a CSV File (Power Consumption/Uptime Window) ..........192
7.8 Printing and Previewing ...................................................................................195
7.9 Graph Settings ..................................................................................................197
7.10 Time Zone Settings ...........................................................................................198
7.11 CSV File Settings ..............................................................................................198
7.12 Uninstalling Chart .............................................................................................199

viii
Contents

Chapter 8 Maintenance ...................................................................................... 200


8.1 Sensor Maintenance .........................................................................................201
8.1.1 Adding the Sensors .............................................................................201
8.1.2 Deleting the Sensors ...........................................................................201
8.1.3 Moving the Sensors .............................................................................201
8.1.4 Replacing the Sensors ........................................................................202
8.1.4.1 Using Automatic Inherit to Replace the Sensor .....................202
8.1.4.2 Using the Inherit Sensor Command to Replace the Sensor ..203
8.2 Maintenance of the Manager ............................................................................204
8.2.1 Changing Environment Settings of the Manager ..............................204
8.2.2 Backup and Restoration of the Manager ...........................................205
8.2.3 Starting/Stopping Services Related to iNetSec Smart Finder .........206
8.3 Information Collection during Errors ..............................................................206

Chapter 9 Removal ............................................................................................. 207


9.1 Removal & Uninstallation directions ..............................................................208
9.1.1 Removal of the Sensor ........................................................................208
9.1.2 Uninstallation of the Manager .............................................................208

Chapter 10 Commands ......................................................................................... 211


10.1 Backup Command (pq_backup.exe) ...............................................................212
10.1.1 Command Specification ......................................................................212
10.1.2 Operation Procedure ...........................................................................213
10.2 Restore Command (pq_restore.exe) ...............................................................214
10.2.1 Command Specification ......................................................................214
10.2.2 Operation Procedure ...........................................................................215
10.3 Investigate Command (pq_investigate.exe) ...................................................216
10.3.1 Command Specification ......................................................................216
10.3.2 Operation Procedure ...........................................................................217
10.4 Investigate Sensor Command (pq_investigate_sensor.exe) ........................218
10.4.1 Command Specification ......................................................................218
10.4.2 Operation Procedure ...........................................................................219
10.5 Export Device Command (pq_export_device.exe) ........................................220
10.5.1 Command Specification ......................................................................220
10.5.2 Operation Procedure ...........................................................................221
10.6 Import Device Command (pq_import_device.exe) ........................................222
10.6.1 Command Specification ......................................................................222
10.6.2 Operation Procedure ...........................................................................223
10.7 Export Event Command (pq_export_event.exe) ............................................224
10.7.1 Command Specification ......................................................................224
10.7.2 Operation Procedure ...........................................................................225
10.8 Export Sensor Command (pq_export_sensor.exe) .......................................225
10.8.1 Command Specification ......................................................................225

ix
Contents

10.8.2 Operation Procedure ...........................................................................226


10.9 Control Sensor Command (pq_control_sensor.exe) .....................................227
10.9.1 Command Specification ......................................................................227
10.9.2 Operation Procedure ...........................................................................228
10.10 Inherit Sensor Command (pq_inherit_sensor.exe) .......................................228
10.10.1 Command Specification ......................................................................229
10.10.2 Operation Procedure ...........................................................................230
10.11Customize Configuration Command (pq_customize_config.exe) ...............231
10.11.1 Command Specification ......................................................................231
10.11.2 Operation Procedure ...........................................................................232

Chapter 11 Error Messages ................................................................................. 233


11.1 System Event Log .............................................................................................234
11.2 Event Information in the Event Viewer Window .............................................236
11.3 Messages when Commands are Executed .....................................................244
11.4 Messages Reported by E-mail .........................................................................247
11.5 Messages Reported by SNMP Trap .................................................................256
11.6 Chart Error Messages .......................................................................................268
11.7 Detail Codes for Sensor Self Checks ..............................................................270
11.8 Operation Log ...................................................................................................273
11.8.1 Operation Log Contents ......................................................................275

Appendix A File Format ........................................................................................ 287


A.1 Device Information File Format ............................................................ 288
A.2 Event Information File Format ............................................................. 294
A.3 Sensor Information File Format ........................................................... 295
A.4 Automatic Approval for MAC Address (Vendor ID) File .................... 296
A.5 IP Address Change Notification Exception File ................................. 297
A.6 Automatic Approval for IP Address File ............................................ 297
A.7 Application Information File ................................................................. 298

Appendix B Changing Settings after Starting Operation .................................. 302


B.1 Changing a Window Port Number ....................................................... 303
B.2 Changing the Communications Protocol for the Windows ............... 304

Appendix C Specifications ................................................................................... 306


C.1 Upper Limits for iNetSec Smart Finder System ................................. 307
C.2 List of the Ports used by iNetSec Smart Finder ................................. 308

Appendix D Time Zone ......................................................................................... 309


D.1 Time Zone .............................................................................................. 310

Appendix E Monitor Port Connection ................................................................. 312


E.1 Monitor Port Connection ...................................................................... 313

x
Contents

Appendix F Management Window ....................................................................... 315


F.1 Management Window ............................................................................ 316

Glossary .................................................................................................................. 317

xi
Chapter 1 Overview

Chapter 1 
Overview

This chapter provides an overview of iNetSec Smart Finder.

1.1 What is iNetSec Smart Finder?................................................................................... 2


1.2 iNetSec Smart Finder Features .................................................................................. 3
1.3 iNetSec Smart Finder Functions ................................................................................. 4

1
Chapter 1 Overview

1.1 What is iNetSec Smart Finder?


iNetSec Smart Finder is a network appliance designed to detect, classify and monitor various IT
devices connected to the network, as well as to protect the network from the inside out. It also
monitors applications on the network and the malware activity, and can block from the network
devices attempting to use unwanted applications or devices on which malware has been
detected.
iNetSec Smart Finder also determines the number, type and uptime of devices connected to the
network. These features enables an IT administrator to manage all the IT devices, including
printers and mobile devices, without agent software.
Additionally, iNetSec Smart Finder provides environmental measures such as optimization of
device uptime and reduction of paper consumption.

The following example shows a typical system configured with iNetSec Smart Finder.

Fig 1.1 Outline of System Configured with iNetSec Smart Finder

Management Window

System ad
Syste administrator
st at

Monitors
iNetSec Smart Finder
Manager Manages
Manages information of Manager.

Op
tim
ize iNetSec Smart Finder
Chart

Gra
sp

Integration of device information

Administrator

iNetSec Smart Device Device Chart is used to display device


Finder Sensor information in visual formats such
as tables or graphs.

Blocking Notification
(New Device)

Network user

iNetSec Smart Device Device Device


Finder Sensor

Non-registered device
Registration Form Window appears along
with blocking notification from the network.

2
Chapter 1 Overview

iNetSec Smart Finder consists of the following three items:


 iNetSec Smart Finder Sensor (Sensor)
 iNetSec Smart Finder Manager (Manager)
 iNetSec Smart Finder Chart (Chart)

The following describes each item:


 Sensor
The Sensor is installed on an IP segment basis in the network. The Sensor detects and
classifies the devices connected to the network in the same IP segment. The Sensor
blocks unauthorized devices to access the network. Device users are required to register
in order to have access to the network.
 Manager
The Manager is used for centralized visualization and management of the device
information detected by each Sensor.
The computer where the Manager software is installed on is called "Manager Computer".
The system administrator accesses the Manager using a web browser.
 Chart
Chart is an easy-to-use reporting tool that includes statistical reporting capability. Chart
communicates with the Manager Computer from which it retrieves the devices
information. By using Chart, the administrator can analyze the internal network efficiency.

Attention
 iNetSec Smart Finder does not support IPv6.
 iNetSec Smart Finder can manage a network with a subnet mask between 8 bits
(255.0.0.0) and 30 bits (255.255.255.252).

1.2 iNetSec Smart Finder Features


iNetSec Smart Finder has the following features:
 Centralized management of diversified IT devices
Once iNetSec Smart Finder is connected to the network, it automatically detects all IT
devices connected to specific IP segments without requiring installation of a dedicated
software on individual IT devices. iNetSec Smart Finder then automatically classifies the
device types including PCs, printers and mobile devices.
 Blocking of unregistered PCs and mobile devices
iNetSec Smart Finder blocks unauthorized PCs and mobile devices from accessing the
network. Blocked devices are allowed to access the network after a registration form is
submitted to the system administrator and finally approved.
 Monitoring of applications on the network
iNetSec Smart Finder monitors and detects applications on the network, and displays
them with detailed information. iNetSec Smart Finder enables the creation of application
policies and prohibits the use of untrusted applications.
 Blocking of devices that use untrusted applications
iNetSec Smart Finder blocks the connection of devices that use prohibited applications
and notifies their users.

3
Chapter 1 Overview

 Blocking devices that are infected with remote-control malware


iNetSec Smart Finder detects remote-control malware operating from devices connected
to the network based on their behavior, and blocks the connection of such devices
infected by malware.
 Visualization of IT device information
Chart displays information about the devices connected to the network in the form of
visual analytical reporting such as pie, bar and line charts. These reporting tools will bring
value in terms of continuous improvement, cost reduction, and environmental measures
based on the PDCA cycle method.

1.3 iNetSec Smart Finder Functions


iNetSec Smart Finder has the following functions:

Management of Devices
 iNetSec Smart Finder automatically detects devices and classifies the types of devices
connected to the network (such as Windows PCs, Mac, mobile devices, or printers).
 The information of detected devices is centrally managed in the Device List, and can be
exported to a CSV file. It is also possible to import information on a device via a file in CSV
format.
 Devices that are not connected to the network for a given period of time are automatically
deleted from the Device List.

Attention
 The automatic classification of device types may not be performed for some devices
and network connection types. You can set the device type manually for devices that
are not automatically classified.

4
Chapter 1 Overview

Hint
 For devices such as routers, enabling the SNMP agent function using the device
settings may improve the accuracy of classification.
 iNetSec Smart Finder verifies the device types of classified devices once a week. If
iNetSec Smart Finder fails to classify the device type after verification, the device type
will not be changed.

Prevention of Unauthorized Access to the Network


 The operation modes of iNetSec Smart Finder are Monitoring Mode and Blocking Mode.
In Blocking Mode, only the devices registered in the list of approved devices (white list)
are allowed to access the network. The operation modes can be specified for each IP
segment.
 Whitelists can be created by using the Device List that is generated in Monitoring Mode,
or created by importing a file in CSV format. You can also set policies to add certain
devices to whitelists automatically.
 If network access for a device is not approved, the device will fail to connect to the
network and a dialog box that indicates the reason for the failure will be displayed on such
device via a web browser. At this point, you can display the [Registration] window in the
Web browser to prompt the user to register the device.
 If the administrator approves the registration request, the device is registered into a
whitelist and allowed to access the network. It is as well possible to directly provide
network access after the user’s registration is completed without requiring administrator's
approval.
 In addition, registration approval can be performed via e-mail and the administrator can
approve the registration by replying to the e-mail.
 iNetSec Smart Finder monitors IP addresses used by devices, and notifies the
administrator when the IP addresses are changed. iNetSec Smart Finder can also prevent
network access from a device that uses an IP address other than the IP addresses
assigned by the administrator. Further, it can prevent network access from a device that
uses an IP address outside the IP address range of the IP segment.

Monitoring Applications on the Network


 iNetSec Smart Finder monitors the behavior of devices on the network, detects
applications used by the devices, and displays the status, the amount of data traffic, and
the number of detected devices for each application.
 iNetSec Smart Finder allows to create policies for application usage. iNetSec Smart
Finder blocks a device that is using a prohibited application by disconnecting it from the
network and notifies the user to stop using such application in order to regain network
access.
 Application Monitoring can be disabled per single device or can be setup to only monitor
and not block a device that is attempting to use a prohibited application. These settings
also can be specified for each IP segment.

Malware Detection Based on the Behavior of Devices


 iNetSec Smart Finder monitors the activity of malware controlled by a server in an
external network (C&C server), and detects malware that tries to spread among devices
or to steal information from devices within the internal network.

5
Chapter 1 Overview

 A device that is detected with malware is blocked from network access in order to prevent
malware from spreading or to avoid information being leaked.
 Malware Detection based on behavior of the devices can be disabled per single device or
can be setup to only monitor and not block a device. These settings also can be specified
for each IP segment.

Operation Based on Policies


 With iNetSec Smart Finder, you can create a policy to determine a device control based
on device types, OS, and roles. The policy determines whether the network access is
approved or denied, or whether application or malware is monitored. After the device type
and the OS type are classified, the detected devices are controlled based on a specified
policy.
 You can also set and fix a device control on a device individually and by-pass the pre-
defined policies applied by device type. When you fix a control on a device, any changes
of the policies does not affect the control on the device. For example, this is useful for
devices that are whitelisted by imported file, or devices that need to be managed for
specific users.

IP segment Management by Segment Groups


 iNetSec Smart Finder can group multiple IP segments and manage a group as a Segment
Group.
 Whitelists or policies of application usage can be managed per Segment Group. For
example, permitted devices or permitted applications may be different from department to
department in an organization. In this case you can assign the IP segments in a
department to a Segment Group where certain operations are allowed.

User Account Management


 iNetSec Smart Finder has a system administrator account that can perform all of the
operations including the management of user accounts, and the group administrator
account that can perform operations only on Segment Groups. When using the group
administrator account, you can assign administrators to specific Segment Groups and
give them management rights.
 Also, the read-only user accounts can be set so that users can only view the management
information of specific Segment Groups and cannot change settings.

Visualization of Device Information


 Chart displays the information collected by the Sensor and centrally managed by the
Manager as analytical visual reporting.
 Chart shows uptime of each device, power consumption and, in case of printers, the
amount of printed pages.
 Information displayed by Chart can be printed or exported to a CSV file.

Multiple IP Segment Support


 The Sensor can control up to three IP segments when the port based VLAN is used.
 The Sensor can control up to 16 IP segments when the tagged VLAN is used.

6
Chapter 1 Overview

System Operation Management and Availability


 The Manager provides centralized management of multiple Sensors and controls the
operation mode settings and the operation status of each Sensor. The Manager also
monitors the status of each Sensor and notifies the system administrator in case of errors
via e-mail and/or via SNMP trap.
 The Sensors continue to operate even if the Manager is not running or if the
communication with the Manager is lost.
 In case of multiple Sensors deployed in the network, the Sensors monitor each other.
 The Sensor that detects an error from another Sensor notifies the error to the system
administrator via e-mail and/or via SNMP trap. This function enables the Sensor to notify if
there is a malfunction on other Sensors, even if the Manager is not operating.
 The Manager can be used to stop and restart the Sensors and collect maintenance
information.

7
Chapter 2 System Requirements

Chapter 2 
System Requirements

This chapter describes the system requirements for iNetSec Smart Finder.

2.1 System Requirements for the Manager ...................................................................... 9


2.2 System Requirements for Chart................................................................................ 10
2.3 Required Software .................................................................................................... 11

8
Chapter 2 System Requirements

2.1 System Requirements for the Manager


System requirements for the Manager are as follows:

Supported operating systems


 Windows Server 2008 Service Pack 2 (32-bit)
 Windows Server 2008 R2 Service Pack 1
 Windows Server 2012 without Service Pack
 Windows Server 2012 R2 without Service Pack

Hint
 Any operating system shown above are also supported when running on VMWare
vSphere or on Hyper-V that officially supports the operating system.

Attention
 For Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and
Windows Server 2012 R2, Server Core is not supported.
 The Manager cannot be installed in a domain controller.

CPU
Minimum: 2GHz or faster
Recommended: 4 or more cores, 2GHz or faster

Memory
1GB or higher recommended
(4GB or more as an entire system)

Disk free space


 Static disk space
Installation drive: 150MB
System drive: 2GB
 Dynamic disk space
Installation directory: 1GB or more

Required software
 Any of the following IIS versions depending on the operating system
It is required to install IIS Web server in advance. For details about IIS settings, refer to
"3.2.1 Verifying System Requirements".
 IIS 7.0 (Windows Server 2008)
 IIS 7.5 (Windows Server 2008 R2)
 IIS 8.0 (Windows Server 2012)
 IIS 8.5 (Windows Server 2012 R2)

9
Chapter 2 System Requirements

 .NET Framework 3.5 SP1 or .NET Framework 3.5.1


.NET Framework must be installed in advance. For Windows Server 2008 R2, Windows
Server 2012, and Windows Server 2012 R2, .NET Framework 3.5.1 is included as a
standard requirement which must be enabled. For details about .NET Framework
settings, refer to "3.2.1 Verifying System Requirements".

Hint
 .NET Framework is included in the iNetSec Smart Finder Manager installation DVD.

 Microsoft SQL Server 2008 R2 Express Edition SP2


By installing the Manager, it automatically installs SQL server under Program Files in the
system drive of the Manager Computer.

Conflicting software
Microsoft SQL Server 2005 SP2 or earlier

2.2 System Requirements for Chart


System requirements for Chart are as follows:

Supported operating system


 Windows Vista Service Pack 2 (32-bit)
 Windows Vista Service Pack 2 (64-bit)
 Windows 7 without Service Pack / with Service Pack 1 (32-bit)
 Windows 7 without Service Pack / with Service Pack 1 (64-bit)

CPU
Intel Pentium 4 2GHz or higher recommended

Memory
1GB or higher recommended

Disk free space


 Static disk space
Installation drive: 100MB
User directory: 1GB
 Dynamic disk space
User directory: 1GB or more

Hint
 User directory refers to the user profile directory in the installation drive. If the user
name is "user1" and the installation drive is C drive, the user profile directory in
Windows 7 is "C:\Users\user1".

10
Chapter 2 System Requirements

Required software
 Adobe® Reader® 9.0 or later
 Adobe® AIR® 3.2 or later runtime

2.3 Required Software


This section describes the software environment required for each computer.

2.3.1 Client Device


The client device requires a web browser to display blocking notifications or the Registration
Form window. Most Web browsers are supported with the exception of proxy web browsers such
as Opera mini.

2.3.2 Computer to Access the Manager


Computers accessing the Manager via web browser require the software shown below. These
are used to configure the operation settings from the Management window and to register
network devices.
 Adobe® Reader® 9.0 or later
 Any of the following web browsers:
 Internet Explorer 7
 Internet Explorer 8
 Internet Explorer 9
 Internet Explorer 10
 Internet Explorer 11
To enable JavaScript on Internet Explorer:
 Select [Tools] - [Internet Options] - [Security] - [Local intranet] and click [Custom level].
 In the Security settings, select [Scripting] - [Active scripting] - [Enable].

Hint
 Display the Management window on a screen with a resolution of 1024x768 or higher. If
the web browser window size is reduced, proper display may not be obtained.

2.3.3 Computer to Configure Sensor Settings


Computers used for the basic settings of the Sensors require one of the following web browsers:
 Internet Explorer 7
 Internet Explorer 8
 Internet Explorer 9
 Internet Explorer 10
 Internet Explorer 11

11
Chapter 2 System Requirements

To enable JavaScript on Internet Explorer:


 Select [Tools] - [Internet Options] - [Security] - [Local intranet] and click [Custom level].
 In the Security settings, select [Scripting] - [Active scripting] - [Enable].
Set the pop-up blocker to allow pop-ups (for the site or all sites).

Hint
 Display the Sensor Basic window on a screen with a resolution of 1024 x 768 or higher. If
the web browser window size is reduced, proper display may not be obtained.

2.3.4 Licenses
You must purchase the right license based on the required number of segments. iNetSec Smart
Finder does not manage segments that are not covered by the purchased license. The following
features are not available for the unlicensed segments.

12
Chapter 3 Introduction

Chapter 3 
Introduction

This chapter is an introduction of the Manager and the Sensors and describes the initial creation
of whitelists.

3.1 System Configuration Flow for iNetSec Smart Finder .............................................. 14


3.2 The Manager Installation .......................................................................................... 15
3.3 User Registration ...................................................................................................... 24
3.4 Sensor Installation .................................................................................................... 25
3.5 Segment Group Creation and Assignment ............................................................... 30
3.6 Creation of Whitelists ................................................................................................ 31
3.7 Changing Segments to Blocking Mode ..................................................................... 33
3.8 Operation Mode Settings of Application Monitoring and Behavioral IPS (Malware
Detection)................................................................................................................. 34

13
Chapter 3 Introduction

3.1 System Configuration Flow for iNetSec


Smart Finder
The following shows the system configuration flow for iNetSec Smart Finder.

Fig 3.1 System Configuration Flow for iNetSec Smart Finder

"3.2 The Manager Installation"


"3.3 User Registration" (*1)

"3.4 Sensor Installation"


"3.5 Segment Group Creation and Assignment" (*1)

"7.3 Installing Chart" (*2)

"3.6 Creation of Whitelists" (*3)


"3.7 Changing Segments to Blocking Mode" (*3)

"3.8 Operation Mode Settings of Application Monitoring and Behavioral IPS (*4)
(Malware Detection)"

To operation

: Required operation

: Operation performed as
required

*1: Required to control user access on a Segment Group.


*2: Installed on the computer of an IT administrator for reporting charts.
*3: Required to block non-approved devices in the network.
*4: Required to use the Application Monitoring feature or the Behavioral IPS (Malware Detection) feature.

14
Chapter 3 Introduction

3.2 The Manager Installation


This section describes the installation process for the Manager.
1. Verify the system requirements
2. Confirm the environment setting before installation
3. Install the Manager
4. Check the operation and change the password after installation
5. Confirm the environment setting after installation

3.2.1 Verifying System Requirements


Prior to installing the Manager, verify the computer operating environment where the Manager
will be installed.
For details about the system requirements for the Manager, refer to "2.1 System Requirements
for the Manager".

Verifying Internet Information Services (IIS)


IIS is required for the Manager operating environment.
After installing the Manager, verify the following operating system of the Manager Computer:
 For Windows Server 2012 and Windows Server 2012 R2
 From the [Start] menu, select [Control Panel] - [Administrative Tools] - [Server
Manager].
 From the [Server Manager] console, select [Add roles and features].
 Open the [Select Server Role] window and select [Web Server(IIS)].
 Open the [Select Role Services] window and select [Web Server] - [Common HTTP
Features] - [Static Content], and [Web Server] - [Application Development] -
[ASP.NET 3.5].
 Open the [Confirm installation selections] window and click [Specify an alternate
source path].
 Set source path and click [OK].
Example of source path: (DVD drive):\Sources\SXS
 Mount the installation media of the Operating System and click [Install].
 For Windows Server 2008 and Windows Server 2008 R2
 During installation of IIS, open the Select Role Services window and select [Web
Server] - [Application Development] - [ASP .NET].
 From [Server Manager], select [Roles] - [Web Server (IIS)] and then select [Add Role
Services] from the context menu. Expand [Web Server] - [Common HTTP Features],
and select [Static Content].

15
Chapter 3 Introduction

Checking .NET Framework


.NET Framework is required for the operating environment of the Manager.
Install .NET Framework described in "2.1 System Requirements for the Manager".
For Windows Server 2008 R2, .NET Framework 3.5.1 is included as a standard requirement
which must be enabled.
To enable .NET Framework 3.5.1 on Windows Server 2008 R2, Windows Server 2012, and
Windows Server 2012 R2, operate the following procedure:
 For Windows Server 2012 and Windows Server 2012 R2
 From the [Start] menu, select [Control Panel] - [Administrative Tools] - [Server
Manager].
 From the [Server Manager] console, select [Add roles and features].
 Open the [Select Features] window and select [.NET Framework 3.5 Features].
 For Windows Server 2008 R2
 From the [Start] menu, select [Control Panel] - [Administrative Tools] - [Server
Manager].
 From the Server Manager console, select [Features] - [Add Features] - [.NET
Framework 3.5.1 Features] - [.NET Framework 3.5.1].

3.2.2 Confirm environment setting before installation


Configure the settings for the network used by iNetSec Smart Finder, firewall settings and DNS
server/HTTP proxy server settings.

Setting Network Used by iNetSec Smart Finder


To install the Manager, the settings shown below are required:
 Communications protocol for the Manager (HTTPS is not enabled by default)
Select whether to use HTTPS or not as the protocol when communicating with the
Sensors, web browsers to display management windows, or Chart.
 Communications port for the Sensor (default: 8877)
Select the port number used for communication between the Manager and the Sensor.
This port is also used for Sensor to Sensor Status Monitoring. When using HTTPS as the
communications protocol for the Manager, the communications port between the
Manager and web browsers is used as the communications port between the Manager
and the Sensors.
 Communications port for web browsers (default: 8109)
Select the port number used for communication between web browsers and the Manager
to display management windows. The specified port is also used for communication
between Chart and the Manager and, when using HTTPS, for communication between
the Sensors and the Manger.

16
Chapter 3 Introduction

Setting the Firewall


The Manager Computer requires exception settings for personal firewalls to enable
communication. The Manager uses the ports listed in the table below.
Table 3.1 List of Ports Available to the Manager

Receiving Port (Default) Protocol Communication Sender Remarks

8877 (*1) TCP Sensor Used for communication


between the Sensor and the
Manager.
8109 (*2) HTTP  Sensor Used for communication
between the Manager and a
or  A web browser that
web browser or Chart. Also
HTTPS displays the management used for communication
windows or Chart. between the Sensors and the
Manager when HTTPS is
used.

*1: Can be modified during the Manager installation. Configuration for the Sensor is also required.
*2: Can be modified during the Manager installation.

Depending on the Manager's firewall settings, the port numbers of the devices that the Manager
communicates with may be limited. The Manager must communicate with other devices. To
ensure communication, port number configuration on the firewall settings may be required.

Table 3.2 Communication Receiver and Port Number for the Manager

Communication
Communication Receiver Port
Number Protocol Remarks
Receiver
(Default)

Sensor 80 HTTP Used to collect the Sensor maintenance


information by specifying the IP address.
SMTP Server 25 (*) SMTP Used when E-mail notification is enabled.
SNMP Manager 162 UDP Used when SNMP Trap is enabled.

*: Can be modified using System settings in the Management window.

Hint
 Refer to "C.2 List of the Ports used by iNetSec Smart Finder" for the Manager and the
Sensor receiving port list.

Setting DNS Server


The Manager determines the host name from IP addresses using Reverse DNS Lookup.
For the Manager Computer, set the name resolution method using the DNS server
information or HOSTS file definition. If these settings are not set on the Manager, iNetSec
Smart Finder may not operate properly or processing performance may be affected.
Under a network environment where reverse DNS lookup is unavailable for the device IP
address in Manager Computer, select "No" for [Reverse DNS Lookup] in "4.8.4 System
Settings".

17
Chapter 3 Introduction

Setting HTTP Proxy Server


To set the proxy using Proxy Automatic Configuration (PAC), specify the server where the
PAC file is available as Exception Server. Refer to "4.8.3.3 Block/Approve Devices".

3.2.3 Installing the Manager


This section describes how to install the Manager.

Attention
 Installing the Manager requires Windows administrator privileges.
 The Manager cannot be installed in the following folders:
 Shared folders on the network
 Compressed folders
 Encrypted folders
 Folders on a file system other than NTFS
 The Manager cannot be installed over a previous version. If the Manager is already
installed, uninstall it and then install a new version of the Manager.
 If [HTTPS] is selected for [Configure to communication] in Manager installation, a self-
signed certificate is imported. An authorized certificate is required and must be imported
in accordance with the customer's environment.

[Procedure]
1. For installation, insert the Manager DVD.

Attention
 When using a remote desktop, the Manager cannot be installed with a UNC path.

2. If D drive is used as the DVD drive, execute the following:

D:\setup.exe

 The setup window appears.

18
Chapter 3 Introduction

3. Click [Next].

4. Select [I accept the terms in the License Agreement] and click [Next].

19
Chapter 3 Introduction

5. Click [Next].

6. To enable encrypted communication between the Manager and the Sensor, click [Detail].
If the encrypted communication is not required, click [Next].

 To select the installation language, click [Detail].


Clicking [Next] displays the window for the destination folder selection. Proceed to
Step 8.

20
Chapter 3 Introduction

7. Select the language used and click [Next].

8. Specify the installation folder and click [Next].


Or click [Browse] and select the folder.

 The window for setting communication between the Manager and the Sensor appears.
When [Next] is clicked, the communication setting window appears.

21
Chapter 3 Introduction

9. Configure the Manager and the Sensor settings as shown below and click [Next].

 Port number used for communication between the Manager and the Sensor.
 To enable encrypted communication between the Manager and the Sensor.
 Port number used for encrypted communication.

Hint
 The protocol and port number used for the Management window can be modified after
installation. For details about how to change the protocol, refer to "B.2 Changing the
Communications Protocol for the Windows". For details about how to change the port
number, refer to "B.1 Changing a Window Port Number".

10. Click [Install].

22
Chapter 3 Introduction

11. Click [Finish].

3.2.4 Installation Confirmation


Log in to the Management window to confirm that the Manager is properly installed. Refer to "4.1
Logging in to the Manager".
Perform the following operations:
 Changing Password for "admin" User.
The password can be changed from the System Configuration window of the
Management window. Refer to "4.8.2 User Specific Settings".
 Setting Mail Server Information and Address for Receiving E-mail Notification.
To enable e-mail notification, set the mail server information and e-mail address. The mail
server and e-mail address can be set from the System Configuration window of the
Management window. Refer to "4.8.3.1 Notification".
 Applying SQL Server Security Update Program.
Immediately after the Manager is installed, the SQL security program needs to be
updated. To apply the current security program for the SQL Server, execute Microsoft
Update.
 Entering the license key.
Enter the license key described in the Segment License Certificate you have obtained to
activate the segment licenses. Refer to "4.8.4 System Settings".

23
Chapter 3 Introduction

3.3 User Registration


By creating user accounts with limited privileges of accessing the Manager, you can assign
limited permissions to manage in specific Segment Groups only. The users of such accounts can
manage only the Segment Groups assigned to them and the administrator manages these
permissions. Refer to "4.5.2 Adding and Updating Users" and "3.5 Segment Group Creation
and Assignment".

The following describes the user role type and available functions.

Table 3.3 User Role Type and Available Functions

User Role Available Function

System The following operations are available for all Segment Groups:
Administrator  Connected device management
 Application monitoring
 Sensor management
 User management
 Segment group management
 Event Information view
 System Configuration
"admin" is registered as default. Up to 50 accounts including "admin" can be set for this
user role.
Group The following operations are available for specific Segment Groups:
Administrator  Connected device management
 Application monitoring
 Sensor management
 Event Information view
 System configuration
Up to 10 accounts of Group Administrator and Read-only users can be set per Segment
Group.
Read-only Browsing is available for specific Segment Groups. Operations such as device registration
and approval processing are not available. Setting the user information is available.
 Connected device management
 Application monitoring
 Sensor management
 Event Information view
 System configuration
Up to 10 accounts of Group Administrator and Read-only users can be set per Segment
Group.

24
Chapter 3 Introduction

3.4 Sensor Installation


There are two types of the Sensor installations described below.
 Settings for a 3 port configuration
Each Sensor port connects to an IP segment. The Sensor monitors/blocks up to three IP
segments.
 Settings for a tagged VLAN configuration
One Sensor port connects to a VLAN trunk port used on a network switch. The Sensor
monitors/blocks up to 16 IP segments.

For both configurations, you can configure one or two Sensor ports as Monitor Ports. A Monitor
Port is an optional port to monitor network communication. This port enables iNetSec Smart
Finder to enhance device classification capability. This port is required in order to use the
Application Monitoring feature and the Behavioral IPS (Malware Detection) feature. A Monitor
Port connects to a mirror port on a network switch or a monitor port on a network tap. Although
up to 2 ports can be Monitor Ports for a network tap without aggregation feature, The Sensor can
only connect to one network switch or one network tap.

Attention
 Do not install multiple Sensors in one IP segment.
 To use the Sensors shown below, initialize the Sensor in advance or erase the data in the
Sensor.
 The Sensor deleted from the Sensor list on the Sensors window
 The Sensor connected to a different Manager
Refer to "5.4 Initializing the Sensor" or "5.7 Erasing Data from the Sensors".
 iNetSec Smart Finder cannot manage an environment where multiple IP segments are set
for a single VLAN ID (where one VLAN is divided by the secondary IP). If this is the case,
set the VLAN ID for each segment on the switch side. In the Sensor Basic Setting window
for tagged VLAN configuration, specify the VLAN ID that was set on the switch side for the
LAN 2 port of each IP segment. For details about the Sensor Basic Setting window, refer
to "5.5.2 Tagged VLAN Configuration".

To install the Sensor, follow these steps:


1. Logging in to the Sensor
2. Configuring settings for the Sensor
3. Installing the Sensor
4. Checking operation after installing the Sensor
The following sections describe each step.

25
Chapter 3 Introduction

3.4.1 Logging in to the Sensor


To setup the Sensor, log in to the Sensor using the following procedure:

[Procedure]
1. Prepare a computer to be used for the basic settings for the Sensor (referred to as "setting
PC" hereinafter). The setting PC requires a web browser. Refer to "2.3.3 Computer to
Configure Sensor Settings".
2. Specify the IP address of the setting PC to enable connection to the Sensor via the
network.
Example: 192.168.0.254
IP address of the setting PC Specify an IP address of the network to which the Sensor belongs.
The default IP address of the Sensor is set to 192.168.0.253.

Subnet mask of the setting 255.255.255.0


PC

3. Connect the setting PC and the Sensor to the network.


a. Connect the setting PC to the LAN0 port of the Sensor. You can use a straight cable,
a crossover cable, or a hub for connection.
b. Turn on the Sensor. If the Sensor is turned on without the basic settings for the Sensor
configured, the POWER LED lights up in green with the SENSOR LED off after the
Sensor startup process completes.
4. Access the following URL from the web browser on the setting PC:

http://192.168.0.253:81/

To log in to the Sensor for which the basic settings are already configured, access the
following URL from the web browser on a computer accessible to the Sensor via the
network:

http://<Sensor IP address>:81/

26
Chapter 3 Introduction

The following Sensor login window appears:

5. Enter the System Administrator ID "admin", password "sysadmin" and click [Login].

Attention
 If the Sensor is communicating with the Manager, use the login password of "admin"
specified by the Manager. To change the password, refer to "4.8.2 User Specific
Settings".

 When login to the Sensor is completed, the Sensor Basic window appears.

3.4.2 Configuring Settings for the Sensor


The Sensor Basic Setting window for the Single Segment Settings appears with the factory
default settings.
Different types of settings are used depending on the Sensor installation type. Use the following
procedure to display the corresponding Sensor Basic Setting window, and enter values in each
field.
Refer to "5.5 Sensor Basic Settings Window".

[Procedure]
1. According to the Sensor installation type, perform the following operations in the Sensor
Basic Setting window:
 For a 3 port configuration
The window for a 3 port configuration appears by default.
 For a tagged VLAN Setting
Click [Switch to tagged VLAN configuration].
2. Configure the network information and click [Apply].
3. Once the Sensor basic settings are set, disconnect the network cable from the Sensor
and stop the Sensor. Refer to "5.3 Stopping the Sensor".

27
Chapter 3 Introduction

Attention
 Do not stop the Sensor until application of the settings in the Sensor Basic Setting
window is completed.
 The Sensor operation status can be identified from the LED status. Refer to "5.1
Components of the Sensor".

Hint
 If a gateway does not exist in the network configuration, set the Gateway IP address
using an IP address in the same IP segment such as the IP address of Manager
Computer.
 If you cannot configure the Sensor settings due to an incorrect IP address or a
forgotten IP address, initialize the Sensor. Refer to "5.4 Initializing the Sensor".

3.4.3 Installing the Sensor


Connect the Sensor to the network as described in the following sections.
 When you do not use Monitor Ports, refer to "3.4.3.1 Installation without Monitor Ports".
 When you use Monitor Ports, refer to "3.4.3.2 Installation with Monitor Ports".

After you connect the Sensor to the network, press the Power button to start the Sensor.

Hint
 The SENSOR LED on the front panel of the Sensor is off after the Sensor starts.
When the Sensor is able to communicate with the Manager, the SENSOR LED turns
green.

3.4.3.1 Installation without Monitor Ports


Connect the Sensor to the network as described below.

For a 3 port configuration


Connect each Sensor port to a port on a switch for each IP segment to be monitored/
blocked.
Use the LAN0, LAN1, or LAN2 port to connect to up to three IP segments.

For a tagged VLAN configuration


Connect the LAN 2 port to a VLAN trunk port on a network switch. You can use the LAN 0
port as a dedicated port for communication with the Manager or other Sensors by
connecting the LAN 0 port to a network switch on the IP segment where the Manager or
other Sensors are located.

28
Chapter 3 Introduction

3.4.3.2 Installation with Monitor Ports


Connect a Monitor Port with a mirror port on a network switch or a network tap. For Monitor Port
connection, refer to "Appendix E Monitor Port Connection".
Connect other ports on the Sensor as described below.

For a 3 port configuration


Connect each Sensor port to a port on a switch for each IP segment to be monitored/
blocked.
 When you use one Monitor Port, use the LAN 0 or LAN 2 port to connect to up to two IP
segments.
 When you use two Monitor Ports, use the LAN 0 port to connect to an IP segment.

Attention
 For the monitoring and controlling of two IP segments via a Monitor Port, the IP
segments should be connected to the same network switch enabling the Monitor Port
to connect to a single monitoring point.

For a tagged VLAN configuration


 When you use one Monitor port, connect the LAN 2 port to a VLAN trunk port on a
network switch. You can use the LAN 0 port as a dedicated port for communication with
the Manager or other Sensors by connecting the LAN 0 port with a network switch on the
IP segment where the Manager or other Sensors are located.
 When you use two Monitor Ports, connect the LAN 0 port with a VLAN trunk port on a
network switch.

3.4.4 Checking Operation after Installing the Sensor


From the Sensors window, verify if the Sensor is operating properly and communicating with the
Manager. Refer to "4.4 The Sensor Management".

[Procedure]
1. Confirm that the SENSOR LED is green.
2. Log in to the Manager from your web browser.
3. Select the [Sensors] tab.
4. Confirm that the information of the installed Sensor appears and the operation status is
"Normal".
5. Select the [Segment List] tab and display the segment list.
6. Confirm that all IP segments to which the Sensor connected appear in the segment list
with the following status:
 Operation Mode: "Monitoring Mode"
 Notification: "Do No Notify"
 Segment Group Name: "default"

29
Chapter 3 Introduction

Attention
 It takes approximately 10 minutes until the installed Sensor's information appears in the
Sensor window.
 If the installed Sensor's information is not displayed in the Sensor window and the
SENSOR LED is amber, confirm the network environment between the Manager and the
Sensor. If no problems are found in the network status, restart the Sensor.

3.5 Segment Group Creation and


Assignment
To enable access control, the settings shown below are required in the following order:
1. Segment Group Registration
Create a Segment Group. Immediately after installation, a Segment Group named
"default" is created. Segment groups can be created from the Segment Group Information
window. Refer to "4.6.2 Adding and Changing Segment Groups".
2. Segment Assignment
Assign segments to the created Segment Group. You cannot assign a segment to
multiple Segment Groups. A segment that is not assigned to a Segment Group belongs to
the "default" Segment Group. Segments can be assigned from the Segment Group
Registration window or the Segment Group Information window. Refer to "4.6 Segment
Group Management".
3. Setting Segment Groups to registered users
Assign Segment Groups to the registered users. Segment groups are assigned from the
User Information window or the User Information window. Refer to "4.5 User
Management".

Hint
 Sensor to Sensor Status Monitoring is performed between the Sensors within a Segment
Group.

30
Chapter 3 Introduction

3.6 Creation of Whitelists


Whitelists are lists of devices having "Approved" status in the Devices window. Devices labeled
as "Detected" can be "Approved" or "Rejected". After the Manager is installed and the Sensor is
installed to each IP segment, create a whitelist before starting operation.

The following methods are available to create a whitelist:


 After collecting the information about the connected device, the administrator determines
if the devices connected is "Approved" or "Rejected" for network access.
 Set the approval status of the device information to "Approved" before importing the
information.

The device information collected by the Sensor has an "approval status" that indicates if the
device has been approved for connections to the network as shown below.
 Detected
The Sensor detects a new device. No approval status has been assigned yet.
 Approved
The device is approved for network access by the system or the Group Administrator.
 Rejected
The device is not approved for network access by the system or Group Administrator.

3.6.1 Collecting Device Information


You can create a whitelist by setting the approval status per the device in the Devices window.
The device approval status can be set per Segment Group basis.
Group administrators assigned to the Segment Groups can set the approval status.

[Procedure]
1. Install the Sensor to cover each IP segment.
Each Sensor detects the devices connected to the corresponding IP segments and
notifies the Manager. Until all the managed devices are connected to the network,
information is not collected by the Manager.

Hint
 The Sensors send ARP requests with one-second intervals to all IP addresses in
an IP segment at 12:00 a.m. every day. The Sensor detects devices such as
printers and web cameras that do not send ARP requests on their own. This
function is enabled only if the netmask of the IP segment is 16 bit (255.255.0.0) or
greater.

2. Verify the collected device information from the Devices window.


For details on how to display the Devices window, refer to "4.2 Managing Connected
Devices".

31
Chapter 3 Introduction

Hint
 An approved device type can be specified in [Enable following setting as policy] in the
System Configuration window. Refer to "4.8.3.3 Block/Approve Devices".

For the following devices, the approval status and the Application Monitoring mode
are automatically set to [Approved] and [Monitor Only] respectively.
 Manager Computer
 Gateway set for the Sensor
 External Registration Form Server
 Exception Server
 In the default settings, the approval status, the Application Monitoring mode and the
Behavioral IPS (Malware Detection) mode for each device type are as follows:
Approval Application Behavioral IPS
Device Type
Status Monitoring (Malware Detection)

"Windows", "Mac",  Detected Monitor & Block Monitor & Block


"Linux/UNIX", "Mobile Devices",
"Unclassified", "Classifying"
"Routers/Switches" Detected Disabled Monitor Only
"NAS" Detected Disabled Monitor & Block
"Others" Detected Disabled Monitor Only
"Printers", "Scanners",  Approved Disabled Monitor Only
"VoIP Phones"
"Kiosk Terminals" Approved Monitor Only Monitor & Block

Attention
 While creating whitelists, set the approval status of switches, routers, wireless access
points and authentication switches to "Approved". If the Sensor is switched to blocking
mode while the above-mentioned devices are in a different status, the following
problems may occur.
 Connection (such as telnet) to the device is blocked.
 Monitoring of the device results in an error.
 The redirection process of the authentication switch operates improperly on the
authenticated network.

3. The Sensor installed in each IP segment controls the network connection of each device
by changing the approval status as shown below.
Approval Status Sensor Operation

Approved The device is approved to access the IP segment in the Segment Group.
Rejected The device is blocked from accessing the IP segment in the segment group.

Refer to "4.2 Managing Connected Devices".

The information can be exported to a CSV file. Refer to "4.2.5 Importing Device
Information from a File" and "4.2.6 Exporting Device Information to a File".

32
Chapter 3 Introduction

3.6.2 Importing Device Information


If the approved devices are recognized, you can set the "Approval Status" in the Device
Information file. Import the Device Information file to the Manager. Refer to "A.1 Device
Information File Format" and "4.2.5 Importing Device Information from a File".

3.7 Changing Segments to Blocking Mode


To block unauthorized devices, change the operation mode of each segment from "Monitoring
Mode" to "Blocking Mode" after creating whitelists. Refer to "4.4.3.2 Changing Segment
Operation Mode".

The segment has the following operation modes:


 Monitoring Mode
The mode used to detect the devices connected to the network and collect device
information.
 Blocking Mode
The mode used to block devices "Registered" for the network. Blocking mode has the
following functions:
 Unblock After Registration
Connection to the network is unblocked if the network user submits a registration from
the blocked device.
 Unblock After Approval
If the System or Group Administrator approves the request, the device is unblocked.

To approve the blocked devices, registration for network access must be submitted. Refer to "4.9
Registration Form Window".

Attention
 Create whitelists to use Segment Groups after they are created and configured.

Hint
 No Registration is required for newly detected devices in the following conditions. These
devices are automatically approved.
 Devices with [Enable following setting as policy] selected.
Refer to "4.8.3.3 Block/Approve Devices".
 Devices with "Role".
Refer to "Table 4.4 Device Information Window and Device Registration Window
Items".

33
Chapter 3 Introduction

3.8 Operation Mode Settings of


Application Monitoring and Behavioral
IPS (Malware Detection)
In order to use the Application Monitoring feature or the Behavioral IPS (Malware Detection)
feature, set the operation modes of such features.

Application Monitoring and Behavioral IPS (Malware Detection) can be set in the three following
operation modes:
 Disabled
iNetSec Smart Finder does not monitor or control application usage or malware behavior
on the network.
 Monitor Only
iNetSec Smart Finder monitors application usage or malware behavior on the network,
but does not block devices even if prohibited applications are used or malware behavior is
detected.
 Monitor & Block
iNetSec Smart Finder monitors application usage or malware behavior on the network
and blocks devices if prohibited applications are used or malware behavior is detected.

You can determine the operation mode of Application Monitoring and Behavioral IPS (Malware
Detection) per IP segment. This process would help gradually introducing each feature per
Segment Group. For setting the operation mode for an IP segment, refer to "4.4.1.2 Segment
List Tab".

Attention
 To enable Application Monitoring or Behavioral IPS (Malware Detection), you need to
configure a Monitor Port. For the configuration of a Monitor Port, refer to "3.4 Sensor
Installation" and "5.5 Sensor Basic Settings Window".
 In Behavioral IPS (Malware Detection), malware behavior is monitored separately for the
communications to the external network and for the communications within the internal
network. Therefore, to enable this feature, you need to set the network configuration in
iNetSec Smart Finder. For the network configuration settings, refer to "4.8.3.8 Network
Definition".

You can also apply an operation mode per device, which enables you to exclude some devices
from Application Monitoring or Behavioral IPS (Malware Detection). The actual operation mode
of Application Monitoring feature or Behavioral IPS (Malware Detection) feature is determined by
the combination of modes of devices and IP segments that the device connects to as follows.
For details on the operation mode settings, refer to "4.2.3 Selecting and Operating Devices",
"4.2.4 Device Information Updating and Registering" and "4.9 Registration Form Window".

34
Chapter 3 Introduction

Operation Modes of the IP Segment


Operation Mode of the Device
Disabled Monitor Only Monitor & Block

Disabled Disabled Disabled Disabled


Monitor Only Disabled Monitor Only Monitor Only
Monitor & Block Disabled Monitor Only Monitor & Block

Hint
 For Application Monitoring, the following types of communications are not monitored nor
blocked.
 Communications with applications running on the Manager Computer
 Communication between a blocked device and the Exception Servers
 Application access from any IP segment that the Sensors does not manage
 Behavioral IPS (Malware Detection) does not monitor or block communication between
the Manager and the Sensor.

35
Chapter 4 The Manager Operations

Chapter 4 
The Manager Operations

This chapter describes the Manager operations, after a first introduction.

4.1 Logging in to the Manager ........................................................................................ 37


4.2 Managing Connected Devices .................................................................................. 40
4.3 Application Management .......................................................................................... 55
4.4 The Sensor Management ......................................................................................... 56
4.5 User Management .................................................................................................... 68
4.6 Segment Group Management................................................................................... 74
4.7 Viewing Event Information ........................................................................................ 78
4.8 The Manager System Configuration ......................................................................... 80
4.9 Registration Form Window...................................................................................... 106
4.10 Using External Registration Form ........................................................................... 114
4.11 Notes on Operation ................................................................................................. 120

36
Chapter 4 The Manager Operations

4.1 Logging in to the Manager


The Management window interface manages the iNetSec Smart Finder system.
You can display the Management window by logging in to the Manager from the web browser on
the computer that has network access to the Manager.

4.1.1 Login
To display the Login window, type the following URL in the Web browser:

For HTTP:

http://<host name or IP address of the Manager Computer>:<port number>/pfudac/manager/Login.aspx

For HTTPS:

https://<host name or IP address of the Manager Computer>:<port number>/pfudac/manager/Login.aspx

Hint
 Specify the port number indicated when installing Manger (default: 8109).
 The user name "admin" and the Password "sysadmin" are installed as the default
credential.

To log in to the Manager, enter a user name and password, and click [Login].

37
Chapter 4 The Manager Operations

Attention
 You can log in to the Manager simultaneously from multiple computers and use various
Management windows. However, if the same setting is modified from multiple computers,
the most recent setting is valid.
 If no operation is performed after login for 30 minutes or longer, a session timeout occurs.
 To start multiple Management windows, open a web browser window for each new
window. If a single web browser is used to display multiple Management windows, the
windows might not work correctly.

4.1.2 Management Window


The Management window appears when the user logs in to the Manager. The following
describes the items present in the Management window.

(3)
(1)

(2)

38
Chapter 4 The Manager Operations

Table 4.1 Management Window Items

No. Setting Item Description

(1) Menu Clicking one of the following menus displays a window that corresponds to the menu
in the main display area.
(2) Main display
area  [Devices] Menu
The Devices window appears.
 [Applications] Menu
The Applications window appears.
 [Sensors] Menu
The Sensors window appears.
 [Users] Menu
The Users window appears.
 [Segment Groups] Menu
The Segment Groups window appears.
 [Events] Menu
The Event Viewer window appears.
 [System] Menu
The System Configuration window appears.
(3) This User's Guide appears in a new window. The window opens with the page
describing the window currently shown in the main display area.

Logout Logs out from the Manager and gives to the Login window.
User Name Displays the user name currently logged in to the Manager. In the above example,
"admin" is shown.

Attention
 Make sure that you enable JavaScript in your web browser settings.
 Do not use the web browser's [Back] and [Forward] buttons.

4.1.3 Logout
To log out from the Manager, click [Logout] in the Management window.

39
Chapter 4 The Manager Operations

4.2 Managing Connected Devices


To manage the devices connected to each segment, use the Devices window.
The Device window appears when the [Devices] menu is selected in the Management window.
In the Devices window, you can filter and sort the device information. You can also approve/
reject the devices and update the device information.

4.2.1 Devices Window


The following describes the items in the Devices window.

Table 4.2 Devices Window Items

Setting Items Description

Status tab To filter the Device List by device status, select one of the following tabs.
[Detected/  [Detected/Requested] tab
Requested] tab Displays devices with a "Detected" or "Requested" status. Device that is
[Approved] tab blocked from the network because of malware detection is also displayed if the
[Rejected] tab approval status is one of these statuses.
[Missing/Disposed]  [Approved] tab
tab
[All] tab Displays devices with an "Approved" status. Device that is blocked from the
network because of malware detection is also displayed if the approval status
is one of these statuses.
 [Rejected] tab
Displays devices with a "Rejected" status. Device that is blocked from the
network because of malware detection is also displayed if the approval status
is "Rejected".
 [Missing/Disposed] tab
Displays devices not connected for a long period of time. Refer to "4.8.3.3
Block/Approve Devices".
 [All] tab
Displays all devices.

40
Chapter 4 The Manager Operations

Setting Items Description

Filtering To filter the Device List, specify the following conditions. Refer to "4.2.2.1 Filtering
Device Information".
 Approval Status
 Application Monitoring
 Behavioral IPS (Malware Detection)
 Segment Group Name
 Segment
 MAC Address
 Note
 Sensor Name
 NetBIOS name
 IP Address/Host Name
 Show devices with Validity Period
Click the "Filtering" title bar to show/hide the filtering conditions. or
appears on the title bar on the right side.
Filtering Displays the filtered results in the Device List.
Device List Up to 100 items can be displayed in the list. Refer to "4.2.2 Displaying Device
Information".
Registered Displays the number of devices, including devices with the same MAC address in
Devices "X/Y" format. X is the number of registered devices after filtering, and Y is the total
number of registered devices.
Detected Devices Displays the number of all detected devices, excluding devices with the same MAC
address in "X/Y" format. X is the number of detected devices after filtering, and Y is
the total number of detected devices.
Displays the Device Registration window. Refer to "4.2.4 Device Information
Updating and Registering".

Displays the Export window. Refer to "4.2.6 Exporting Device Information to a File".

Displays the Import window. Refer to "4.2.5 Importing Device Information from a
File".

Displays the Choose Display Columns window. In the Choose Displayed Columns
window, you can select the items to be shown in the Device List. Refer to "4.2.2.3
Displaying Selected Items in Network Device Lists".
Select whether to display the local time or the time according to the time zone in
the Device List.

Updated time Displays when the window was last updated.


Refreshes the window with the most recent information.

Approve Sets the status of the selected device to "Approved" Refer to "4.2.3 Selecting
and "Individual Policy". and Operating Devices".
Reject Sets the status of the selected device to "Rejected"
and "Individual Policy".
Change Device Setting Sets the Application Monitoring and Behavioral IPS
(Malware Detection) modes, and clear the malware-
detected status.
Delete Deletes the device information.

41
Chapter 4 The Manager Operations

4.2.2 Displaying Device Information


This section describes the filtering options in the Devices window.

4.2.2.1 Filtering Device Information


You can filter the device information by the conditions described below. If you specify multiple
conditions, the Device List displays the device information with all of the specified conditions.
 Approval Status
Select the approval status for the targets to be filtered.
Devices will be filtered according to the selected approval status.
 Detected
 Requested
 Approved
 Rejected
 Individual Policy
 Preassigned Policy
 Application Monitoring
Select an Application Monitoring mode for the target to be filtered.
Devices will be filtered according to the selected mode.
 Disabled
 Monitor Only
 Monitor & Block
 Individual Policy
 Preassigned Policy
 Behavioral IPS (Malware Detection)
Select a Behavioral IPS (Malware Detection) mode for the target to be filtered. Devices
will be filtered according to the selected modes.
 Disabled
 Monitor Only
 Monitor & Block
 Individual Policy
 Preassigned Policy
 Malware Detection Result
 Detected
 Not Detected
 Segment Group Name
Specify 32 or less letters to filter the information by partial matching.
 Segment Name
Specify 32 or less letters to filter the information by partial matching.
 MAC Address
Specify 17 or less alphanumeric letters and the MAC address delimiters to filter the
information by partial matching. Colons (:) and hyphens (-) can be used as delimiters.
MAC addresses without delimiters can also be used to filter the information.

42
Chapter 4 The Manager Operations

 Note
Specify 256 or less letters to filter the information by partial matching. Search targets are
"Note 1", "Note 2", and "Note 3".
 Sensor Name
Specify 32 or less letters to filter the information by partial matching.
 NetBIOS
Specify 16 or less letters to filter the information by partial matching.
 IP Address/Host Name
Specify letters to filter the IP addresses or device host name by partial matching.
 Show devices with Validity Period
Specify whether to include devices with Validity Period Approval.
Selecting the checkbox displays all of the devices, including devices without Validity
Period Approval. Clearing the checkbox filters devices without Validity Period Approval.

4.2.2.2 Displaying Device List


The following information can be displayed in [Device list]. The items to be displayed and their
display order can be selected in the Choose Display Columns window. Refer to "4.2.2.3
Displaying Selected Items in Network Device Lists". Devices can be sorted by one of the items
that are underlined in the Device List header. The symbol ▼ (descending) or ▲ (ascending)
appears on the right side of the item.
 IP Address
The IP address of the network device detected by the Sensor during the last connection.
When a single MAC address has multiple IP addresses, the IP address first detected is
displayed.
 MAC Address
The MAC address of the network device detected by the Sensor.
 MAC Vendor
The vendor name assigned to the MAC address.
The vendor name is defined by the OUI (the first 24 bits of the MAC address) registered at
IEEE.
 Approval Status
The approval status for network access is represented by icons. One of the following
statuses is displayed:

 [Detected] [Preassigned Policy]

 [Detected] [Individual Policy]

 [Requested] [Preassigned Policy]

 [Requested] [Individual Policy]

 [Approved] [Preassigned Policy]

 [Approved] [Individual Policy]

 [Rejected] [Preassigned Policy]

43
Chapter 4 The Manager Operations

 [Rejected] [Individual Policy]


 Policy Settings
Policy settings of the device are represented by icons. Icons on the left column are for
Application Monitoring modes, and icons on the right column are for Behavioral IPS
(Malware Detection) modes. One of the following statuses is displayed:
Left column: [Application Monitoring]

 [Disabled] [Preassigned Policy]

 [Disabled] [Individual Policy]

 [Monitor Only] [Preassigned Policy]

 [Monitor Only] [Individual Policy]

 [Monitor & Block] [Preassigned Policy]

 [Monitor & Block] [Individual Policy]


Right column: [Behavioral IPS (Malware Detection)]

 [Disabled] [Preassigned Policy]

 [Disabled] [Individual Policy]

 [Monitor Only] [Preassigned Policy]

 [Monitor Only] [Individual Policy]

 [Monitor & Block] [Preassigned Policy]

 [Monitor & Block] [Individual Policy]


 Malware Detection Result
The statuses of malware detection for the device are represented by an icon. The
statuses of malware detection are as follows:

 [Detected]
 [Not Detected]
 Device Type
Devices are automatically classified by the Sensors or set manually. If the device type
cannot be determined or the Sensor cannot communicate with the device, "Detecting"
appears for up to 24 hours since when the Sensor had first detected a connection. As
soon as the device type is determined, the status will change. Note that the status
becomes "Unclassified" if the device type cannot be determined after 24 hours.
 Note 1 - 3
The notes of the devices.

44
Chapter 4 The Manager Operations

 Detected/Requested Date
The requested or detected date and time in "MM/dd/yyyy hh:mm tt" or "MM/dd/yyyy
hh:mm tt ± hh:mm" format. If the status is "Requested", this is the requested date. If the
status is "Detected", this is the detected date. When multiple registration forms are
submitted for the same device, the shown requested date will be the date when the initial
registration form was submitted.
 Last Detected
The date when the Sensor last detected connection from that device, displayed in "MM/
dd/yyyy hh:mm tt" or "MM/dd/yyyy hh:mm tt ± hh:mm" format. For devices registered by
importing the device information, the symbol "-" is initially displayed. Upon detection by
the Sensor, the detected date is displayed.
 Segment Name
The segment name where a connection from that device was last detected.
 Segment Group Name
The Segment Group name where the device was detected.
 Host Name
The host name of the device. If it cannot be obtained, one of the following is displayed:
 NetBIOS name obtained by the Manager
 Device IP address
If a change in the device IP address is detected by the Sensor, the host name is updated.
 NetBIOS Name
The NetBIOS name of the device.
 Role
The iNetSec Smart Finder's role in networks. One of the following is displayed:
 Manager
 Gateway
 Registration Form Server
 Exception Server
 (No role)
For a device with any role other than "-", approval status, Application Monitoring mode
and Behavioral IPS (Malware Detection) mode are automatically set to "Approved",
"Monitor Only" and "Monitor & Block" respectively.
 Details
The details of the Device Type classified by the Sensor. [Details] is left blank when it
cannot be classified.
 Model
The device model classified by the Sensor. [Model] is left blank when it cannot be
classified.
 OS Type
The OS for the device classified by the Sensor. [OS Type] is left blank when it cannot be
classified.
 Vendor
The device vendor classified by the Sensor. [Vendor] is left blank if it cannot be classified.
 Average Power Consumption
The defined value determines the total power consumption. This value can be specified
for each device. This value is used to calculate power consumption in Chart.

45
Chapter 4 The Manager Operations

 Change of IP Address
This indicates whether to report an event when the IP address of a device changes.
 Authorized IP Address
Set when blocking or reporting events using an IP address other than the one assigned.
 Registered Date
The date and time when a registration form is submitted in the Blocking window (New
Device) or in the Registration Form window on the Manager.
 Detected Date
The date and time when the initial device connection was detected by the Sensor in "MM/
dd/yyyy hh:mm tt" or "MM/dd/yyyy hh:mm tt ± hh:mm" format. If the device is registered to
the Manager in the Device Registration window by importing the device information, the
date and time when it was imported to the Manager is set as detected date.
 Approved Date
The date and time when the approval status of the device is set to "Approved" or
"Rejected" in "MM/dd/yyyy hh:mm tt" or "MM/dd/yyyy hh:mm tt ± hh:mm" format. If the
approval status is not "Approved" or "Rejected", "-" is displayed. If the approval status is
set by the importing device information, the approved date is set to the import date and
time.
 Start Date of Validity Period
If validity period approval is set, the start date of the term is displayed.
 Expiration Date
If validity period approval is set, the end date of the term is displayed.
 Device Type Update
Shows if the default values of [Device Type], [Details], [Model], [OS Type], [Vendor], and
[Average Power Consumption] are automatically updated.
 Sensor Name
The name of the Sensor by which the network device was last detected.
 Registration items 1 - 5
The registration information entered by the user in the Blocking window (New Device) for
the Registration Form window for the Manager, to connect devices to a network.

Hint
 When a network device is registered with multiple Segment Groups, it is displayed for
each of the Segment Groups.

46
Chapter 4 The Manager Operations

4.2.2.3 Displaying Selected Items in Network Device Lists

To display the Choose Items to Display as Columns window, click in the Devices window.
In the Choose Items to Display as Columns window, select the items to display in the Device
List.
The selected items are saved for each user, and [Device List] is displayed as saved for the next
time the same user logs in again.
The following describes the items in the Choose Items to Display as Columns window.

Table 4.3 Choose items to display as columns Window Items

Setting Item Description

Selectable items: A list of items added to the Device List.


Adds selected items in [Selectable Items] to [Displayed items].
button

Returns selected items in [Displayed items] to [Selectable items].


button

Displayed items: A list of items that can be displayed in the Device List.
Items are displayed from the left side of the Device List in the same order.
Up to 11 items can be added.
Moves the selected item up one position.
button

Moves the selected item down one position.


button

OK Applies the settings and closes the window.


Cancel Closes the window without applying the settings.

47
Chapter 4 The Manager Operations

4.2.3 Selecting and Operating Devices


In the Device List, you can select a connected device and perform the following operations:
 Approve the device
A network connection is allowed. Additionally, an individual policy is used for the device.
Select a device from the Device List and then click [Approve].
 Reject the device
A network connection is rejected. Additionally, an individual policy is used for the device.
Select a device from the Device List and then click [Reject].
 Set device monitoring modes
Set the Application Monitoring and Behavioral IPS (Malware Detection) modes, and clear
the malware-detected status.
To change the settings for the items, click [OK] after selecting the [Change] checkbox for
the items.
 Application Monitoring
 Disabled
Disable Application Monitoring for the device.
 Monitor Only
Enable Application Monitoring in the "Monitor Only" mode for the device.
 Monitor & Block
Enable Application Monitoring in the "Monitor & Block" mode.
 Behavioral IPS (Malware Detection)
 Disabled
Disable Behavioral IPS (Malware Detection) for the device.
 Monitor Only
Enable Behavioral IPS (Malware Detection) in [Monitor Only] mode for the device.
 Monitor & Block
Enable Behavioral IPS (Malware Detection) in [Monitor & Block] mode for the
device.
 Clear Malware Detection Result
Clear the malware-detected status of the selected device.
To change the setting, click [OK] after selecting the [Clear] checkbox.
 Delete the device
The selected device is deleted from the Device List.
Select a device from the Device List and then click [Delete].

48
Chapter 4 The Manager Operations

Use one of the following operations to select a device:


 Selecting devices
Select the checkboxes on the left of the devices in the Device List. To deselect devices,
deselect the checkboxes.

 Selecting all devices shown in the Device List


Select the checkbox on the left side of the Device List header in the Device List. To
deselect all of the devices, deselect the checkbox.

Checkboxes will be cleared when a filtering operation is performed or when the Device List page
changes.

4.2.4 Device Information Updating and Registering


This section describes the following operations and related windows:
 Updating device information.
Click the MAC address for the specific device displayed in the Device List.
The Device Information window appears. In the window, set the required information, and
click [OK].
 Registering device information.

Click in the Device List.


The Device Registration window appears. In the window, set the required information, and
click [OK].

49
Chapter 4 The Manager Operations

Device Information Window

50
Chapter 4 The Manager Operations

Device Registration Window

51
Chapter 4 The Manager Operations

Table 4.4 Device Information Window and Device Registration Window Items

Setting Items Device Information Window Items Device Registration Window Items

Device Information
Segment The name of the Segment Group -
Group assigned to the device is displayed in a
drop-down list. Select a Segment Group
name to display the device information
for that Segment Group.
IP Address The IP address of the network device. -
Host Name The host name of the network device. -

NetBIOS The NetBIOS name of the device. -

MAC Address The MAC address of the device. Enter the MAC address for the device for
registration.
Use colons and hyphens as delimiters for
the MAC address, or do not use
delimiters for the MAC address.
[Browse] - If the address entered for the MAC
address already exists, " Device
Information Window" appears in a new
window.
MAC Vendor The vendor name for the device. -
Device Type Select "Device Type" from the pull-down menu.
Role "Role" is displayed. -
Details Specify the details (up to 64 letters).
Model Specify a product name (up to 64 letters).
OS Type Specify the OS type with 64 or less letters.
Vendor Specify a vendor in 64 or less letters.
Device Type Set whether to overwrite device type information (Device Type, Details, Model, OS
Update Type, Vendor, and Average Power Consumption) with automatically identified values.
Select either "Yes" or "No". To manually set the device type and prevent the set value
from being overwritten, specify "No".
Average Power Set the average power consumption of the device in watts. 
Consumption You can specify a number within the range of 0 to 65535.
Approval Select either [Approved] or [Rejected].
Status Select the [Individual Policy] checkbox when you do not want the approval status to
be changed based on [Preassigned Policy].
Application Set the Application Monitoring mode for the device. [Disabled], [Monitor Only], and
Monitoring [Monitor & Block] are available.
Select the [Individual Policy] checkbox when you do not want the Application
Monitoring mode to be changed based on [Preassigned Policy].
Behavioral Set a Behavioral IPS (Malware Detection) mode for the device. [Disabled], [Monitor
IPS (Malware Only], and [Monitor & Block] are available.
Detection) Select the [Individual Policy] checkbox when you do not want the Behavioral IPS
(Malware Detection) mode status to be changed based on [Preassigned Policy].

52
Chapter 4 The Manager Operations

Setting Items Device Information Window Items Device Registration Window Items

Malware "-" is displayed when no malware is -


Detection
Result detected, and is displayed when
malware is detected. If it is detected, the
[Clear Malware Detection Result] button
appears next to the icon. When you click
the [Clear Malware Detection Result]
button, the malware-detected status
changes to "-". Click [OK] to apply the
change.
Approved Date Displays the approved date. -
Validity Period Set the approval term for network connection when the status is [Approved]. When
no value is specified, the term is set to indefinite.
Registered Displays the registered date. -
Date
Change of IP Indicates whether to report an event when the IP address of a device is changed.
Address
Authorized IP Refer to "Authorized IP Address".
Address
Note 1 - 3 Up to 256 letters can be set. A line feed is counted as two letters.

Registration Information
Registered Displays the registered date. -
Date
(Item 1) - (Item The information on the registration form can be set with 64 letters or less.
5) Item names from 1 to 5 are defined in the System Configuration window. Refer to
"4.8.3.3 Block/Approve Devices".
Last Detected
Last Detected Displays the last detected date. -
Segment Displays the segment where the network -
Name connection was last detected.
Segment Group - To assign a Segment Group that a device
Assignment belongs to, select the checkbox of the
target Segment Group.
[OK] Applies the settings and closes the window.
[Cancel] Closes the window without applying the settings.

53
Chapter 4 The Manager Operations

4.2.5 Importing Device Information from a File


To import device information from a CSV file, perform the following operations:

[Procedure]

1. Click in the Device List.


 The Import window appears.

2. Click [Browse].
 The [Select File] dialog box appears.
3. Select a file with the device information to import and click [OK].
 When the device defined in the import file does not exist in the device information of
the Manager, the device is added as a new device. When the Mac address and
Segment Group name of the device match the Manager's device information, the
Manager's device information is updated with the details defined in the file.
Refer to "A.1 Device Information File Format".

Hint
 If a format error occurs in the Device Information File while importing, an error message
appears and the system returns to original status prior to importing. Verify the Device
Information file and try the import again.

54
Chapter 4 The Manager Operations

4.2.6 Exporting Device Information to a File


To export device information to a CSV file, perform the following operations:

[Procedure]

1. Click in the Device List.


 The following Export window appears.

2. Click [OK].
To aggregate the same device by MAC addresses for export, select "MAC Address
Aggregation". If "MAC Address Aggregation" is selected and the same device exists in
multiple Segment Groups, only the Segment Group information with the latest value for
[Last Detected] is exported.
 The Download File dialog box appears.
3. In the Download File dialog box, specify a folder and a file to be exported. The default file
name is deviceList_<MMDDYYYY>.csv, and MMDDYYYY is the export date.
 All device information matching the filtering conditions is sorted as designated.
Refer to "A.1 Device Information File Format".

4.3 Application Management


To manage applications on the network, use the Applications window.
The Applications window appears when the [Applications] menu is selected in the Management
window. In the Applications window, you can refer to application information by filtering and
sorting the applications. You can also permit/prohibit the applications and update application
information.

Refer to "Chapter 6 Application Monitoring".

55
Chapter 4 The Manager Operations

4.4 The Sensor Management


To manage the Sensors installed in each segment, use the Sensors window.
The Sensors window appears when the [Sensors] menu is selected in the Management window.

4.4.1 The Sensors Window


The Sensors window displays the following tabs:
 [Sensor List] Tab
Displays a list of the Sensor information. Refer to "4.4.1.1 The Sensor List Tab".
 [Segment List] Tab
Displays a list of segment information. Refer to "4.4.1.2 Segment List Tab".

4.4.1.1 The Sensor List Tab


The [Sensor List] tab displays a list of the installed Sensors. You can refer to Sensor information
by filtering and sorting the Sensors.
The following describes the items of the [Sensor List] tab.

56
Chapter 4 The Manager Operations

Table 4.5 Sensor List Items

Setting Item Description

Filtering To filter Sensor list, specify the following conditions:


 Sensor Name
Specify 32 or less letters to filter the information by partial matching.
 MAC Address
Specify 17 or less alphanumeric letters and the MAC Address delimiters, to filter the
information by partial matching. Colons (:) or hyphens (-) can be used as delimiters.
MAC Address without delimiters can also be used to filter the information.
Click the "Filtering" title bar to show/hide the filtering conditions. or appears on
the title bar on the right side.
Filtering Displays filtered results in the Sensor list.
Sensor List Up to 100 items appear in the list. Refer to "4.4.2.1 Displaying Sensor List".
Sensors Displays the number of the Sensors in the "X/Y" format.
X is the number of the displayed Sensors, and Y is the total number of the Sensors.
Displays the Export window. Refer to "4.4.2.4 Exporting Sensor Information to a File".

Updated time Displays when the window was last updated.


Refreshes the window.

Delete Deletes the Sensor information. Refer to "4.4.2.3 Deleting Sensor Information".

4.4.1.2 Segment List Tab


The [Segment List] tab displays a list of segments that belong to the Segment Groups that are
assigned to the user. You can display segment information by filtering and sorting the segments.
You can also set the operation mode for segment.
The following describes the items in the [Segment List] tab.

57
Chapter 4 The Manager Operations

Table 4.6 Segment List items

Setting Items Description

Filtering To filter segment list, specify the following conditions:


 Segment Name
Specify 32 or less letters to filter the information by partial matching.
 IP Address
Specify 15 or less numeric letters and "." to filter the information by partial
matching.
 Sensor Name
Specify 32 or less letters to filter the information by partial matching.
 Segment Group Name
Specify 32 or less letters to filter the information by partial matching.
Click the "Filtering" title bar to show/hide the filtering conditions. or
displays on the title bar on the right side.
Filtering Displays filtered results in segment list.
Segment List Up to 100 items appear in the list. Refer to "4.4.3.1 Displaying Segment List".
Segments Displays the number of segments matching the filtering conditions.
Licenses Displays the number of segment licenses in a [XX/YY] format where [XX] is the
number of available licenses and [YY] is the total number of granted licenses.
Updated time Displays when the window was last updated.
Refreshes the window.

Change Segment Setting To set Operation Mode, Application Monitoring, Behavioral IPS (Malware
Detection), Event Notifiation, and License for the selected segments, click the
[Change Segment Setting] button to display the Change Segment Setting
window. For details about the Change Segment Setting window, refer to "4.4.3.7
Changing Segment Settings".

4.4.2 Sensor Information Management

4.4.2.1 Displaying Sensor List


The Sensor list displays the following items:
The Sensors can be sorted by one of the items that are underlined in the Sensor list header. The
symbol ▼ (descending) or ▲ (ascending) appears on the right side of the item.
 Sensor Name
The name of the Sensor. The default value is the MAC address of LAN 0 of the Sensor.
 MAC Address
The MAC address of LAN 0 of the Sensor. Click the MAC Address to display the Sensor
Information window.
 Configuration Download Status
 Device Information
Displays whether the settings made for each device in the Devices window (such as
change of the approval status) have been applied to the Sensor.
 Application Information
Displays whether the settings made for each application in the Applications window
(such as change of the policy) are applied to the Sensor.

58
Chapter 4 The Manager Operations

 Sensor Information
Displays whether the settings made for each Sensor in the Sensors window (such as
change of the operation mode) are applied to the Sensor.
 System Information
Displays whether the settings made in the System Configuration window (such as e-
mail notification) are applied to the Sensor.
 Version
 Firmware
The firmware version applied to the Sensor.
 Device Dictionary
The Device Dictionary version applied to the Sensor.
 Application dictionary
The Application Dictionary version applied to the Sensor.
 Operation Status
Displays one of the following as the operation status of the Sensor:
 Normal
The Sensor is operating properly.
 Abnormal
The Manager cannot monitor the Sensor, or the results of mutual monitoring of the
Sensors cannot be transmitted.

Attention
 If you set the system time of the Manager Computer forward, the operation status
of the Sensor might temporarily display as "Abnormal".

59
Chapter 4 The Manager Operations

4.4.2.2 Updating Sensor Information


You can update Sensor information in the Sensor Information window.

Sensor Information Window


The following describes the items in the Sensor Information window.

Table 4.7 Sensor Information Window Items

Setting Item Description

Sensor Information
Sensor Name Up to 32 letters can be set. The default value is the MAC address of LAN 0 of
the Sensor.
MAC Address Displays the MAC address of LAN 0 of the Sensor.

Default Gateway IP The default gateway IP address of the Sensor is displayed.


Address
Device Information Displays whether device settings have been applied. 
This is either "Complete" or "Incomplete".
Application Display whether the application setting have been applied. 
Information This is either "Complete" or "Incomplete".
Sensor Information Displays whether the Sensor settings have been applied. 
This is either "Complete" or "Incomplete".
System Information Displays whether the system settings have been applied. 
This is either "Complete" or "Incomplete".
Firmware Displays the Sensor firmware version.

Device Dictionary Displays a version of the Device Dictionary that is applied to the Sensor.

Application Dictionary Displays a version of the Application Dictionary that is applied to the Sensor.

60
Chapter 4 The Manager Operations

Setting Item Description

Operation Status Displays the operation status of the Sensor. This is either "Normal" or
"Abnormal".
Operation Confirmed Displays the latest date and time when the Manager checked the operation
status of the Sensor.
Time zone Specify a Time zone where the Sensor is located.

Automatically Select the checkbox if the time zone uses Daylight Saving Time.
adjust time for
Daylight Saving
Time
[OK] Applies the settings and closes the window.
[Cancel] Closes the window without applying the settings.

Attention
 When you click [OK], all the spaces before and after are removed from the specified
Sensor name.

4.4.2.3 Deleting Sensor Information


Prior to deleting Sensor information, change the operation status of the Sensor to "Abnormal" by
removing the Sensor from the network. Refer to "9.1.1 Removal of the Sensor".
To delete Sensor information, select the Sensor in Sensor list, and click [Delete].

Use one of the following ways below to select the Sensor:


 Select the Sensors
Select the checkboxes on the left of the Sensor name in Sensor list. To deselect the
Sensors, deselect the checkboxes.

 Select all Sensors shown in Sensor list


Select the checkbox on the left side of Sensor list header in Sensor list. To deselect all of
the Sensors, deselect the checkbox.

Checkboxes will be cleared when a filtering operation is performed or when the Sensor list page
changes.

61
Chapter 4 The Manager Operations

4.4.2.4 Exporting Sensor Information to a File


To export Sensor information to a CSV file, perform the following operations:

[Procedure]

1. Click in the Sensor list.


 The Export window appears.

2. To export segment information as well, select [Includes Segment Information] checkbox,


and then click [OK].
 The Download File dialog box appears.
3. Select the file to exported. The default file name is SensorList_<MMDDYYYY>.csv, and
MMDDYYYY is the export date.
 All the Sensor information is sorted as specified in the window before being exported. If
no Sensor exists, an empty file is created.
Refer to "A.3 Sensor Information File Format".

4.4.3 Managing Segment Information

4.4.3.1 Displaying Segment List


The segment list displays the following items.
Segments can be sorted by one of the items that are underlined in the Segment List header. The
symbol ▼ (descending) or ▲ (ascending) appears on the right side of the item.
 Segment Name
The name of the segment. The default value is the network address.
 IP Address
The IP address of the Sensor installed in the segment. Click the IP Address to display the
Segment Information window. Refer to "4.4.3.6 Updating Segment Information".
 Sensor Name
The name of the Sensor installed in the segment.
 Segment Group Name
The name of the Segment Group to which the segment belongs.
 Operation Mode
The operation mode of the segment ("Monitoring Mode" or "Blocking Mode").
 Application Monitoring
One of the following items, according to the Application Monitoring mode:

62
Chapter 4 The Manager Operations

 Disabled
Application Monitoring is disabled. This is the default action when a monitoring port is
configured on the Sensor.
 Monitor Only
Application Monitoring is enabled in Monitor Only mode.
 Monitor & Block
Application Monitoring is enabled in Monitor & Block mode.
 No Monitor Port
A Monitoring Port is not configured on the Sensor and Application Monitoring cannot
be enabled.
 Behavioral IPS (Malware Detection)
One of the following items is displayed, according to the Behavioral IPS (Malware
Detection) mode:
 Disabled
Behavioral IPS (Malware Detection) is disabled. This is the default action when a
Monitor Port is configured on the Sensor.
 Monitor Only
Behavioral IPS (Malware Detection) is enabled in [Monitor Only] mode.
 Monitor & Block
Behavioral IPS (Malware Detection) is enabled in [Monitor & Block] mode.
 No Monitor Port
A Monitor Port is not configured on the Sensor and Behavioral IPS (Malware
Detection) cannot be enabled.
 Event Notification
One of the following items, according to the event notification setting.
 "Notify"
Event notification is enabled.
 "Do Not Notify"
Event notification is disabled.
 License
 "Granted"
The segment license is granted for the segment.
 "-"
The segment license is not granted for the segment.

4.4.3.2 Changing Segment Operation Mode


The Sensor blocks or allows accesses of devices based on evaluation of conditions on both
operation mode and approval status of the devices.
The following table shows the evaluation results of each possible condition.

63
Chapter 4 The Manager Operations

Table 4.8 Sensor Operation Mode and Device Approval Status

Approval Status of the Device (*)


Operation Mode of the
Sensor
Detected Requested Approved Rejected

Monitoring Mode Allowed Allowed Allowed Blocked


Blocking Mode (Unblock Blocked Allowed Allowed Blocked
After Registration)
Blocking Mode (Unblock Blocked Blocked Allowed Blocked
After Approval)

*: For devices newly detected by the Sensor, the approval status is set to "Detected".

Hint
 If the operation mode is changed, the operation mode in the Segment list is also changed,
and [Configuration Download (Sensor Information)] changes to "Incomplete". Within 10
minutes after the operation mode change, the new setting is applied to the Sensor, and
[Configuration Download (Sensor Information)] changes back to "Complete".

4.4.3.3 Changing Application Monitoring Mode


If a Monitor Port is not configured on the Sensor that manages the segment, [No Monitor Port] is
displayed as the Application Monitoring mode of the segment and you cannot change the
Application Monitoring mode.

Hint
 The actual Application Monitoring mode is determined by the combination of the
Application Monitoring modes of the device that uses the application and the IP segment
that the device connects to. Refer to "3.8 Operation Mode Settings of Application
Monitoring and Behavioral IPS (Malware Detection)".
 When you use more than one prohibited application, multiple notifications of the
Prohibited Application Detection event may be sent.
 Changing Monitoring Mode to Blocking Mode does not block the applications detected in
Monitoring Mode. The application that is already connected before you change Monitoring
Mode to Blocking Mode will be detected and blocked at the next connection.

4.4.3.4 Changing Behavioral IPS (Malware Detection) Mode


If the Monitor Port is not configured for the Sensor that manages a segment, [No Monitor Port] is
displayed as the operation mode of Behavioral IPS (Malware Detection), and you cannot change
the mode.

Hint
 The actual operation mode of the Behavioral IPS (Malware Detection) feature is
determined by the combination of the mode of Behavioral IPS (Malware Detection) for the
device and IP segment that the device connects to. For details, refer to "3.8 Operation
Mode Settings of Application Monitoring and Behavioral IPS (Malware Detection)".

64
Chapter 4 The Manager Operations

4.4.3.5 Segment License


The segment license is automatically granted to each segment in the Segment List. If the
number of activated licenses is less than the number of segments, licenses are not granted to
some segments and the Sensor does not manage such segments. If the license is not granted to
a segment you want to manage, you can revoke the license of another segment and grant the
license to the segment that needs the license.

4.4.3.6 Updating Segment Information


You can update segment information in the Segment Information window.

Segment Information Window


The displayed items and configurable items in the Segment Information window are
described below.
After you specify required items, click [OK] to apply the settings.

Table 4.9 Segment Information Window Items

Setting Item Description

Segment Information
Segment Name Up to 32 letters can be set. The default value is the network address.
IP Address Displays the IP address set to the Sensor.
Subnet Mask Displays the subnet mask set to the Sensor.
Default Gateway Displays the IP address of the default gateway set to the Sensor.

Sensor Name Displays the Sensor name.


Segment Group Name Displays the name of the Segment Group to which the segment belongs.
Operation Mode Displays the operation mode of the Sensor.
Displays either [Monitoring Mode] or [Blocking Mode].

65
Chapter 4 The Manager Operations

Setting Item Description

Application Monitoring Displays the Application Monitoring mode of the segment. Displays either
[Disabled], [Monitor Only], [Monitor & Block], or [No Monitor Port].
Behavioral IPS Displays the Behavioral IPS (Malware Detection) mode of the segment. One of
(Malware Detection) the following is displayed:
 Disabled
 Monitor Only
 Monitor & Block
 No Monitor Port
Event Notification Displays the event notification setting.
Displays either [Notify] or [Do Not Notify].
License Displays if the segment license is granted to the IP segment.
Displays either [Grant] or [Revoke].
Block Devices using IP Displays if a device with an IP address that is outside the range of the segment
Addresses out of IP is blocked when it is connected to the segment.
Segments. Either "Yes" or "No" is indicated.
OK Applies the settings and closes the window.
Cancel Closes the window without applying the settings.

Attention
 When you click [OK], all the spaces before and after are removed from the specified
segment name before the segment information is updated with the name.

4.4.3.7 Changing Segment Settings


The policy for the segment can be changed from the Change Segment Settings window.
In this window, you can set the policy related to the following items for each segment:
 Operation Mode
 Application Monitoring
 Behavioral IPS (Malware Detection)
 Event Notification
 License
The Change Segment Settings window appears when you click [Change Segment Setting] on
the [Segment List] tab in the [Sensors] menu.
The following describes the items in the Change Segment Settings window.

66
Chapter 4 The Manager Operations

Table 4.10 Change Segment Settings Window Items

Setting Item Description

Operation Mode Select the operation mode of the Sensor.


To change the operation mode for the segment selected in the [Segment List] tab,
select the [Change] checkbox and then select any of the following options:
 Monitor
 Block (Unblock After Registration)
 Block (Unblock After Approval)
For details, refer to "4.4.3.2 Changing Segment Operation Mode".
Application Select the Application Monitoring mode.
Monitoring To change the Application Monitoring mode for the segment selected in the
[Segment List] tab, select the [Change] checkbox and then select any of the
following options:
 Disabled
Select this option to disable Application Monitoring.
 Monitor Only
Select this option to enable Application Monitoring as Monitor Only mode.
 Monitor & Block
Select this option to enable Application Monitoring as Monitor & Block mode.
For details, refer to "4.4.3.3 Changing Application Monitoring Mode".
Behavioral IPS Select the Behavioral IPS (Malware Detection) mode.
(Malware Detection) To change the Behavioral IPS (Malware Detection) mode for the segment selected in
the [Segment List] tab, select the [Change] checkbox and then select any of the
following options:
 Disabled
Select this option to disable Behavioral IPS (Malware Detection).
 Monitor Only
Select this option to enable Behavioral IPS (Malware Detection) as Monitor Only
mode.
 Monitor & Block
Select this option to enable Behavioral IPS (Malware Detection) as Monitor &
Block mode.
Event Notification Select whether to notify events.
To change the event notification status for the segment selected in the [Segment
List] tab, select the [Change] checkbox and then select any of the following options:
 Notify
Select this option to enable event notification.
 Do Not Notify
Select this option to disable event notification.
This option is available only when the segment is set as follows:
 [Operation Mode] is set to [Monitor]
 [Application Monitoring] is set to [Monitor Only] or [Disabled]
 [Behavioral IPS (Malware Detection)] is set to [Monitor Only] or [Disabled]
When the segment is not set as mentioned above, the [Do Not Notify] option is
ignored even if it is set. When [Operation Mode], [Application Monitoring], or
[Behavioral IPS (Malware Detection)] is set to [Monitoring & Block], this item is
automatically set to [Notify].
For details about the target address, refer to "4.8.2 User Specific Settings". For
details about the contents of e-mails and SNMP traps, refer to "4.8.3 Segment Group
Specific Settings".

67
Chapter 4 The Manager Operations

Setting Item Description

License To change the license for the segment selected in the [Segment List] tab, select the
[Change] checkbox and then select any of the following options:
 Grant
Grants license to the selected segments.
 Revoke
Revokes license from the selected segments.
For details, refer to "4.4.3.5 Segment License".
OK Applies the settings and closes the window.
Cancel Closes the window without applying the settings.

4.5 User Management


To manage iNetSec Smart Finder users, use the Users window.
The Users window appears when the [Users] menu is selected in the Management window.

4.5.1 Users Window


The following describes the displayed items and setting details of the Users window.

68
Chapter 4 The Manager Operations

Table 4.11 Users Window Items

Setting Item Description

Filtering To filter the User List, specify the following conditions:


 User Name
Specify 20 or less letters to filter the information by partial matching.
 E-mail Address
Specify 512 or less letters to filter the information by partial matching. Alphanumeric
and the following letters can be specified.
!#$%&'*+-/=?^_`{|}~@.
 User Role
Select "System Administrator", "Group Administrator", "Read-only", or "all" to filter
the users.
 Note
Specify 256 letters or less to filter the information by partial matching.
Click the "Filtering" title bar to show/hide the filtering conditions. or appears on
the title bar on the right side.
Filtering Displays filtered results in the User List.
User List Up to 100 items are displayed in the list. Refer to "4.5.1.1 User List".
Users Displays the number of the users in the "X/Y" format.
X is the number of the displayed users, and Y is the total number of the users.
Displays the User Information window. Refer to "4.5.2 Adding and Updating Users".

Udated time Displays when the window was last updated.


Refreshes the window.

Delete Deletes the user information. Refer to "4.5.3 Deleting Users".

4.5.1.1 User List


The User List displays the following items. Users can be sorted by one of the items that are
underlined in the User List header. The symbol ▼ (descending) or ▲ (ascending) appears on
the right side of the item.
 User Name
The name of the registered user. Click a user name to display the User Information
window. Refer to "4.5.2 Adding and Updating Users".
 E-mail Address
The e-mail address of the user.
 User Role
The role of the user. 
The following roles appear:
 System Administrator
 Group Administrator
 Read-only
 Note
The note of the user.

69
Chapter 4 The Manager Operations

 Access Segment Groups


The Segment Group names that the user has access to. When the user is assigned to
multiple Segment Groups, the Segment Group names are separated by commas.
When the user is assigned to all the Segment Groups registered, [All] is shown.

4.5.2 Adding and Updating Users


This section describes the following operations and related windows.
 Adding a User

Click in the User List. The User Information window appears. Set the required
information, and then click [OK].
 Updating User information
Click a specific user name displayed in the User List. The User Information window
appears.
Enter the user information to update the user information, and then click [OK]. The
following example of the user registration window describes the setting items. Setting
items in the User Information window are the same as in the user registration window.

70
Chapter 4 The Manager Operations

User Information Window

71
Chapter 4 The Manager Operations

Table 4.12 User Information Window Items

Setting Item Description

User information
User Name Use 20 or less alphanumeric letters and symbols "-", "_", "." and "@" to specify a
user name for logging in to the Management window. This entry cannot be
omitted.
Upper-case letters are converted and displayed as lower-case letters. When the
user logs in to the Management window, entries are case-insensitive. This
information cannot be entered in the User Information window.
Password/Re-enter Use between 8 and 32 alphanumeric letters and symbols (printable ASCII
Password characters) to specify a password for logging in to the Management window.
This entry cannot be omitted.
User Role Select the role from [System Administrator], [Group Administrator], or [Read-
only].
E-mail Address Use 253 or less letters to specify an e-mail address to which events are reported
from the Manager or the Sensor. If you specify multiple e-mail addresses, you
can use up to 512 letters in total.
To specify multiple e-mail addresses, delimit them with a comma (,). Available
letters are alphanumeric letters and the following symbols:
!#$%&'*+-/=?^_`{|}~@.
E-mail Notification Select this checkbox to send e-mail to report events that occur to the Manager
and the Sensors. Selected events are reported.
Even when this setting is enabled, e-mail is not sent if the event notification
mode of the Sensor is [Do Not Notify].
Device Events/ Select events that need to be reported to the target e-mail address. Refer to
Application "11.4 Messages Reported by E-mail".
Events/
Behavioral
Malware Events/
System Events
Note Specify information about the user with 256 or less letters.
Device Information for Select the items to add to the CSV file column when exporting device
export information.
 Append Agent Installation
 Append Authorized IP Address
Event Viewer Time Specify a local time zone for the region. The time for the specified time zone is
displayed.
Automatically Select the checkbox if the selected time zone uses Daylight Saving Time.
adjust time for
Daylight Saving
Time
Segment Group Assignment
Filtering You can filter Segment Groups based on the conditions shown below. When
multiple filtering items are specified, the items are related by the AND condition.
 Segment Group Name
Specify 32 or less letters to filter the information by partial matching.
 Remarks
Specify 256 or less letters to filter the information by partial matching.
[Filtering] Filtered results are displayed in [Segment Group List].

72
Chapter 4 The Manager Operations

Setting Item Description

Segment Group List Segment groups and remarks matching the filtering conditions are listed. By
default, all the Segment Groups registered to the Manager are displayed.
Select a Segment Group assigned to the user.
Up to 10 users (accounts) can be assigned to a single Segment Group.
[OK] Applies the settings and closes the window.
[Cancel] Closes the window without applying the settings.

Hint
 The [System Administrator] role can be assigned to up to 50 users (accounts).

4.5.3 Deleting Users


To delete user information, select the user in the User List, and click [Delete].
Use one of the following ways below to select the Sensor:
 Selecting Users
Select the checkboxes to the left of the user in the User List. To deselect users, deselect
the checkboxes.

 Selecting all users shown in the User List


Select the checkbox on the left side of the header for the User List. To deselect all of the
users, deselect the checkbox.

Checkboxes will be cleared when a filtering operation is performed or when the User List page
changes.

73
Chapter 4 The Manager Operations

4.6 Segment Group Management


iNetSec Smart Finder can create a Segment Group of multiple segments, manage whitelists and
control access on a Segment Group basis. Segment groups can be managed in the Segment
Groups window.
The Segment Groups window appears when the [Segment Groups] menu is selected in the
Management window.

4.6.1 Segment Groups Window


The following describes the displayed items and setting details of the Segment Groups window.

Table 4.13 Segment Groups Window Items

Setting Item Description

Filtering To filter Segment Group list, specify the following conditions:


 Segment Group Name
Specify 32 or less letters to filter the information by partial matching.
 Note
Specify 256 or less letters to filter the information by partial matching.
Click "Filtering" title bar to show/hide the filtering conditions. or appears on
the title bar on the right side.
Filtering Displays filtered results in Segment Group list.
Segment Group List Up to 100 items are displayed in the list. Refer to "4.6.1.1 Display of Segment Group
List".
Segment Groups Displays the number of the Segment Groups in the "X/Y" format.
X is the number of the displayed Segment Groups, and Y is the total number of the
Segment Groups.
Displays the Segment Group Registration window.
Refer to "4.6.2 Adding and Changing Segment Groups".

Updated time Displays when the window was last updated.


Refreshes the window.

Delete Deletes the selected Segment Groups. Refer to "4.6.3 Deleting Segment Groups".

74
Chapter 4 The Manager Operations

4.6.1.1 Display of Segment Group List


Segment group list displays the following items. Segment groups can be sorted by one of the
items that are underlined in the Segment Group list header. The symbol ▼ (descending) or ▲
(ascending) appears on the right side of the item name.
 Segment Group Name
The name of the Segment Group.
Click a Segment Group name to display the Segment Group Information window. Refer to
"4.6.2 Adding and Changing Segment Groups".
 Note
The note of Segment Group.
 Segment Name
The name of the segment, separated by commas, assigned to the Segment Group. When
the user is assigned to all the Segment Groups registered, [All] is shown.

4.6.2 Adding and Changing Segment Groups


This section describes the following operations and related windows.
 Adding Segment Group Information.
Click in Segment Group list. The Segment Group Registration window appears.
In the window, set the required information, and then click [OK].
 Changing Segment Group Information.
Click the Segment Group name in Segment Group list. The Segment Group Information
window appears. In the window, change the information, and then click [OK].

The following describes the display format and setting details of the Segment Group Registration
window and the Segment Group Information window.

Segment Group Registration Window/Segment Group Information Window

75
Chapter 4 The Manager Operations

Table 4.14 Segment Group Registration Window & Segment Group Information Window Items

Setting Item Description

Segment Group Information


Segment Group Specify a value with 32 or less letters. This entry cannot be omitted.
Name
Note Specify information about the Segment Group with 256 or less letters.

Segment Assignment
Filtering By specifying a Segment Group name, you can filter Segment Groups displayed in
[Segment List] by partial matching.
 Segment Group Name
Specify a value with 32 or less letters. This entry cannot be omitted.
Filtering Filtered results are displayed in [Segment Group List].
Segment List The segments are sorted and displayed based on the Segment Group name in
ascending order. Segments with the same Segment Group name are sorted by
segment name in ascending order.
Select the checkbox to the left of a segment to assign the segment to a filtered
Segment Group. If the selected segment already belongs to another Segment
Group, the segment switches to the new Segment Group.
Deselect the checkbox to the left of a segment to clear the assignment to a filtered
Segment Group.
OK Applies the settings and closes the window.
Cancel Closes the window without applying the settings.

Attention
 The status of segments in which Segment Groups are changed is as follows:
Operation Mode: Monitoring Mode
Application Monitoring mode: Disabled (or No Monitor Port if the Monitor Port is not
configured)
Behavioral IPS (Malware Detection): Disabled
Block Devices using IP Addresses out of IP Segments: No
The whitelists you created before changing the Segment Group are cleared. If you change
the operation mode to "Blocking Mode", you have to create the whitelists again.
 When you click [OK], all the spaces before and after are removed from the specified
Segment Group name before the information is updated with the name.
 Up to 75 Segment Groups can be registered. You cannot register more than 75 Segment
Groups.

76
Chapter 4 The Manager Operations

4.6.3 Deleting Segment Groups


To delete Segment Group information, select the Segment Group and click [Delete].
Use one of the following ways below to select the Sensor:
 Selecting Segment Groups
Select the checkboxes to the left of the Segment Group in Segment Group list. To
deselect Segment Groups, deselect the checkboxes.

 Selecting all Segment Groups shown in Segment Group list


Select the checkbox on the left side of Segment Group list header in Segment Group list.
To deselect all of Segment Groups, deselect the checkbox.

Checkboxes will be cleared when a filtering operation is performed or when the Segment Group
list page changes.

Hint
 The "default" Segment Group cannot be deleted.
 Segments contained in deleted Segment Groups are automatically moved to the "default"
Segment Group.
 All devices belonging to deleted Segment Groups are deleted. Furthermore, device
information of the deleted Segment Groups can no longer be viewed in the Charts. Event
information is not deleted.

77
Chapter 4 The Manager Operations

4.7 Viewing Event Information


You can use the Event Viewer window to refer to event information occurring in the Manager and
the Sensors.
The Event Viewer window is displayed when the [Events] menu is selected in the Management
window.
Refer to "11.2 Event Information in the Event Viewer Window".

4.7.1 Event Viewer Window


The following describes the display format and setting details of the Event Viewer window:

Table 4.15 Event Viewer Window Items

Setting Item Description

Filtering To filter Event List, specify the following conditions:


 Level
Select the Event Level filtered.
 Event Date
 Event ID
 Message
Click "Filtering" title bar to show/hide the conditions. or appears on the title
bar on the right side.
Filtering Displays filtered results in Event List.
Events List Up to 100 items are displayed in the list.
Refer to "4.7.1.1 Events List Items".
Events are sorted by one of the items underlined in the [Events List] header. When
the events are sorted, the symbol (descending) or (ascending) appears on the
right side of the item name.
Exports the event information. Refer to "4.7.3 Exporting the Event Information to a
File".

78
Chapter 4 The Manager Operations

Setting Item Description

You can use this item to select whether to show the event local time or the event
viewer time in Events List.

Updated time Displays when the Events List was last updated.
Refreshes the Events List.

Delete Deletes all the event information assigned to the user.

4.7.1.1 Events List Items


The following items are displayed in Events List
 Detected Date
The date and time when an event occurred in "MM/dd/yyyy hh:mm:ss tt" or "MM/dd/yyyy
hh:mm:ss tt ± hh:mm" format.
 Event ID
The ID of the event.
 Level
The level of event as "ERROR", "WARNING", or "INFO".
 Segment Group Name
The name of the Segment Group corresponding to the event.
"-" appears for system-assigned events.
 Message
A message corresponding to the Event ID. Refer to "11.2 Event Information in the Event
Viewer Window".

4.7.2 Deleting Event Information


To delete event information, click [Delete] in the Event Viewer window. All the event information
assigned to the logged in user is deleted.

4.7.3 Exporting the Event Information to a File


To export event information to a CSV file, perform the following operations:

[Procedure]

1. Click in the Events List.


 The Download File dialog box appears.
2. Specify a folder to export and save the file.
The default file name is eventList_<MMDDYYYY>.csv, and MMDDYYYY is the export
date.
 The event information assigned to the logged in user is sorted by the date and
exported. If the Manager has no event information, an empty file is created.
Refer to "A.2 Event Information File Format".

79
Chapter 4 Manager Operations

4.8 The Manager System Configuration


The System Configuration window configures the settings of iNetSec Smart Finder.
The System Configuration window appears when [System] is selected in the Management
window.

4.8.1 System Configuration Window


The System Configuration window displays the following tabs:
 [User Specific Settings] tab:
Sets User specific information.
 [Segment Group Specific Settings] tab:
Sets Segment Group specific information.
 [System Settings] tab:
Sets system settings.
This tab is for system administrators only.

Click [Apply] to apply the settings. If you move to a different window without clicking [Apply], the
entered settings will be lost.

Hint
 Click [Apply] and the Manager transfers the Sensor settings to the Sensor on the next
synchronization. Verify the Sensor window to confirm the settings.

80
Chapter 4 Manager Operations

4.8.2 User Specific Settings


The following describes the setting in the [User Specific Settings] tab.

Table 4.16 Items in the User Specific Settings Tab

Setting Item Description


Account Settings
Password
Password Use between 8 and 32 alphanumeric letters and symbols (printable ASCII
characters) to specify a password for the Management window and the
Re-enter Password Sensors window.
Enter this value only when you change the password.
Notification
E-mail Address Specify an e-mail address where events are notified from the Manager or
the Sensors. Use 253 or less letters for a single address or 512 or less
letters for multiple addresses.
To specify multiple addresses, delimit them with a comma (,). Available
letters are alphanumeric letters and the following symbols:
!#$%&'*+-/=?^_`{|}~@.

81
Chapter 4 Manager Operations

Setting Item Description


Advanced Settings  E-mail Notification
Select this checkbox to enable e-mail notification when an event
occurs. Even when this setting is enabled, e-mail is not sent if the event
notification mode of the Sensor is [Do Not Notify].
 Notified Events
E-mail notification is enabled with the events below:
 Device Events
 New Device Detection
 Registration request to connect
 Rejected Device Detection
 Change of IP Address
 Unauthorized IP Address Violation
 Change of Device Information According to Policy
 Change of Device Information According to Policy (Manager)
 Application Events
 New Application Detection
 Prohibited Application Detection
 Prohibited Application Unblocking
 Change of Application Information According to Policy
(Manager)
 Behavioral Malware Events
 Malware Detection
 Clear Malware Detection Result
 System Events
 Sensor Registration
 Segment Registration
 System Error
Refer to "11.4 Messages Reported by E-mail". Rejected device detection e-
mail is sent one time a day when a device is detected for the first time.
Display/Export Setting
Device Information for Select the items to add to the CSV file column when exporting device
export information.
 Include Authorized IP Address
Event Viewer Time Specify a time zone in the Management window and Chart.
Automatically Select the checkbox if the selected time zone uses Daylight Saving Time.
adjusts for
Daylight Saving
Time

4.8.3 Segment Group Specific Settings


The following describes the settings in the [Segment Group Specific Settings] tab:
1. Segment Group.
2. Notification. Refer to "4.8.3.1 Notification".
3. Block/Approve Device. Refer to "4.8.3.3 Block/Approve Devices".
4. Notification Message to Client. Refer to "4.8.3.7 Client Notification Message".
5. Network Definition. Refer to "4.8.3.8 Network Definition"

82
Chapter 4 Manager Operations

6. Block/Approve Application. Refer to "4.8.3.9 Blocking and Approving Application"


Select Segment Group name with the pull-down menu.

4.8.3.1 Notification

83
Chapter 4 Manager Operations

Table 4.17 Items in [Notification]

Setting Item Description


E-mail Settings Specify settings related to E-mail notification. Selecting the [Use Default Setting]
checkbox loads the settings of the "default" Segment Group into the current
window.
Mail Server  SMTP Server
(Manager) Specify the SMTP server used for E-mail notification sent from the Manager
with an IP address or in FQDN format with 255 characters or less. Available
letters are alphanumeric with the following three symbols:
.-_
 SMTP Port Number
Specify the port number of the SMTP server used for the e-mail notification
within the range of 1 - 65535. The default value is "25".
This entry cannot be omitted.
 Test E-mail
Displays the destination of the test e-mail (e-mail address of the User logged
in).
Send Test  A test e-mail is sent.
E-mail
Mail Server  SMTP Server
(Sensor) Specify the SMTP server used when sending an e-mail from the Sensor. If
the setting is not entered, Manager's SMTP server is used.
 SMTP Port Number
Specify the port number of the SMTP server used when sending an e-mail
from the Sensor. If the setting is not entered, Manager's SMTP port number is
used.
E-mail Settings  From Address
Specify the e-mail address of the sender with 253 or less letters.
Advanced Settings
SMTP-Auth Select this checkbox to enable SMTP authentication. LOGIN SMTP
authentication is used.
 User Name
Specify a user name for SMTP authentication with 32 or less alphanumeric
letters and symbols. You must enter this value if e-mail authentication is
enabled.
 Password/Re-enter Password
Specify a user password for e-mail authentication with 32 or less
alphanumeric letters and symbols. You must enter this value if e-mail
authentication is enabled and during the initial setup.
Communication  Retry
Setting Specify the number of retries within the range of 0 to 10 seconds. The default
value is "2". This entry cannot be omitted.
 Timeout
Specify the timeout value of sending e-mail in second. The valid value is from
2 to 600 and the default value is "300". This entry cannot be omitted.
Approval by E-mail Settings
Approval by e-mail Specify whether to enable Approval by E-mail feature.
The default is [Disabled].

84
Chapter 4 Manager Operations

Setting Item Description


POP3 Server  POP3 Server
Settings Specify the POP3 server that the Manager uses to receive the approval e-
mails with an IP address or in FQDN format with 255 characters or less.
Available letters are alphanumeric with the following three symbols:
.-_
This entry cannot be omitted.
 POP3 Port Number
Specify the port number of the POP3 server used to receive the approval e-
mails within the range of 1 - 65535. The default value is "110".
This entry cannot be omitted.
 User Name
Specify the name of user account used to receive the approval e-mails.
Alphanumeric and following letters can be used. 
! # $ % & ' * + - / = ? ^ _ ` { | } ~ @ .
The User Name should be less than 64 letters if it does not include "@".
Otherwise, it can be up to 253 letters. This entry cannot be omitted.
 Password/Re-enter Password
Specify the password for the user account with 256 or less alphanumeric
letters and symbols. This entry cannot be omitted.
Communication Test the access to the specified POP server.
Test
Keywords Settings  Keywords (Approve)
Specify a keyword to approve the request for the device connection. The
default value is "Approve". This entry cannot be omitted. Specify the keyword
with 32 or less alphanumeric letters and symbols except spaces and
commas. To specify multiple keywords, use a comma. You can specify up to
10 keywords.
 Keywords (Reject)
Specify a keyword to reject the request for the device connection. The default
value is "Reject". This entry cannot be omitted. Specify the keyword with 32
or less alphanumeric letters and symbols except spaces and commas. To
specify multiple keywords, use a comma. You can specify up to 10 keywords.
Communication  Interval
Settings Specify the polling interval for the POP3 server in minute. The valid value is
from 1 to 60 and the default value is "10". This entry cannot be omitted.
 Retry
Specify the number of retries for POP3 connection within the range of 0 to 10.
The default value is "2". This entry cannot be omitted.
 Timeout
Specify the timeout value of POP3 connection in second. The valid value is
from 2 to 600 and the default value is "300". This entry cannot be omitted.
SNMP Trap Settings Specify SNMP trap notification settings. Select the [Use Default Setting] checkbox
to load the "default" Segment Group settings into the current window.
SNMP Trap Specify the receiver of an SNMP trap sent from the Manager with an IP address
Receiver (Manager) or in FQDN format with 255 or less letters. Available letters are alphanumeric with
the following three symbols:
.-_
SNMP Trap Specify the receiver of an SNMP trap sent from the Sensor with an IP address or
Receiver (Sensor) in FQDN format with 255 or less letters. Available letters are alphanumeric letters
with the following three symbols:
.-_
SNMP Community Specify the SNMP community with 32 or less alphanumeric letters and symbols
(except spaces).
The default value is "public".

85
Chapter 4 Manager Operations

Setting Item Description


SNMP Trap Select the checkbox to send SNMP traps to notify events on the Manager and the
Sensor. Events selected in [SNMP Trap Events] are notified.
Even when this setting is enabled, the SNMP trap is not sent if the event
notification mode of the Sensor is [Do Not Notify].
SNMP Trap Events Select events to be notified via an SNMP trap. Refer to "11.5 Messages Reported
by SNMP Trap". Rejected device detection SNMP traps are sent one time a day,
when a device is detected for the first time.
Common
IP Address Change Notification Exception
Exception Displays the IP Address Change Notification - Exception setting window. Refer to
Settings "4.8.3.2 IP Address Change Notification - Exception Setting Window".

Hint
 If FQDN is used for an SMTP, SNMP, or POP3 server, ensure that the FQDN can be
resolved by the DNS correctly.
 For the approval e-mail, the first line of the mail body should be one of the keywords
(either Approve or Reject). The line should not contain any other words than the keyword.

4.8.3.2 IP Address Change Notification - Exception Setting Window


To disable IP Address Change Notification events to be reported for a specific IP address range
such as when using DHCP, use the "IP Address Change Notification - Exception setting
Window".
To display the "IP Address Change Notification Exception - Exception setting Window", click
[Exception Setting] of " IP Address Change Notification Exception" on the [Segment Group
Specific Settings] tab.

86
Chapter 4 Manager Operations

Table 4.18 IP Address Change Notification - Exception setting Window Items

Setting Item Description

IP Address Change Notification Specify IP address for notification exception. Selecting the [Use Default
Exception Setting] checkbox loads the settings of the "default" Segment Group
into the current window.
Segment Group Name Displays Segment Group names.
IP Address Range Specify the range from the IP address for notification exception.
If you specify an IP address range overlapping with a range already
registered, the ranges are merged.
Up to 3,000 IP address ranges can be specified.
Registers the specified IP address range.

Exports all of IP addresses for notification exception to a file.


Refer to "A.5 IP Address Change Notification Exception File".
Imports IP address for notification exception from a file.
When IP address for notification exception is imported, the registered
information is deleted and replaced with the imported information.
Refer to "A.5 IP Address Change Notification Exception File".
IP Address Range for Notification Displays a list of up to 100 IP address ranges currently registered. You
Exception can sort by the underlined items in the header of the IP address range.
If you sort the list, the "▼ (descending order)" mark or the "▲
(ascending order)" mark appears on the right of the item name.
Delete Deletes the IP address range that is selected in [IP Address List for
Notification Exception].
OK Applies the settings and closes the window.
Cancel Closes the window without applying the settings.

87
Chapter 4 Manager Operations

4.8.3.3 Block/Approve Devices


The following describes the setting items related to blocking and approving devices.

88
Chapter 4 Manager Operations

Table 4.19 Items in Block/Approve Devices

Setting Item Description

Preassigned Policy after


Device Type Classification
Device Type Select which device types can be automatically "Approved" or "Rejected".
You can also set an Application Monitoring mode and a Behavioral IPS
(Malware Detection) mode for each device type.
The status setting is reflected in the policy when the [Enable following setting
as policy] checkbox is selected.
When you change these settings, the change is applied to all the devices
currently registered in the Manager and managed based on policies.
When individual policies are used for devices, the approval status, the
Application Monitoring mode, and the Behavioral IPS (Malware Detection)
mode of the devices are not changed.

The times when the attribute values are changed according to the settings
are as follows:
 When you change these settings
 When device types are changed (the Sensor and the Manager)
Default settings of the approval status, the Application Monitoring mode and
the Behavioral IPS (Malware Detection) mode for each device type are as
follows:
 Approval Status
 Windows, Mac, Linux/UNIX, Router/Switches, NAS, Mobile Devices,
Others, Unclassified, Classifying
[Enable following setting as policy] (not selected), [Reject].
 Printers, Scanners, VoIP Phone, Kiosk Terminals
[Enable following setting as policy] (selected), [Approve]
 Application Monitoring
 Windows, Mac, Linux/UNIX, Mobile Devices, Unclassified,
Classifying
[Enable following setting as policy] (not selected), [Monitor & Block]
 Kiosk Terminals
[Enable following setting as policy] (selected), [Monitor Only]
 Routers/Switches, Printers, NAS, Scanners, VoIP Phones, Others
[Enable following setting as policy] (selected), [Disabled]
 Behavioral IPS (Malware Detection)
 Windows, Mac, Linux/UNIX, NAS, Kiosk Terminals, Mobile Devices,
Unclassified, Classifying
[Enable following setting as policy](not selected), [Monitor & Block]
 Routers/Switches, Printers, Scanners, VoIP Phone, Others
[Enable following setting as policy] (selected), [Monitor Only]

The role of the device takes precedence over device classification.


 Manager, Gateway, Registration from Server, Exception Server
 Application Monitoring is fixed to [Monitor Only] and Behavioral IPS
(Malware Detection) is fixed to [Monitor & Block].
 Sensor
 Application Monitoring is fixed to [Disabled] and Behavioral IPS
(Malware Detection) is fixed to [Disabled].

89
Chapter 4 Manager Operations

Setting Item Description

Advanced Settings
Automatic Control for OS Type
Settings Displays the Automatic Control Settings for OS Type window. Refer to
"4.8.3.4 OS Type Based Policy".
Automatic Approval for MAC Address (Vendor ID)
Settings Displays the Automatic Approval for MAC address (Vendor ID) window.
Refer to "4.8.3.5 Automatic Approval for MAC Address (Vendor ID)
Settings".
Automatic Approval for IP Address
Settings Displays the Automatic Approval Settings for IP Address window. Refer to
"4.8.3.6 Automatic Approval Settings for IP Address Window".
Block Device The settings to block devices. Selecting the [Use Default Setting] checkbox
loads the settings of the "default" Segment Group into the current window.
Missing or Disposed
Term Specify the period, from a range of between 1 and 31 days, or between 1
and 24 months. The default value is 1 month. Devices that have passed the
specified term are determined to be missing or disposed according to the
following date for the device.
 Last detected date (if [Last detected] is indicated)
 Registered date (if [Last detected] is not indicated)
If the applicable day does not exist at the end of a month, a determination is
made on the last day of the applicable month.
Automatic Select this checkbox to automatically delete any devices marked as Missing
Removal or Disposed. Devices with Validity Period Approval are not automatically
deleted until the term expires.
Exception Server Specify the Exception Server that is allowed to communicate with devices in
blocking mode whose approval statuses are "Detected", "Requested", or
"Rejected". However, the server cannot communicate with devices on which
malware has been detected.
Specify the Exception Server with one of the following with 255 or less
letters. Available letters are alphanumeric with the symbols (".", "-", "_", and
"/" can be used).
 Host name in FQDN format
 IP Address
 Network address
The port numbers can be specified for a host name in FQDN format and IP
address.
Up to 10 Exception Servers can be registered.

Register Up to 10 Exception Servers can be registered.

Delete Deletes the Exception Server.


Proxy Server Port Specify the proxy port number if the proxy server is used in your network.
Number

4.8.3.4 OS Type Based Policy


The OS type based policy can be set from the Automatic Control Settings for OS Type window.
In this window, you can set the policy related to the following items for each OS type:
 Network access approval
 Application Monitoring

90
Chapter 4 Manager Operations

 Behavioral IPS (Malware Detection)


The following describes the items in the Automatic Control Settings for OS Type window.

Table 4.20 Automatic Control Settings for OS Type Window items

Setting Item Description

Automatic Control Settings for Set the policy for each OS type.
OS Type Selecting the [Use Default Setting] checkbox loads the settings of the
"default" Segment Group into the current window.
Segment Group Name Displays Segment Group names.
Add OS Type Select an OS type from the drop-down list or enter text. The contents of
the drop-down list is the same as the OS type information contained in the
Device Dictionary. For text entry, a string of up to 64 alphanumeric letters
can be entered. Entries are case-sensitive. Duplicated registration of OS
type value is unavailable.
For each OS type to be added, set the policy related to network access
approval, Application Monitoring, and Behavioral IPS (Malware
Detection). For the devices exactly matching the added OS type, the
specified values will be applied.
Up to 100 OS types can be set for each segment group.
OS Type Displays up to 100 OS types. You can sort by the underlined items in the
header of the OS type. If you sort the list, the "▼ (descending order)"
mark or the "▲ (ascending order)" mark appears on the right of the item
name.
Delete Deletes the policy for the selected OS type.
OK Applies the settings and closes the window.
Cancel Closes the window without applying the settings.

Hint
 When you set a policy for a OS type, the policy supersede the policy based on the device
type for devices of the OS type.

91
Chapter 4 Manager Operations

4.8.3.5 Automatic Approval for MAC Address (Vendor ID) Settings


The first 3 bytes of a MAC address contain a "vendor ID" for identifying the manufacturer. It is
possible to automatically approve certain devices to connect to the network if they belong to a
specific vendor, by registering this vendor's IDs in the iNetSec Smart Finder Manager in
advance. The Application Monitoring mode of the automatically approved device will be set to
[Monitor Only].

PFU Vendor IDs


Vendor IDs 
Set
for approval 

iNetSec Smart Finder


Manager
System administrator

Use "Blocking Mode" for the sensor

iNetSec Smart Finder iNetSec Smart Finder


Sensor Sensor

 
New device without New device with
a registered vendor ID a registered vendor ID

Setting Vendor IDs for Automatic Approval


Vendor IDs that are automatically approved for network connection are set in the Automatic
Approval for MAC address (Vendor ID) window. The Automatic Approval for MAC address
(Vendor ID) window appears by clicking [Setting] in [Automatic Approval for MAC Address
(Vendor ID)] on the [Segment Group Specific Settings] tab in the System Configuration window.
The following describes the items in the Automatic Approval for MAC address (Vendor ID)
window.

92
Chapter 4 Manager Operations

Table 4.21 Automatic Approval for MAC address (Vendor ID) window Items

Setting Item Description

Automatic Approval for Specify settings related to the automatic approval of MAC addresses (vendor
MAC Address (Vendor ID) IDs). Selecting the [Use Default Settings] checkbox loads the settings of the
"default" Segment Group into the current window.
Segment Group Displays Segment Group names.
Name
Vendor ID Specify a vendor ID for the automatic approval.
Up to 1000 vendor IDs can be set for each Segment Group.
The format of vendor ID is XX:XX:XX. 0 - 9, a - f, and A - F can be used as values
for X. ":", "-", or no delimiters can be used for the delimiters of a vendor ID.
Registers the specified vendor ID.

Exports registered vendor IDs as CSV files. Refer to "A.4 Automatic Approval for
MAC Address (Vendor ID) File".
Imports vendor IDs for approval from CSV files. Refer to "A.4 Automatic Approval
for MAC Address (Vendor ID) File".
Vendor ID List Displays a list of up to 100 vendor IDs per page for approval. If the number of
vendor IDs for approval exceeds 100, page numbers will be indicated at the top of
the vendor ID list.
If you sort the list, the " (descending order)" mark or the " (ascending order)"
mark appears on the right of the item name.
Delete Deletes the vendor IDs with the checkboxes selected.
OK Applies the settings and closes the window.
Cancel Closes the window without applying the settings.

93
Chapter 4 Manager Operations

Hint
 Devices detected in iNetSec Smart Finder Manager before enabling automatic approval
will not be determined for automatic approval.
 If ":" or "-" is used for the definitions in the vendor ID input format, the zeros, which are the
first digits can be omitted (01:01:01 -> 1:1:1).
 When a vendor ID is registered, the vendor name that corresponds to the vendor ID
appears in a list.

Attention
 When vendor IDs are imported, all vendor IDs already registered in iNetSec Smart Finder
Manager are deleted and overwritten.

4.8.3.6 Automatic Approval Settings for IP Address Window


The range of IP addresses for automatically approving network connection is set in the
Automatic Approval Settings for IP Address window. When a device accesses the network with
an IP address within the range, the Approval Status and the Application Monitoring mode for the
device assigned will be set to [Approved] and [Monitor Only] respectively. This window appears
by clicking [Setting] in [Automatic Approval for IP Address] for [Block/Approve Device] on the
[Segment Group Specific Settings] tab.
Automatic approval for IP address can be set for each Segment Group.
Up to 3000 IP addresses can be set for each Segment Group.
To approve network communication for the devices registered before setting IP addresses for
automatic approval, refer to "4.2.3 Selecting and Operating Devices" and approve network
connection.
The following describes the Automatic Approval Settings for IP Address window setting items.

94
Chapter 4 Manager Operations

Table 4.22 Automatic Approval Settings for IP Address Window Items

Setting Item Description

Automatic Approval Setting for Specify settings related to the automatic approval of IP addresses.
IP Address Selecting the [Use Default Setting] checkbox loads the settings of the
"default" Segment Group into the current window.
Segment Group Name Displays Segment Group names.
Add Approved IP Address If the IP address ranges that are added are duplicated, they are merged.
Range Note that if the IP address range is duplicated when the approval
statuses for automatic approval are different, an error occurs.
Up to 3,000 IP addresses for automatic approval can be set.
Registers the specified IP addresses.

Exports automatic approval information for Refer to "A.6


registered IP addresses to files. Automatic
Approval for IP
Imports the range of IP addresses for approval Address File".
from Automatic Approval for IP Address files.
IP Address to be Displays the range of up to 100 IP addresses for automatic approval that
automatically approved are already registered. You can sort by underlined items in the header of
the IP address range. If you sort the list, the " (descending order)"
mark or the " (ascending order)" mark appears on the right of the item
name.
Delete Deletes the automatic approval settings for the devices in the selected
IP address range.
OK Applies the settings and closes the window.
Cancel Closes the window without applying the settings.

95
Chapter 4 Manager Operations

4.8.3.7 Client Notification Message


The following describes client notification message.

96
Chapter 4 Manager Operations

Table 4.23 Items in Client Notification Message

Setting Item Description

Notification Message to Specify the settings for message notification displayed on the client windows.
client Selecting the [Use Default Setting] checkbox loads the settings of the "default"
Segment Group into the current window.
Client Window If "Yes" is selected, the following appears in the Client Windows:
Notification Blocking Notification (New Device) window
Blocking Notification (Pending) window
Blocking Notification (Rejected Device) window
Blocking Notification (Unauthorized IP Address) window
Blocking Notification (Prohibited Application Use) window
Blocking Notification (Behavioral IPS (Malware Detection)) window
External Select [Use] for the External Registration Form Server.
Registration Form External Registration Form Servers must not be set for Exception Servers.
Server
External Specify the URL for the External Registration Form Server. Select one of the
Registration protocols [http] or [https] and specify the address as an IP address or using FQDN,
Form Server with 255 or less alphanumeric letters and the following symbols:
URL .-_
Specify a port number. The default value is "80". 256 or less alphanumeric letters
and the following symbols are available for the path:
%/-_.!
Image Files

Header/  Use image


Footer/Logo Select the checkbox to use image files for a header, footer, or logo.
 File
Select image files to be used as a header, footer, or logo by clicking [Browse].
.jpg, .gif, and .png files are supported. The maximum size is 50 KB. This option
is available when [Use image] is selected.
 Alternative text
Specify an alternative text for the image. This option is available when [Use
image] is selected. 512 or less alphanumeric letters and the following symbols
are available for the alternative text. This option is available when [Use image]
and [File] are selected.
 Display position (Available for [Logo])
Specify any of the following positions on the window.
 Left
 Center
 Right
This option is available when [Use image] and [File] are selected.
Terms and  Use
Conditions Select the checkbox to use terms and conditions.
 File
Select the text file to be used as terms and conditions by clicking [Browse].
The maximum size is 10 KB. This option is available when [Use image] is
selected.
 Confirm the agreement.
Select to display the checkbox to ask for an agreement on the Registration
Form window.

97
Chapter 4 Manager Operations

Setting Item Description

Color

Header  Change color


Background/ To change the default color, select these checkboxes. Specify display colors
Heading Text/ in one of following formats:
Content
Background/  rgb(r,g,b)
Content Text/ r, g, and b are decimal numbers that indicate the value for red, green, and
Button blue correspondingly.
Background/
Button Text  #XXXXXX
Six digit hexadecimal number with a prefix "#".
 #XXX
Three digit hexadecimal number with a prefix "#".
When you change the value in the text boxes, the [Color Sample] window
receives the changes.
Blocking Specify the letters displayed in [Title] and Specify a title with 64 or less
Notification  [Message] in the Blocking Notification (New letters and a message with
(New Device) Device). 512 (1024 for Prohibited
 Preview Application) or less letters.
Click to display the sample window. A line feed letter in a message
is counted as two letters. You
Blocking Specify the letters displayed in [Title] and can use HTML tags in
Notification [Message] in the Blocking windows (Pending). messages. However, "<script"
(Pending)  Preview causes an error. This value
must be entered.
Click to display the sample window.
Blocking Specify the letters displayed in [Title] and
Notification [Message] in the Blocking window (Rejected
(Rejected Device) Device).
 Preview
Click to display the sample window.
Blocking Specify the letters displayed in [Title] and
Notification [Message] in the Blocking window (Unauthorized
(Unauthorized IP IP Address Violation).
Address)  Preview
Click to display the sample window.
Blocking Specify the letters displayed in [Title] and
Notification [Message] in the Blocking window (Prohibited
(Prohibited Application).
Application)  Preview
Click to display the sample window.

You can use the following placeholders for a


message.
 %DETECT-TIME%: Detected time
 %MAC-ADDRESS%: MAC address of the
detected device
 %IP-ADDRESS%: IP address of the
detected device
 %APPLICATION-NAME%: Application
name
 %APPLICATION-ID%: Application
identification
 %APPLICATION- SUMMARY%: Summary
of application

98
Chapter 4 Manager Operations

Setting Item Description

Blocking Specify the letters displayed in [Title] and


Notification [Message] in Blocking Notification (Behavioral
(Behavioral IPS IPS (Malware Detection)).
(Malware  Preview
Detection))
Click to display the sample window.

You can use the following placeholders for a


message.
 %MAC-ADDRESS%: MAC address of the
detected device
 %IP-ADDRESS%: IP address of the
detected device
Registration Form Specify the letters displayed in [Title] and
Window (Manager) [Message] of the Registration Form window on
the Manager. Refer to "4.9.2 Registration
Window on the Manager".
 Preview
Click to display the sample window.
Item Names on Specify the registration form item names in the following windows, with 16 or less
Registration Form letters.
 Registration Form window on the Manager
 Blocking Notification (New Device) window
You can use HTML tags in the registration form item names.
The default registration items are as follows:
Item 1: Name
Item 2: Section
Item 3: Telephone Number
Item 4: Option Field 1
Item 5: Option Field 2
Select the checkboxes for Items 1 to 5 to display the items in the Registration Form
window and in the Blocking Notification (New Device) window.
Use the [Required] checkboxes to specify whether to require an entry of Items 1 to
5.
Footer Specify the footer to be displayed in the Blocking Notification windows and the
Registration Form window on the Manager with 128 or less letters. The default
value is "iNetSec Smart Finder V2.0".

Table 4.24 Client Notification Messages (Default)

Client Window Default

Blocking Notification Title Blocking Notification


(New Device)
Message The device is not allowed for network access because the device is not
registered. Registration is required for network access.
Blocking Notification Title Blocking Notification
(Pending)
Message The registration for the device is requested. Please wait for approval
from the administrator.
Blocking Notification Title Blocking Notification
(Rejected Device)
Message The device is not allowed for network access.
Blocking Notification Title Unauthorized IP Address Violation Notice
(Unauthorized IP
Address) Message The IP address assigned is required for a device to have network
access or the IP address assigned to other devices. Please change to
the correct IP address.

99
Chapter 4 Manager Operations

Client Window Default

Blocking Notification Title Blocking Notification


(Prohibited
Application) Message This device uses the following application that is prohibited by the
policy:
"%APPLICATION-SUMMARY%"
The use of the network is currently restricted.
Just after "Unblock" is pressed, the use of the network becomes
unrestricted, but it is restricted again when this application is used.
Application ID: %APPLICATION-ID%
Detected Time: %DETECT-TIME%
MAC Address: %MAC-ADDRESS%
IP Address: %IP-ADDRESS%

Blocking Notification Title Blocking Notification


(Behavioral IPS
(Malware
Message Malware behavior is detected on the device.
Detection)) The malware-detected device is not allowed access to the network.
Remove malware from the device and wait for the administrator to
unblock the device.
MAC Address: %MAC-ADDRESS%
IP Address: %IP-ADDRESS%
Registration Form Title Registration for Network Connection
Window (Manager)
Message Enter the IP address of the device and click [Show MAC Address].
Select the MAC address and submit the registration form. Before you
submit a registration form, assign an IP address to the device and
connect to the network. A registration form is required for network
access if your device is blocked.

Attention
 To display a line wrapped for the intended position, use HTML tags to adjust the position,
or use the external application form server.
Refer to "4.10 Using External Registration Form".

4.8.3.8 Network Definition


Since the Command and Control Server that is the target of Behavioral IPS (Malware Detection)
usually exists on the Internet, the Sensor is required to distinguish between the intra network in
the organization and external network. Therefore, the administrator is required to define the
internal network with the IP address range used for the intranet in the organization and other
networks as external networks.
The following describes the setting items related to network definition required for Behavioral IPS
(Malware Detection).

100
Chapter 4 Manager Operations

Table 4.25 Network Definition Items

Setting Item Description

Local Addresses When the checkbox is selected, internal network addresses include the
in the Internal private IP addresses defined in RFC1918 as listed below. By default, the
Network checkbox is selected.
 10.0.0.0-10.255.255.255
 172.16.0.0-172.31.255.255
 192.168.0.0-192.168.255.255
Internal IP Specify addresses other than the above-mentioned private IP addresses as
Addresses the internal network.
For the internal network address, the following format can be used. No more
than 255 alphanumeric and the special characters (".", "-", "_" and "/") can be
used.
 Host name in FQDN format (No more than 255 characters)
 IP address
 Network address (XXX.XXX.XXX.XXX/XX)
 IP address range (XXX.XXX.XXX.XXX-YYY.YYY.YYY.YYY)
To specify multiple addresses (up to 20 addresses), delimit them with a
comma.
IP Addresses In organizations using proxy servers (except transparent proxy),
Handled as communication with external networks is performed by the proxy servers, and
External Network the IP addresses of the proxy servers are required to be handled as the
IP Addresses external network. Therefore, it is required to exclude proxy servers from the
internal network definition.
For the exclusion addresses, character strings as shown below can be used.
No more than 255 alphanumeric and the special characters (".", "-", "_" and "/
") can be used.
 Host name in FQDN format
 IP address
 Network address
 IP address range
To specify multiple addresses (up to 20 addresses), delimit them with a
comma.
When the Manager is installed or when the patch from V3.0L10 to V3.0L20 is
applied, the address of the proxy server that is defined in Internet Explorer is
automatically imported. Note that it is not imported when the proxy server
names are not resolved.

4.8.3.9 Blocking and Approving Application


The settings related to blocking and approving application can be specified from [Block/Approve
Application] on the [Segment Group Settings] tab in the [System] menu.
The following describes the setting items related to [Block/Approve Application].

101
Chapter 4 Manager Operations

Table 4.26 Block/Approve Application Items

Setting Item Description

Category You can set the application status to [Permit] or [Prohibit] for each category.
By default, this item is set to "Not changed" ([Enable following setting as
policy] is not selected) for all categories.
The status setting is reflected in the policy when the [Enable following setting
as policy] checkbox is selected.
Changing this setting also changes the status of the applications set to
[Preassigned Policy] out of the applications currently registered to the
Manager. When individual policies are used for applications, the statuses of
the applications are not changed.

102
Chapter 4 Manager Operations

4.8.4 System Settings


The following describes the [System Settings] tab.

Table 4.27 System Settings Tab Items

Setting Item Description

License
License Setting Specify the license key to be added.
[Settings] Displays the License Setting window.
Device Classification
Device Dictionary Specify the Device Dictionary file to update the device classification.
[Settings] Displays the Device Dictionary Setting window.
Advanced Settings
SNMP Specify the SNMP community to classify the device types and to collect printer
Community for information with 64 or less alphanumeric letters and symbols (except for
Device spaces and commas). To specify multiple SNMP communities, use a comma.
Classification You can specify up to 10 SNMP communities. In addition to the specified
SNMP communities, "public" is also used.
Application Monitoring
Application Dictionary Specify the Application Dictionary file to update the Application List.
[Settings] Displays the Application Dictionary Setting window.
Operation Settings
Manager Operation Settings
Event Retention Specify the Event Retention Period as 30, 60 or 90 days. The default value is
Period 30 days. If the events exceed 100,000, the past history in chronological order,
is automatically deleted.

103
Chapter 4 Manager Operations

Setting Item Description

Scheduled Time Specify the Scheduled Time of the Manager Process for daily operations
for Manager including the deletion of events and missing/disposed device information.
Process The Scheduled Time for Manager Process is with a range of 00:00 to 23:59
using "hh:mm", "hh:m", "h:mm" or "h:m". The default is "02:00". The value
must be entered.
Reverse DNS Specify [Yes] if resolving the device's host name from the IP address using the
Lookup DNS on the Manager.
Specify [No] if DNS cannot resolve the device's host name from the IP
address on the Manager.
Registration Form Specify [Use] for the Registration Form window on the Manager. The default
on Manager value is [Not use].
Item header in When exporting device information, specify whether to include item names.
CSV File When the device information is imported, indicate whether the item names
must be included.
Communication Setting
Sync interval Specify the communication interval between the Manager and the Sensor as
between Manager 1, 5, or 10 minutes. The default setting is "1" (minute).
and Sensor Specify the value to apply the setting changes to the Sensor and to monitor
the Sensor status.
Sensor to Sensor Select the [Sensor to Sensor status monitoring] checkbox. The Sensor
Status Monitoring monitors another Sensor in the same Segment Group and if there is a Sensor
error, another Sensor sends an e-mail or SNMP trap. The monitoring interval
is 5 minutes.
Forward DNS Specify [Manager] if resolving the server's IP address from the host name
lookup using the DNS on the Manager.
Specify [Sensor] if DNS cannot resolve the server's IP address from the host
name on the Manager.

Hint
 Click [Apply]. The Manager transfers the Sensor's settings to the Sensor in the next
synchronization. Verify the Sensor window to confirm the settings.

Attention
 Sensor to Sensor Status Monitoring is unavailable if the Sensor cannot communicate with
other Sensors (in a NAT environment or when a firewall is used).
 The Sensors that perform Sensor to Sensor Status Monitoring must communicate via the
gateway in the IP segment specified as Communication Route in the Sensor Basic
Settings window.

104
Chapter 4 Manager Operations

4.8.4.1 License Settings


Use the following procedure to activate the segment licenses.

[Procedure]
1. Click [Settings] next to [License Setting] on the [System Settings] tab.
 License Settings window appears.
2. Enter the license key described in the License Certificate in [Add License Key].

3. Click .
 The license key and the number of segment licenses are displayed.
4. Click [OK].
 The licenses are activated and applied to the system.

4.8.4.2 Device Dictionary Registration


Use the following procedure to register a Device Dictionary.

[Procedure]
1. Click [Settings] next to [Device Dictionary] on the [System Settings] tab.
 The Device Dictionary Update window appears. Check a version of the registered
Device Dictionary.

2. Click [Browse].
 Select File dialog box appears.
3. Specify a name of the file to register, and then click [Upload].
 The [The specified Device Dictionary file will be uploaded. Click OK to continue.]
message dialog box appears.
4. Click [OK].
 The "Upload completed." message appears in the Device Dictionary Update window,
and the Device Dictionary is registered. If there is a problem with the file format when
the specified file version is the same or older than the registered file, an error message
is displayed.

105
Chapter 4 Manager Operations

4.9 Registration Form Window


There are two types of Registration Form windows. One is for devices that have a web browser
and can submit the registration form for network access using the Registration Form window.
The other is for devices that do not have a web browser. Registration can be submitted from the
Registration Form window on the Manager, by accessing the registration form from a device that
has a web browser installed.

Hint
 For the Blocking Notification (New Device) window and the Registration Form window on
the Manager, you can use the External Registration Form according to the customer
environment. Refer to "4.10 Using External Registration Form".
 If the web browser of a client device uses an automatic proxy configuration script
(automatic configuration script for Internet Explorer), restart the web browser after
connecting to the network, enabling proxy connection.

4.9.1 Client Device Registration


When the operation mode of the Sensor is set to [Blocking Mode], the Blocking Notification (New
Device) window appears on a client device connected to the network. The window does not
appear when [Client Window Notification] is set to [Do Not Notify] in the System Configuration
window.

Attention
 The Blocking Notification (New Device) window is displayed with http connections (port
number 80) only.

(1)
(2)

(3)

(4)

(5)

106
Chapter 4 Manager Operations

Table 4.28 Blocking Notification (New Device) Window Items

No. Setting Item Description

(1) Title Displays the letters specified for [Title] and [Message] in Blocking
Notification (New Device) window in the [Segment Group Specific
(2) Message Settings] tab of the System Configuration window. Refer to "4.8.3.3
Block/Approve Devices".
(3) Device MAC Displays the MAC address of the device detected by the Sensor.
Information Address
(4) Additional (Item 1) Specify each registration item with 64 or less letters.
Information Displays the registration items specified for [Item Names on Registration
(Item 2)
Form] on the [Segment Group Specific Settings] tab in the System
(Item 3) Configuration window.
Item names from Item 1 to 5 are the names defined in the System
(Item 4)
Configuration window.
(Item 5) Refer to "4.8.3.3 Block/Approve Devices".
[Submit] Enter the required items for registration and click [Submit].

(5) Footer Displays the letters specified in [Footer] on the [Segment Group Specific
Settings] tab in the System Configuration window. Refer to "4.8.3.3
Block/Approve Devices".

Attention
 If a device is moved to another segment while the Manager is not operating, the
registration cannot be shared in the same Segment Group. Please register again.
 To use a web browser with a proxy server, specify the Sensor IP address as a proxy
exception.

4.9.2 Registration Window on the Manager


For devices that do not have a web browser, the registration can be submitted from the
Registration window on the Manager, by accessing the registration form from a device that has a
web browser installed.

For the Registration window on the Manager do the following:

Enabling the Registration Window on the Manager


In [System Settings] of the System Configuration window, change [Registration Form on
Manager] to [Use].

Registering with the Registration Window on the Manager


Access the following URL from a device that uses a web browser to submit registration.

For HTTP

http://<host name or IP address of the Manager Computer>:<port number>/pfudac/manager/Application.aspx

107
Chapter 4 Manager Operations

For HTTPS

https://<host name or IP address of the Manager Computer>:<port number>/pfudac/manager/


Application.aspx

Hint
 Specify the port number when installing the Manager (default: 8109).

Attention
 The following registration conditions apply to the Manager.
 A device requiring registration such as a printer must be detected by the Sensor.
To register the device, you must submit a registration form from a PC managed in the
same Segment Group.
 Registration cannot be submitted for devices for when the status is approved,
rejected, or submitted.

(1)

(2)

(3)

(4)

(5)

Table 4.29 Registration Window Items on the Manager

No. Setting Item Description

(1) Title Displays the letters specified for [Title] and [Message] in [Registration]
window (Manager) on the [Segment Group Specific Settings] tab in
(2) Message System Configuration window. Refer to "4.8.3.3 Block/Approve
Devices".
(3) Device IP Address Enter the IP address of the device you are registering and click [Show
Information MAC Address]. The MAC address corresponding to the IP address
appears. An error message appears if an IP address is not found.
MAC Address Select a MAC address from the list of MAC addresses shown.

108
Chapter 4 Manager Operations

No. Setting Item Description

(4) Additional (Item 1) Specify each registration item with 64 or less letters.
Information Displays the registration items specified for [Item Names on
(Item 2)
Registration Form] on the [Segment Group Specific Settings] tab in
(Item 3) the System Configuration window.
Item names from Item 1 to 5 are the names defined in the System
(Item 4)
Configuration window.
(Item 5) Refer to "4.8.3.3 Block/Approve Devices".
[Submit] Enter the required items for registration and click [Submit].
(5) Footer Displays the letters in [Footer] on the [Segment Group Specific
Settings] tab in the System Configuration window. For details, refer to
"4.8.3.3 Block/Approve Devices".

4.9.3 Blocking Notification Windows


The following section describes Blocking Notification windows.

Blocking Notification (Pending)


This window appears when the registration form for the device has been submitted and the
user is attempting to connect to the network before approval (Unblock After Approval).

Blocking Notification (Pending) Window .

(1)

(2)

(3)

109
Chapter 4 Manager Operations

Blocking Notification (Rejected Device)


This window appears if a device has been rejected from connecting or if an attempted
connection is out of the period specified [Validity Period] in the Device Information window.
The following is an example of Blocking Notification (Rejected Device) window:

(1)

(2)

(3)

Blocking Notification (Unauthorized IP Address)


This window appears if a device is attempting to connect to the network with an IP address,
different from the one in the Device Information window, and is blocked from accessing the
network.
The following is an example of an Blocking Notification (Unauthorized IP Address) window:

(1)

(2)

(3)

110
Chapter 4 Manager Operations

Blocking Notification (Prohibited Application Use)


This window appears if a device's network access is blocked when using a prohibited
application.
The following is an example of the Blocking Notification (Prohibited Application Use) window:

(1)

(2)

(3)

Blocking Notification (Behavioral IPS (Malware Detection))


This window appears if a device on which malware is detected attempts to connect to the
network and the device is rejected.
The following is an example of the Blocking Notification (Behavioral IPS (Malware Detection))
window:

(1)

(2)

(3)

111
Chapter 4 Manager Operations

Table 4.30 Blocking Notification Window Items

No. Setting Item Description

(1) Title Displays the letters specified for [Title] and [Message] in the [Segment
Group Specific Settings] tab of the System Configuration window. Refer to
(2) Message "4.8.3.3 Block/Approve Devices".
(3) Footer Displays the letters specified in [Footer] on the [Segment Group Specific
Settings] tab in the System Configuration window. Refer to "4.8.3.3
Block/Approve Devices".

4.9.4 Modifying Notification Window Design


The design of the notification windows that appear on client devices can be modified to fit your
organization requirements. In order to do that, click on the [Segment Group Specific Settings] tab
of the System Configuration window. Refer to "4.8.3.7 Client Notification Message".

Preview of the Modified Notification Window


You can preview the modified notification window in two ways.

 In the System Configuration window


Under [Notification Message to Client] in [Segment Group Specific Settings] tab, click
[Preview] for the window you want to preview.

 In a Web Browser
Access the following URL from a web browser.

http or https://<host name or IP address of the Manager Computer>:<port number>/pfudac/manager/


ClientNotificationPreview.aspx?view=<query string>

<query string> can be one of the following:


Value Description
reg The Blocking Notification (New Device) appears.
pnd The Blocking Notification (Pending) appears.

blk The Blocking Notification (Rejected Device) appears.

ip The Blocking Notification (Unauthorized IP Address) appears.

app The Blocking Notification (Prohibited Application) appears.

mgr The Registration Form Window (Manager) appears.

112
Chapter 4 Manager Operations

4.9.5 Unblocking Connections


The authorization process, before granting connection to the network, varies depending on the
operation mode of the Sensor.

When the operation mode is [Blocking Mode (Unblock After Registration)]


A blocked device can connect to the network automatically after submitting a registration form
from the blocked device. The process to the network connection is as follows:
1. Connect a client device to the network.
 The Blocking Notification (New Device) window appears (if the device has a browser
that can connect to the Internet).
2. Fill out the fields in the Blocking Notification (New Device) window and click [Submit].
 An "application completed" message appears and the network connection is enabled.

When the operation mode is [Blocking Mode (Unblock After Approval)]


The system administrator needs to authorize (approve) the connection, after the network user
submits a registration form from a blocked device. If a device connects to the network before the
system administrator authorizes (approves) the connection, the Blocking Notification (Pending)
Window appears. The process to the network connection is as follows:
1. Connect a client device to the network.
 The Blocking Notification (New Device) window appears (if the device has a browser
that can connect to the Internet).
2. Fill out the fields in the Blocking Notification (New Device) window and click [Submit]
button.
 An "application completed" message appears, but when the device tries to connect the
network again, the Blocking Notification (Pending) window appears.
3. The system administrator authorizes the connection in one of the following ways:

To authorize on the Manager


In the Devices List window, select the checkbox to the left of the device to allow the
connection and click [Approve].

To authorize by e-mail
Reply to the registration e-mail. Authorization by e-mail is available even on a mobile
device.
To receive the registration mail, [Approval by e-mail] in the System Configuration
window should be enabled. Refer to "4.8.3.1 Notification".

113
Chapter 4 Manager Operations

When the monitoring option is [Application Monitoring (Blocking Mode)]


A blocked device can connect to the network simply when the network user submits an
unblocking request for the blocked device. The process to the network connection is as follows:
1. Connect a client device to the network.
 The Blocking Notification (Prohibited Application Use) window appears (if the device
has a browser that can connect to the Internet).
2. Click [Unblock].
 The network connection is enabled.

When the monitoring option is [Behavioral IPS (Malware Detection) (Blocking


Mode)]
To unblock the device on which malware has been detected, the system administrator needs to
clear the malware-detected status in the Management window. The process to clear the
malware-detected status is as follows:
1. In the Device List window, select the checkbox to the left of the device from which you
want to clear malware-detected status.
2. Click [Change Device Setting].
 The Change Device Setting window appears.
3. Select [Clear] next to [Clear Malware Detection Result].
4. Click [OK].

4.10 Using External Registration Form


In the Blocking Notification (New Device) window or the Registration Form window, you can use
an "External Registration Form" that is created in accordance with the customer system
requirements.
To use an External Registration Form window, you need a web server for the external
registration form.
For the External Registration Form window, set [Use] to [External Registration Form Server] in
[Segment Group Specific Settings] on the System Configuration window, and then specify
[External Registration Form Server URL]. For details about the System window, refer to "4.8.3.7
Client Notification Message".
When an External Registration Form Server is used, it provides an external registration form as
well as responses to device users. However, the data flow differs when using the Blocking
Notification (New Device) window and when using the registration form on the Manager window.

114
Chapter 4 Manager Operations

Using Blocking Notification (New Device) Window on External Registration


Form Server
[Data Process Flow]
1. When a client accesses the operational network on the web, the Sensor directs the client
to the Registration Form window of the Sensor.
2. The Sensor Registration Form window returns a redirect response (status code 302) for
the Registration Form window of the External Registration Form Server.
3. The client accesses the External Registration Form Server.
4. The External Registration Form Server returns a Registration Form window.
5. The client sends the content of a registration form to the External Registration Form
Server.
6. The External Registration Form Server returns an approval or reject, depending on the
content of the registration. If the server returns an approval, the client is sent a redirect
response (status code 302) for the registration form of the Sensor.
7. The client accesses the Registration Form window of the Sensor.
8. The Sensor returns a redirect response to the client for the Registration Form completion
window of the External Registration Form Server. At the same time, the Sensor reports
the content of the registration to the Manager (status 302).
9. The client accesses the "registration completed" window of the External Registration
Form Server.
10. The content of the registration is stored in the Manager database.
When redirecting a client to an External Registration Form Server, the Sensor and the
Manager set the "action" and other parameters to the URL of the specified External
Registration Form Server. The following table describes "action" parameter values and other
parameters.

115
Chapter 4 Manager Operations

Table 4.31 Parameters When Using Blocking Notification (New Device) window on External Registration
Form Server

action
Other
Parameter Description
Parameters
Value

show Return the Registration Form window to the client.


When the client submits a registration form in response, check the validity of the
registration. If it is valid, return a response that redirects to "http://<Sensor IP
address>/pfudac/notify.cgi". The details of the notify.cgi parameters are as
follows:
 action
Specify "apply".
 ip
Specify the IP address of the applying client. Do not pad octets with zeroes.
 mac
Specify the MAC address of the client in "xx:xx:xx:xx:xx:xx" format.
 item1
Specify (Item 1). (*)
 item2
Specify (Item 2). (*)
 item3
Specify (Item 3). (*)
 item4
Specify (Item 4). (*)
 item5
Specify (Item 5). (*)
sensor The IP address of the Sensor is specified. Octets are not padded with zeroes.
ip The IP address of the applying client is specified. Octets are not padded with
zeroes.
mac The MAC address of the client is specified in "xx:xx:xx:xx:xx:xx" format.
confirm Return the content of the registration form to the client.
mac The MAC address of the client is specified in "xx:xx:xx:xx:xx:xx" format.
item1 (Item 1) is specified. (*)
item2 (Item 2) is specified. (*)
item3 (Item 3) is specified. (*)
item4 (Item 4) is specified. (*)
item5 (Item 5) is specified. (*)
inspecting Return a window indicating the registration is under inspection to the client.
If the operation mode of the Sensor is [Blocking Mode (Unblock After
Registration)], this parameter is not called.
activating Return a window indicating the registration is completed and the client is waiting
for an approval. If the operation mode of the Sensor is [Blocking Mode (Unblock
After Approval)], this parameter is not called.
deny Return a window indicating the registration was rejected.
duplex Return a window indicating the registration has already been submitted.
illegalip Return a window indicating that the assigned MAC address and IP address do
not match.
mac The MAC address of the client is specified in "xx:xx:xx:xx:xx:xx" format.

116
Chapter 4 Manager Operations

action
Other
Parameter Description
Parameters
Value

error Return a window indicating an error has occurred to the Sensor.


m One of the following error codes is specified:
769 : Validation of the registration failed.
770 : A registration for connection failed.
771 : The number of registrations has exceeded the upper limit.
1025 : Decoding of base64url failed.

*: For item 1 through item 5, specify a value of up to 64 characters converted by the base64url encoding with
"no padding". Settings of items not used are optional. For details about base64url encoding, refer to RFC
3548.

Using Registration Form Window on the Manager on an External Registration


Form Server
[Data Process Flow]
1. The client directly accesses the External Registration Form Server.
2. The client sends the content of a registration form to the External Registration Form
Server.
3. The External Registration Form Server returns an approval or rejection depending on the
content of the registration. In the case of an approval, the External Registration Form
Server returns to the client a redirect response to access the Manager Registration Form
window (ExternalApplication.aspx described later) of the External Registration Form
Server (status code 302).
4. The client accesses the Manager Registration Form window (ExternalApplication.aspx) of
the External Registration Form Server.
5. If the Manager determined that the content of a registration form does not include an error
(for example, a device for which a registration was submitted does not exist.), it is stored
in the Manager database.
6. The Manager returns to the client a redirect response for the Registration Form
completion window of the External Registration Form Server (status code 302).
7. The client accesses the "registration completed" window of the External Registration
Form Server to confirm that the registration is completed.

The External Registration Form Server must add parameters described in "Table 4.27
Parameters Sent to Manager" to the following Manager address to redirect to the address:

http://<host name or IP address of the Manager Computer>:<port number>/pfudac/manager/


ExternalApplication.aspx

117
Chapter 4 Manager Operations

Hint
 Specify the port number indicated when installing Manger (default: 8109).
 To select HTTPS for the communications protocol for the Management window, send the
parameters to the following address:

https://<host name or IP address of the Manager Computer>:<port number>/pfudac/manager/


ExternalApplication.aspx

Parameters sent to the Manager are as follows:

Table 4.32 Parameters Sent to the Manager

Parameter Description

action Specify "apply".


ip Specify the IP address of the applying client. Do not pad octets with zeroes. (*1)
mac Specify the MAC address of the client. (*1)
item1 Specify (Item 1). (*2)
item2 Specify (Item 2). (*2)
item3 Specify (Item 3). (*2)
item4 Specify (Item 4). (*2)
item5 Specify (Item 5). (*2)
url Specify the URL of the Registration Result window of the External Registration Form
Server. (*2) (*3)

*1: Either or both the IP and Mac parameters must be specified.


*2: Specify a value of up to 64 characters converted by the base64url encoding with "no padding". For the
character code, use UTF-8. Settings of items not used are optional. For details about base64url
encoding, refer to RFC 3548.
*3: If this parameter is invalid, a registration result window cannot be obtained from the External
Registration Form Server.

118
Chapter 4 Manager Operations

In response to access to ExternalApplication.aspx, the Manager returns a redirect response


(status code 302) for the URL specified with the url parameter. At this time, the Manager
specifies the following parameters:

Table 4.33 Returned Parameters (Normal)

Parameter Description

action "mconfirm" is specified.


ip The IP address of the applying client is specified. Octets are not padded with zeroes.
mac The MAC address of the client is specified in "xx:xx:xx:xx:xx:xx" format.
item1 (Item 1) is specified. (*)
item2 (Item 2) is specified. (*)
item3 (Item 3) is specified. (*)
item4 (Item 4) is specified. (*)
item5 (Item 5) is specified. (*)

*: Specify a value of up to 64 characters converted by the base64url encoding with "no padding". For details
about base64url encoding, refer to RFC 3548.

If a registration causes an error, the Manager specifies the following parameters:

Table 4.34 Returned Parameters (Error)

Parameter Description

action "error" is specified.


m One of the following error codes is specified:
601 : The device that displays web browser is not registered in the Device List.
602 : The device that displays web browser belongs to multiple Segment Groups.
603 : The registration item exceeds 64 characters.
604 : The device for which a registration is submitted is not registered in the Device List.
605 : The registration of the device for which a registration is submitted has already been
submitted.
770 : An access to the database has failed.

119
Chapter 4 Manager Operations

4.11 Notes on Operation


This section provides notes on the operation of the system running iNetSec Smart Finder.

When Changing the Clock on the Manager Computer


 If the Manager has been operating for more than the specified "Missing or Disposed"
period, the automatic removal of missing/disposed devices is enabled. The device
information for some devices may be determined to be missing/disposed. If this occurs,
these devices may be deleted from the list when the Manager starts. When automatic
removal of missing/disposed devices is enabled, start the Manager at regular intervals.
 The approval term for devices is determined directly after 24:00. Devices that have been
disconnected for longer than the approval term are automatically deleted at the
Scheduled Manager Process Time.
 If you change the time zone of the operating system on the Manager Computer, restart
the Manager Computer. If you do not restart the Manager Computer, the time zone setting
is not applied properly to the iNetSec Smart Finder information.

When the Manager Computer Is Not Started


 If you choose to automatically delete missing/disposed devices but the Manager is not
started for a longer time than the specified "Missing or Disposed" period, at the next start,
the Manager might delete relevant device information, by inappropriately determining that
those devices are missing/disposed. Thus, you should periodically start the Manager if
you have chosen to automatically delete missing/disposed devices.
 If an event occurs while the Manager is not running, the notification of the event to the
Manager may fail and the event will be lost. If you want to check all events, keep the
Manager running.
 When not running, the Manager cannot register data such as the operation mode of
devices and the amount of printed pages. If you want to collect such data, always keep
the Manager running.
 You cannot use Chart while the Manager is not running. To use Chart, start the Manager
beforehand.

Notes on the Operating System of the Manager Computer


 The Manager Computer does not support upgrades to the operating system. The
Manager Computer must be reinstalled after upgrading the operating system on the
computer.

When Adding the Sensors to the Network


 To block invalid connected devices, run the Sensors in [Monitoring Mode] for
approximately one week to collect information about devices connected to the network.
 If a computer already connected to the network before installation of the Sensor runs on
one of the following operating systems, restart the computer or reconnect it to the
network. Otherwise, the Sensor might not be able to correctly detect the device type as
[Windows]. If this occurs, change the device type of the relevant computer to [Windows] in
the Management window.
 Windows Vista
 Windows Server 2008

120
Chapter 4 Manager Operations

 Windows Server 2008 R2


 Windows Server 2012
 Windows Server 2012 R2
 Windows 7

When Changing the Basic Settings of the Sensor after the Sensor Is Registered
to the Manager
 When you change [Manager's IP Address] in the Sensor Basic Settings window,
operations on the Sensor after you save the modified setting will vary depending on
whether you specify a new Manager Computer or the same Manager Computer.
 When the Sensor connects to the same Manager Computer with a new IP address
Stop and restart the Sensor. Refer to "5.3 Stopping the Sensor" and "5.2 Starting the
Sensor".
 When the Sensor connects to a new Manager Computer
Save the basic settings of the Sensor, and initialize the Sensor. Refer to "Initializing
the Sensor after saving the basic settings" in "5.4 Initializing the Sensor".
 If you delete or modify the network to which the Sensor connects in the Sensor Basic
Settings window, delete all the devices detected by the Sensor in the Management
window.

When Running an External Registration Form Server


 The same IP address cannot be used for the following servers. Use different IP
addresses.
 External Registration Form Servers and Exception Servers

Notes on Network Configuration, Devices, and Other Applications


 Use the bridge port mode for wireless LAN access points. If the router mode is used,
wireless LAN access points may not be able to block devices. To use the router mode, do
not connect the following devices directly to the wired LAN port for the wireless LAN
access point. Use a HUB to connect devices to the wired LAN port.
 Sensor
 Client device
 Server that is accessed by client devices (e.g. web server)
 If a segment where the Sensor is installed contains a network device that supports the
Proxy ARP function, ensure you disable the Proxy ARP function of the network device. If
the Proxy ARP function is enabled on a network device, the Sensor might not be able to
block communications by the device that should be blocked.
 Some router types might not be able to detect and block devices. In such cases, updating
the router firmware may resolve the issue.
 If security software is monitoring ARP requests on devices to be detected and blocked,
client windows such as the Registration Form window might not be displayed and blocking
may be temporarily suspended.
 iNetSec Smart Finder detects ARP requests to discover and block devices connected to
the network. Thus, it cannot detect and block the following devices:
 Devices using a protocol that does not use ARP communications (AppleTalk, IPX,
SNA, DECnet, IPv6, etc)

121
Chapter 4 Manager Operations

 Devices that do not send ARP


 Devices that do not respond to ARP requests
 If a failure occurs in a printer or an all-in-one printer, repairs might cause the internal
counter to be reset. In this case, the amount of printed pages might be incorrect in Chart.
 If Internet Explorer 7 is used, memory consumption might gradually increase and cause
unstable operations. When using Internet Explorer 7, be sure to restart it periodically.

Notes on Malware Detection with Behavioral IPS (Malware Detection)


 iNetSec Smart Finder detects remote-control malware based on behavior. When remote
management tools (such as the PsExec command provided by Microsoft) are used in
devices that are connected to the network, the tools may be detected as malware
depending on the communication situation on the devices.

122
Chapter 5 Sensor Operations

Chapter 5 
Sensor Operations

This chapter describes Sensor components and operations and the Sensor Basic window.

5.1 Components of the Sensor ..................................................................................... 124


5.2 Starting the Sensor ................................................................................................. 125
5.3 Stopping the Sensor ............................................................................................... 127
5.4 Initializing the Sensor .............................................................................................. 128
5.5 Sensor Basic Settings Window ............................................................................... 129
5.6 Exporting/Importing Sensor Basic Information........................................................ 136
5.7 Erasing Data from the Sensors............................................................................... 137

123
Chapter 5 Sensor Operations

5.1 Components of the Sensor


This section describes the Sensor buttons and LED status on the front panel of the Sensor. For
details about the components of the Sensor, refer to Sensor Instruction Manual.

Power button
POWER LED
ALARM LED
SENSOR LED
EXT LED
INIT button

Table 5.1 Sensor Buttons and LED status

Component Description

Button Power button Turns on/off the Sensor.


INIT button Initializes the Sensor.

124
Chapter 5 Sensor Operations

Component Description

LED POWER LED Indicates the Sensor power status.


The following describes the LED status.
  Off
The power is off.
  On (green)
Normal operation
 * Flashing (green)
The Power button is pressed once.
  On (amber)
The any of the following:
 Loading firmware (ALARM LED lights on at the same time)
 Starting up firmware (preparing for operation)
 Stop process in progress
 * Flashing (amber)
The any of the following:
 Updating firmware
 Initializing after the INIT + Power buttons were pressed
ALARM LED Indicates the warning status.
The LED lights on in  amber when an error occurs.
SENSOR LED Indicates the Sensor status.
The following describes the LED status.
  Off
The Sensor is not operating or the Manager address is not specified in
the basic settings. The LED is in this status by default (when the
Sensor operates for the first time).
  On (green)
The Sensor is operating and communicating with the Manager. The
Sensor is operating properly.
  On (amber)
The Sensor is operating but cannot communicate with the Manager.
EXT LED Indicates the Sensor status. This LED is always off.

5.2 Starting the Sensor


Use the Power button to start the Sensor.
The following describes the Sensor startup operation and LED status.

Table 5.2 Sensor Startup Operation and LED Status

LED status
No. Operation POWER ALARM SENSOR
LED LED LED
1 Ensure that the LEDs are in the status as shown on the right   
and press the Power button. Off Off Off
1-1  The POWER and ALARM LEDs turn on amber.   
On On Off
(amber) (amber)

125
Chapter 5 Sensor Operations

LED status
No. Operation POWER ALARM SENSOR
LED LED LED
1-2  The ALARM LED turns off.   
On Off Off
The POWER LED flashes amber during firmware updates or (amber)
initialization with the INIT button.
1-3  When the Sensor operation begins and the connection to   
the Manager is established successfully, the LED status On Off On
appears as shown to the right. (amber) (green)

1-4  The Sensor firmware startup process completes and the   


POWER LED lights on green. On Off On
(green) (green)

Hint
 If shutdown did not complete properly, the Sensor is automatically turned on and starts up
when power is supplied. Even after a power outage, the Sensor automatically restarts
when power is restored.

When the Sensor does not start properly, the LEDs are in the following status:

Table 5.3 LED during an Error

LED status
Description
POWER ALARM SENSOR
LED LED LED

   The Sensor firmware startup process completes but the connection to


On Off On the Manager is not established.
(green) (amber)
   The Sensor startup process completes but the Manager address is not
On Off Off specified in the basic settings or connection to the specified Manager is
(green) not established.
The LEDs are in this status by default (when the Sensor operates for
the first time) since the Manager address is not specified.
   The Sensor cannot be started due to a hardware or firmware error. The
Off On Off ALARM LED turns off by any of the following operations:
(amber)  Collect the maintenance information of the Sensor with the
Manager Computer and restart the Sensor.
 Initialize the Sensor with the INIT button and restart the Sensor.
 Disconnect the power cable and then insert it again, and restart the
Sensor.
If the Sensor does not turn on or the ALARM LED does not turn off or
turns on again, contact our technical support.
While the POWER and ALARM LEDs are on amber after the Sensor is
turned on, the firmware is loading. This is not an error.

126
Chapter 5 Sensor Operations

5.3 Stopping the Sensor


Use the Power button to stop the Sensor.
To stop the Sensor, press the Power button twice in a row while the POWER LED is green. The
following describes the Sensor stop operation and LED status.

Table 5.4 Sensor Stop Operation and LED Status

LED status
No. Operation
POWER ALARM SENSOR
LED LED LED

1 Ensure that the LEDs are in the status as shown on the right   
and press the Power button. On Off On
(green) (green)
1-1  The POWER LED flashes green. *  
Flashing Off On
2 Press the Power button again within 5 seconds after the (green) (green)
POWER LED starts flashing green.
2-1  The POWER LED lights on amber and the Sensor stop   
process starts. On Off Off
(amber)
2-2  When the Sensor stop process completes, the POWER LED   
turns off. Off Off Off

Attention
 If pressing the Power button twice in a row does not stop the Sensor, hold down the
Power button for 4 seconds to force power off the Sensor. Forcing power off the Sensor
may cause a problem. Use this method only in emergency. If a problem occurs after the
Sensor is forced power off, the Sensor must be initialized.
 Do not disconnect the power cable while the Sensor is in operation (the POWER LED is
on or flashing). Doing so may cause a serious problem in later startup or operation,
resulting in an error. Be sure to stop the Sensor before disconnecting the power cable.

Hint
 If the Power button is not pressed for the second time within 5 seconds after the POWER
LED starts flashing green, the Sensor returns to the status before the Power button is
pressed for the first time.

127
Chapter 5 Sensor Operations

5.4 Initializing the Sensor


Use the INIT button to initialize the Sensor. The following describes how to initialize the Sensor.

Attention
 Do not press the INIT button while the Sensor is turned on.

Initializing the Sensor after saving the basic settings


[Procedure]
1. After the Sensor is turned off, press the Power button shortly (less than 4 seconds) while
holding down the INIT button.
 Saves the basic settings of the Sensor and initializes other information to the default
status. After the initialization process completes, the Sensor restarts.

Initializing the Sensor to the default status


[Procedure]
1. After the Sensor is turned off, press the Power button for over 4 seconds while holding
down the INIT button.
 Initializes all the information to the default status. After the initialization process
completes, the Sensor restarts.

128
Chapter 5 Sensor Operations

5.5 Sensor Basic Settings Window


This section describes the configurations in the Sensor Basic Settings window.
(1) (2) (3) (4)

(5)

Table 5.5 Sensor Basic Settings Window Items

No. Setting Item Description

(1) [Settings] menu Displays the settings in the main display area.
Either one of following configurations appears depending on the Sensor
installation type:
 For a 3 port configuration
 For a tagged VLAN configuration
By default, the settings for a 3 port configuration appears.
(2) [Export/Import] menu Displays the Export/Import window.
(3) [Erase data] menu Displays the Erase data window.
(4) Logout Logs out from the Sensor and displays the Login window again.
(5) Main display area The window corresponding to the selected menu appears.

129
Chapter 5 Sensor Operations

5.5.1 3 Port Configuration


This section describes the items in the 3 port configuration.

Hint
 In order to display the Sensor Basic Setting window in the PC after setting for the 3 port
configuration, set the following IP address to the PC:
 IP address in the IP segments set to LAN 0-2
 IP address that can communicate with the IP addresses that are set in the
communication route

130
Chapter 5 Sensor Operations

Table 5.6 3 port configuration Items

Setting Item Description

Manager
Address Specify the host name (FQDN) or IP address of the Manager Computer.
The length of the host name should be 255 or less. Available letters are
alphanumeric letters, ".", and "-". The first and last letters of the Manager
address must be alphanumeric letters. This entry cannot be omitted.
When the Manager address is specified in FQDN format, you must set the
DNS Server or Proxy settings.
Port number Specify the port number for unencrypted communication with the Manager.
Use a number between 1025 and 65535 for the port number. The default value
is "8877". This entry cannot be omitted.
The port number is also used for Sensor to Sensor Status Monitoring,
regardless of any communications protocol with the Manager.
Use HTTPS Specify whether to use https (encrypted communication) as the
(Encryption) communications protocol for the Manager.
HTTPS Port Number When https (encrypted communication) is used as the communications
protocol for the Manager, specify the port number with a number between 1
and 65535.
DNS Server Specify the IP addresses of the primary and secondary DNS server to resolve
the host names on the Sensor.
You must specify the DNS server in the following cases:
 When specifying the Manager address or proxy address with a host name
(FQDN) in the Sensor settings.
 When [Sensor] is selected for [Forward DNS Lookup] on the [System
Settings] tab in the System window.
 When the device host name is reversely resolved on the Sensor.
Proxy
Address Specify the host name (FQDN) or IP address of the proxy.
The length of the host name should be 255 or less. Available letters are
alphanumeric letters, ".", and "-". The first and last letters of the proxy address
must be alphanumeric letters.
When the address is specified in FQDN format, you must set the DNS Server
settings.
Port Number Specify the port number of the proxy with a number between 1 and 65535.
When the proxy address is specified, this entry cannot be omitted.
User Name Specify a user name when user authentication is performed with the proxy.
This entry can be omitted.
Number of letters: 0 to 32
Available letters: Alphanumeric letters, and the symbols "-", "_", ".", and "@"
Password Specify a password when user authentication is performed with the proxy. This
entry can be omitted.
Number of letters: 0 to 32
Available letters: Alphanumeric letters, and the symbols "!", "#", "$", "%", "(",")",
"_", "-", "~", "^", "\", "[", "]", ":", "+", and ","
Monitor Port
Do Not Use Select this option if you do not use a Monitor Port.

131
Chapter 5 Sensor Operations

Setting Item Description

Use LAN 1 as a Select this option if you use LAN 1 as a Monitor Port.
Monitor Port (for
connection to a
monitoring port of a
switch or an
aggregation TAP)
Use LAN 1 and LAN 2 Select this option if you use LAN 1 and LAN 2 as Monitor Ports.
as Monitor Ports (for
connection to a TAP
without the
aggregation feature)
IP Address Specify the IP address of each LAN port. The default value of LAN 0 port IP
address is "192.168.0.253". You must specify the LAN 0 IP address.
Subnet Mask Select the subnet mask of each LAN port from "8 (255.0.0.0)" to "30
(255.255.255.252)". The default value is "24 (255.255.255.0)".
Gateway IP Address Specify the gateway address of each LAN port. You must specify the LAN 0
Gateway IP address.
Communication Route Select the communication route from the gateway address of LAN 0, LAN 1 or
LAN 2. Sensor communicates with an IP segment other than specified one
through the gateway of the communication route.

5.5.2 Tagged VLAN Configuration


This section describes the items in tagged VLAN configuration.

Attention
 If the VLAN ID set in LAN 2 port is used as a native VLAN ID on the router, the Sensor
cannot manage the segment of the VLAN ID. Change the VLAN ID to a different ID from
the native VLAN ID, or change the native VLAN ID on the router to an different ID from the
VLAN ID. 
The native VLAN on the router may be enabled in the default settings.
In this case, the ID "1" is used as the native VLAN ID. (For example, this applies to the
Catalyst series of Cisco.)

Hint
 In order to display the Sensor Basic Settings window in the PC after setting for the tagged
VLAN configuration, set the following IP address to the PC:
 IP address in the IP segment set to LAN0 or VLAN
 IP address that can communicate with the IP addresses that are set in the
communication route

132
Chapter 5 Sensor Operations

Tagged VLAN Configuration

133
Chapter 5 Sensor Operations

Table 5.7 Tagged VLAN configuration Items

Setting Item Description

Manager
Address Specify the host name (FQDN) or IP address of the Manager Computer.
The length of the host name should be 255 or less. Available letters are
alphanumeric letters, ".", and "-". The first and last letters of the Manager
address must be alphanumeric letters. This entry cannot be omitted.
When the Manager address is specified in FQDN format, you must set the
DNS Server or Proxy settings.
Port number Specify the port number for unencrypted communication with the Manager.
Use a number between 1025 and 65535 for the port number. The default value
is "8877". This entry cannot be omitted.
The port number is also used for Sensor to Sensor Status Monitoring
regardless of any communications protocol with the Manager.
Use HTTPS Specify whether to use https (encrypted communication) as the
(Encryption) communications protocol for the Manager.
HTTPS Port Number When https (encrypted communication) is used as the communications
protocol for the Manager, specify the port number with a number between 1
and 65535.
DNS Server Specify the IP addresses of the primary and secondary DNS server to resolve
the host names on the Sensor.
You must specify the DNS server in the following cases:
 When specifying the Manager address or proxy address with a host name
(FQDN) in the Sensor settings.
 When [Sensor] is selected for [Forward DNS Lookup] on the [System
Settings] tab in the System window.
 When the device host name is reversely resolved on the Sensor.
Proxy
Address Specify the host name (FQDN) or IP address of the proxy.
The length of the host name should be 255 or less. Available letters are
alphanumeric letters, ".", and "-". The first and last letters of the proxy address
must be alphanumeric letters.
When the address is specified in FQDN format, you must set the DNS Server
settings.
Port Number Specify the port number of the proxy with a number between 1 and 65535.
When the proxy address is specified, this entry cannot be omitted.
User Name Specify a user name when user authentication is performed with the proxy.
This entry can be omitted.
Number of letters: 0 to 32
Available letters: Alphanumeric letters, and the symbols "-", "_", ".", and "@"
Password Specify a password when user authentication is performed with the proxy. This
entry can be omitted.
Number of letters: 0 to 32
Available letters: Alphanumeric letters, and the symbols "!", "#", "$", "%", "(",")",
"_", "-", "~", "^", "\", "[", "]", ":", "+", and ","
Monitor Port
Do Not Use Select this option if you do not use a Monitor Port.

134
Chapter 5 Sensor Operations

Setting Item Description

Use LAN 1 as a Select this option if you use LAN 1 as a Monitor Port.
Monitor Port (for
connection to a
monitoring port of a
switch or an
aggregation TAP)
Use LAN 1 and LAN 2 Select this option if you want to use LAN 1 and LAN 2 as Monitor Ports.
as Monitor Ports (for
connection to a TAP
without the
aggregation feature)
LAN 0 IP Address Specify IP address of the LAN 0 port. The default value is "192.168.0.253".
This entry cannot be omitted.
LAN 0 Subnet Mask Select the subnet mask of the LAN 0 port from "8 (255.0.0.0)" to "30
(255.255.255.252)". The default value is "24 (255.255.255.0)".
LAN 0 Gateway IP Address Specify the gateway address of the LAN 0 port. This entry cannot be omitted.
VLAN ID Up to 16 VLAN IDs can be set. Specify the VLAN ID of the LAN 2 port with a
number between 1 and 4094. This entry cannot be omitted if a VLAN ID is
specified.
IP Address Specify the IP address corresponding to the VLAN ID. This entry cannot be
omitted if a VLAN ID is specified.
Subnet Mask Select the subnet mask from "8 (255.0.0.0)" to "30 (255.255.255.252)" for the
VLAN ID. This entry cannot be omitted if a VLAN ID is specified.
Gateway IP Address Specify the gateway address corresponding to the VLAN ID. This entry cannot
be omitted if a VLAN ID is specified.
Communication Route Select the communication route from the gateway address of LAN0 or the
specified VLAN ID. Sensor communicates with an IP segment other than
specified one through the gateway of the communication route.

135
Chapter 5 Sensor Operations

5.6 Exporting/Importing Sensor Basic


Information
The Sensor can export the settings to a Sensor Configuration File in XML format and import the
settings from the Sensor Configuration File.

To export/import the settings, Click the [Export/Import] menu and perform the following
operations in the Export/Import window:

To export
a. Click [Export].
The Download File dialog box appears.
b. Specify a folder and file name for the export destination.
The settings is exported to the specified file.

To import
a. Click [Browse].
The Select File dialog box appears.
b. Select the Sensor Configuration File to be imported, and click [Import].
The settings in the Sensor Basic information file are displayed in the Sensor Basic
Settings window.
c. Verify the settings and make changes to the settings required.
d. Click [Apply].
The information displayed in the Sensor Basic Settings window is applied to the
Sensor.

136
Chapter 5 Sensor Operations

5.7 Erasing Data from the Sensors


Before changing the Manager which the Sensor is connected to or re-installing the Manager, you
might need to delete the data in the Sensor. This section describes how to delete the data using
the Sensor Basic Settings window.

Hint
 Erasing data of Sensor erases the data and retains the update firmware.
 Initializing of the Sensor erases the data and resets the updated firmware to the factory
default firmware.
Refer to "5.4 Initializing the Sensor".

[Procedure]
1. Click the [Erase data] menu.
 The Erase data window appears.

2. Select either one of the following options:


 Erase detected device entries
The Sensor settings are saved. The information received from the Manager and
collected from the device in the installed segment is erased completely. Normally,
select this option.
 Erase detected device entries and the Sensor settings
The information received from the Manager and collected from the device in the
installed segment is erased completely along with the Sensor settings. The Sensor IP
address is also reset to the default value (192.168.0.253/24).
3. To shutdown the Sensor after the data is erased, select [Shutdown after erasing data].
4. Click [Apply].
 The data is erased according to the settings specified in the Erase data window.

137
Chapter 6 Application Monitoring

Chapter 6 
Application Monitoring

This chapter provides an overview of Application Monitoring and describes how to manage
applications used on the network with iNetSec Smart Finder.

6.1 What is Application Monitoring?.............................................................................. 139


6.2 Operations .............................................................................................................. 143

138
Chapter 6 Application Monitoring

6.1 What is Application Monitoring?


6.1.1 Application Monitoring Features
iNetSec Smart Finder visualizes network applications used in the organization's network and
enables the IT administrators to control application usage.

iNetSec Smart Finder monitors device behaviors on the network. It discovers which network
applications are in use and determines which applications can be used. If iNetSec Smart Finder
detects a prohibited application in use, it automatically blocks the device from the network and
requests the device's user not to use that application.

6.1.2 Application Dictionary and Application List


iNetSec Smart Finder provides an Application Dictionary consisting of explanatory information
for network applications. The information includes a description of each application as well as
associated security threats, which helps administrators to determine which applications could be
prohibited.

iNetSec Smart Finder creates an Application List based on the Application Dictionary. The
Application List is an active list that includes usage of applications and a policy that determines
which applications can be used. You can set the policy for each application in the Application List
to permit or prohibit. Some applications consist of application groups which are also listed on the
Application List. You can permit or prohibit an application group thus applying the same policy for
all applications that are in the group.

iNetSec Smart Finder creates and maintains an Application List per each Segment Group so that
you can set different policies for different Segment Groups.

Hint
 You can combine Application Lists of some Segment Groups with the default Segment
Group by specifying "Join in the Default Segment Group". Refer to "6.2.1 Visualizing and
Managing Applications".

An Application List consists of the following items:


 Status
The permission status of the application. There are three statuses as shown below:
 Permitted
The application is permitted for use.
 Prohibited
The application is prohibited for use.
 Not Detected
The application is not detected and the status is not set by an administrator.

139
Chapter 6 Application Monitoring

 Policy Settings
The status policy of the application. Either of the following policies are used:
 Individual Policy
The application use is controlled based on the policy individually set on the
application. The policy set in Segment Group does not affect the permission status of
the application.
 Preassigned Policy
The application use is controlled based on the policy set on each Segment Group. The
permission status of the application may vary per Segment Group and changes when
the policy on the Segment Group changes.
 Name
The name of the application.
 Application ID
A unique 8 digit number for each application.
 Category
A category for each application.
 Risk Level
The risk level of the application as shown below.
 Very High
 High
 Medium
 Low
 Very Low
 Traffic
Accumulated network traffic of the application. Expressed in either bytes (B), kilobytes
(KB), megabytes (MB), gigabytes (GB), terabytes (TB) or petabytes (PB).
 Sessions
The accumulated number of detected sessions per each application. The number of
sessions includes the number of TCP sessions, UDP virtual sessions, ICMP virtual
sessions and Layer 7 requests. The number of sessions may be described with one of
following letters that indicates a unit.
 K 1,000
 M 1,000,000
 G 1,000,000,000
 T 1,000,000,000,000
 P 1,000,000,000,000,000
 Summary
A brief description of the application.
 Policy Update Time
The date and time when the policy was updated.
 Dictionary Version
The version of the Application Dictionary that the Application List is based on.
 Dictionary Update
The date when the Application Dictionary that the Application List is based on was
updated.
 Description
A detailed description of the application.

140
Chapter 6 Application Monitoring

 URL
URL that relates to the application.
 Upper Layer Application
The upper layer application that the application uses. If the application uses an upper
layer application such as http-service, http-proxy or socks, at the beginning iNetSec Smart
Finder identifies the application as an upper layer application. Then, it continues to
monitor the behavior of the application for further identification. If you prohibit the use of
the upper layer application, iNetSec Smart Finder does not identify or detect an
application that uses the upper layer application.
 Class
The class of the application. The applications are classified into the following classes.
peer-to-peer-static P2P application using static port
peer-to-peer-dynamic P2P application using dynamic port
rpc-based RPC based application
web-service Web service application
l4-protocol-static TCP or UDP service using static port
l4-protocol-dynamic TCP or UDP service using dynamic port
l3-protocol Layer 3 protocol
l2-protocol Layer 2 protocol

 Type
The type of application. The applications are classified into the following types.
p2p-application P2P application
rpc-application RPC based application
web-application Web service application
l4-protocol TCP or UDP service
l3-protocol Layer 3 protocol
l2-protocol Layer 2 protocol

 Detection Method
The method by which the application was detected. Four methods are shown below.
port-base IP port based detection
context-base Communication context based detection
heuristic Heuristic detection
other Other

 Protocol Number
The protocol name and number of the application. The format is <protocol name>
(<number> ).
 Conventional TCP Port Number
The TCP Port number that the application conventionally uses. If the application uses
multiple ports, the numbers are separated by commas (no spaces in between), or
connected with a hyphen (-) to indicate the range. "ANY" indicates that the application
uses dynamic port numbers.

141
Chapter 6 Application Monitoring

 Conventional UDP Port Number


The UDP Port number that the application conventionally uses. If the application uses
multiple ports, the numbers are separated by commas (no spaces in between), or
connected with a hyphen (-) to indicate the range. "ANY" indicates that the application
uses dynamic port numbers.
 Standard Document
The document name of the standard that the application uses or is based on. If multiple
standard documents exist, the names are separated by a commas.
 Evasion Capability
The capability to evade network security devices or technology. [Yes] means that the
application has the capability and [No] means that it does not.
 Information Leakage Risk
Confidential information may be leaked. [Yes] means that there is a risk, and [No] means
that there is no risk.
 File Transfer Capability
The capability to transfer a file over the network. [Yes] means that the application has the
capability and [No] means that it does not.
 Remote Control Capability
The capability to control or to be controlled from a remote place. [Yes] means that the
application has the capability and [No] means that it does not.
 Known Vulnerabilities
Existence of known vulnerabilities or security holes. [Yes] means that the application has
vulnerability and [No] means that it does not.
 Bandwidth Occupancy
The bandwidth occupancy of the application. [Yes] means that the application occupies
high bandwidth and [No] means that it does not.
 Popularity
The popularity of the application or whether the application is well-known and generally
used. [Yes] means that the application is popular and [No] means that it is not.
 Port Confliction
Applications or services whose port numbers conflict with the applications. If there are any
such services or applications, they are shown in the <port number>/<protocol>,<name>
format.

Attention
 The Sensor uses DNS server to identify some applications. If DNS server is not set, such
applications cannot be identified. For DNS server settings, refer to "5.5 Sensor Basic
Settings Window".

142
Chapter 6 Application Monitoring

6.2 Operations
6.2.1 Visualizing and Managing Applications
To view and manage the application on the network, use the Applications window. The
Applications window appears when the [Applications] menu is selected in the Management
window. The Applications window includes an Application List that provides information about
applications. You can also set the permission status of an application to permit or prohibit the
use of that application.

Table 6.1 Applications window items

Items Description

Segment Group Select the Segment Group to display an Application List.


Join in the Default Check if you use the same settings as the default Segment Group.
Segment Group When you select this option, the specified Segment Group shares the
application information of the default Segment Group.
The statistical information of the Segment Groups with this option and
the default Segment Group are summed up. You cannot modify the
permission status of the applications in the Applications window with
this option selected. You can modify it in the Applications window of the
default Segment Group.
When selecting the default Segment Group "(default)" for the Segment
Group Name, you cannot select this option.
If the [Use Default Settings] checkbox in [Block/ Approve Application] is
cleared on the [Segment Group Specific Settings] tab in the System
window, this item also needs to be cleared.
Apply Apply the specified Segment Name and option.

143
Chapter 6 Application Monitoring

Items Description

Filtering To filter the applications displayed in the Application List, specify one or
more conditions as shown below.
When you specify two or more conditions, applications that meet all the
conditions are displayed.
Text in Application Info Specify any keywords for searching application information.
Applications that contain specified keywords in the application names
or the summary description are displayed.
The maximum length for keyword is 100 letters.
Risk Level Select the Risk Level range for the items shown below.
 All
 High to Very High
 Medium to Very High
 Low to Very High
 Very High
Category Select Category.
Status Check the status of applications to be displayed. The status is
displayed with symbols as shown below.

Permitted

Prohibited

Not Detected
Policy Settings The status policy of the application. Either of the following policies are
used:
 Individual Policy
The application use is controlled based on the policy individually
set on the application.
 Preassigned Policy
The application use is controlled based on the policy set on each
Segment Group.
For details on how to set the policy that determines the status of
applications, refer to "4.8.3.9 Blocking and Approving Application".
Filtering Apply the specified condition.

144
Chapter 6 Application Monitoring

Items Description

Application List The Application List and the operation buttons are displayed. The list
consists of several pages and one page contains up to 100
applications.
Number of Applications Number of applications is displayed in X / Y format. X stands for the
number of applications that meet the filtering conditions and Y stands
for the total number of applications.
Export the application information.

Import the application information.

Select items of application information to display.

Change time to Event Local Time or Event Viewer Time. The default is
Event Viewer Time.
Updated time The last time the application information was updated is displayed.
Update the information.

145
Chapter 6 Application Monitoring

Items Description

Application information The selected information items of each application are displayed.
The following items are on the first three columns of each line and
selected items follows.
 checkbox (First column)
Check to select applications to be permitted or prohibited. You can
select all items displayed in the current page by selecting the
checkbox on the title row.
 Status (Second column)
One of following symbols is displayed to show the application
status.

[Permitted] [Preassigned Policy]


The application is permitted for use. The policy defined on
Segment Group is applied.

[Permitted] [Individual Policy]


The application is permitted for use. The policy defined on
Segment Group is not applied and the permission status is fixed.

[Permitted] [Mix]
All applications in the application group are permitted for use. The
policy defined on Segment Group is applied to only some
applications. This symbol is displayed only for an application
group.

[Prohibited] [Preassigned Policy]


The application is prohibited for use. The policy defined on
Segment Group is applied.

[Prohibited] [Individual Policy]


The application is prohibited for use. The policy defined on
Segment Group is not applied and the permission status is fixed.

[Prohibited] [Mix]
All applications in the application group are prohibited for use. The
policy defined on Segment Group is applied to only some
applications. This symbol is displayed only for an application
group.

[Mixed] [Preassigned Policy]


The applications in the application group are in two or more
different statuses. The policy defined on Segment Group is
applied. This symbol is displayed only for an application group.

[Mixed] [Individual Policy]


The applications in the application group are in two or more
different statuses. The policy defined on Segment Group is not
applied and the permission status of each application is fixed. This
symbol is displayed only for an application group.

[Mixed] [Mix]
The applications in the application group are in two or more
different statuses. The policy defined on Segment Group is applied
to only some applications. This symbol is displayed only for an
application group.

(Not Detected)
The application is not detected in the Segment Group and users
have not permitted or prohibited use of it.

146
Chapter 6 Application Monitoring

Items Description

 Application group (Third column)


Following button is displayed for an application group.

Click the button to open a window to display the information of


applications in the group.

When you click [Summary] (tenth column as default), the Application


Detailed Information window appears displaying all the information
items of the application.
Permit Permit the use of applications selected by the checkboxes.
An individual policy will be used.
You cannot use this button if Join in the Default Segment Group is
selected.
Prohibit Prohibit the use of applications selected by the checkboxes.
An individual policy will be used.
You cannot use this button if Join in the Default Segment Group is
selected.
Reset Statistics Initialize statistical information.
You cannot use this button if Join in the Default Segment Group is
selected.

Hint
 Each Sensor reports the traffic and session information to the Manager every 15 minutes.
The most recent statistical information is displayed in [Traffic] and [Sessions] when you
click button.

147
Chapter 6 Application Monitoring

6.2.2 Selecting Application Information Items


You can select application information items displayed in the Choose items to display as
columns window. To open the Choose items to display as columns window, use the
button in the Applications window.

The following items are selected by default.


 Application ID
 Category
 Risk level
 Traffic
 Sessions
 Summary
To add items in the Application List, select an item from Selectable items and press the
button. To delete items, select an item in Displayed Items and press the button. You can
change the order of displayed items by selecting an item in Displayed Items and then press the
button or the button.

After you complete the selection, press [OK] to apply the selection.
To cancel the modification you made on the window, press [Cancel].

148
Chapter 6 Application Monitoring

6.2.3 Exporting and Importing an Application List


You can export or import an Application List to or from a CSV file, an Application Information File.
For the Application File format, refer to "A.7 Application Information File".

Exporting an Application List


Follow the instructions below to export an Application List.

[Procedure]

1. Click .
 The Select File dialog box appears.
2. In the Select File dialog box, specify a folder and a file to export the Application List. The
default file name is appPolicyList_<MMDDYYYY>.csv, and MMDDYYYY is the export
date.
 All the application information items of applications that meet the filtering conditions
are exported to the specified file.

Importing Application List


Follow the instructions below to import the Application List.

[Procedure]

1. Click .
 The Import window appears.

2. Click [Browse].
 The Select File dialog box appears.
3. Select a file to import and click [OK].
 The statuses of applications that have the Applications ID as described in the imported
file are replaced. Other information in the imported file is neglected. If the application
with the same Application ID as described in the imported file does not exist in the
active Application List, the import operation aborts.

149
Chapter 6 Application Monitoring

6.2.4 Updating the Application Dictionary


The Application Dictionary is revised occasionally so that you can update your Application
Dictionary. To update the Application Dictionary with the revised version, follow the instructions
below.

[Procedure]
1. Click [System].
 The System Configuration window appears.
2. Click [Settings] of [Application Dictionary] on the [System Settings] tab.
 The Application Dictionary Update window appears. Verify the version of the registered
Application Dictionary.

3. Click [Browse].
 The Select File dialog box appears.
4. Specify the name of the revised Application Dictionary file and click [Update].
 The [Upload the specified application dictionary file. Click OK to continue] dialog box
appears.
5. Click [OK].
 If the version of the specified Application Dictionary is the same or older than the
registered file or if any problem occurred, the update aborts and an error message
appears.

150
Chapter 6 Application Monitoring

6.2.5 Device User Operation


When a device using a prohibited application is blocked, the Blocking Notification (Prohibited
Application Use) window appears on the web browser running on the device.

The device will be allowed to access the network when the device user clicks [Unblock] on the
window. If more than one prohibited application is detected, the Blocking Notification
(Prohibited Application Use) windows appear in succession and the device will be blocked
until the device user replies to all the windows.

151
Chapter 7 Chart Installation, Setup and Operations

Chapter 7 
Chart Installation, Setup and
Operations

This chapter describes how to install, set up and operate Chart.

7.1 What are Charts? .................................................................................................... 153


7.2 Features of Charts .................................................................................................. 154
7.3 Installing Chart ........................................................................................................ 157
7.4 Logging in to Chart.................................................................................................. 160
7.5 Summary Display .................................................................................................... 164
7.6 Detailed Information ................................................................................................ 168
7.7 Saving to a CSV File ............................................................................................... 186
7.8 Printing and Previewing .......................................................................................... 195
7.9 Graph Settings ........................................................................................................ 197
7.10 Time Zone Settings ................................................................................................. 198
7.11 CSV File Settings .................................................................................................... 198
7.12 Uninstalling Chart.................................................................................................... 199

152
Chapter 7 Chart Installation, Setup and Operations

7.1 What are Charts?


Chart is the reporting application used to display device information in a visual layout.
Chart compiles the device information detected and collected by all the Sensors from a variety of
angles.
It provides visual reports in graphic formats, such as graphs and tables.
To use Chart, install Chart on the computers that are used to access the device information.
Chart is included in iNetSec Smart Finder Manger.
An outline diagram of a system that uses Chart is shown below.

Fig 7.1 Outline Diagram of a System That Uses Chart


Operation administrator

Grasp
Manager
Optimize

Chart
Op
tim
ize

Gra
sp

Operation administrator

Integration

Detect

Collect
Sensor Device Device

Integration

Detect

Collect
Sensor Device Device Device

153
Chapter 7 Chart Installation, Setup and Operations

7.2 Features of Charts


Chart has the following features.
 Easy to understand and analyze IT assets on a network
 Automated generation of the number of devices detected by the Sensors
 Fluctuation in number of devices indicated on tables and graphs
 Types and ratio of devices indicated on graphs
 Easy to analyze cost reduction and ecology measures
 Estimate device uptime and power consumption
 Check amount of printed pages from printers
 Collect graph and table data in CSV files
 An easy-to-understand graphical interface with Adobe® AIR®

7.2.1 Number and Structure of Devices


The number of devices and structure by type are compiled for each Segment Group and
segment.
Devices that can access this information are the devices in the Segment Group assigned to the
user logged in to Chart.
If the user changes the segment to which a device is connected, the information is passed on as
shown below.
Changing to a segment in the same Segment Group:
The device is managed in the segment that has been changed to.
Changing to a segment in a different Segment Group:
The device is handled as a newly detected device in the newly changed segment.
The device is managed by both the pre-change and post-change segments.

Fig 7.2 Device Changed to a Segment in the Same Segment Group

Segment Group A Segment Group B

Segment 1 Segment 2 Segment 3

The device is managed


in Segment 2.

154
Chapter 7 Chart Installation, Setup and Operations

Fig 7.3 Device Changed to a Segment in a Different Segment Group

Segment Group A Segment Group B

Segment 1 Segment 2 Segment 3

The device is managed in both


Segment 1 and Segment 3.

7.2.2 Amount of Printed Pages


The amount of printed pages is obtained from the printer. This information can be obtained from
network printers and multifunction devices that support SNMP.
The number of pages that have been printed is counted. A sheet that has been printed on one
side is counted as "1". A sheet that has been printed on both sides is counted as "2".

The processing for obtaining and calculating the amount of printed pages is as follows:

Fig 7.4 Obtaining the Amount of Printed Pages by a Printer

Manager Chart

(3) The Manager calculates the


Amount of Printed Pages for
the day in step (1) based on
(2) On following day, the Sensor
the difference between the
notifies Manager of the final
total Amount of Printed Pages
value obtained on the previous
for each day.
day for the total number of
pages.

Sensor
Printer

Segment
(1) The Sensor obtains values for
the total Amount of Printed
Pages at 30-minute intervals.

155
Chapter 7 Chart Installation, Setup and Operations

Hint
 The user can access information about the amount of printed pages on Chart on the
second day after the Sensor has detected that printer.
 If Manager is stopped for one day or longer, the number of pages from the period it
stopped to the period it was turned back on is calculated as the total number of pages in a
single day.
 The Sensor obtains the printmib prtMarkerLifeCount (OID: 1.3.6.1.2.1.43.10.2.1.4) from a
printer.

7.2.3 Device Uptime and Power Consumption


Uptime is compiled by the Sensors by checking for communication with the devices at 30-minute
intervals. An estimate of power consumption is calculated based on uptime and the average
power consumption set for each type of device. The average power consumption for each device
can be specified on the Devices window in the Manager. Refer to "4.2.4 Device Information
Updating and Registering".

The processing for calculating power consumption and uptime is as follows:

Fig 7.5 Obtaining Power Consumption and Uptime for a Device

Manager Chart

(3) The uptime for the device


is obtained from Manager
and the Power Consumption
(2) On following day, the
consumed is calculated
Sensor notifies Manager
by estimating the uptime and
the uptime for the device.
average power consumption.

Device
ice Sensor

Segment
(1) The Sensor checks for
communication with the device
at 30-minute intervals.

Hint
 The user can access power consumption and uptime on Chart one day after the Sensors
have detected a device.
 If the Manager pauses for a day or longer while the Sensors are obtaining the uptime from
devices, only the power consumption and uptime for the day before the Manager was
turned back on can be accessed.

156
Chapter 7 Chart Installation, Setup and Operations

7.3 Installing Chart


Before installing Chart
Perform the following operations in advance:
1. Check the system requirements for installing Chart
Before installing Chart, refer to "2.2 System Requirements for Chart" to check the system
requirements for installation.
2. Network settings
If it is necessary to make proxy server settings for the network connection (HTTP or
HTTPS) with the Manager Computer, you will need to configure Internet Explorer proxy
server.
Set the proxy server via Local Area Network (LAN) Settings in Internet Explorer.
3. Adobe AIR Installation
Download Adobe® AIR® from the public site and install it.

7.3.1 Installing Chart


This section describes how to install Chart.

Downloading installation files from the Manager


[Procedure]
1. Enter the following URL in the web browser on the computer on which Chart will be
installed.

For HTTP:

http://<host name or IP address of the Manager Computer>:<port number>/pfudac/manager/chart/


download.html

For HTTPS:

https://<host name or IP address of the Manager Computer>:<port number>/pfudac/manager/chart/


download.html

 The Chart download page appears.

157
Chapter 7 Chart Installation, Setup and Operations

2. Click the Download link on the download page.

 The File Download - Security Warning dialog box appears.


3. Users with administrator privileges should click [Run].
Users without administrator privileges should click [Save], download the installation files
to the desired folder, right-click chartsetup.exe and select "Run as administrator" from the
menu.

 The Internet Explorer - Security Warning dialog box appears.


4. Click [Run].

 The Application Install dialog box appears.

158
Chapter 7 Chart Installation, Setup and Operations

5. Click [Install].

 The Application Install dialog box appears.


6. Check the system environment settings and installation destination and click [Continue].

 An end-user license agreement appears in the Application Install dialog box.


7. Read the end-user license agreement, and then click [I Agree].

 The installation process begins.

159
Chapter 7 Chart Installation, Setup and Operations

Installing from DVD


[Procedure]
1. Insert the installation DVD included with iNetSec Smart Finder Manager into the DVD
drive.
2. Execute from the following path (assuming the DVD drive is drive D). Users with
administrator privileges should double-click chartsetup.exe to start the installation
process. Users without administrator privileges should right-click chartsetup.exe and then
select "Run as administrator" from the context menu.

D:\chartsetup.exe

 Follow the procedure in "Downloading installation files from the Manager" with step 5.

Attention
 Chart cannot be installed in shared network folders or encrypted folders.

7.4 Logging in to Chart


This section describes how to start Chart and access the login window, and describes the
appearance of the main window that appears after logging in.

7.4.1 Chart Login Window

Double-click the Chart icon on the desktop to display the Chart login window. You can also
select [All Programs] - [iNetSec Smart Finder Chart] from the [Start] menu.

The following describes the items in the login window.






160
Chapter 7 Chart Installation, Setup and Operations

Table 7.1 Chart Login Window Items

No. Setting Item Description

(1) User Name Enter user name and password.


Password User profiles are created on the Users window in the Manager. Refer to "4.5.2
Adding and Updating Users".
(2) Connect to: Specify the host name or IP address and port number of the Manager that
information is to be obtained.
If HTTPS is required to communicate with the specified Manager, select [Use SSL]
checkbox.
(3) Keep me signed Select the checkbox to automatically log in with the same user name and
in destination Manager the next time.
(4) Login Click [Login] after entering the information required.

When the Chart login window appears, specify a user name and the Manager and click [Login].
When login is completed, the main window appears.

Attention
 If HTTPS is required to communicate with the specified Manager and the [Use SSL]
checkbox is selected, several Security Warning dialog boxes might appear. Perform the
necessary actions.
 Import an official certification. Refer to "3.2.3 Installing the Manager".
 The Manager certification might not have been imported onto the computer that the
application is installed on.
Import the Manager certification onto the computer that the application is installed on.
Procedure for importing a certification:
1. Click [Display Certification] on the Security Warning dialog that appears during
login.
 The Certification dialog box appears.
2. Click [Install Certification] on the [General] tab.
 The Certification Import Wizard appears.
3. In the Certification Import Wizard, select [Automatically select certification store
based on type of certification] to import the certification.

7.4.2 Chart Main Window


When login is completed, the Chart main window appears.
The MENU and operation buttons are on the left side of the window.
The information related to the selected item or button is displayed in the information display area
on the right side.
The following describes the items in the main window.

161
Chapter 7 Chart Installation, Setup and Operations

(1) (5) (6)

(2)

(3)
(4)

(7) (9)

(8)
(10)

Table 7.2 Main Window Items

No. Setting Item Description

(1) Logout Click here to log out from the application. After logging out, the login
window appears.
(2) User Name The name of the user logged in.
(3) Summary The Summary window appears in the information display area. Refer to
"7.5 Summary Display".
(4) Details Displays [Devices], [Printer Usage], and [Power Consumption] sub
menus.
Devices The Device List window appears in the information display area. Refer to
"7.6.1 Device List Window".
Printer Usage The Printer Usage window appears in the information display area. Refer
to "7.6.2 Printer Usage Window".
Power The Power Consumption/Uptime window appears in the information
Consumption display area. Refer to "7.6.3 Power Consumption Window" and "7.6.4
(Uptime) Uptime Window".
(5) Last Updated Displays the date and time when the information shown was obtained
from the Manager.
(6) Update Obtains information from the Manager, and updates the information
displayed. When [Update] is clicked, the Summary window appears in
the information display area.
(7) Splitter bar Click to close the menu area on the left side and make the information
display area larger. Click once more to open the menu area again.

162
Chapter 7 Chart Installation, Setup and Operations

No. Setting Item Description

(8) Operation Select an operation from the following menus.


buttons  [Print]
Prints the information currently displayed in the window. Refer to
"7.8 Printing and Previewing".
 [Print Preview]
Displays a print preview of the information currently displayed in the
window. Refer to "7.8 Printing and Previewing".
 [Output to CSV files]
Saves the information currently displayed in the window into a CSV.
Refer to "7.7 Saving to a CSV File".
Select an operation from the following menus.
 [Graph Settings]
Displays the Graph Settings window. Refer to "7.9 Graph Settings".
 [Time Zone Settings]
Displays the Time Zone Settings window. Refer to "7.10 Time Zone
Settings".
 [CSV File Settings]
Displays the CSV File Settings window. Refer to "7.11 CSV File
Settings".
Select an operation from the following menus.
 [About]
Displays the Chart version information.
 [Help]
Displays the Chart help page.
(9) Information display area Information is displayed in this area according to the selected menu
items and operation buttons.
(10) Window frame Drag the frame to change the window size.

163
Chapter 7 Chart Installation, Setup and Operations

7.5 Summary Display


When login is completed, the Summary window appears in the information display area.
In the Summary window, you can view:
 Number and component ratio of device types
 Amount of printed pages
 Power consumption for devices

7.5.1 Summary window


The Summary window appears when the [Summary] menu is selected in the main window.
The following describes the items in the Summary window.

164
Chapter 7 Chart Installation, Setup and Operations

Table 7.3 Summary Window Items

No. Setting Item Description

(1) Devices The type and number of devices, and any changes in the number of devices.
(*1)
Device Displays the structure of devices in a pie chart. The information for the line
Structure selected in the Number of devices table appears on the pie chart.
pie chart
Number of The following information appears for each item.
devices table  [Scope]
(*2), (*3)
Segment groups and segments that can be accessed by the user are
shown. If there is only 1 Segment Group and 1 segment, "All" appears for
[Scope].
 [Devices]
The number of devices.
 [Increase from last month]
The increase in the number of devices counted this month.
 [Decrease from last month]
The decrease in the number of devices counted this month.
The appearance of the Number of devices table switches according to the
following operations.
 Clicking a column header
The information is sorted according to the clicked column header.
 Clicking a row
The Device Structure pie chart is redrawn using the information.
 Clicking or 
If "All" is selected, the Segment Groups are expanded/compacted. If a
Segment Group is selected, the segments under the Segment Group are
expanded/compacted.

165
Chapter 7 Chart Installation, Setup and Operations

No. Setting Item Description

(2) Printed Pages The amount of printed pages and its trends.
Amount of The three month trend for pages printed and estimation are shown in a bar
Printed Pages graph. The estimated values are calculated based on the average values for the
graph current month.
Amount of The following information appears for each item.
Printed Pages  [Scope]
table
Segment groups and segments that can be accessed by the user are
shown. If there is only 1 Segment Group and 1 segment, only "All" appears
for [Scope].
 [Pages]
Shows the total amount of printed pages for the printer.
 [Difference from last month]
Shows the difference between the amount of printed pages of the previous
month and this month.
 [Printers]
Shows the number of printers that printed pages were counted.
The appearance of the Amount of Printed Pages table switches according to the
following operations.
 Clicking a column header
The information is sorted according to the clicked column header.
 Clicking a row
The Amount of Printed Pages graph is redrawn using the information in that
row.
 Clicking or 
If "All" is selected, the Segment Groups are expanded/compacted. If a
Segment Group is selected, the segments under the Segment Group are
expanded/compacted.

166
Chapter 7 Chart Installation, Setup and Operations

No. Setting Item Description

(3) Power The trend in estimated power consumption for devices.


Consumption
Power The three month trend for power consumption for devices and estimation are
Consumption shown in bar graphs. The estimated values are calculated based on the average
graph values for the current month.
Total power The following information appears for each item.
consumption  [Scope]
table
Segment groups and segments that can be accessed by the user are
shown. If there is only 1 Segment Group and 1 segment, only "All" appears
for [Scope].
 [Power Consumption]
Shows the total power consumption for the device.
 [Difference from last month]
Shows the difference between the power consumption of the previous month
and this month.
 [Devices]
Shows the number of devices that power consumption was calculated.
The appearance of the Total power consumption table switches according to the
following operations.
 Clicking a column header
The information is sorted according to the clicked column header.
 Clicking a row
The Power Consumption graph is re-drawn using the information in that row.
 Clicking or 
If "All" is selected, the Segment Groups are expanded/compacted. If a
Segment Group is selected, the segments under the Segment Group are
expanded/compacted.

*1: Devices registered in the Management window are not counted until they have been detected by the
Sensor.
*2: Devices that have been present on the network before the introduction of iNetSec Smart Finder are
counted for the change in number for the month when they are detected.
*3: If a detected device is removed in the month when it was first detected, it is counted both as an
increase of 1 and a decrease of 1 compared to the previous month.

167
Chapter 7 Chart Installation, Setup and Operations

7.6 Detailed Information


The following menus appear when [Details] is selected from the menu in the main window.
 Devices
 Printer Usage
 Power Consumption
By clicking on one of the menus displayed on the left side, it generates a window that gives more
information about that menu in the information display area.

7.6.1 Device List Window


The Device List window shows the number of devices detected by the Sensors, variations of that
number and the types of devices. The Device List window appears when [Devices] is clicked in
the [Details] menu in the main window.
Devices that can access this information are the devices in the Segment Group assigned to the
user logged in to Chart.
The following describes the items in the Device List window.

(1) (2)

(5)
(6)

(3)

(4)

168
Chapter 7 Chart Installation, Setup and Operations

Table 7.4 Device List Window Items

No. Setting Item Description

(1) Device Structure Displays the structure of the number of devices selected on the Number of devices
pie chart table in a pie chart.
(2) Number of The following information appears for each item.
devices table  [Scope]
Segment groups and segments that can be accessed by the user. If there is
only 1 Segment Group and 1 segment, only "All" appears.
 [Devices]
The number of devices.
 [Increase from last month]
The increase in the number of devices counted this month.
 [Decrease from last month]
The decrease in the number of devices counted this month.
The appearance of the table and graph switches according to the following
operations.
 Clicking a column header
The information is sorted according to the clicked column header.
 Clicking a row
The Device Structure pie chart is redrawn using the information in that row.
 Clicking or 
If "All" is selected, the Segment Groups are expanded/ compacted. If a
Segment Group is selected, the segments under the Segment Group are
expanded/compacted.
(3) Device The following information appears for the device selected in the Devices table.
Information  Last Detected
window
 Average Power Consumption
 Device Type
 MAC Address
 MAC Vendor
 IP Address
 Host Name
 NetBIOS Name
 Details
 Model
 OS Type
 Vendor
Refer to "Table 7.9 Device Information Window Items".
(4) Devices table Displays the device type, MAC Address, host name and IP address for the devices
in the Segment Group that can be accessed by the user.
The items for the columns can be changed in the Configure Columns window.
The appearance of the table and graph switches according to the following
operations.
 Clicking a column header
The information is sorted according to the clicked column header.
 Clicking a row
Shows the Device Viewer window for the selected device in the menu display
area.
 Double-clicking a row
Shows the Device Information window for the selected device.

169
Chapter 7 Chart Installation, Setup and Operations

No. Setting Item Description

(5) Specify search Displays the Filter settings window. The number of devices shown in the Devices
filter table is displayed on the left of the button.
In the Filter settings window, specify the filtering conditions for the devices shown
in the Devices table. When devices are filtered, [Specify search filter] is blue.
Refer to "7.6.6 Filter settings Window".
(6) Configure Displays the Configure Columns window for selecting the column to display in the
columns Devices table.
Refer to "7.6.7 Configure Columns Window".

The following icons are used to indicate the different devices on the Devices table, the Device
Viewer window and Device Information window.

Table 7.5 Device Icons

Icon Type

Unclassified

Classifying

Windows

Mac

Linux/UNIX

Routers/Switches

Printers

NAS

Scanners

VoIP Phones

Kiosk Terminals

Mobile Devices

Others

170
Chapter 7 Chart Installation, Setup and Operations

7.6.2 Printer Usage Window


The amount of printed pages on network printers and trends in printed pages are shown in the
Printer Usage window. The Printer Usage window appears when [Printer Usage] is clicked in the
[Details] menu in the main window.
You can access this information for printers with "Printers" as the device type.
The printers need to belong to the segment group that is assigned to the user who is logged into
Chart.
The following describes the items in the Printer Usage window.

(1) (2)
(3)
(4)
(5)

(6)

(7)

Table 7.6 Printer Usage Window Items

No. Setting Item Description

(1) Scope Shows the display range for Segment Groups, segments and printers appearing on
the Amount of Printed Pages table and graph.
The appearance of the table and graph switches according to the following
operations.
 Clicking [all]
The display range switches to all Segment Groups that can be accessed by the
user.
 Clicking a Segment Group name
The display range switches to the segments in that Segment Group.
(2) Configure Shows the Configure Columns window for selecting the column in the Amount of
columns Printed Pages table.
Refer to "7.6.7 Configure Columns Window".

If devices are not used for the range, button is not displayed.

171
Chapter 7 Chart Installation, Setup and Operations

No. Setting Item Description

(3) Period Shows the period for displaying the Amount of Printed Pages table and the Amount of
Printed Pages graph.
(4) [< Monthly Displays the Amount of Printed Pages graph in months. This button can be clicked
view] button only if the graph is currently displayed in days.
(5) Switch The following buttons can be used to switch the appearance of the graph.
buttons  [Line Chart]
Displays the Amount of Printed Pages graph as a line chart.
 [Stacked Column Chart]
Displays the Amount of Printed Pages graph as a stacked column chart.
(6) Amount of The trend in amount of printed pages for the printer is shown in a graph.
Printed Pages The graph is linked with the Amount of Printed Pages table, with data shown
graph separately for Segment Groups, segments, and printers.
The following appear in the graph legend according to the information in the column
selected on Amount of Printed Pages table.
 Segment Group Name
Shown for Segment Groups.
 Segment Name
Shown for segments.
 Selected column and MAC address
For printers, one of the column names selected via the Choose Display Columns
window and MAC address appear. If any columns other than MAC address, day
and month are not selected, only MAC address appears. If two or more columns
other than MAC address, day and month are selected, the column name on the
top of the [Order] tab appears.

172
Chapter 7 Chart Installation, Setup and Operations

No. Setting Item Description

(7) Amount of The following information appears for each item.


Printed Pages  [Segment Group Name]
table
The names of Segment Groups that can be accessed by the user.
 [Segment Name]
The names of segments. If a segment name appears more than once in the
same Segment Group, a number is automatically assigned to the end of each
segment name.
 [Host Name]
The host names of printers.
 [IP Address]
The IP addresses of printers.
 [MAC Address]
The MAC addresses of printers.
 [Total]
The total amount of printed pages for the displayed device for one year or one
month.
 [MMM YYYY]
The number of pages for the month.
 [MMM D]
The number of pages for the day.
The appearance of the table and graph switches according to the following
operations.
 Selecting the checkbox for each row
The information for the selected row is shown in the Amount of Printed Pages
graph. If the checkbox is de-selected, the information for that row is removed
from the graph.
 Clicking [>]
The selection changes from "by Segment Group" to "by Segment" or from "by
Segment" to "by printer" based on the information in the selected row. If there is
only 1 segment in the associated Segment Group, the selection changes to a list
of printers.
 Clicking a column header
The information is sorted according to the clicked column header.
 Double-clicking a row
For a Segment Group, a list of segments appears. For a segment, a list of
devices appears.
For a printer, the Device Information window appears.

Hint
 The Power Consumption graph and Power Consumption table can switch between month
units and day units. The default is a stacked column chart displayed in months. To change
the units from months to days do the following operation:
 For a stacked column chart
Click the stacked column chart for the month that you want to display in units of days.
 For a line chart
Click the spot that shows the value for the month that you want to display in units of
days.
To reset the units from days to months, click [Monthly view].
To change the units from months to days, click the horizontal date axis on the graph you
want to display in days.

173
Chapter 7 Chart Installation, Setup and Operations

7.6.3 Power Consumption Window


In the Power Consumption window, you can view the trend of Power Consumption for devices
detected on the network by the Sensors. Only the devices in the Segment Group that can be
accessed by the currently logged user can be viewed.
The Power Consumption window appears when [Power Consumption] is clicked in the [Details]
menu in the main window.

The following describes the items in the Power Consumption window.

(1)
(3) (2)
(4)
(5)
(6)

(7)

(8)

Table 7.7 Power Consumption Window Items

No. Setting Item Description

(1) Scope Shows the information for Segment Groups, segments and devices appearing on the
Power Consumption graph and table.
Click the following items to switch the details that are displayed.
 Clicking [all]
The information will be displayed for all the Segment Groups that can be accessed
by the user.
 Clicking a Segment Group name
The information will be displayed for the segments in that Segment Group.
(2) Configure Shows the Configure Columns window for selecting the column in the Power
columns Consumption table.
Refer to "7.6.7 Configure Columns Window". If devices are not used for the Scope,
[Configure columns] is not displayed.
(3) Period Shows the period for displaying the Power Consumption graph and the Power
Consumption table.

174
Chapter 7 Chart Installation, Setup and Operations

No. Setting Item Description

(4) Switch tabs The following tabs can be used to switch between the Power Consumption window and
the Uptime window.
 [Power Consumption] tab
The Power Consumption window appears.
 [Uptime] tab
The Uptime window appears.
(5) [< Monthly Displays the Power Consumption graph in units of months. This button can be clicked
view] only if the graph is currently displayed in units of days.
button
(6) Switch The following buttons can be used to change the appearance of the graph.
buttons  [Line Chart] 
Displays the Power Consumption graph as a line chart.
 [Stacked Column Chart] 
Displays the Power Consumption graph as a stacked column chart.
(7) Power The trend in power consumption for the device is shown in a graph.
Consumption The graph is linked with the Power Consumption table, with data shown separately for
graph Segment Groups, segments and devices.
The following buttons appear in the graph legend according to the information in the
column selected on the Power Consumption table.
 Segment Group Name 
Shown for Segment Groups.
 Segment Name
Shown for segments.
 Selected column and MAC address
For devices, one of the column names selected via the Configure Columns window
and MAC address appear. If any columns other than MAC address, day and month
are not selected, only MAC address appears. If two or more columns other than
MAC address, day and month are selected, the column name on the top of the
[Order] tab appears.

175
Chapter 7 Chart Installation, Setup and Operations

No. Setting Item Description

(8) Power The following information appears for each item.


Consumption  [Segment Group Name]
table
The names of Segment Groups that can be accessed by the user.
 [Segment Name]
The names of segments. If a segment name appears more than once in the same
Segment Group, a number is automatically assigned to the end of each segment
name so that they can be differentiated.
 [Host Name]
The host names of devices.
 [IP Address]
The IP addresses of devices.
 [MAC Address]
The MAC addresses of devices.
 [Total]
The total power consumption for the displayed device for one year or one month.
 [MMM YYYY]
The power consumption for the month.
 [MMM D]
The power consumption for the day.
The following operations can be performed.
 Selecting checkboxes
The information for the selected rows are shown in the Power Consumption graph.
If the checkboxes are deselected, the information for those rows are removed from
the graph.
 Clicking [>]
The selection changes from "by Segment Group" to "by Segment" or from "by
Segment" to "by device", based on the information in the selected row. If there is
only 1 segment in the associated Segment Group, the selection changes to a list of
devices.
 Clicking a column header
The information is sorted according to the clicked column header.
 Double-clicking a row
For a Segment Group, a list of segments appears.
For a segment, a list of devices appears.
For a device, the Device Information window appears.

Hint
 The Power Consumption graph and Power Consumption table can be switched between
units of months and units of days. The default display is a stacked column chart in units of
months. To change the units from months to days, perform the following operation.
 For a stacked column chart
Click the stacked column chart for the month that you want to display in units of days.
 For a line chart
Click the spot that shows the value for the month that you want to display in units of
days.
To reset the units from days to months, click [< Monthly view].
To change the units from months to days, click the horizontal date axis on the graph you
want to display in days.

176
Chapter 7 Chart Installation, Setup and Operations

7.6.4 Uptime Window


In the Uptime window, you can view the trend of uptime for devices that the Sensors have
detected on the network. Only the devices in the Segment Group that can be accessed by the
currently logged in user can be viewed.
To display the Uptime window, perform the following operations.

[Procedure]
1. Click [Power Consumption] in the [Details] menu in the main window.
 The Power Consumption window appears.
2. If multiple Segment Groups or segments are shown on the Power Consumption table,
click [>] to the left of each Segment Group or segment to display its device type.
3. Click the [Uptime] tab to switch the display.
 The Uptime window appears.

The following describes the items in the Uptime window.

(1)
(3) (2)
(4)
(5)
(6)


(7)

(8)

Table 7.8 Uptime Window Items

No. Setting Item Description

(1) Scope Shows the information for Segment Groups, segments, and devices appearing on the
Uptime graph and table.
Click [all] or a Segment Group name to switch the displayed information to the Power
Consumption window.
(2) Configure Shows the Choose Display Columns window for selecting the column in the Uptime
columns table.
Refer to "7.6.7 Configure Columns Window".

177
Chapter 7 Chart Installation, Setup and Operations

No. Setting Item Description

(3) Period Shows the period for displaying the Uptime table and the Uptime graph.
(4) Switch tabs The following tabs can be used to switch between the Power Consumption window
and the Uptime window.
 [Power Consumption] tab
The Power Consumption window appears.
 [Uptime] tab
The Uptime window appears.
(5) [< Monthly Displays the Uptime graph in units of months. This button can be clicked only if the
view] button graph is currently displayed in units of days.
(6) Switch The following buttons can be used to switch the appearance of the graph.
buttons  [Line Chart]
Displays the Uptime graph as a line chart.
 [Stacked Column Chart]
Displays the Uptime graph as a stacked column chart
(7) Uptime The trend in uptime for the device is shown in a graph.
graph Uptime is shown for each device.
The following item is displayed in the graph legend, according to the information in the
column selected on the Uptime table.
 Selected column and MAC address
For devices, one of the column names selected via the Choose Display Columns
window and MAC address appear. If any columns other than MAC address, day
and month are not selected, only MAC address appears. If two or more columns
other than MAC address, day and month are selected, the column name on the
top of the [Order] tab appears.
(8) Uptime table To display the Uptime table, click [Uptime] while the Power Consumption is shown for
each device on the Power Consumption graph.
The following information appears for each item.
 [Type]
The type of device is indicated by an icon.
 [Host Name]
The host name of the device.
 [IP Address]
The IP address of the device.
 [MAC Address]
The MAC address of the device.
 [Total]
The total uptime for the displayed device for one year or one month.
 [MMM YYYY]
The uptime for the month.
 [MMM D]
The uptime for the day.
The following operations can be performed.
 Selecting checkboxes
The information for the selected rows are shown in the Uptime graph.
 Clicking a column header
The information is sorted according to the clicked column header.
 Double-clicking a row
Displays the Device Information window.

178
Chapter 7 Chart Installation, Setup and Operations

Hint
 The Uptime graph and Uptime table can switch between units of months and units of
days. The default display is a bar graph in units of months. To change the units from
months to days, perform the following operation.
 For a stacked column chart
Click the stacked column chart for the month that you want to display in units of days.
 For a line chart
Click the spot that shows the value for the month that you want to display in units of
days.
To reset the units from days to months, click [< Monthly view].
To change the units from months to days, click the horizontal date axis on the graph you
want to display in days.

7.6.5 Device Information Window


This window shows detailed information about the devices. Double-click on a device in the table
in one of the following windows to display the Device Information window for the device.
 Device List Window
 Printer Usage Window
 Power Consumption Window
 Uptime Window
If the device is a printer, the user can also view the specific information for that printer.
To close the Device Information window, click the X button in the upper right corner.

Attention
 Information shown in the Device Information window is from the moment it was obtained
by the Sensors. Therefore, the current conditions of the device might be different from the
actual conditions at the time when the Device Information window is displayed.

179
Chapter 7 Chart Installation, Setup and Operations

The Device Information window is described below, using a printer as an example.

(1)

(4)
(5)
(6)
(7)
(8)
(9)

 
 
 


Table 7.9 Device Information Window Items

No. Setting Item Description

(1) Type Indicated the type of device by an icon. Refer to "Table 7.5 Device Icons".
(2) Registered Date The date and time when the Sensor first detected the device.
(3) Last Detected The date and time when the Sensor last detected the device.
(4) Role The role of the device. One of the following roles is shown. If the device has no role,
"-" is shown.
 Manager
 Gateway
 Registration Form Server
 Exception Server
(5) MAC Address The MAC address of the device.
(6) MAC Vendor The vendor indicated by the MAC address of the device.
(7) IP Address The IP address of the device.
(8) Host Name The host name of the device.
(9) NetBIOS Name The NetBIOS name of the device.
(10) Details The details for device types.
(11) Model The model of the device.
(12) OS Type The OS type of the device.
(13) Vendor The vendor of the device.

180
Chapter 7 Chart Installation, Setup and Operations

No. Setting Item Description

(14) Note 1 Additional information for the device.


Note 2
Note 3
(15) Rated Power The average power consumption defined for the device.
(16) Approval Status The approval status of the device. One of the following approval statuses is shown.
If there is no approval status for the device (if it is in Monitoring Mode, etc.), this field
remains blank.
 Detected
 Requested
 Approved
 Rejected
(17) Approval Period If the approval status for the device is "Approved", the validity period will be
indicated as either "Valid" or "Expired".
If the approval status for the device is anything other than "Approved", this field
remains blank.
(18) Requested Date The date and time when the registration was submitted for the device are shown.
(19) Approved Date The date and time when the registration for the device was approved are shown.
(20) Start Date The date when the approval period started.
(21) End Date The date when the approval period ends.
(22) Registration The registration items for the device.
Items The registration items are shown as "Registration Item 1" to "Registration Item 5".
(23) Serial Number This information is shown only if the device is a printer.
The serial number for the printer. If the information cannot be obtained from the
device, this field remains blank.
(24) Color/Black & This information is shown only if the device is a printer.
white One of the following functions is shown.
 Color
Shown for color printers.
 Black & white
Shown for black & white printers.
 Unknown
Shown if the color function cannot be obtained from the printer.

181
Chapter 7 Chart Installation, Setup and Operations

No. Setting Item Description

(25) Printer Status This information is shown only if the device is a printer. One of the following
statuses is shown.
 Available
The printer can be used.
 Warning
A warning has occurred in the printer.
 Low Paper
The printer is low on paper.
 Low Toner
The printer is low on toner.
 Error
An error has occurred in the printer.
 Error (Paper Jam)
Paper has jammed in the printer, causing an error.
 Error (No Paper)
The printer has run out of paper, causing an error.
 Error (Toner Empty)
The printer has run out of toner, causing an error.
 Error (Door Open)
The printer cover is open, causing an error.
 Unknown
The printer status cannot be obtained or is unclear.
(26) Total Printed This information is shown only if the device is a printer.
Pages Shows the total number of sheets that have been printed in the printer's lifetime.
(27) Remaining This information is shown only if the device is a printer.
Paper (%) The amount of paper remaining (%) in the printer is shown.
If there is more than one feed tray, this indicates the paper remaining in the tray with
the fewest sheets.
If the number of sheets remaining cannot be obtained from the printer, this field
remains blank.
(28) Remaining This information is shown only if the device is a printer.
Toner (%) The amount of toner remaining (%) in the printer is shown.
If there is more than one toner container, this indicates the amount remaining in the
container with the least toner.
If the information cannot be obtained from the printer, this field remains blank.
(29) Color of Least This information is shown only if the device is a printer.
Toner The color of the toner indicated for Toner Remaining (%) in the printer is shown.
If the information cannot be obtained from the printer, this field remains blank.

182
Chapter 7 Chart Installation, Setup and Operations

7.6.6 Filter settings Window


The Filter settings window is for specifying filtering conditions for the devices shown in the
Devices table.
To display the Filter settings window, click button in the Device List window.
The filtering conditions in this window are saved for the logged user and automatically applied
the next time the same user logs in. When filter results are shown on the Devices table, 
button is blue.
The following describes the items in the Filter settings window.

(2)
(1)

(3)

(5)
(4) (6)

Table 7.10 Filter settings Window Items

No. Setting Item Description

(1) Select conditions The devices shown in the Devices table are filtered by type.
by device type  [Any Type]
All devices are shown.
 [Filter with following conditions]
The devices are filtered by placing a checkmark in the appropriate boxes.
If no boxes are selected, all devices are shown.
(2) Text entry fields Specify letters for the following items to filter the devices shown in the Devices
table. If the specified letters are included in the value for an item, devices that
meet those conditions will appear in the list of devices. The fields are not case
sensitive for letters.
 [MAC Address]
The MAC addresses of the devices are filtered according to the letters. Use
colons and hyphens as delimiters for MAC addresses, or do not use
delimiters at all.
 [IP Address]
The IP addresses of the devices are filtered according to the letters.
 [Host Name]
The host names of the devices are filtered according to the letters.
 [NetBIOS Name]
The NetBIOS name of the devices are filtered according to the letters.
 [Note 1]
Note 1 of the devices is filtered according to the letters.
 [Note 2]
Note 2 of the devices is filtered according to the letters.
 [Note 3]
Note 3 of the devices is filtered according to the letters.

183
Chapter 7 Chart Installation, Setup and Operations

No. Setting Item Description

(3) Scope The devices shown in the Devices table are filtered by the following pull-down
menus.
 [Device List]
The list of devices detected by the Sensors is filtered.
 [Detected this month]
The list of devices detected by the Sensors this month is filtered.
 [Removed this month]
The list of devices deleted this month is filtered.
(4) Clear conditions Clears the filtering conditions that have been set.
Click [OK] to remove all filtering conditions from the Devices table.
(5) OK Applies the settings and closes the window.
(6) Cancel Closes the window without applying the settings.

7.6.7 Configure Columns Window


The Configure Columns window is used to select columns to display in the Devices table, and to
specify the order in which they appear. The selected display columns are saved for the logged

user, and automatically applied the next time the same user logs in. Click button in one of
the following windows in which the Device List appears to open the Configure Columns window.
 Device List Window
 Printer Usage Window
 Power Consumption Window
 Uptime Window
The following describes the operations in the Configure Columns window.

Fig 7.6 Configure Columns Window ([Items] Tab)

(1)

(2)

(3)
(4)

184
Chapter 7 Chart Installation, Setup and Operations

Table 7.11 Configure Columns Window ([Items] Tab) Items

No. Setting Item Description

(1) [Items]/[Order] tabs To select items to display, click the [Items] tab.
To set the display order of items, click the [Order] tab.
(2) Display Column Select the columns to be displayed on the Devices table.
checkboxes
(3) OK Applies the settings and closes the window.
(4) Cancel Closes the window without applying the settings.

Fig 7.7 Configure Columns Window ([Order] Tab)

(1)

(2)

(3)
(4)

Table 7.12 Configure Columns Window ([Order] Tab) Items

No. Setting Item Description

(1) [Items]/[Order] To select items to display, click the [Items] tab.


tabs To set the display order of items, click the [Order] tab.
(2) List of display A list of the items to be displayed is shown.
columns
Select an item and then click or to change the order. You can also drag
and drop an item to change the order.
(3) OK Applies the settings and closes the window.
(4) Cancel Closes the window without applying the settings.

185
Chapter 7 Chart Installation, Setup and Operations

7.7 Saving to a CSV File


To save the graphs and tables shown in the information display area into a CSV file, select
[Output] in the main window and then click [Output to CSV files].
The steps for saving into a CSV file are described below.

[Procedure]
1. Display the data to be saved into a CSV file in the information display area in the main
window.
2. Arrange the graphs and tables as you want the data to be saved to the CSV file.
3. Select [Output] in the main window and then click [Output to CSV files].
 The folder browsing window appears.
4. Select the folder where you want to save the CSV file and then click [OK].
 A CSV file is saved in the selected folder.
CSV file names are created with underscores (_) between the information shown below.
 Date and time saved (MMDDYYYYhhmmss format)
 Fixed words describing the data content

The following example describes the CSV file name and content. "SUMMARY_DEVICE" in the
CSV file name is the fixed part.

Example of CSV file name (08272012204426_SUMMARY_DEVICE.csv)

SEGMENT_GROUP_NAME,SEGMENT_NAME,DEVICES,
INCREASE_FROM_LAST_MONTH,
DECREASE_FROM_LAST_MONTH
"1_Tokyo_Head_Office",,"381","4","16"
,"Head_Office_Sales","107","1","5"
,"Development1","115","2","4"
,"Development2","100","1","5"

The CSV file is saved with the following content.


 The item names for each column are saved on line 1. Data is saved starting on line 2.
 The character code is either UTF-8 or a character code according to the language of
the operating system. Specify whether to use UTF-8 in the CSV File Settings window.
 The line feed code for CSV files is CRLF.
 If there are no values for the data that is saved in each column, no value is entered.
 Data in the CSV file is contained between double quotation marks.
 If the saved data includes a double quotation mark, it will automatically be changed
into "".

186
Chapter 7 Chart Installation, Setup and Operations

7.7.1 Saving to a CSV File (Summary Window)


If data is saved into a CSV file while the Summary window appears, the following three files are
saved.
 MMDDYYYYhhmmss_SUMMARY_DEVICE.csv
CSV file of the data on the Number of Devices table in the Devices summary
 MMDDYYYYhhmmss_SUMMARY_PRINT.csv
CSV file of the data on the Amount of Printed Pages table in the Amount of Printed Pages
summary
 MMDDYYYYhhmmss_SUMMARY_ELECTRIC.csv
CSV file of the data on the Power Consumption table in the Power Consumption summary
The following describes the items and values in CSV file.

Table 7.13 Items in Items in MMDDYYYYhhmmss_SUMMARY_DEVICE.csv

Column Item Content Note

1 SEGMENT_GROUP_NAME Segment Group Name


If all Segment Groups can be viewed, this field is
"All".
2 SEGMENT_NAME Segment Name (*)
3 DEVICES Total number of devices for this month
4 INCREASE_FROM_LAST_M Increase in the number of devices for this month
ONTH
5 DECREASE_FROM_LAST_ Decrease in the number of devices for this month
MONTH

*: If the data in the row indicates a Segment Group, this field might become blank.

Table 7.14 Items in MMDDYYYYhhmmss_SUMMARY_PRINT.csv

Column Item Content Note

1 SEGMENT_GROUP_NAME Segment Group Name


If all Segment Groups can be viewed, this field is
"All".
2 SEGMENT_NAME Segment Name (*)
3 PAGES Total amount of printed pages for this month
4 DIFFERENCE_FROM_LAST Difference between pages printed for last month
_MONTH and this month
5 PRINTERS Number of printers for which the amount of
printed pages for this month was calculated

*: If the data in the row indicates a Segment Group, this field might become blank.

Table 7.15 Items in MMDDYYYYhhmmss_SUMMARY_ELECTRIC.csv

Column Item Content Note

1 SEGMENT_GROUP_NAME Segment Group Name


If all Segment Groups can be viewed, this field is
"All".
2 SEGMENT_NAME Segment Name (*)
3 POWER_CONSUMPTION Total power consumption for this month

187
Chapter 7 Chart Installation, Setup and Operations

Column Item Content Note

4 DIFFERENCE_FROM_LAST Difference between power consumption for last


_MONTH month and this month
5 DEVICES Number of printers for which power consumption
for this month was calculated

*: If the data in the row indicates a Segment Group, this field might become blank.

7.7.2 Saving to a CSV File (Device List Window)


If data is saved into a CSV file while the Device List window appears, the following two files are
saved.
 MMDDYYYYhhmmss_DEVICE_SUMMARY.csv
CSV file of the data on the Number of Devices table in the Device List window
 MMDDYYYYhhmmss_DEVICE.csv
CSV file of the data on the Devices table in the Device List window

The following describes the items and values in CSV file.

Table 7.16 Items in MMDDYYYYhhmmss_DEVICE_SUMMARY.csv

Column Item Content Note

1 SEGMENT_GROUP_NAME Segment Group Name


If all Segment Groups can be viewed, this field is
"All".
2 SEGMENT_NAME Segment Name (*)
3 DEVICES Total number of devices for this month
4 INCREASE_FROM_LAST_M Increase in the number of devices for this month
ONTH
5 DECREASE_FROM_LAST_ Decrease in the number of devices for this
MONTH month

*: If the data in the row indicates a Segment Group, this field might become blank.

188
Chapter 7 Chart Installation, Setup and Operations

Table 7.17 Items in MMDDYYYYhhmmss_DEVICE.csv

Column Item Content Note

1 DEVICE_TYPE Device type names are:


 "Classifying"
 "Unclassified"
 "Windows"
 "Mac"
 "Linux/UNIX"
 "Routers/Switches"
 "Printers"
 "NAS"
 "Scanners"
 "VoIP Phones"
 "Kiosk Terminals"
 "Mobile Devices"
 "Others"
2 MAC_ADDRESS MAC address of the device
3 HOST_NAME Host name of the device
If this is not set, the host name default is
either the NetBIOS name or IP address of
the device.
4 IP_ADDRESS IP address of the device
5 MAC_VENDOR MAC vendor of the device
6 NETBIOS_NAME NetBIOS name of the device
7 DETAILS Details of the model of the device
8 MODEL Model of the device
9 OS_TYPE OS of the device
10 VENDOR Vendor of the device
11 LAST_DETECTED Last detected date of the device, in the
following format
MM/dd/yyyy hh:mm:ss tt
12 RATED_POWER Average power consumption of the device
13 NOTE1 Note 1 for the device
14 NOTE2 Note 2 for the device
15 NOTE3 Note 3 for the device
16 ROLE Role of the device
If there is no role, "-" appears.
 "Manager"
 "Gateway"
 "Registration Form Server"
 "Exception Server"

189
Chapter 7 Chart Installation, Setup and Operations

Column Item Content Note

17 APPROVAL_STATUS Approval status of the device


 "Detected"
 "Requested"
 "Approved"
 "Rejected"
18 APPROVAL_PERIOD Approval period of the device
If the approval status is anything other
than "Approved", this field remains blank.
 "Valid"
 "Expired"
19 REGISTERED_DATE Registered date of the device, in the
following format
MM/dd/yyyy hh:mm:ss tt
20 REQUESTED_DATE Registration requested date of the device,
in the following format
MM/dd/yyyy hh:mm:ss tt
21 APPROVED_DATE Approved date of the device, in the
following format
MM/dd/yyyy hh:mm:ss tt
22 START_DATE Start date of the device, in the following
format
MM/dd/yyyy
23 END_DATE End date of the device, in the following
format
MM/dd/yyyy
24 REGISTRATION_ITEM1 Registration item 1 for the device
25 REGISTRATION_ITEM2 Registration item 2 for the device
26 REGISTRATION_ITEM3 Registration item 3 for the device
27 REGISTRATION_ITEM4 Registration item 4 for the device
28 REGISTRATION_ITEM5 Registration item 5 for the device
29 SERIAL_NUMBER Serial number for a printer (*)
30 COLOR/BLACK&WHITE One of the following colors for a printer (*)
 "Color"
 "Black & white"
 "Unknown"

190
Chapter 7 Chart Installation, Setup and Operations

Column Item Content Note

31 PRINTER_STATUS One of the following printer statuses for a (*)


printer
 "Available"
 "Warning"
 "Low Paper"
 "Low Toner"
 "Error"
 "Error (Paper Jam)"
 "Error (No Paper)"
 "Error (Toner Empty)"
 "Error (Door Open)"
 "Unknown"
32 REMAINING_PAPER Min. paper remaining (%) for a printer (*)
33 REMAINING_TONER Min. toner remaining (%) for a printer (*)
34 COLOR_OF_LEAST_TON Color of the min. toner remaining for a (*)
ER printer
35 TOTAL_PRINTED_PAGES Total amount of printed pages for a printer (*)

* If the device is not a printer, or if it is not set in the Manager, this field remains blank.

7.7.3 Saving to a CSV File (Printer Usage Window)


If data is saved into a CSV file while the Printer Usage window appears, the following file is
saved.
 MMDDYYYYhhmmss_PRINT.csv
CSV file of the data on the Amount of Printed Pages table in the Printer Usage window

The following describes the items and values in a CSV file. The number of columns will vary
according to the content appearing on the Amount of Printed Pages table.

Table 7.18 Items in MMDDYYYYhhmmss_PRINT.csv

Column

Amount
of Item Content
Segment
Segment Printed
Group
Pages
table

1 1 1 SELECT The statuses of checkboxes on the Amount of


Printed Pages table are displayed.
"0" not selected
"1" selected

2 - - SEGMENT_GROUP_NA Segment group names are displayed if the


ME Amount of Printed Pages table shows Segment
Groups.

- 2 - SEGMENT_NAME Segment names are displayed if the Amount of


Printed Pages table shows segments.

191
Chapter 7 Chart Installation, Setup and Operations

Column

Amount
of Item Content
Segment
Segment Printed
Group
Pages
table

- - 2 to 4 MAC_ADDRESS The MAC address for the device and the value
HOST_NAME for the column selected in the Choose Display
Columns window are displayed.
IP_ADDRESS
Items are sorted according to the order set in
MAC_VENDOR [Configure columns].
NETBIOS_NAME Refer to "Table 7.17 Items in
DETAILS MMDDYYYYhhmmss_DEVICE.csv".
MODEL
OS_TYPE
VENDOR
NOTE1
NOTE2
NOTE3
SERIAL_NUMBER
REGISTRATION_ITEM1
REGISTRATION_ITEM2
REGISTRATION_ITEM3
REGISTRATION_ITEM4
REGISTRATION_ITEM5

3 3 5 (*) TOTAL The total amount of printed pages

4 to 15 4 to 15 6 to MMyyyy yyyy indicates the year.


17(*) MM indicates the month (01 to 12).
Columns are displayed for the number of
months in a year.

4 to 34 4 to 34 6 to DAY_d d indicates the day (1 to 31).


36(*) Columns are displayed for the number of days
in a month.

*: The start number and end number vary according to the number of items selected.

7.7.4 Saving to a CSV File (Power Consumption/Uptime Window)


If data is saved into a CSV file while the Power Consumption/Uptime window appears, either one
of the following files is saved.
 MMDDYYYYhhmmss_ELECTRIC.csv
CSV file of the data on the Power Consumption table in the Power Consumption window
 MMDDYYYYhhmmss_OPERATIONAL_TIME.csv
CSV file of the data on the Uptime table in the Uptime window

The following describes the items and values in CSV file. The number of columns will vary
according to the content appearing on the Power Consumption table and the Uptime table.

192
Chapter 7 Chart Installation, Setup and Operations

Table 7.19 Items in MMDDYYYYhhmmss_ELECTRIC.csv

Column

Power Item Content


Segment
Segment Consumption
Group
table

1 1 1 SELECT The statuses of checkboxes on the Power


Consumption table are displayed.
"0" not selected
"1" selected

2 - - SEGMENT_GROUP_ Segment group names are displayed if


NAME the Power Consumption table shows
Segment Groups.

- 2 - SEGMENT_NAME Segments names are displayed if the


Power Consumption table shows
segments.

- - 2 DEVICE_TYPE Device types are displayed if the Power


Consumption table shows devices.

- - 3 to 5 MAC_ADDRESS The MAC address for the device and the


HOST_NAME value for the column selected in the
Choose Display Columns window are
IP_ADDRESS displayed.
MAC_VENDOR Items are sorted according to the order
NETBIOS_NAME set in [Configure columns].
DETAILS Refer to "Table 7.17 Items in
MODEL MMDDYYYYhhmmss_DEVICE.csv".
OS_TYPE
VENDOR
NOTE1
NOTE2
NOTE3
SERIAL_NUMBER
REGISTRATION
_ITEM1
REGISTRATION
_ITEM2
REGISTRATION
_ITEM3
REGISTRATION
_ITEM4
REGISTRATION
_ITEM5

3 3 6(*) TOTAL The Total power consumption.

4 to 15 4 to 15 7 to 18 (*) MMyyyy yyyy indicates the year.


MM indicates the month (01 to 12).
Columns are displayed for the number of
months in a year.

4 to 34 4 to 34 7 to 37 DAY_d d indicates the day (1 to 31).


Columns are displayed for the number of
days in a month.

*: The start number and end number vary according to the number of items selected.

193
Chapter 7 Chart Installation, Setup and Operations

Table 7.20 Items in MMDDYYYYhhmmss_OPERATIONAL_TIME.csv

Column Item Content

1 SELECT The statuses of checkboxes on the Uptime table are displayed.


"0" not selected
"1" selected
2 DEVICE_TYPE Device types are displayed if the Uptime table shows devices.

3 to 5 MAC_ADDRESS The MAC address for the device and the value for the column selected
HOST_NAME in the Choose Display Columns window are displayed.
IP_ADDRESS Items are sorted according to the order set in [Configure columns].
MAC_VENDOR Refer to "Table 7.17 Items in MMDDYYYYhhmmss_DEVICE.csv".
NETBIOS_NAME
DETAILS
MODEL
OS_TYPE
VENDOR
NOTE1
NOTE2
NOTE3
SERIAL_NUMBER
REGISTRATION_ITE
M1
REGISTRATION_ITE
M2
REGISTRATION_ITE
M3
REGISTRATION_ITE
M4
REGISTRATION_ITE
M5
6 (*) TOTAL The Total uptime.
7 to 18 MMyyyy yyyy indicates the year.
(*) MM indicates the month (01 to 12).
Columns are displayed for the number of months in a year.
7 to 37 DAY_d d indicates the day (1 to 31).
(*) Columns are displayed for the number of days in a month.

*: The start number and end number vary according to the number of items selected.

194
Chapter 7 Chart Installation, Setup and Operations

7.8 Printing and Previewing


You can use the print function to print the graphs and tables displayed in the information display

area. Simply select button in the main window and [Print].

You can check the appearance of the data before printing by selecting button and 
[Print Preview].

Hint
 The data is not printed exactly as it appears in the window. Instead, it is printed according
to the units used in the graphs and tables.
 Although you can preview an outline of the content and layout to be printed, you cannot
refer to the page breaks or adjust the printing area.
 If there are many rows in the tables shown in the window, printing and previewing will not
be possible. Keep the number of rows in tables in the window to 300 or less. In the
Summary window and the Devices window, keep the total number of rows in all tables to
300 or less.
 To print or preview when the number of rows exceeds 300, first save the data into a CSV
file and then view and/or print the CSV file from a spreadsheet application. Refer to "7.7
Saving to a CSV File".

The items displayed for printing and previewing will vary according to the window shown in the
information display area.
However, the following items are always included.
 Creation date
Date the print data was created
 Data obtained
Date the print data was obtained from the Manager
 Title
Title of the printed or previewed data

Summary window
If printing or previewing is performed while the Summary window is open, the following items
are included.
Refer to "7.5 Summary Display".
 Device Structure pie chart
 Number of Devices table (*)
 Amount of Printed Pages graph
 Amount of Printed Pages table (*)
 Power Consumption graph
 Power Consumption table (*)
*: If a table has many rows, printing might require more than one page.

195
Chapter 7 Chart Installation, Setup and Operations

Device List window


If printing or previewing is performed while the Device List window is open, the following items
are included.
Refer to "7.6.1 Device List Window".
 Device Structure pie chart
 Number of Devices table (*1)
 Devices table (*1), (*2)
*1: If a table has many rows, printing might require more than one page.
*2: If a table has many columns, characters might be cut off when printing or previewing. Change the
number of columns in the Choose Display Columns window and make adjustments to ensure that no
characters are cut off.

Printer Usage window


If printing or previewing is performed while the Printer Usage window is open, the following
items are included.
Refer to "7.6.2 Printer Usage Window".
 Amount of Printed Pages graph (*1)
 Amount of Printed Pages table (*2), (*3)
*1: If the legend for a graph includes many items, they might not all be displayed. Limit legend items to 10
or less.
*2: If a table displays data for each day, the data is divided into three parts for printing and previewing: 1st
to 10th, 11th to 20th and 21st to 31st.
*3: If a table displays data for each month, the data is divided into two parts for printing and previewing:
January to June and July to December.

Power Consumption/Uptime window


If printing or previewing is performed while the Power Consumption/Uptime window is open,
the following items are included.
Refer to "7.6.3 Power Consumption Window".
 Power Consumption graph (*1)
 Power Consumption table (*2), (*3)
 Uptime graph (*1)
 Uptime table (*2), (*3)
*1: If the legend for a graph includes many items, they might not all be displayed. Limit legend items to 10
or less.
*2: If a table displays data for each day, the data is divided into three parts for printing and previewing: 1st
to 10th, 11th to 20th and 21st to 31st.
*3: If a table displays data for each month, the data is divided into two parts for printing and previewing:
January to June and July to December.

196
Chapter 7 Chart Installation, Setup and Operations

7.9 Graph Settings


Select button in the main window and then click [Graph Settings] to display the Graph
Settings window.
In the Graph Settings window, you can specify the maximum number of items to display in the
following graphs.
 Amount of Printed Pages graph in the Printer Usage window.
 Power Consumption graph in the Power Consumption window.
 Uptime graph in the Uptime window.
The maximum number of items to specify becomes the maximum number of checkboxes on the
tables that correspond to the above graphs.

Attention
 Specifying more than 10 items for a graph will be difficult to read.
 If a large number of items is specified, it will take longer to draw the graph.

The following describes the items in the Graph Settings window.

Table 7.21 Graph Settings Window Items

Setting Item Description

Maximum number Specifies the number of items to display on the following graphs:
of items  Amount of Printed Pages graph in the Printer Usage window
 Power Consumption graph in the Power Consumption window
 Uptime graph in the Uptime window
Specify the number of items as one of the following:
 10
Displays up to 10 items. 10 is specified by default.
 50
Displays up to 50 items. To display more than 10 items, select "50".
OK Applies the settings and closes the window.
Cancel Closes the window without applying the settings.

197
Chapter 7 Chart Installation, Setup and Operations

7.10 Time Zone Settings


Click [Time Zone Settings] from button in the main window to display the Time Zone
Settings window.
In the Time Zone Settings window, specify a time zone used for time display of device
information that is displayed in the Chart.
The following describes the items in the Time Zone Settings window.

Table 7.22 Time Zone Settings Window Items

Setting Item Description

Time zone information Specify one of the following for time display of device information:
for displaying time  Display in Event Viewer Time
Uses the event viewer time specified in the User Information window.
 Display in Event Local Time
Displays in the local time of the Sensors or the Manager.
OK Applies the settings and closes the window.
Cancel Closes the window without applying the settings.

7.11 CSV File Settings


Select button in the main window, and then click [CSV File Settings] to display the CSV File
Settings window.
In the CSV File Settings window, specify a character code for the data that is saved into a CSV
file.

198
Chapter 7 Chart Installation, Setup and Operations

The following describes the items in the CSV File Settings window.

Table 7.23 CSV File Settings Window Items

Setting Item Description

UTF-8 coding Select the checkbox to use the UTF-8 character code when saving the data into a
CSV file.
If this checkbox is not selected, a character code that corresponds to the
language of the operating system on the computer where the Charts operate is
used.
OK Applies the settings and closes the window.
Cancel Closes the window without applying the settings.

7.12 Uninstalling Chart


This section describes how to uninstall Chart.

[Procedure]
1. On the computer from which Chart will be uninstalled, select [Control Panel] and then
[Add or Remove Programs].
2. Select "iNetSec Smart Finder Chart" to remove the application.

Attention
 Even after Chart is uninstalled, the following folders and their files remain on your
computer.
 Folders created when the application was installed
The following example assumes that Drive C is the system drive and that the default
values were used when installing the application.
C:\Program Files\PFU
Even if no other applications exist inside the "PFU" folder indicated above, that folder
will not be removed when Chart is uninstalled. If the PFU folder is no longer needed,
you can delete it after first making sure there are no important files remaining inside.

 Data created in the Application Data folder in Windows


The following example assumes that Drive C is the system drive.
C:\Users\user name\AppData\Roaming\iNetSecSmartFinderChart

199
Chapter 8 Maintenance

Chapter 8 
Maintenance

This chapter describes the operations for maintenance of the configured system.

8.1 Sensor Maintenance ............................................................................................... 201


8.2 Maintenance of the Manager .................................................................................. 204
8.3 Information Collection during Errors ....................................................................... 206

200
Chapter 8 Maintenance

8.1 Sensor Maintenance


Add, delete, move or replace the Sensors in accordance with changes in the monitored/blocked
segments.

8.1.1 Adding the Sensors


Use the following procedure to add the Sensor and a monitored/blocked segment:
1. Configure the basic settings for the Sensor to be added.
Refer to "3.4.2 Configuring Settings for the Sensor".
2. Locate the Sensor to the monitored/blocked segment.
Refer to "3.4.3 Installing the Sensor".

8.1.2 Deleting the Sensors


Use the following procedure to delete the Sensor from a monitored/blocked segment:
1. Remove the Sensor to be deleted.
Refer to "9.1.1 Removal of the Sensor".
2. Delete the removed Sensor from the Sensors window.
Refer to "4.4 The Sensor Management".
3. Delete the devices detected by the removed Sensor.
Refer to "4.2 Managing Connected Devices".

8.1.3 Moving the Sensors


Use the following procedure to change the segment of the Sensor that has been used:
1. Remove the Sensor from the original location.
Refer to "9.1.1 Removal of the Sensor".
2. From the Sensor Basic window, change the IP address to the address of the destination
segment.
Refer to "3.4.2 Configuring Settings for the Sensor".
3. Install the Sensor in the destination segment.
Refer to "3.4.3 Installing the Sensor".
4. If the device information detected in the original segment is unnecessary, delete the
corresponding device from the Devices window.
Refer to "4.2 Managing Connected Devices".

201
Chapter 8 Maintenance

8.1.4 Replacing the Sensors


The procedure for replacing the Sensors will vary depending on the network environment.
If the following condition is satisfied, use "8.1.4.2 Using the Inherit Sensor Command to Replace
the Sensor" for performing the replacement.
 For multiple segments with the same network address in a segment managed by iNetSec
Smart Finder

If the above condition is not satisfied, use "8.1.4.1 Using Automatic Inherit to Replace the
Sensor" for performing replacement.
Perform the following operations before replacing the Sensor:
 Configure the basic settings for the new Sensor to the same network address and subnet
mask as the Sensor that is to be removed.
 For Tagged VLAN configuration, configure the same VLAN ID.
For details about the Sensor basic settings, refer to "3.4.2 Configuring Settings for the Sensor".

Attention
 For the Sensor that monitors applications, you must reconnect the cable connected to the
monitoring port of the source Sensor to the destination Sensor. The Sensor starts
Application Monitoring after a warm-up time (90 seconds) to avoid false detections.

8.1.4.1 Using Automatic Inherit to Replace the Sensor


Simply by replacing the Sensor, all the settings are automatically inherited by the new Sensor.

Replacing the Sensor automatically updates the settings.

Attention
 Before performing this operation, use the Customize Configuration command to
enable automatic Sensor inheriting and to confirm that it has been enabled. Refer to
"10.11 Customize Configuration Command (pq_customize_config.exe)".

[Procedure]
1. Remove the Sensor from the segment.
Refer to "9.1.1 Removal of the Sensor".
2. In the Sensors window, confirm that the status of the removed Sensor is "Abnormal", and
then place the new Sensor on the segment.

Attention
 After the removal of the Sensor is complete, place the new Sensor on the
segment.
 If the Sensor to be removed and the new Sensor are placed in the segment at the
same time, both Sensors will be shown alternately on the [Sensor List] tab on the
Sensors window when the window is updated. If this happens, remove the old
Sensor from the segment.

202
Chapter 8 Maintenance

3. In the Sensors window, confirm that the new Sensor is shown and the segment managed
by the removed Sensor is assigned to the new Sensor. Refer to "4.4 The Sensor
Management".

Hint
 The segment information inherited from the removed Sensor to the new Sensor is
shown below.
 Segment Group
 Sensor Name
 Segment Name
 Operation Mode
 Event Notification of Segment
 Application Monitoring mode of Segment
 License
 Blocking a device using IP addresses out of IP segment
 When inheriting is complete, the removed Sensor information is automatically
deleted.

8.1.4.2 Using the Inherit Sensor Command to Replace the Sensor


After replacing the Sensor, execute the Inherit Sensor command to inherit to the new Sensor.

Attention
 Use the Customize Configuration command to disable automatic Sensor inheriting
and to check automatic Sensor inheriting has been disabled. Refer to "10.11
Customize Configuration Command (pq_customize_config.exe)".
 If the Inherit Sensor command is executed, the network communication might be
blocked. The Inherit Sensor command must be executed when it does not affect
users.

[Procedure]
1. Remove the Sensor from the segment.
Refer to "9.1.1 Removal of the Sensor".
2. In the Sensors window, confirm that the status of the removed Sensor is "Abnormal", and
then place the new Sensor on the segment.
3. In the Sensors window, confirm that the Sensor information for the new Sensor matches
the statuses shown below. Refer to "4.4 The Sensor Management".
Device Information: "Complete"
Application Information: "Complete"
Sensor Information: "Complete"
System Information: "Complete"
Version: Latest version
Operation Status: "Normal"
4. In the Segment Groups window, assign the segment for the removed Sensor and the
segment for the new Sensor to the same Segment Group. Refer to "4.6.2 Adding and
Changing Segment Groups".

203
Chapter 8 Maintenance

5. In the Sensors window, confirm that the device information for the new Sensor is
"Complete".
6. Execute the Inherit Sensor command on the Manager Computer. Refer to "10.10 Inherit
Sensor Command (pq_inherit_sensor.exe)".
7. In the Sensors window, confirm that the new Sensor is shown and the segment managed
by the removed Sensor is assigned to the new Sensor.

Hint
 The segment information inherited from the removed Sensor to the new Sensor is
shown below.
 Sensor Name
 Segment Name
 Operation Mode of Segment
 Event Notification of Segment
 Application Monitoring mode of Segment
 License
 Blocking of devices out of managed segments
 Time zone

8. Delete the removed Sensor from the Sensors window. Refer to "4.4 The Sensor
Management".

8.2 Maintenance of the Manager


This section describes the maintenance procedures for the Manager.

8.2.1 Changing Environment Settings of the Manager


Change the environment settings of the Manager in accordance with changes in the monitored/
blocked segments.

Changing Event Information Retention Period


To change the Retention Period of the event information, change [Event Retention Period] on
the [System Settings] tab in the System Configuration window. Only the system administrator
can change this item.
Refer to "4.8.4 System Settings".

Changing Schedule Time of Determining Missing/Disposed Devices


To change the schedule time of determining that the devices are missing or disposed, change
[Scheduled Time for the Manager Process] on the [System Settings] tab in the System
Configuration window. Only the system administrator can change this item.
Refer to "4.8.4 System Settings".

204
Chapter 8 Maintenance

Setting Automatic Removal of Missing/Disposed Devices


To automatically delete devices that are missing or disposed, select [Automatic Removal]
next to [Term] on the [Segment Group Specific Settings] tab in the System Configuration
window. The Group Administrator can change this item on a Segment Group basis.
Refer to "4.8.3.3 Block/Approve Devices".

Attention
 If the Manager Computer is not started over the term specified for [Term] while the
Automatic Removal is enabled, the devices may be determined as missing/disposed
and deleted when the computer is started.

Changing Sync Interval between the Manager and the Sensor


To change the synchronization interval between the Manager and the Sensor, change [Sync
interval between Manager and Sensor] on the [System Settings] tab in the System
Configuration window. Only the system administrator can change this item.
Refer to "4.8.4 System Settings".

Enabling/Disabling Sensor to Sensor Status Monitoring


To change whether to enable Sensor to Sensor Status Monitoring in the same Segment
Group, change [Sensor to Sensor status monitoring] on the [System Settings] tab in the
System Configuration window. Only the system administrator can change this item.
Refer to "4.8.4 System Settings".

Replacing the Manager Computer


Before replacing the Manager Computer, back up the information retained by the Manager.
Install the Manager in the replaced computer, configure the environment settings and restore
the backed up information.
Refer to "8.2.2 Backup and Restoration of the Manager". For details about installation and
environment settings for the Manager, refer to "Chapter 3 Introduction".

Attention
 If the information is not restored, the device information retained by the Manager and the
Sensor is initialized.
 If the Manager to communicate with the Sensor is changed during operation, initialize the
Sensor. 
Refer to "5.4 Initializing the Sensor".

8.2.2 Backup and Restoration of the Manager


This section describes how to back up and restore the information retained by the Manager.

Backup of the Manager


To back up the information retained by the Manager, execute the Backup command on the
Manager Computer.
Refer to "10.1 Backup Command (pq_backup.exe)".

205
Chapter 8 Maintenance

Restoration of the Manager


To restore the backed up information of the Manager, execute the Restore command on the
Manager Computer.
Refer to "10.2 Restore Command (pq_restore.exe)".

8.2.3 Starting/Stopping Services Related to iNetSec Smart Finder


Services related to iNetSec Smart Finder are running on the Manager Computer as shown
below. These services automatically start up when the Manager Computer is started.
 iNetSec Smart Finder Manager Service (Manager service)
 World Wide Web Publishing Service (IIS service)
 SQL Server (PFUDACM) Service (SQL server service)

Depending on the displayed error messages, it may be required to start/stop services manually.
In this case, start/stop the service in the order shown below. For details about the meaning of
error messages and actions, refer to "Chapter 11 Error Messages".

To start services on the Manager Computer


1. SQL Server (PFUDACM) Service (SQL server service)
2. World Wide Web Publishing Service (IIS service)
3. iNetSec Smart Finder Manager Service (Manager service)

To stop services on the Manager Computer


1. iNetSec Smart Finder Manager Service (Manager service)
2. World Wide Web Publishing Service (IIS service)
3. SQL Server (PFUDACM) Service (SQL server service)

8.3 Information Collection during Errors


This section describes how to collect information when an error occurs in the iNetSec Smart
Finder system.

Collection of Maintenance Information of the Manager


To collect the maintenance information of the Manager, execute the Investigate command on the
Manager Computer.
Refer to "10.3 Investigate Command (pq_investigate.exe)".

Collection of Maintenance Information of the Sensor


To collect the maintenance information of the Sensor, execute the Investigate Sensor command
on the Manager Computer.
Refer to "10.4 Investigate Sensor Command (pq_investigate_sensor.exe)".

206
Chapter 9 Removal

Chapter 9 
Removal

This chapter describes how to remove the Sensor and uninstall the Manager.

9.1 Removal & Uninstallation directions ....................................................................... 208

207
Chapter 9 Removal

9.1 Removal & Uninstallation directions


When the system operations using iNetSec Smart Finder are finished, perform the following
removal operations:
 Removal of the Sensor
 Uninstallation of the Manager

9.1.1 Removal of the Sensor


This section describes how to remove the Sensor.

[Procedure]
1. Confirm that the POWER LED on the Sensor lights up green.
2. Press the Power button twice to stop the Sensor.
Refer to "5.3 Stopping the Sensor".
3. After confirming that all LEDs are off, disconnect the power cable and remove the Sensor
from the network.

9.1.2 Uninstallation of the Manager


This section describes how to uninstall the Manager.

Attention
 Before uninstallation, back up the information retained by the Manager as needed. 
Refer to "8.2.2 Backup and Restoration of the Manager".
 During uninstallation, the following message may appear: "The following applications
should be closed before continuing the installation:". In this case, stop the services
described in the message and click "Retry" to continue the process.

[Procedure]
1. From [Control Panel] on the Manager Computer, click [Add or Remove Programs].
2. Select "iNetSec Smart Finder Manager" and perform the removal procedure according to
the operating system.
 The Ready to uninstall iNetSec Smart Finder Manager window of iNetSec Smart
Finder Manager appears.

208
Chapter 9 Removal

3. Click [Uninstall].

4. Click [Finish] to finish the uninstallation procedure.

Uninstall the SQL Server instance by performing the following steps.

[Procedure]
1. From [Control Panel] on the Manager Computer, click [Add or Remove Program].
2. Select [Microsoft SQL Server 2008 R2] or [Microsoft SQL Server 2008 R2 (64-bit)] (when
using a 64-bit operating system) to start the SQL Server 2008 R2 setup wizard.
3. Select [Remove] in order to uninstall the SQL Server (PFUDACM) instance.
 The [Setup Support Rules] dialog box appears.

209
Chapter 9 Removal

4. Click [OK].
 The [Select Instance] dialog box appears.
5. Select the PFUDACM instance from the dropdown list of [Instance to remove features
from], and Click [Next].
 The [Select Features] dialog box appears.
6. Select [Database Engine Services] under [Features], and click [Next].
 The [Removal Rules] dialog box appears.
7. Click [Next].
 The [Ready to Remove] dialog box appears.
8. Click [Remove] to uninstall the instance.
 When the instance is uninstalled successfully, the [Complete] dialog box appears.
9. Click [Close] to end the setup wizard.

Hint
 Uninstalling the SQL Server (PFUDACM) instance will not uninstall "SQL Server
Native Client". Uninstall "SQL Server Native Client" as required.

210
Chapter 10 Commands

Chapter 10 
Commands

This chapter describes the commands used to operate the network system using iNetSec Smart
Finder.

Hint
 A return value for each command is saved in Windows environmental variable
ERRORLEVEL. To check the return value, refer to the environmental variable
ERRORLEVEL after command
Example:

> echo %ERRORLEVEL%


0

10.1 Backup Command (pq_backup.exe)....................................................................... 212


10.2 Restore Command (pq_restore.exe) ...................................................................... 214
10.3 Investigate Command (pq_investigate.exe)............................................................ 216
10.4 Investigate Sensor Command (pq_investigate_sensor.exe) .................................. 218
10.5 Export Device Command (pq_export_device.exe) ................................................. 220
10.6 Import Device Command (pq_import_device.exe).................................................. 222
10.7 Export Event Command (pq_export_event.exe) ..................................................... 224
10.8 Export Sensor Command (pq_export_sensor.exe)................................................. 225
10.9 Control Sensor Command (pq_control_sensor.exe)............................................... 227
10.10 Inherit Sensor Command (pq_inherit_sensor.exe) ................................................. 228
10.11 Customize Configuration Command (pq_customize_config.exe) ........................... 231

211
Chapter 10 Commands

10.1 Backup Command (pq_backup.exe)


Use this command to back up the information retained by the Manager.
Information retained by the Manager can be restored from the backup file.

Attention
 The execution of the Backup command requires Windows administrator privileges.
 To specify a folder on the network, assign the network drive in advance so that you can
access it with administrator privileges.
 Do not edit the backup file. If a file is restored after edited, normal operation may not be
obtained.
 Ensure that the destination disk has sufficient free space before executing the command.
If the space is insufficient, an incomplete file may be created.

Hint
 iNetSec Smart Finder Manager Service is not stopped even while the Backup command is
being executed.
 If the Backup command failed, only the specified folder is created.

10.1.1 Command Specification


The specification of the Backup command is as follows:
Command pq_backup.exe
name

Bin folder under the installation folder of the Manager


Location

 Backup folder name


Specify a folder name to store the backup file.
This entry cannot be omitted.
If the specified folder does not exist, it is created. If it already exists, the folder is
Argument overwritten.
 [-s]
Changes the return value of the command depending on the error details. Specify this
option to change the processing by referring to the return value of the command in
operations such as cooperative use of system.

212
Chapter 10 Commands

 0
Operation completed normally.
 1
Operation terminated abnormally.

If the -s option is specified, the return values are as follows:


 0
Operation completed normally.
 1
Failed to access the database.
 2
Failed to access the file.

Return
 3
value Cannot continue the process due to an invalid environment.
 5
The specified folder format is incorrect.
 6
The command has been already executed.
 7
Disk space is insufficient.
 8
SQL server is not started.
 12
A command argument is incorrect.

If the return value is not "operation completed normally", take actions referring to "11.3
Messages when Commands are Executed".

10.1.2 Operation Procedure


The following describes the procedure to back up the information by executing the Backup
command on the Manager Computer.

[Procedure]
1. At the command prompt on the Manager Computer, execute the pq_backup.exe
command.

pq_backup.exe "C:\backup"

The information retained by the Manager is backed up into the C:\backup folder.

213
Chapter 10 Commands

10.2 Restore Command (pq_restore.exe)


Use this command to restore the backed up information into the Manager.

Attention
 The execution of the Restore command requires Windows administrator privileges.
 To specify a folder on the network, assign the network drive in advance so that you can
access it with administrator privileges.
 Do not edit the backup file. If a backup file is restored after edited, normal operation may
not be obtained after restoration.
 An encrypted folder cannot be specified for the restoration folder name.

10.2.1 Command Specification


The specification of the Restore command is as follows:
Command pq_restore.exe
name

Location Bin folder under the installation folder of the Manager

 Restoration folder name


Specify a folder name where the backup file is stored. 
This entry cannot be omitted.
Argument  [-s]
Changes the return value of the command depending on the error details. Specify this
option to change the processing by referring to the return value of the command in
operations such as cooperative use of system.

214
Chapter 10 Commands

 0
Operation completed normally.
 1
Operation terminated abnormally.

If the -s option is specified, the return values are as follows:


 0
Operation completed normally.
 2
Failed to access the file.
 3
Cannot continue the process due to an invalid environment.
 4
The specified folder does not exist.
 5
The specified folder format is incorrect.
Return
value  6
The command has been already executed.
 7
Disk space is insufficient.
 8
SQL server is not started.
 10
A file format is incorrect.
 12
A command argument is incorrect.
 14
The entered data is incorrect.
 99
An internal error occurred.

If the return value is not "operation completed normally", take actions referring to "11.3
Messages when Commands are Executed".

10.2.2 Operation Procedure


The following describes the procedure to restore the backup information by executing the
Restore command on the Manager Computer.

[Procedure]
1. At the command prompt on the Manager Computer, execute the pq_restore.exe
command.

pq_restore.exe "C:\backup"

The information retained by the Manager is restored from the C:\backup folder.

215
Chapter 10 Commands

10.3 Investigate Command


(pq_investigate.exe)
Use this command to collect the maintenance information retained by the Manager when a
problem occurs during introduction or operation of iNetSec Smart Finder.

Attention
 The execution of the Investigate command requires Windows administrator privileges.
 To specify a folder on the network, assign the network drive in advance so that you can
access it with administrator privileges.
 It may take more than 10 minutes for the command to complete depending on the
execution environment.
 An encrypted folder cannot be specified for the destination folder name.

Hint
 When the command is executed, SQL server, IIS, and iNetSec Smart Finder Manager in
operation are stopped and then restarted when collection of maintenance information is
completed. However, services that had been stopped before execution of the command
are not restarted.
 If the command is executed, the SENSOR LED on the Sensor may be amber. Normally,
the SENSOR LED returns to green during [Sync interval between Manager and Sensor]
after the end of command.
 If this command is executed on Windows Server 2008, Windows Server 2008 R2,
Windows Server 2012, or Windows Server 2012 R2, the System Information dialog box
(indicator) appears during collection of system information, which is not a problem. Please
wait without doing anything. If you click [Cancel] in the dialog box, press the "Ctrl+C" keys
to cancel the command and then execute it again.

10.3.1 Command Specification


The specification of the Investigate command is as follows:
Command pq_investigate.exe
name

Location Bin folder under the installation folder of the Manager

 Destination folder name


Specify a folder name to store the collected maintenance information.
This entry cannot be omitted.
If the specified folder does not exist, it is created. If it already exists, the folder is
Argument overwritten.
 [-s]
Changes the return value of the command depending on the error details. Specify this
option to change the processing by referring to the return value of the command in
operations such as cooperative use of system.

216
Chapter 10 Commands

 0
Operation completed normally.
 1
Operation terminated abnormally.

If the -s option is specified, the return values are as follows:


 0
Operation completed normally.
 2
Failed to access the file.
Return
value  3
Cannot continue the process due to an invalid environment.
 5
The specified folder format is incorrect.
 12
A command argument is incorrect.
 99
An internal error occurred.

If the return value is not "operation completed normally", take actions referring to "11.3
Messages when Commands are Executed".

10.3.2 Operation Procedure


The following describes the procedure to log the maintenance information of the Manager by
executing the Investigate command on the Manager Computer.

[Procedure]
1. At the command prompt on the Manager Computer, execute the pq_investigate.exe
command.

pq_investigate.exe "C:\log"

The maintenance information retained by the Manager is written into the C:\log folder.

217
Chapter 10 Commands

10.4 Investigate Sensor Command


(pq_investigate_sensor.exe)
Use this command to obtain the maintenance information of the Sensor when a problem occurs.
The Maintenance Information file is saved in "xx-xx-xx-xx-xx-xx_MMDDYYYYhhmmss" format.
If "-d" is specified for the argument, the information is saved in the
"x.x.x.x_MMDDYYYYhhmmss" format. In "MMDDYYYYhhmmss" in the filename, the creation
date of the Sensor Maintenance Information file is applied.

Attention
 Executing the Investigate Sensor command requires Windows administrator privileges.
 To specify a folder on the network, assign the network drive in advance so that you can
access it with administrator privileges.
 If the password for "admin" changes, execute the command after the password is applied
to the Sensor. The command is failed before the password is applied to the Sensor.
 Executing multiple instances of this command, may result in an error.
 If the MAC address of the Sensor is specified, a time lag occurs until the maintenance
information is stored. If the maintenance information of the Sensor is not stored in the
destination folder 20 minutes after the command is executed, execute the command
again.
 Do not change the Sensor Name until Maintenance Information file is stored. If changed,
the maintenance information may be collected multiple times.
 An encrypted folder cannot be specified for the destination folder name.

10.4.1 Command Specification


The specification of the Investigate Sensor command is as follows:
Command pq_investigate_sensor.exe
name

Location Bin folder under the installation folder of the Manager

Enter either the IP address or MAC address of the Sensor in the format described below. Both
of the IP address and MAC address cannot be omitted. In an environment such as NAT
environment where the Manager and the Sensor cannot communicate directly, specify the
MAC address of the Sensor.
 -d IP address of the Sensor
Specify the IP address of the Sensor whose maintenance information is to be collected (IP
address with the default gateway set) to follow "-d".
 MAC address of the Sensor
Argument
Specify the MAC address of the Sensor whose maintenance information is to be collected.
If this argument is specified, the maintenance information is collected after the Manager
and the Sensor are synchronized. As a result, a time lag occurs until the command returns
and the maintenance information is stored in the destination folder.
 [Destination folder name]
Specify a folder name to store the collected maintenance information of the Sensor.
If omitted, the maintenance information is stored in "installation folder\Logs". If the
specified folder does not exist, it is created.

218
Chapter 10 Commands

 0
Operation completed normally.
 1
Failed to access the database.
 2
Failed to access the file.
 3
Cannot continue the process due to an invalid environment.
 5
The specified folder format is incorrect.
 7
Disk space is insufficient.
 8
SQL server is not started.

Return
 12
value A command argument is incorrect.
 15
An authentication error occurred.
 16
The specified Sensor does not exist.
 18
Not supported for the specified Sensor.
 19
Failed to access the Sensor.
 20
No response from the Sensor.
 99
An internal error occurred.

If the return value is not "operation completed normally", take actions referring to "11.3
Messages when Commands are Executed".

10.4.2 Operation Procedure


The following describes the procedure to log the maintenance information of the Sensor (MAC
address: 00:11:22:33:44:55) into C:\log by executing the Investigate Sensor command on the
Manager Computer.

[Procedure]
1. At the command prompt on the Manager Computer, execute the
pq_investigate_sensor.exe command.

pq_investigate_sensor.exe 00:11:22:33:44:55 C:\log

The maintenance information of the Sensor with the MAC address of 00:11:22:33:44:55 is
written into the C:\log folder. The command initiates the collection of the maintenance
information and returns successfully before it completes. The maintenance information is
not stored until the Sensor maintenance information has been collected and uploaded to
the Manager after the Manager and the Sensor are synchronized.

219
Chapter 10 Commands

10.5 Export Device Command


(pq_export_device.exe)
Use this command to export the entire device information retained by the Manager to a file.
Device information is sorted by IP addresses.
Refer to "A.1 Device Information File Format".

Attention
 The execution of the Export Device command requires Windows administrator privileges.
 To specify a folder on the network, assign the network drive in advance so that you can
access it with administrator privileges.
 The CSV file is output by the Export Device command with the UTF-8 code.

10.5.1 Command Specification


The specification of the Export Device command is as follows:
Command pq_export_device.exe
name

Location Bin folder under the installation folder of the Manager

 Export file name


Specify a file name to be exported. 
This entry cannot be omitted.
If the file already exists, it is overwritten.
 [-a]
Device information is aggregated based on the MAC address and exported using the
same conditions as export from the Devices window.
If omitted, the MAC addresses are displayed on a Segment Group basis.
Argument  [-h on|off]
Specify whether an item name exists in the first line of the file to be exported. If omitted,
"off" is assumed to be specified.
on: Export is performed with an item name assumed to exist in the first line. 
off: Export is performed with no item names assumed to exist in the first line.
 [-s]
Changes the return value of the command depending on the error details. Specify this
option to change the processing by referring to the return value of the command in
operations such as cooperative use of system.

220
Chapter 10 Commands

 0
Operation completed normally.
 1
Operation terminated abnormally.

If the -s option is specified, the return values are as follows:


 0
Operation completed normally.
 1
Failed to access the database.
 2
Failed to access the file.
Return
value  3
Cannot continue the process due to an invalid environment.
 8
SQL server is not started.
 11
The specified file format is incorrect.
 12
A command argument is incorrect.
 99
An internal error occurred.

If the return value is not "operation completed normally", take actions referring to "11.3
Messages when Commands are Executed".

10.5.2 Operation Procedure


The following describes the procedure to export the entire device information to the
C:\deviceList.csv file by executing the Export Device command on the Manager Computer.

[Procedure]
1. At the command prompt on the Manager Computer, execute the pq_export_device.exe
command.

pq_export_device.exe “C:\deviceList.csv”

The entire device information retained by the Manager is exported to the C:\deviceList.csv
file.

221
Chapter 10 Commands

10.6 Import Device Command


(pq_import_device.exe)
Use this command to import the device information from a file to the Manager.
Refer to "A.1 Device Information File Format".

Attention
 The execution of the Import Device command requires Windows administrator privileges.
 To specify a folder on the network, assign the network drive in advance so that you can
access it with administrator privileges.

10.6.1 Command Specification


The specification of the Import Device command is as follows:
Command pq_import_device.exe
name

Location Bin folder under the installation folder of the Manager

 Import file name


Specify a file name to be imported.
This entry cannot be omitted.
 [-w]
If specified, the devices defined in the import file are deleted out of the "Approved" devices
retained by the Manager. Use this option when deleted devices from the managed Device
List file need to also be deleted from the system.
Argument  [-h on|off]
Specify whether an item name exists in the first line of the file to be imported. If omitted,
"off" is assumed to be specified.
on: Import is performed with an item name assumed to exist in the first line. 
off: Import is performed with no item names assumed to exist in the first line.
 [-s]
Changes the return value of the command depending on the error details. Specify this
option to change the processing by referring to the return value of the command in
operations such as cooperative use of system.

222
Chapter 10 Commands

 0
Operation completed normally.
 1
Operation terminated abnormally.

If the -s option is specified, the return values are as follows:


 0
Operation completed normally.
 3
Cannot continue the process due to an invalid environment.
 8
SQL server is not started.
 9
The specified file does not exist.
Return
value  10
A file format is incorrect.
 11
The specified file format is incorrect.
 12
A command argument is incorrect.
 13
The limit value is exceeded.
 14
The entered data is incorrect.
 99
An internal error occurred.

If the return value is not "operation completed normally", take actions referring to "11.3
Messages when Commands are Executed".

10.6.2 Operation Procedure


The following describes the procedure to import the device information defined in the
C:\deviceList.csv file by executing the Import Device command on the Manager Computer.

[Procedure]
1. At the command prompt on the Manager Computer, execute the pq_import_device.exe
command.

pq_import_device.exe "C:\deviceList.csv"

The device information defined in the C:\deviceList.csv file is imported.

223
Chapter 10 Commands

10.7 Export Event Command


(pq_export_event.exe)
Use this command to export the entire event information retained by the Manager to a file. Event
information is sorted by the detected date.
Refer to "A.2 Event Information File Format".

Attention
 The execution of the Export Event Command requires Windows administrator privileges.
 To specify a folder on the network, assign the network drive in advance so that you can
access it with administrator privileges.

10.7.1 Command Specification


The specification of the Export Event Command is as follows:
Command pq_export_event.exe
name

Location Bin folder under the installation folder of the Manager

 Export file name


Specify a file name to be exported. 
Argument
This entry cannot be omitted.
If the file already exists, it is overwritten.

 0
Operation completed normally.
 1
Failed to access the database.
 2
Failed to access the file.
 3
Cannot continue the process due to an invalid environment.

Return
 8
value SQL server is not started.
 11
The specified file format is incorrect.
 12
A command argument is incorrect.
 99
An internal error occurred.

If the return value is not "operation completed normally", take actions referring to "11.3
Messages when Commands are Executed".

224
Chapter 10 Commands

10.7.2 Operation Procedure


The following describes the procedure to export the entire event information to the
C:\eventList.csv file by executing the Export Event Command on the Manager Computer.

[Procedure]
1. At the command prompt on the Manager Computer, execute the pq_export_event.exe
command.

pq_export_event.exe "C:\eventList.csv"

The entire event information retained by the Manager is exported to the C:\eventList.csv
file.

10.8 Export Sensor Command


(pq_export_sensor.exe)
Use this command to export the entire Sensor information retained by the Manager to a file.

Attention
 The execution of the Export Sensor command requires Windows administrator privileges.
 To specify a folder on the network, assign the network drive in advance so that you can
access it with administrator privileges.

10.8.1 Command Specification


The specification of the Export Sensor command is as follows:
Command pq_export_sensor.exe
name

Location Bin folder under the installation folder of the Manager

 Export file name


Specify a file name to be exported. 
This entry cannot be omitted.
Argument If the file already exists, it is overwritten.
 [-a]
Segment information is also exported in addition to the Sensor information. If omitted, only
the Sensor information is exported.

225
Chapter 10 Commands

 0
Operation completed normally.
 1
Failed to access the database.
 2
Failed to access the file.
 3
Cannot continue the process due to an invalid environment.

Return
 8
value SQL server is not started.
 11
The specified file format is incorrect.
 12
A command argument is incorrect.
 99
An internal error occurred.

If the return value is not "operation completed normally", take actions referring to "11.3
Messages when Commands are Executed".

10.8.2 Operation Procedure


The following describes the procedure to export the entire Sensor information to the
C:\sensor_list.csv file by executing the Export Sensor command on the Manager Computer.

[Procedure]
1. At the command prompt on the Manager Computer, execute the pq_export_sensor.exe
command.

pq_export_sensor.exe "C:\sensor_list.csv"

The entire event information retained by the Manager is exported to the C:\sensor_list.csv
file.

226
Chapter 10 Commands

10.9 Control Sensor Command


(pq_control_sensor.exe)
Use this command to stop and restart the Sensors from the Manager Computer.

Attention
 The execution of the Control Sensor command requires Windows administrator privileges.

10.9.1 Command Specification


The specification of the Control Sensor command is as follows:
Command pq_control_sensor.exe
name

Location Bin folder under the installation folder of the Manager

Specify any of the following:


 -s MAC address of the Sensor
Stops the Sensor with the specified MAC address. After stopped, the Sensor automatically
starts when power is supplied.
 -s -m MAC address of the Sensor
Stops the Sensor with the specified MAC address. After the Sensor stops, press the Power
button to start the Sensor.
Argument
 -r MAC address of the Sensor
Restarts the Sensor with the specified MAC address. Specify the MAC address of the
Sensor after -r.
 -d MAC address of the Sensor
Collects the FQDN information retained in the Sensor with the specified MAC address
again. However, if there is no DNS server configured for the specified Sensor, the name
will not be resolved.

 0
Operation completed normally.
 1
Failed to access the database.
 3
Cannot continue the process due to an invalid environment.
 8
SQL server is not started.

Return
 12
value A command argument is incorrect.
 16
The specified Sensor does not exist.
 18
Not supported for the specified Sensor.
 99
An internal error occurred.

If the return value is not "operation completed normally", take actions referring to "11.3
Messages when Commands are Executed".

227
Chapter 10 Commands

10.9.2 Operation Procedure


The following describes the procedure to stop the Sensor (MAC address: 00:11:22:33:44:55) on
the Manager Computer.

[Procedure]
1. At the command prompt on the Manager Computer, execute the pq_controll_sensor.exe
command.

pq_control_sensor.exe -s -m 00:11:22:33:44:55

The Sensor (MAC address: 00:11:22:33:44:55) stops. After the stop, the Sensor will not
automatically restart even if power is supplied. To restart the Sensor, press the Power
button on the Sensor.

10.10 Inherit Sensor Command


(pq_inherit_sensor.exe)
Use this command to transfer one Sensor’s information to a different Sensor having same
"network address" and "netmask".
The Inherit Sensor command is used in the following situations:
 Replacing the Sensor when automatic Sensor inheriting is not possible
 Aggregating three single-port Sensors to the single 3-port Sensor
The information inherited by the destination Sensor from the source Sensor is as follows:
 Sensor Name
 Segment
 Operation mode and operation
 Event Notification
 Application Monitoring mode
 License
 Device information detected in a segment
 Blocking of devices out of managed segments
 Time zone
The Inherit Sensor command displays the command confirmation message. Enter "yes" to start
inherit. Depending on the volume of information, it might take several minutes for the command
to complete.

Attention
 The execution of the Inherit Sensor command requires Windows administrator privileges.
 Before executing the Inherit Sensor command, make sure that the original Sensor and
destination Sensor are registered to the Manager and belong to the same Segment
Group.
 The original Sensor and destination Sensor cannot have the same MAC address.

228
Chapter 10 Commands

10.10.1 Command Specification


The specification of the Inherit Sensor command is as follows:
Command pq_inherit_sensor.exe
name

Location Bin folder under the installation folder of the Manager

 MAC address of the original Sensor


Specify the MAC address of the original Sensor. This entry cannot be omitted.
The original Sensor must have been registered into the Manager.
If the original Sensor is deleted or not registered, an error message appears.
The MAC address with the following format can be specified: Hexadecimal including lower
case and upper case alphabets using a colon as the separator.
 MAC address of the destination Sensor
Specify the MAC address of the destination Sensor. This entry cannot be omitted.
Argument The destination Sensor must have been registered into the Manager.
If the destination Sensor is deleted or not registered, an error message appears.
The MAC address with the following format can be specified: Hexadecimal including lower
case and upper case alphabets using a colon as the separator.
 [-y] 
Leads to the same operation as entering "yes" for the confirmation message displayed
when the command is executed.
Specify this option to inherit the Sensor information without displaying the confirmation
message.

 0
Operation completed normally.
 1
Failed to access the database.
 3
Cannot continue the process due to an invalid environment.
 8
SQL server is not started.
Return  12
value A command argument is incorrect.
 16
Cannot find the Sensor with the specified MAC address.
Detected information has the different Sensor/segment configurations. Execute the
command again.
 99
An internal error occurred.

If the return value is not "operation completed normally", take actions referring to "11.3
Messages when Commands are Executed".

229
Chapter 10 Commands

10.10.2 Operation Procedure


The following describes the procedure to inherit the information of the Sensor (MAC address:
00:11:22:33:44:55) to the Sensor (MAC address: 11:22:33:44:55:66) on the Manager Computer.

[Procedure]
1. At the command prompt on the Manager Computer, execute the pq_inherit_sensor.exe
command.

pq_inherit_sensor.exe 00:11:22:33:44:55 11:22:33:44:55:66

The following message appears:

Information of the following segments are inherited:


- Inherited segment
192.168.0.1
192.168.1.1
- Not inherited segment
192.168.2.1
Are you sure you want to inherit? (yes/no)

2. To start inherit, enter "yes".


After the process completes successfully, a message "the Sensor information has been
inherited" will pop up and the process of inheriting the Sensor's information is completed.
If the Sensor with that MAC address is deleted or not registered into the Manager, the
following message appears: "Sensor with the specified MAC address is not found."
If the Sensor or segment is deleted before the process completes, the following message
appears: "detected information has different Sensor/segment configurations from that
confirmed during the inheriting process. Execute this command again."

230
Chapter 10 Commands

10.11Customize Configuration Command


(pq_customize_config.exe)
Use this command to update system configuration information with the item names and values
specified in an argument.

Attention
 Administrator privileges are required to execute the Customize Configuration command.
 When the command is executed, the IIS and iNetSec Smart Finder Manager services are
rebooted.
 Do not enable Auto Inherit for the Sensor if iNetSec Smart Finder manages the IP
segments that has the same network address.

10.11.1 Command Specification


The command specification is as follows:
Command pq_customize_config.exe
name

Location Bin folder under the installation folder of the Manager

 -p
This argument shows the details for settings that have been updated from the default
values.
 -p AutoInheritSensorSetting
Argument This argument shows the auto inherit details for the Sensors.
 -s AutoInheritSensorSetting 1
This argument enables auto inherit for the Sensors.
 -s AutoInheritSensorSetting 0
This argument disables auto inherit for the Sensors. (default value)

 0
Operation completed normally.
 1
Failed to access the database.
 3
Cannot continue the process due to an invalid environment.

Return
 8
value SQL server is not started.
 12
A command argument is incorrect.
 99
An internal error occurred.

If the return value is not "operation completed normally", take actions referring to "11.3
Messages when Commands are Executed".

231
Chapter 10 Commands

10.11.2 Operation Procedure


The following describes the procedure to perform a system configuration update on the Manager
Computer.

[Procedure]
 Changing configuration
1. Execute the pq_customize_config.exe command at the command prompt on the Manager
Computer. (The specified values will be set, even if they are the same as the current
values.)

pq_customize_config.exe -s AutoInheritSensorSetting 1

If the command completes successfully, the message "System configuration update is


complete." appears.
If there are no system configuration items, the message "Parameter specification is
wrong." appears.
 Displaying configuration changes
1. At the command prompt on the Manager Computer, execute the
pq_customize_config.exe command.

pq_customize_config.exe -p

If the command completes successfully, the items and values that have been changed are
shown in the following format:

AutoInheritSensorSetting 1

 Displaying the details for auto inherit Sensor settings


1. At the command prompt on the Manager Computer, execute the
pq_customize_config.exe command.

pq_customize_config.exe -p AutoInheritSensorSetting

If the command completes successfully, the items and values are shown in the following
format:

AutoInheritSensorSetting 1

232
Chapter 11 Error Messages

Chapter 11 
Error Messages

This chapter describes the error messages in the Manager, the computers that access the
Manager and Chart and how to check messages.

11.1 System Event Log ................................................................................................... 234


11.2 Event Information in the Event Viewer Window ...................................................... 236
11.3 Messages when Commands are Executed ............................................................ 244
11.4 Messages Reported by E-mail ................................................................................ 247
11.5 Messages Reported by SNMP Trap ....................................................................... 256
11.6 Chart Error Messages ............................................................................................. 268
11.7 Detail Codes for Sensor Self Checks...................................................................... 270
11.8 Operation Log ......................................................................................................... 273

233
Chapter 11 Error Messages

11.1 System Event Log


This section describes the iNetSec Smart Finder event log displayed in the Windows event
viewer.
The type of logs and the event source are as follows.

Log type
Application

Event source
 iNetSec Smart Finder Manager (Command)
Event log opened by executing a Manager command
 iNetSec Smart Finder Manager (Console)
Event log opened by operations in the Management window
 iNetSec Smart Finder Manager (Service)
Event log opened by a Manager service
 iNetSec Smart Finder Manager (Viewer)
Event log opened by operating Chart
 iNetSec Smart Finder Manager
Shared event log for the above 4 event sources

The following describes the messages in the event log.

Table 11.1 System Event Log and Remedy Actions

Code Message Meaning and Remedy Actions

11001 Detected Devices exceeded system limit. Indicates that the number of devices managed by
the Manager has exceeded the limit (10,000
devices).
The Manager could not manage the devices
detected after the limit was reached.
Checks the Devices window and deletes
unnecessary devices.
11002 Registered Sensors exceeded system limit. Indicates that the number of the Sensors managed
by the Manager has exceeded the limit (100
Sensors).
The Manager could not manage the Sensors
installed after the limit was reached.
Check the Sensors window and delete any
unnecessary Sensors.
11003 Default value is used instead of using Obtain the maintenance information for the
invalid specified value. Parameter: Manager and contact our support representative.
parameter Specified: <specified value>
Default: <default value>
11004 Sending E-mail might be failed. [Sensor Indicates that an error might have occurred when
Name : <Sensor Name> Sensor IP : <IP attempting to send an e-mail. Check if the e-mail
Address> Error Position : <number> Error was actually received. Check the e-mail processing
Code : <number> Event ID : <Event ID> time for the SMTP server. If the processing time is
Details : <error details>] too long, either tune the SMTP server or adjust the
timeout in the E-mail settings.

234
Chapter 11 Error Messages

Code Message Meaning and Remedy Actions

11005 Segments on this system exceeded system Indicates that the number of segments managed by
limit. the Manager has exceeded the limit (250
segments).
The Manager could not manage the segment
added after the limit was reached.
Reduce the number of segments managed by
iNetSec Smart Finder.
12004 Operation was aborted due to invalid Check if the required services start when the
environment. Details : <error details> Manager processes are executed.
12005 Failed to access the database. Detail : error Check that the SQL Server service has started.
details
12006 Failed to backup database. Details : Indicates the failure to back up when using the
<details message> Backup command.
Check the Details message and perform the
appropriate action. Refer to "11.3 Messages when
Commands are Executed".
12009 Failed to send E-mail. [Sensor Name : Indicates that an error occurred when attempting to
<name> Sensor IP Address : <IP Address> send an e-mail. Check the e-mail processing time
Error Position : <number> Error Code : for the SMTP server. If the processing time is too
<number> Event ID : <event ID> Details : long, either tune the SMTP server or adjust the
<details message>] timeout setting in the E-mail settings.
12010 An error has occurred. Error Type :error Obtain the maintenance information for the
type Details :<error details> Manager, and contact our support representative.
12011 Failed to collect Maintenance Information. Check the following, and then execute the
Detail : <error details> Investigate Sensor command again.
 Access privileges for the specified folder
 Available disk space

235
Chapter 11 Error Messages

11.2 Event Information in the Event Viewer


Window
This section describes how to check the event information displayed in the Event Viewer
window. There are three levels of event information:
 INFO
 WARNING
 ERROR

Hint
 The Sensor IP address indicates one of the following cases in the event message:
 The IP address assigned to the Sensor which belongs to the IP segment where the
event was detected.
 The Sensor LAN 0 IP address.
 The IP address with the smallest VLAN ID.
 Events related to Behavioral IPS (Malware Detection) can be searched for with the
keyword "Malware".

Table 11.2 "INFO" Event Information and Actions

Event ID Message Meaning and Remedy Actions

0A010001 The Sensor has been added.  Indicates that the new Sensor has been added
[Sensor MAC Address : <MAC Address>] into the Sensors window.
The event is displayed when:
 The new Sensor connects to the Manager
 The Sensor is initialized and then connects
to the Manager
 The firmware in the Sensor is replaced with
an older version and then the Sensor
connects to the Manager
0A010002 Scheduled Manager Process has been Indicates that the scheduled Manager process
executed. was executed normally.
0A010003 The Segment has been added.  Indicates that a new segment has been added to
[Sensor Name : <Sensor Name>  the Sensors window. Sensor IP addresses of the
Sensor IP Address : <IP Address>] added segment are displayed, separated by
commas.
0A020003 Device Registration Request has been Indicates that a registration form has been
submitted.  received from the Registration window. Perform
[Device MAC Address : <MAC Address> the registration approval process from the
Device IP Address : <IP Address>] Devices window.

236
Chapter 11 Error Messages

Event ID Message Meaning and Remedy Actions

0A020009 The device status was automatically Indicates that administrator operations cause the
changed. approval status, Application Monitoring, or
[Device MAC Address : <MAC Address> Behavioral IPS (Malware Detection) of the device
Device IP Address : <IP Address> to be changed automatically.
Change Type : <Role|Device Type|OS The reasons for the changes are as follows:
Type|Vendor ID|IP Address> 
Approval Status after Change : <Approval [Role], [Device Type], [OS Type], [Vendor ID], [IP
Status>  Address]
Application Monitoring after Change :
<Application Monitoring> 
Behavioral IPS (Malware Detection) after
Change : <Behavioral IPS (Malware
Detection)>]
0A020016 Application status was automatically Indicates that administrator operations cause the
changed. application status to be changed automatically.
[Application ID : <Application ID> The reason for the change can be one of the
Application Name : <Application Name> following:
Reason : <Category|Dictionary Entry> 
Permission/Prohibition Policy after Category|Dictionary Entry
Change : <Permitted|Prohibited>]
0A040002 The malware-detected status was cleared Indicates that an administrator cleared the
upon request of the administrator. malware-detected status in the Management
[MAC Address : <MAC Address>  window. No action is required.
IP Address : <IP Address> 
Administrator User Name: <User Name>]
0B020001 A new Device has been detected.  Indicates that a device, for which no device
[Device MAC Address : <MAC Address> information exists in the Manager, has accessed
Device IP Address : <IP Address> to the network.
Detected Sensor Name : <Sensor Name>
Detected Sensor IP Address : 
<IP Address>]
0B020002 A Rejected Device has been detected. Indicates that a new device with "Rejected" has
[Device MAC Address : <MAC Address> accessed to the network. This notification is sent
Device IP Address : <IP Address> once a day in the same segment when a
Detected Sensor Name : <Sensor Name> connection is first made.
Detected Sensor IP Address : 
<IP Address>]
0B020003 Device Registration Request has been Indicates a registration form has been received
submitted.  from the Blocking Notification (New Device)
[Device MAC Address : <MAC Address> window . Perform the registration approval
Device IP Address : <IP Address>] process from the Devices window.
0B020004 Blocked a Device from network.  Indicates that the Sensor blocked a device with
[Device MAC Address : <MAC Address> approval status "Detected" or "Requested", or a
Device IP Address : <IP Address> device which uses a prohibited application. This
Approval Status : <Approval Status> notification is sent once a day after a connection
Detected Sensor Name : <Sensor Name> is first made. However, if the segment has been
Detected Sensor IP Address :  moved, the notification is sent as a different
<IP Address>] event.
0B020005 Detected changing of IP Address of the Notification is sent if the IP address of the device
Device.  is changed.
[Device MAC Address : <MAC Address>
Old Device IP Address : <IP Address>
New Device IP Address : <IP Address>
Detected Sensor Name : <Sensor Name>
Detected Sensor IP Address : 
<IP Address>]

237
Chapter 11 Error Messages

Event ID Message Meaning and Remedy Actions

0B020007 Blocked an out of Segment IP Address Indicates that a device with an IP address that is
Device.  different from the one for the managed segment
[Device MAC Address : <MAC Address> has connected to the Manager. This notification is
Device IP Address : <IP Address> sent once a day after a connection is first made.
Detected Sensor Name : <Sensor Name> However, if the segment has been moved, the
Detected Sensor IP Address :  notification is sent as a different event.
<IP Address>]
0B020008 A Device using Unauthorized IP Address Indicates that a device with an unauthorized IP
was detected. address has connected to the Manager. This
[Device MAC Address : <MAC Address> notification is sent once a day after a connection
Device IP Address : <IP Address> is first made and when the IP address is
Detected Sensor Name : <Sensor Name> changed. However, if the segment has been
Detected Sensor IP Address :  moved, the notification is sent as a different
<IP Address>] event.
0B020009 The device status was automatically Indicates that the approval status, the Application
changed. Monitoring mode, or the Behavioral IPS (Malware
[Device MAC Address: <MAC Address> Detection) mode of the device has been
Device IP Address : <IP Address> automatically changed. The reason for the
Change Type : <Role|Device Type|OS change can be that one of the following
Type|Vendor ID|IP Address> information has been modified:
Approval Status after Change : <Approval  [Role]
Status>
Application Monitoring after Change:  [Device Type]
<Application Monitoring>  [OS Type]
Behavioral IPS (Malware Detection) after
Change : <Behavioral IPS (Malware  [Vendor ID]
Detection) >  [IP Address]
Detection Sensor Name : <Sensor Name>
Detection IP Address : <IP Address>]
0B020013 Prohibited application detected. Indicates that the use of a prohibited application
[Device MAC Address : <MAC Address> by the device managed by Sensor has been
Device IP Address : <IP Address> detected. If the Application Monitoring function is
Device Application Monitoring : used in [Monitor & Block] mode, the device is
<Application Monitoring> blocked until an unblocking request is complete.
Detection Sensor Name : <Sensor Name>
Detection Sensor IP Address :
<Sensor IP>
Detection Application Monitoring Mode :
<Application Monitoring Mode>
Application ID : <Application ID>
Application Name : <Application Name>]
0B020014 Unblocking prohibited applications for the Indicates that unblocking has been requested
device requested. from the device that was blocked because the
[Device MAC Address : <MAC Address> use of a prohibited application was detected. If no
Device IP Address : <IP Address> other prohibited application was detected, the
Detection Sensor Name : <Sensor Name> device is unblocked immediately.
Detection Sensor IP Address : <Sensor
IP> Application ID : <Application ID>
Application Name : <Application Name>]
0B020015 New application detected, permission/ Indicates that a new application that had never
prohibition policy configured.  been detected before was detected and the
[Permission/prohibition policy : policy for the application has been changed
<Permitted|Prohibited> according to the settings.
Application ID : <Application ID>
Application name : <Application Name>
Detection Sensor IP address : <IP
Address>]
0B030001 Registration requested. Indicates that a registration form has been
[Device MAC Address : <MAC Address> received from the Blocking Notification window.
Device IP Address : <IP Address>] Perform the registration approval process from
the Devices window.

238
Chapter 11 Error Messages

Event ID Message Meaning and Remedy Actions

0B040001 Malware behavior was detected on (*) The information that is output as trail log is as
devices on the network.  follows:
[MAC Address : <MAC Address> Type =RAT-Spying | RAT-Infecting
IP Address : <IP Address>
Behavioral IPS (Malware Detection) : C&C Server =<IP Address>
<Behavioral IPS (Malware Detection)> Target =<IP Address>
Detection Sensor Name : <Sensor Name> User Account =<User Account>
Detection Sensor IP Address : <IP
File =<File Name>
Address>
Behavioral IPS (Malware Detection) of User Account is recorded in the "Windows
Detection Sensor : <Behavioral IPS Domain Name (or Work Group Name)\User
(Malware Detection)> Name" format.
Audit Trail : <Trail Log> Files that are operated on a device are stored in
File Name. For example, PSEXESVC.EXE
indicates that the PsExec tool has been used.
The letters that are extracted from the
transmitting packets and then displayed in User
Account and File Name are interpreted as
UNICODE (UCS-2) letters when SMB protocol
version 2 or 3 is used. SMB protocol version 1
interprets letters as UNICODE or CP932
according to the UNICODE bit of the protocol.
Event logs/E-mail notifications/SNMP Trap
reports on the Manager are converted to UTF-8
before notification is sent. Therefore, letters that
cannot be converted because of the character
code may not be displayed correctly.
Indicates that malware behavior was detected on
devices on the network.
Remove malware from the device that may be
infected.

Table 11.3 "WARNING" Event Information and Actions

Event ID Message Meaning and Remedy Actions

1A011001 Detected Devices exceeded system limit. Indicates that the number of devices managed
by the Manager has exceeded the limit (10,000
devices) and that any device information that
was added after the limit was reached is not
managed.
Check the Devices window, and delete
unnecessary device information such as for
devices that have not connected for a long time.
1A011002 Registered Sensors exceeded system Indicates that the number of the Sensors
limit. managed by the Manager has exceeded the limit
(100 Sensors).
The Manager could not manage the Sensors
installed after the limit was reached.
Check the Sensors window, and delete any
unnecessary Sensors.
1A011004 Scheduled Manager Process has failed. Indicates that an error occurred during the
[Detail : <details message>] scheduled Manager process and that the
process was not executed normally.
Check the Details message and perform the
appropriate action.
After performing the appropriate action, restart
the Manager and the scheduled process will be
executed.

239
Chapter 11 Error Messages

Event ID Message Meaning and Remedy Actions

1A011005 Segments on this system exceeded Indicates that the number of segments managed
system limit. by the Manager has exceeded the limit (250
segments).
The Manager could not manage the segment
added after the limit was reached.
Reduce the number of segments managed by
iNetSec Smart Finder.
1A011007 Sending E-mail might be failed. [Sensor Indicates that an error occurred while sending an
Name : <sensor name>  e-mail and that the e-mail might not have been
Sensor IP Address : <IP Address>  sent. Check the Event ID and Details message
Error Position : <number>  and perform the appropriate action.
Error Code : <number> 
Event ID : <event ID> 
Details : <details message>]
1B011003 Detected Devices exceeded system limit Indicated when the number of managed devices
on Sensor.  for all segments managed by one Sensor
[Sensor Name : <Sensor Name>  exceeds the number supported by the Sensor
Sensor IP Address : <IP Address>] (3,000).
Notification is sent when the number of devices
detected exceeds the number of devices
supported.
Check the Devices window and delete
unnecessary devices.
1B011004 Detected devices exceeded system limit Indicates that the number of devices managed
on Sensor. by the Manager has exceeded the limit (10,000
devices).
The Manager could not manage the devices
detected after the limit was reached.
Checks the Devices window and deletes
unnecessary devices.
1B011006 Concurrent blocked Devices exceeded The number of connections blocked by the
system limit on Sensor.  Sensor exceeds the allowable number of
[Sensor Name : <Sensor Name>  connections (the number of simultaneously
Sensor IP Address : <IP Address>] blocked connections: 18,000).
The Sensor could not block the connections.
Reconfigure the network to reduce the number
of devices.
This notification is sent once a day when a
connection is first made.
1B011007 Sending E-mail might be failed.  Indicates that an error occurred while sending an
[Sensor Name : <Sensor Name>  e-mail and that the e-mail might not have been
Sensor IP Address : <IP Address>  sent. Check the Event ID and Details message,
Error Position : <number>  and perform the appropriate action. The e-mail is
Error Code : <number>  not re-sent.
Event ID : <Event ID> 
Details : <details message>]
1B011008 Detected printers exceeded system limit Indicates that the number of printers in the
on Sensor.  appropriate Sensor managed by the Manager
[Sensor Name : <Sensor Name>  has exceeded the limit (500 devices).
Sensor IP Address : <IP Address>] The Sensor could not manage newly detected
printers.
Check the Devices window and delete
unnecessary printers.

240
Chapter 11 Error Messages

Event ID Message Meaning and Remedy Actions

1B011009 Detected Devices exceeded system limit Indicates that the number of managed devices
on Sensor.  (based on the number of IP addresses) for all
[Sensor Name : <Sensor Name>  segments managed by one Sensor exceeds the
Sensor IP Address : <IP Address>] number supported by the Sensor (3,000).
Notification is sent when accesses concentrate
on one or more devices and the number of IP
addresses related to the devices exceeds the
number of devices supported.
Check usage for each segment and adjust the
network configuration so that the access (such
as IP scans) to the devices are not concentrated
in a short period of time.
1B011010 Stored Events exceeded system limit on Indicates that the event information stored in the
Sensor.  Sensors exceeds the limit (10,000) and the
[Sensor Name : <Sensor Name>  event information generated by the Sensor
Sensor IP Address : <IP Address>] cannot be sent in one or more of the following
methods: to the Manager, by e-mail or by SNMP
trap.
Check if the Manager starts up normally and if
the applicable Sensors are normal. Check if
communication path between the Sensor and
the SMNP server does not have any trouble and
they can communicate with each other.
1B011014 Failed to resolve Host name.  Indicates that FQDN resolution failed. Check the
[Sensor Name : <Sensor Name>  following:
Sensor IP Address : <IP Address>]  Network status between the Sensor and
DNS server
 If the FQDN is correct
 If the DNS server is properly configured
1B011017 Unsent application statistics discarded. Indicates that the statistical information of an
[Initial failure time : <MMDDYYYY application that is sent to the Manager every 15
hh:mm:ss tt ±hh:mm> minutes has been discarded because the
Count : <Number of Failed Times> information could not be sent and had exceeded
Sensor Name : <Sensor Name> the limit of the amount that Sensor could hold.
Sensor IP Address : <IP Address>] Check the operation status of the network and
the Manager because communication between
the Sensor and the Manager might have been
disabled for some time.

Table 11.4 "ERROR" Event Information and Actions

Event ID Message Meaning and Remedy Actions

2A012002 Sensor failure has occurred. (Manager Indicates that communication is not possible
detected).  between the Manager and the Sensors.
[Sensor Name : <Sensor Name>  Check the power supply of the Sensors and the
Sensor IP Address : <IP Address>] status of the network between the Manager and
the Sensors. If there are no problems, restart
the Sensors.
2A012006 Backup failed.  Indicates the failure to back up when using the
[Detail: <details message>] Backup command.
If this event occurs repeatedly, contact our
technical support.

241
Chapter 11 Error Messages

Event ID Message Meaning and Remedy Actions

2A012007 iNetSec Smart Finder Manager Service is Indicates that a service that executes the
terminated in unexpected condition Manager processes ended due to an error, and
communication between the Manager and the
Sensors is not possible.
Restart the Manager service and the Manager
Computer. If the error continues even after
restarting the Manager service and the
Manager Computer, contact our technical
support.
2A012009 Failed to send E-mail.  Indicates that an error occurred while sending
[Sensor Name : <Sensor Name>  an e-mail and that the e-mail was not sent.
Sensor IP Address : <IP Address>  Check the Event ID and Details message and
Error Position : <number>  perform the appropriate action.
Error Code : <number> 
Event ID : <Event ID> 
Details : <details message>]
2A012010 Failed to collect Maintenance Information. Indicates that the collection of maintenance
[Detail : <details message>] information failed. This could be due to any of
the following possibilities:
 The Sensor stopped working
 No communication between the Sensor
and the Manager
 The Sensor was restarted
Check the connection between the Sensors and
the Manager.
2A012015 Failed to access the target mail server or Indicates that the target mail server cannot be
failed to receive an e-mail message with the accessed or an e-mail message with the target
target e-mail account. e-mail account cannot be received.
[POP3 Server: IP Address or FQDN Check that the mail server is running or the
User name : User Name] settings such as a user name or password is
correct.
2B012001 Sensor detects errors or generates events. Indicates the Sensor error or an event detected
(Sensor self check)  by the Sensor. Refer to "11.7 Detail Codes for
[Sensor Name : <Sensor Name>  Sensor Self Checks" and perform the
Sensor IP Address : <IP Address>  necessary remedies according to the detail
Details : <code>] codes.
2B012003 Sensor failure has occurred. (Sensor Indicates the Sensor error by Sensor to Sensor
(*) detected).  Status Monitoring.
[sensor name : <sensor name>  The following might occur in the Sensor in
sensor IP address : <IP address>] which error occurred:
 The Sensor stopped working.
 The Sensor cannot communicate in the
network with the Sensor.
 The Sensor is restating.
Check the following
 Check the power supply to the Sensors.
 Check the status of the network between
the Sensors.
2B012009 Failed to send E-mail.  Indicates that an error occurred while sending
[Sensor Name : <Sensor Name>  an e-mail. Check the Event ID and Details
Sensor IP Address : <IP Address>  message and perform the appropriate action.
Error Position : <number> 
Error Code : <number> 
Event ID : <Event ID> 
Details : <details message>]

242
Chapter 11 Error Messages

Event ID Message Meaning and Remedy Actions

2B012012 Registered Servers exceeded system limit Indicates that the number of servers that can be
on Sensor.  set for the Sensor exceeded the maximum
[Sensor Name : <Sensor Name>  number and that the mode has changed to
Sensor IP Address : <IP Address>  Monitoring Mode. Check the following settings
Detail Code : <code>  and decrease the number of servers.
Detail : <details message>]  Check the DNS server settings.
 Check the following server settings:
 External Registration Form Server
 Exception Server
To confirm that this event has recovered, check
if the same event with the detail code 0 occurs.
2B012014 Dictionary error detected. Indicates that the process of loading a
[Sensor Name:<Sensor Name> dictionary to Sensor failed. The status is
Sensor IP Address:<IP Address> indicated by the following codes.
Detail Code:<Detail Code> 0: Failed to load the Device Dictionary.
Detail Message:<Detail Message>]
1: Failed to load the Application Dictionary.
2: Failed to read the Application Dictionary.
Whatever the case may be, either the Device
Dictionary is broken or the file system of the
Sensor has errors. Use another dictionary
version, initialize the Sensor, or replace the
Sensor.

*: Sensor to Sensor Status Monitoring monitors the Sensors on the same Segment Group in order. Therefore, if
the monitoring of the Sensor fails, both of the following notifications might be sent:
 SNMP trap with notification of the Sensor error for the target Sensor
 SNMP trap for the Sensor error generated because monitoring of the Sensor following the target
Sensor failed

Hint
 If the Sensor cannot communicate with the Manager, no notification is sent when the
second digit of an event ID is "B". However, note that notification is sent for the events
with an event ID of 0B020001, 0B020003, or 1B011010 after the Sensor can
communicate with the Manager.

243
Chapter 11 Error Messages

11.3 Messages when Commands are


Executed
The messages that are reported at the command prompt when a command is executed are
described below.
For details about commands, refer to "Chapter 10 Commands".
There are two types of messages reported at the command prompt:
 INFO
 ERROR
The INFO messages indicate the status of the command process.
The following describes the meanings of ERROR messages and actions.

Table 11.5 Command ERROR Messages and Actions

Message Meaning and Remedy Actions

Operation is aborted due to invalid The command process cannot be executed, either because
environment the environment of the Manager Computer is inadequate or
because the user does not have administrator privileges.
Execute the command with administrator privileges on a
computer with the Manager installed correctly.
Please specify the folder. The folder name specified in the parameter in the Restore
command and the Investigate command does not exist.
Specify the correct file name and execute the command
again.
Backup file content is incorrect or corrupted. The data in the backup folder specified in the command
parameter is not a backup file on the Manager.
Specify the folder name where the file is saved in the Manager
and execute the command again
Specified folder is not correct. This error message is reported in the following situations.
 If the user does not have access privileges for the folder
specified in the parameters.
 If the specified folder name is 231 bytes or greater.
 If the folder is not saved with the Backup command during
the restore operation, 
check the specified folder, and execute the command
again.
Backup failed. The database files used by the Manager are possibly being
accessed by functions other than the Manager.
Cancel the viewing of database files used by the Manager and
execute the command again.
Restore failed. Restore process failed. The system will returns to the status
before the restore operation was performed.
If this message is reported, check if there is a backup file that
was created by the Backup command. Execute the Restore
command again.
Backup or restore process is in progress The Backup or Restore command is currently being executed.
Wait until the current backup or restore process is complete.
Backup failed due to insufficient disk space. There is insufficient disk space available to execute this
command.
Restore failed due to insufficient disk space.
Check the available disk space and execute the command
again.

244
Chapter 11 Error Messages

Message Meaning and Remedy Actions

SQL Server is not running. The SQL server service is not running.
Start the SQL server service and then execute the command
again.
Failed to collect information. An error occurred while collecting information.
Check the following and then execute the command again or
simply use only the information that was collected
successfully.
 No access privileges for the specified folder
 Failed to write to folder due to insufficient free disk space
 Commands executed simultaneously from multiple
command prompts
Do not execute multiple instances of this command
Invalid parameters are specified. A specified parameter is incorrect.
Refer to "Chapter 10 Commands", check the command
parameters and then execute the command again.
Specified file is not found. The file name specified in the parameter for the Import Device
command either does not exist or the user does not have
access privileges for that file.
Specify a file name for which the user has access privileges
and execute the command again.
Specified file is not correct This error message is reported in the following situations.
 If the user does not have access privileges for the folder
that contains the file specified in the parameters.
 If the folder path for the file specified in the parameters
does not exist.
 If the specified folder name (for a relative path, after it has
been converted to an absolute path) is 229 bytes or
greater. Specify a short folder path, and execute the
command again.
 If characters that cannot be used in a folder name have
been specified, such as ", <, >, |.
Change the file name and execute the command again.
Check the specified file and execute the command again.
Invalid import file format at line n The file format on the target line of the import device
information file is not correct.
Refer to "A.1 Device Information File Format", check the
format of the import file and then execute the command again.
Failed to import Device Information. An error occurred when device information was imported. This
error occurs in the following situations.
 If the same MAC address is specified multiple times in the
import file
 If the number of managed devices exceeds the limit due
to importing
 If connection to the database failed
Check the import file, and execute the command again.
Failed to export Device Information. An error occurred when device information was exported. This
error occurs in the following situations.
 If the user does not have access privileges for the file
specified in the parameters
 If connection to the database failed
Check the specified file, and execute the command again.

245
Chapter 11 Error Messages

Message Meaning and Remedy Actions

Failed to export Sensor Information. An error occurred when Sensor information was exported.
This error occurs in the following situations.
 If the user does not have access privileges for the file
specified in the parameters
 If connection to the database failed
Check the specified file, and execute the command again.
Failed to export Event information An error occurred when event information was exported. This
error occurs in the following situations.
 If the user does not have access privileges for the file
specified in the parameters
 If connection to the database failed
Check the specified file, and execute the command again.
Failed to control Sensor. An error occurred in Sensor control. This error occurs in the
following situations.
 If the format of the specified MAC address is not correct
 If connection to the database failed
Check the MAC address specified in the argument, and
execute the command again.
Sensors specified with this command don't There are no matching segment configurations between the
have same network address and same net original and destination Sensors specified in the command
mask. Please check the network address and parameters.
net mask on both Sensors. Align the network addresses and associated Segment Groups
between the original Sensors and destination Sensors, and
then execute the command again.
The Sensor specified by MAC address is not The original Sensor or destination Sensor specified in the
registered command parameters is not registered in the Manager.
Register the original Sensor and destination Sensor in the
Manager, and then execute the command again.
Failed to transfer Sensor Information. An error occurred when inheriting between the Sensors. This
error occurs when connection with the database fails.
Check the operation environment, and execute the command
again.
An error occurred during verification process The command was canceled due to detection of a segment
for transferred Sensor/Segment Information. configuration that differs from the inherited details. Check the
Please try to execute this command again. original Sensor and destination Sensor specified in the
parameters, and then execute the command again.

246
Chapter 11 Error Messages

11.4 Messages Reported by E-mail


The messages that are reported by e-mail are described in this section.

Hint
 The Sensor IP address indicates one of the following in the event message:
 The IP address assigned to the Sensor which belongs to the IP segment where
the event was detected
 The Sensor LAN 0 IP address
 The IP address with the smallest VLAN ID

Table 11.6 Messages Reported by E-mail

E-mail Item Content

Sensor registration Title <iNetSec Smart Finder> Sensor Registration


Text Event ID: 0A010001
The new Sensor has been registered.
Segment registration Title <iNetSec Smart Finder> Segment Registration
Text Event ID: 0A010003
The new segment has been registered.
Sensor Name: SensorName
Sensor IP Address: SensorIP
Device Registration Title <iNetSec Smart Finder> Device Registration
Form on Manager
Text Event ID: 0A020003
Device registration request has been submitted.
Please check the request on Manager and take appropriate action.

(Item 1 set in System Configuration): registration details


(Item 2 set in System Configuration): registration details
(Item 3 set in System Configuration): registration details
(Item 4 set in System Configuration): registration details
(Item 5 set in System Configuration): registration details
IP Address: DeviceIP
MAC Address: DeviceMAC

Sensor Name: SensorName


Sensor IP Address: SensorIP
Sensor Operation Mode: Monitoring Mode/Blocking Mode (Unblock
After Registration)/Blocking Mode (Unblock After Approval)

247
Chapter 11 Error Messages

E-mail Item Content

Automatic Change to Title <iNetSec Smart Finder> Automatic Change of the Approval Status/
the Device Application Monitoring/Behavioral IPS (Malware Detection) of the
(in the Manager) Device
Text Event ID: 0A020009
The device status was automatically changed.
IP Address: IPAddress
MAC Address: MACAddress
Reason: Reason
Approval Status after Change: ApprovalStatus
Application Monitoring after Change: Mode
Behavioral IPS (Malware Detection) after Change: Mode
Automatic Change to Title <iNetSec Smart Finder> Automatic Change of the Approval Status/
the Device Application Monitoring/Behavioral IPS (Malware Detection) of the
(in the Sensor) Device
Text Event ID: 0B020009
The device status was automatically changed.
IP Address: IPAddress
MAC Address: MACAddress
Reason: Reason
Approval Status after Change: ApprovalStatus
Application Monitoring after Change: Mode
Behavioral IPS (Malware Detection) after Change: Mode
Detection Sensor Name: SensorName
Detection Sensor IP Address: IPAddress
Automatic Change to Title <iNetSec Smart Finder> Automatic Change to the Application Status
the Application
Text Event ID: 0A020016
Application status was automatically changed.
Application ID: ApplicationID
Application Name: ApplicationName
Reason: Reason
Status After Change: Status

248
Chapter 11 Error Messages

E-mail Item Content

Behavioral IPS Title <iNetSec Smart Finder> Behavioral IPS (Malware Detection)
(Malware Detection)
Text Event ID: 0B040001
Malware behavior was detected on devices on the network.
MAC Address: MACAddress
IP Address: IPAddress
Behavioral IPS (Malware Detection) of the Device: Mode
Detection Sensor Name: SensorName
Detection Sensor IP Address: IPAddress
Behavioral IPS (Malware Detection) of the Detection Sensor: Mode
Audit Trail: Trail Log (*)

(*) The information that is output as trail log is as follows:


Type =RAT-Spying | RAT-Infecting
C&C Server =IPAddress
Target =IPAddress
User Account =UserAccount
File =FIleName
User Account is recorded in the "Windows Domain Name (or Work
Group Name)\User Name" format.
Files that are operated on a device are stored in File Name. For
example, PSEXESVC.EXE indicates that the PsExec tool has been
used.
The letters that are extracted from the transmitting packets and then
displayed in User Account and File Name are interpreted as UNICODE
(UCS-2) letters when SMB protocol version 2 or 3 is used. SMB
protocol version 1 interprets letters as UNICODE or CP932 according
to the UNICODE bit of the protocol.
Event logs/E-mail notifications/SNMP Trap reports on the Manager are
converted to UTF-8 before notification is sent. Therefore, letters that
cannot be converted because of the character code may not be
displayed correctly.
Clearing the Title <iNetSec Smart Finder> Clearing the malware-detected status
malware-detected
status Text Event ID: 0A040002
The malware-detected status was cleared upon request of the
administrator.
MAC Address: MACAddress
IP Address: IPAddress
Administrator User Name: UserName
POP3 server Title <iNetSec Smart Finder> POP3 Server Monitoring Failed
monitoring failed
Text Event ID: 2A02125
Failed to access the target POP3 server or failed to receive an e-mail
message with the target e-mail account.
POP3 Server: IPAddress or FQDN
User Name: UserName

249
Chapter 11 Error Messages

E-mail Item Content

E-mail Registration Title <iNetSec Smart Finder> Device Registration (SN=XXXXX)


Form
Text Event ID:0B030001
Device registration request has been submitted.
Decide whether to approve it from the Devices window or e-mail.
(Item 1 set in System Configuration): registration details
(Item 2 set in System Configuration): registration details
(Item 3 set in System Configuration): registration details
(Item 4 set in System Configuration): registration details
(Item 5 set in System Configuration): registration details
IP Address: IPAddress
MAC Address: MACAddress
Detection Sensor Name: SensorName
Detection Sensor Operation Mode:Monitoring Mode/Blocking Mode
(Unblock After Registration) / Blocking Mode (Unblock After Approval)
Serial Number: XXXXX
Approval by E-mail Title <iNetSec Smart Finder> Approval by E-mail Complete (SN=XXXXX)
Complete
Text Event ID:0A030002
Approval by e-mail is completed.
IP Address: IPAddress
MAC Address: MACAddress
Content of Approval: ApprovalStatus
Serial Number: XXXXX
Error detected in Title <iNetSec Smart Finder> Sensor Error
Sensor
(Manager Text Event ID: 2A012002
monitoring) A Sensor error was detected by the Manager. Check the power status
and the network connection status of the Sensor.
Sensor name: SensorName
Sensor IP address: SensorIP
New Device Title <iNetSec Smart Finder> Detection of New Device
Detection
Text Event ID: 0B020001
A new device is detected on the network.
IP Address: DeviceIP
MAC Address: DeviceMAC
Detect Sensor Name: SensorName
Detect Sensor IP Address: SensorIP
Detect Sensor Operation Mode: Monitoring Mode/Blocking Mode
(Unblock After Registration)/Blocking Mode (Unblock After Approval)
Detect Sensor Application Monitoring Mode: Disabled/Monitor Only/
Monitor & Block
Rejected Device Title <iNetSec Smart Finder> Detection of Rejected Device
Detection
Text Event ID: 0B020002
The Sensor detected a rejected device on the network.
IP Address: DeviceIP
MAC Address: DeviceMAC
Detect Sensor Name: SensorName
Detect Sensor IP Address: SensorIP

250
Chapter 11 Error Messages

E-mail Item Content

Device Registration Title <iNetSec Smart Finder> Device Registration


Text Event ID: 0B020003
Device registration request has been submitted. Please check the
request on Manager and take appropriate action.
(Item 1 set in System Configuration): registration details
(Item 2 set in System Configuration): registration details
(Item 3 set in System Configuration): registration details
(Item 4 set in System Configuration): registration details
(Item 5 set in System Configuration): registration details
IP Address: DeviceIP
MAC Address: DeviceMAC
Detect Sensor Name: SensorName
Detect Sensor IP Address: SensorIP
Detect Sensor Operation Mode: Monitoring Mode/Blocking Mode
(Unblock After Registration)/Blocking Mode (Unblock After Approval)
Change of IP Title <iNetSec Smart Finder> Detection of IP Address Change
Address
Text Event ID: 0B020005
IP address has been changed on following device.
MAC Address: DeviceMAC
Previous IP Address: PreDeviceIP
Current IP Address: DeviceIP
Detect Sensor Name: SensorName
Detect Sensor IP Address: SensorIP
Blocked a device Title <iNetSec Smart Finder> Blocked a Device Using IP Addresses Out of
using IP addresses IP Segment
out of IP segment
Text Event ID: 0B020007
The Sensor has detected a device using IP addresses out of IP
segment and blocked the device.
IP Address: DeviceIP
MAC Address: DeviceMAC
Detect Sensor Name: SensorName
Detect Sensor IP Address: SensorIP
Detecting Title <iNetSec Smart Finder> Detected Unauthorized IP Address Use on a
Unauthorized IP Device
Address Device
Text Event ID: 0B020008
A device using unauthorized IP address has been connected.
IP Address: DeviceIP
MAC Address: DeviceMAC
Detect Sensor Name: SensorName
Detect Sensor IP Address: SensorIP

251
Chapter 11 Error Messages

E-mail Item Content

Automatic Change of Title <iNetSec Smart Finder> Automatic Change of the Approval Status/
the Approval Status/ Application Monitoring of the Device
Application
Monitoring of the Text Event ID: 0B020009
Device The approval status or monitoring settings of the device was
automatically changed.
IP Address: IPAddress
MAC Address: MACAddress
Change Type: Role/Device Type/Vendor ID/IP Address
Approval Status after Change: ApprovalStatus
Application Monitoring after Change: ApplicationMonitoringMode
Detection Sensor Name: SensorName
Detection Sensor IP Address: IPAddress
Prohibited Title <iNetSec Smart Finder> Detection of Prohibited Application
Application Detection
Text Event ID: 0B020013
A prohibited application was detected.
IP Address: IPAddress
MAC Address: MACAddress
Application Monitoring: ApplicationMonitoringMode
Application ID: ApplicationID
Application Name: ApplicationName
Detection Sensor Name: SensorName
Detection Sensor IP Address: IPAddress
Detection Sensor Application Monitoring Mode: Disabled/Monitor Only/
Monitor & Block
Unblocking Request Title <iNetSec Smart Finder> Unblocking Prohibited Applications Request
for Prohibited for the Device
Applications
Text Event ID:0B020014
Unblocking prohibited applications for the device was requested.
IP Address: IPAddress
MAC Address: MACAddress
Application ID: ApplicationID
Application Name: ApplicationName
Detection Sensor Name: SensorName
Detection Sensor IP Address: IPAddress
Detection of a New Title <iNetSec Smart Finder> Detection of a New Application
Application
Text Event ID: 0B020015
A new application was detected and a permission/prohibition policy
was configured.
Application ID: ApplicationID
Application Name: ApplicationName
Permission/Prohibition Policy: Permitted/Prohibited

252
Chapter 11 Error Messages

E-mail Item Content

Max. number of Title <iNetSec Smart Finder> Excess of Registered Devices for the Sensor
devices exceeded
(inside Sensor) Text Event ID: 1B011003
Registered devices has exceeded system limit on the Sensor.
The Sensor may not work properly.
Please delete unnecessary devices on the Manager.
Sensor Name: SensorName
Sensor IP Address: SensorIP
* If single segments or multiple segments are supported, the IP
address of the Sensor to be notified is the IP address of the LAN0 port
on the Sensor. If tagged VLAN is supported, the IP address of the
Sensor to be notified is the IP address with the smallest Sensor VLAN
ID.
Max. number of Title <iNetSec Smart Finder> Excess of Registered Devices
devices exceeded
(entire system) Text Event ID: 1B011004
Detected devices has exceeded system limit on the Manager.
The Sensors may not work properly due to overload.
Please delete unnecessary devices on the Manager.
Sensor Name: SensorName
Sensor IP Address: SensorIP
Max. number of Title <iNetSec Smart Finder> Excess of Blocked Devices
simultaneously
blocked connections Text Event ID: 1B011006
exceeded Blocked devices has exceeded system limit on the Sensor.
The Sensor may not work properly.
Please consider redesigning IP segmentation or reducing the number
of managed IP segments per Sensor.
Sensor Name: SensorName
Sensor IP Address: SensorIP
* If single segments or multiple segments are supported, the IP
address of the Sensor to be notified is the IP address of the LAN0 port
on the Sensor. If tagged VLAN is supported, the IP address of the
Sensor to be notified is the IP address with the smallest Sensor VLAN
ID.
Max. number of Title <iNetSec Smart Finder> Excess of Number of Printers
printers exceeded
(inside Sensor) Text Event ID: 1B011008
Number of printers has exceeded system limit on the Sensor.
Please review number of printers managed by the Sensor.
Sensor Name: SensorName
Sensor IP Address: SensorIP
Max. number of Title <iNetSec Smart Finder> Excess of Detected Devices
devices exceeded
(inside Sensor) Text Event ID: 1B011009
Detected devices has exceeded system limit on the Sensor.
The Sensor may not work properly due to overload. Please consider
redesigning IP segmentation to reduce the number of devices per
Sensor.
Sensor Name: SensorName
Sensor IP Address: SensorIP

253
Chapter 11 Error Messages

E-mail Item Content

Max. number of Title <iNetSec Smart Finder> Excess of System Limits on Events
events exceeded
Text Event ID: 1B011010
Number of Events has exceeded its maximum number supported by
the Sensor.
Please verify that the Sensor is able to communicate with the Manager
and E-mail server. 
Sensor Name: SensorName
Sensor IP Address: SensorIP
Approval of devices Title <iNetSec Smart Finder> Approval by E-mail Failed (Already
failed (already Completed) (SN=XXXXX)
completed)
Text Event ID:1B011015
Approval by e-mail failed because the approval is already completed.
IP Address: IPAddress
MAC Address: MACAddress
Content of Approval: ApprovalStatus
Serial Number: XXXXX
Approval of devices Title <iNetSec Smart Finder> Approval by E-mail Failed (Incorrect Format)
failed (incorrect
format) Text Event ID:1B011016
Approval by e-mail failed because the e-mail content is incorrect.
Title: OriginalMailTitle
Text: OriginalMailText
Error detected in Title <iNetSec Smart Finder> Sensor Error/Event
Sensor
(self check) Text Event ID: 2B012001
A suspicious event has occurred. It may be a hardware error and affect
Sensor operation.
Sensor Name: SensorName
Sensor IP Address: SensorIP
Detail Code: DetailCode
Refer to "11.7 Detail Codes for Sensor Self Checks".
Error detected in Title <iNetSec Smart Finder> Detection of Sensor Error
Sensor (Sensor to
Sensor Status Text Event ID: 2B012003
Monitoring) (*) Sensor error is detected by another Sensor.
Check the Sensor status or network connection between the Sensors.
Error Sensor Name: SensorName
Error Sensor IP Address: SensorIP
Detect Sensor Name: SensorName
Detect Sensor IP Address: SensorIP
Exceed the Title <iNetSec Smart Finder> Excess of Number of Exception Servers
maximum number of
Exception Servers Text Event ID: 2B012012
The number of exception servers has exceeded system limit. The
Sensor may not work properly.
Please check Segment Group settings and reduce the number of
exception servers per Segment Group.
Sensor Name: SensorName
Sensor IP Address: SensorIP
Detail Code: DetailCode
Detail: DetailMessage

254
Chapter 11 Error Messages

*: Sensor to Sensor Status Monitoring monitors the Sensors on the same Segment Group in order. 
If the monitoring process of the Sensor fails both of the following notifications might be sent:
- E-mail with notification of the Sensor error for the target Sensor
- E-mail for the Sensor error generated because monitoring of the Sensor following the target Sensor failed

255
Chapter 11 Error Messages

11.5 Messages Reported by SNMP Trap


This section describes the SNMP messages.

Hint
 The Sensor IP address indicates one of the following in the event message:
 The IP address assigned to Sensor which belongs to the IP segment where the
event was detected.
 The Sensor LAN 0 IP address.
 The IP address with the smallest VLAN ID.

Table 11.7 Shared Parameter Values in iNetSec Smart Finder

Parameter Content

version 0 (snmp-v1-trap)
community SNMP community set in the System Configuration window
enterprise enterprises.PFU(18886).pfuSystem(3).pfuSmartFinder(2)
agent-addr The Manager Computer that sends SNMP trap, or IP address of the Sensor
generic-trap 6 (enterprise-specific)
time-stamp 0 (unsigned long value)

The reported parameters and event details are described below.

Table 11.8 Messages Reported by SNMP Trap (Reported by the Manager)

Event Parameter Content Description

Sensor error specific-trap 1 A Sensor error was detected by the


Manager.
var-bind OID (enterprise- Sensor name (*1)
oid).1.1.0
Value Name of the Sensor where an error is detected.
var-bind OID (enterprise- Sensor IP address
oid).1.2.0
Value IP address of the Sensor in which error was detected (*1)

256
Chapter 11 Error Messages

Event Parameter Content Description

Failed to send specific-trap 8 Sending of e-mail might have failed.


e-mail
(in progress) var-bind OID (enterprise- Sensor name (*1)
oid).1.1.0
Value Name of the Sensor that failed to send e-mail.
var-bind OID (enterprise- Sensor IP address
oid).1.2.0
Value IP address of the Sensor that failed to send e-mail.
var-bind OID (enterprise- Error location
oid).5.1.0
Value Number of location where error occurred in e-mail sending
process.
var-bind OID (enterprise- Error code
oid).5.2.0
Value Error code in e-mail sending process.
var-bind OID (enterprise- Event ID
oid).5.3.0
Value Event ID of event that failed to send e-mail.
var-bind OID (enterprise- Details (*1)
oid).5.4.0
Value Details of event that failed to send e-mail.
Failed to send specific-trap 9 Sending of e-mail failed.
e-mail
var-bind OID (enterprise- Sensor name (*1)
oid).1.1.0
Value Name of the Sensor that failed to send e-mail.
var-bind OID (enterprise- Sensor IP address
oid).1.2.0
Value IP address of the Sensor that failed to send e-mail.
var-bind OID (enterprise- Error location
oid).5.1.0
Value Number of location where error occurred in e-mail sending
process.
var-bind OID (enterprise- Error code
oid).5.2.0
Value Error code in e-mail sending process.
var-bind OID (enterprise- Event ID
oid).5.3.0
Value Event ID of event that failed to send e-mail.
var-bind OID (enterprise- Details (*1)
oid).5.4.0
Value Details of event that failed to send e-mail.

257
Chapter 11 Error Messages

Event Parameter Content Description

Exceed the specific-trap 13 The number of Exception Servers


maximum registered to the Sensor exceeded its
number of maximum number supported by the
Exception Sensor.
Servers
var-bind OID (enterprise- Name of the detection Sensor
oid).1.1.0
Value Name of the Sensor that detected device.
var-bind OID (enterprise- IP address of the detection Sensor.
oid).1.2.0
Value IP address of the Sensor that detected device.
var-bind OID (enterprise- Detail code
oid).6.1.0
Value Detail code ("1" indicates occurrence, "0" indicates recovery)
var-bind OID (enterprise- Details
oid).6.2.0
Value Details message.
Sensor specific-trap 101 The new Sensor has been registered in the
registration Manager.
var-bind OID (enterprise- Sensor MAC address
oid).1.4.0
Value MAC address of the registered Sensor.
Segment specific-trap 102 A new segment has been registered in the
registration Manager.
var-bind OID (enterprise- Sensor name (*1)
oid).1.1.0
Value Name of the Sensor for registered segment
var-bind OID (enterprise- Sensor IP address
oid).1.2.0
Value IP address for the Sensor for registered segment
var-bind OID (enterprise- Sensor IP address
oid).1.2.1
Value IP address for the Sensor for registered segment (second)
* The numbers at the end of OID are incremented for each
registered segment.
Registration specific-trap 203 Device registration is performed.
Form on
Manager
var-bind OID (enterprise- Name of the detection Sensor (*1)
oid).1.1.0
Value Name of the Sensor that detected device for which a registration
was submitted.
var-bind OID (enterprise- IP address of the detection Sensor.
oid).1.2.0
Value IP address of the Sensor that detected device for which a
registration was submitted.

258
Chapter 11 Error Messages

Event Parameter Content Description

var-bind OID (enterprise- Operation mode of the Sensor (*1)


oid).1.3.0
Value Operation mode of the Sensor that detected device registration.

var-bind OID (enterprise- IP address of device.


oid).2.1.0
Value IP address of device a registration has been submitted.

var-bind OID (enterprise- MAC address of device


oid).2.2.0
Value MAC address of device a registration was submitted
var-bind OID (enterprise- Item name 1, Registration details 1 (*1).
oid).3.1.0
Value Details included in Item name 1. Registration details 1.
If the information is hidden, the value is left blank with a length of
0.
var-bind OID (enterprise- Item name 2, Registration details 2 (*1).
oid).3.2.0
Value Details included in Item name 2. Registration details 2.
If the information is hidden, the value is left blank with a length of
0.
var-bind OID (enterprise- Item name 3, Registration details 3 (*1).
oid).3.3.0
Value Details included in Item name 3. Registration details 3.
If the information is hidden, the value is left blank with a length of
0.
var-bind OID (enterprise- Item name 4. Registration details 4 (*1)
oid).3.4.0
Value Details included in Item name 4. Registration details 4.
If the information is hidden, the value is left blank with a length of
0.
var-bind OID (enterprise- Item name 5. Registration details 5 (*1)
oid).3.5.0
Value Details included in Item name 5. Registration details 5.
If the information is hidden, the value is left blank with a length of
0.

259
Chapter 11 Error Messages

Event Parameter Content Description

Blocked a specific-trap 205 The Sensor has detected a device using IP


device using addresses out of IP segment and blocked
IP addresses the device.
out of IP
segment var-bind OID (enterprise- Name of the detection Sensor.
oid).1.1.0
Value Name of the Sensor that detected the device.
var-bind OID (enterprise- IP address of the detection Sensor.
oid).1.2.0
Value IP address of the Sensor that detected device.
var-bind OID (enterprise- IP address of device.
oid).2.1.0
Value IP address of connected device.
var-bind OID (enterprise- MAC address of device.
oid).2.2.0
Value MAC address of connected device.
Detecting specific-trap 206 An unauthorized IP address device was
Unauthorized connected.
IP Address
Device var-bind OID (enterprise- Name of the detection Sensor.
oid).1.1.0
Value Name of the Sensor the detected device.
var-bind OID (enterprise- IP address of the detection Sensor
oid).1.2.0
Value IP address of the Sensor that detected the device
var-bind OID (enterprise- IP address of the device
oid).2.1.0
Value IP address of connected device
var-bind OID (enterprise- MAC address of the device
oid).2.2.0
Value MAC address of connected device

260
Chapter 11 Error Messages

Event Parameter Content Description

Automatic specific-trap 207 A device was automatically approved.


Approval
var-bind OID (enterprise- Name of the detection Sensor.
oid).1.1.0
Value Name of the Sensor that detected device.
var-bind OID (enterprise- IP address of the detection Sensor.
oid).1.2.0
Value IP address of the Sensor that detected the device.
var-bind OID (enterprise- IP address of the device.
oid).2.1.0
Value IP address of connected device
var-bind OID (enterprise- MAC address of the device.
oid).2.2.0
Value MAC address of connected device
var-bind OID (enterprise- Reason for the approval.
oid).2.3.0
Value Reason for the Automatic Device Approval.
var-bind OID (enterprise- Approval status.
oid).2.5.0
Value Approval status of the connected device.
var-bind OID (enterprise- Application Monitoring mode.
oid).2.6.0
Value Application Monitoring mode of the device.
Automatic specific-trap 207 The device information was automatically
Change to the changed.
Device
var-bind OID (enterprise- IP address of the device
oid).2.1.0
Value IP address of the connected device.
var-bind OID (enterprise- MAC address of the device
oid).2.2.0
Value MAC address of the connected device.
var-bind OID (enterprise- Reason for the change
oid).2.3.0
Value Reason for the automatic change to the device.
var-bind OID (enterprise- Approval status
oid).2.5.0
Value Approval status of the connected device.
var-bind OID (enterprise- Application Monitoring
oid).2.6.0
Value Application Monitoring of the connected device.
var-bind OID (enterprise- Behavioral IPS (Malware Detection)
oid).2.7.0
Value Behavioral IPS (Malware Detection) of the connected device.

261
Chapter 11 Error Messages

Event Parameter Content Description

Automatic specific-trap 212 The application information was


Change to the automatically changed.
Application
var-bind OID (enterprise- Application ID
oid).8.1.0
Value Application ID of the automatically changed application.
var-bind OID (enterprise- Application name
oid).8.2.0
Value The name of the automatically changed application.
var-bind OID (enterprise- Permission/prohibition policy
oid).8.3.0
Value Permission/prohibition policy of the automatically changed
application.
var-bind OID (enterprise- Reason for the change
oid).2.3.0
Value Reason for the automatic change to the application.
Clearing the specific-trap 402 The malware-detected status was cleared
malware- upon request of the administrator.
detected
status var-bind OID (enterprise- IP address of the device
oid).2.1.0
Value IP address of the connected device.
var-bind OID (enterprise- MAC address of the device
oid).2.2.0
Value MAC address of the connected device.
var-bind OID (enterprise- Administrator user name
oid).9.2.0
Value Administrator user name who requested to clear the malware-
detected status.

*1: Multi-byte letters included in the Sensor names and registration information are converted to UTF-8
both on the Sensors and the Manager.

Table 11.9 Messages Reported by SNMP Trap (Reported by the Sensor)

Event Parameter Content Description

Sensor error specific-trap 2 A Sensor error or event has been


or event detected by the Sensor's self check
(self check function.
(*1)
var-bind OID (enterprise- oid).1.1.0 Name of the detected Sensor.
Value Name of the Sensor in which error or event is detected.
var-bind OID (enterprise- oid).1.2.0 IP address of the detected Sensor
Value IP address of the Sensor in which error or event is detected (*3)
var-bind OID (enterprise- oid).4.1.0 Detail code
Value Detail code (Refer to "11.7 Detail Codes for Sensor Self Checks".)

262
Chapter 11 Error Messages

Event Parameter Content Description

Sensor error specific-trap 3 A Sensor error is detected by Sensor


(Sensor to to Sensor Status Monitoring.
Sensor
Status var-bind OID (enterprise- oid).1.1.0 Name of the detected Sensor
Monitoring) Value Name of the Sensor in which error is detected.
(*2)
var-bind OID (enterprise- oid).1.2.0 IP address of the detected Sensor.
Value IP address of the Sensor in which error was detected (*3)
Max. specific-trap 4 or 12 The number of devices managed by
number of the Sensor has exceeded the
devices maximum.
exceeded
(inside var-bind OID (enterprise- oid).1.1.0 Name of the detected Sensor
Sensor) (*1) Value Name of the Sensor where the maximum number of managed
devices is exceeded.
var-bind OID (enterprise- oid).1.2.0 IP address of the detected Sensor.
Value IP address of the Sensor where the maximum number of
managed devices is exceeded (*3).
Max. specific-trap 5 The number of connections blocked
number of simultaneously by the Sensor has
blocked exceeded the maximum.
connections
exceeded var-bind OID (enterprise- oid).1.1.0 Name of the detected Sensor.
(*1) Value Name of the Sensor where the maximum number of
simultaneously blocked connections was exceeded
var-bind OID (enterprise- oid).1.2.0 IP address of the detected Sensor
Value IP address of the Sensor where the maximum number of
simultaneously blocked connections was exceeded (*3).
Max. specific-trap 6 The maximum number of devices for
number of the system was exceeded.
devices
exceeded var-bind OID (enterprise- oid).1.1.0 Name of the detected Sensor.
(entire Value Name of the Sensor where the maximum number of managed
system) devices was exceeded.
var-bind OID (enterprise- oid).1.2.0 IP address of the detected Sensor.
Value IP address of the Sensor where the maximum number of
managed devices was exceeded (*3).
Failed to Same format as the Failed to send e-mail (in progress) sent by the Manager.
send e-mail
(in progress)
Failed to Same format as the Failed to send e-mail sent by the Manager.
send e-mail
Max. specific-trap 10 The maximum number of events has
number of been exceeded.
events
exceeded var-bind OID (enterprise-oid).1.1.0 Name of the detected Sensor.
(*1) Value Name of the Sensor where the maximum number of events was
exceeded.
var-bind OID (enterprise-oid).1.2.0 IP address of the detected Sensor
Value IP address of the Sensor where the maximum number of events
was exceeded (*3)

263
Chapter 11 Error Messages

Event Parameter Content Description

Max. specific-trap 11 The maximum number of managed


number of printers has been exceeded.
printers
exceeded var-bind OID (enterprise-oid).1.1.0 Name of the detected Sensor.
(inside Value Name of the Sensor where the maximum number of managed
Sensor) (*1) devices was exceeded.
var-bind OID (enterprise-oid).1.2.0 IP address of the detected Sensor.
Value IP address where the maximum number of managed devices was
exceeded (*3).
Connection specific-trap 201 A new device is connected.
of new
device var-bind OID (enterprise- oid).1.1.0 Name of the detection Sensor.
Value Name of the Sensor that detected the device.
var-bind OID (enterprise- oid).1.2.0 IP address of the detection Sensor.
Value IP address of the Sensor that detected device.
var-bind OID (enterprise- oid).1.3.0 Operation mode of the detection
Sensor.
Value Operation mode of the Sensor that detected the device.
var-bind OID (enterprise-oid).1.5.0 Application Monitoring mode of the IP
segment.
Value Application Monitoring mode of the IP segment where the device
is detected.
var-bind OID (enterprise- oid).2.1.0 IP address of the device.
Value IP address of the connected device.
var-bind OID (enterprise- oid).2.2.0 MAC address of the device.
Value MAC address of the connected device.
Rejected specific-trap 202 The connection of a device with
Device rejected status is detected.
Detection
var-bind OID (enterprise-oid).1.1.0 Name of the detection Sensor.
Value Name of the Sensor that detected the device.
var-bind OID (enterprise-oid).1.2.0 IP address of the Sensor detected.
Value IP address of the Sensor that detected the device.
var-bind OID (enterprise-oid).2.1.0 IP address of device
Value IP address of the connected device.
var-bind OID (enterprise-oid).2.2.0 MAC address of device
Value MAC address of the connected device.
Device Same format as the registration form sent by the Manager.
Registration

264
Chapter 11 Error Messages

Event Parameter Content Description

IP address specific-trap 204 Usage or change of an IP address has


usage/ been detected.
change
var-bind OID (enterprise- oid).1.1.0 Name of the detection Sensor.
Value Name of the Sensor that detected the device.
var-bind OID (enterprise- oid).1.2.0 IP address of the detection Sensor.
Value IP address of the Sensor that detected the device.
var-bind OID (enterprise- oid).2.1.0 IP address after change.
Value IP address of device after change.
var-bind OID (enterprise- oid).2.2.0 MAC address of device.
Value MAC address of device that was detected.
var-bind OID (enterprise-oid).2.3.0 IP address before change.
Value IP address of device before the change.
Prohibit specific-trap 210 A prohibited application was detected
Application by the Sensor.
Detection
var-bind OID (enterprise-oid).1.1.0 Name of the detection Sensor.

Value Name of the Sensor that detected the device.


var-bind OID (enterprise-oid).1.2.0 IP address of the detection Sensor.

Value IP address of the Sensor that detected the device.


var-bind OID (enterprise-oid).1.5.0 Application Monitoring mode of the IP
segment.

Value Application Monitoring mode of the IP segment where the device


is detected.
var-bind OID (enterprise-oid).2.1.0 IP address after change.

Value IP address of device after change.


var-bind OID (enterprise-oid).2.2.0 MAC address of device.

Value MAC address of device that was detected.


var-bind OID (enterprise-oid).2.6.0 Application Monitoring mode.

Value Application Monitoring mode of the device.


var-bind OID (enterprise-oid).8.1.0 Application ID.

Value Application ID of the detected application


var-bind OID (enterprise-oid).8.2.0 Application name.

Value Name of the detected application.

265
Chapter 11 Error Messages

Event Parameter Content Description

Prohibited specific-trap 211 The blocked device that uses


Application prohibited application is unblocked.
Unblocking
var-bind OID (enterprise-oid).1.1.0 Name of the detection Sensor.

Value Name of the Sensor that detected the device.


var-bind OID (enterprise-oid).1.2.0 IP address of the detection Sensor.

Value IP address of the Sensor that detected the device.


var-bind OID (enterprise-oid).2.1.0 IP address after change.

Value P address of device after change.


var-bind OID (enterprise-oid).2.2.0 MAC address of device.

Value MAC address of device that was detected.


var-bind OID (enterprise-oid).8.1.0 Application ID.

OID Application ID of the detected application


var-bind OID (enterprise-oid).8.2.0 Application name.

Value Name of the detected application.


New specific-trap 301 A new application was detected by the
Application Sensor.
Detection
var-bind OID (enterprise-oid).1.1.0 Name of the detection Sensor.

Value Name of the Sensor that detected the device.


var-bind OID (enterprise-oid).1.2.0 IP address of the detection Sensor.

Value IP address of the Sensor that detected the device.


var-bind OID (enterprise-oid).8.1.0 Application ID.

OID Application ID of the detected application.


var-bind OID (enterprise-oid).8.2.0 Application name.

Value Name of the detected application.


var-bind OID (enterprise-oid).8.3.0 Permission/Prohibition policy.

Value A policy to determine permitted or prohibited use of the detected


applications.

266
Chapter 11 Error Messages

Event Parameter Content Description

Behavioral specific-trap 401 Malware behavior was detected on


IPS devices on the network.
(Malware
Detection) var-bind OID (enterprise-oid).1.1.0 Detection Sensor name

Value Name of the Sensor that detected the device.


var-bind OID (enterprise-oid).1.2.0 IP address of the detection Sensor.

Value IP address of the Sensor that detected the device.


var-bind OID (enterprise-oid).1.6.0 Detection Sensor Behavioral Malware
control mode

Value Behavioral Malware control mode of the Sensor that detected the
device.
var-bind OID (enterprise-oid).2.1.0 IP address of the device

Value IP address of the connected device.


var-bind OID (enterprise-oid).2.2.0 MAC address of the device

Value MAC address of the connected device.


var-bind OID (enterprise-oid).2.7.0 Behavioral IPS (Malware Detection) of
the device

Value Behavioral IPS (Malware Detection) of the connected device.


var-bind OID (enterprise-oid).9.1.0 Audit trail

Value Audit trail. (*4)

*1: All segments set for this Sensor are reported in the SNMP trap for this event.
*2: Sensor to Sensor Status Monitoring monitors the Sensors on the same Segment Group in order. If the
monitoring process of the Sensor fails, both of the following notifications might be sent:
- SNMP trap with the notification of the Sensor error for the target Sensor
- SNMP trap for the Sensor error generated because monitoring of the Sensor following the target
Sensor failed
*3: If single segments or multiple segments are supported, the IP address of the Sensor to be notified is
the IP address of the LAN0 port on the Sensor. If tagged VLAN is supported, the IP address of the
Sensor to be notified is the IP address with the smallest Sensor VLAN ID.
*4: The information that is output as trail log is as follows: 
Type =RAT-Spying | RAT-Infecting 
C&C Server =<IP Address> 
Target =<IP Address> 
User Account =<User Account> 
File =<File Name> 
User Account is recorded in the "Windows Domain Name (or Work Group Name)\User Name" format.
Files that are operated on a device are stored in File Name. For example, PSEXESVC.EXE indicates
that the PsExec tool has been used.
The letters that are extracted from the transmitting packets and then displayed in User Account and
File Name are interpreted as UNICODE (UCS-2) letters when SMB protocol version 2 or 3 is used.
SMB protocol version 1 interprets letters as UNICODE or CP932 according to the UNICODE bit of the
protocol.
Event logs/E-mail notifications/SNMP Trap reports on the Manager are converted to UTF-8 before
notification is sent. Therefore, letters that cannot be converted because of the character code may not
be displayed correctly.
Indicates that malware behavior was detected on devices on the network.
Remove malware from the device that may be infected.

267
Chapter 11 Error Messages

11.6 Chart Error Messages


This section describes the error messages of Chart.

Table 11.10 Error Messages while Operating Chart

Category Message Description

Logging in/ Failed to [Cause]


Updating authenticate user. The following are possible:
information Please check user
name/password and  Incorrect user name and password entered in Login window.
try again.  User attempting to log in is not registered in the Manager.
[Remedy action]
Perform the following:
 Check that the combination of user name and password entered
in the Login window is correct.
 Check that the user is registered in the Manager.
Failed to [Cause]
communicate with The following are possible:
Manager. Check and
verify that:  Incorrect host name, IP address and/or port number entered in
- computer is able to Login window for connection
communicate with  Connection destination that is specified in login window is not a
other computers. manager machine
- specified IP  Communication timeout due to excess load on the Manager
address and Port # Computer
for Manager is
correct.  SSL communication not possible (when required for the Manager
Web services)
 Incorrect network settings on computer where Chart was
installed.
 Incorrect proxy server settings for Internet Explorer on computer
in which Chart was installed
 Communication not possible between computer in which Chart is
installed and the Manager Computer
 Computer in which Chart is installed blocked from network by the
Sensor
[Remedy action]
Perform the following:
 Check if the host name, IP address, and/or port number for the
Manager entered in the Login window are correct.
 Check if the computer specified as the connection destination in
the Login window is the Manager Computer.
 If there is excess load on the Manager Computer, wait a few
moments and then try logging in or updating the information
again.
 If SSL is required for the Manager Web services, place a
checkmark in the checkbox for "Use SSL" in the Login window.
 Check if the network settings on the computer in which Chart was
installed are correct.
 Check if the host name for Manager can be resolved on the
computer where Chart is installed.

268
Chapter 11 Error Messages

Category Message Description

 Make proxy server settings for Internet Explorer on the computer


where Chart is installed. Refer to "7.3 Installing Chart".
 Check if communication is carried out correctly on the network
between the computer on which Chart is installed and the
Manager Computer.
 Check if IIS on the Manager Computer has stopped.
 Check if the port is blocked by Windows firewall on the Manager
Computer.
 In a segment that is managed by the Sensor, approve the
computers on which Chart is installed by Application Form or the
Manager so that the network is not blocked.
Logging in/ An error occurred [Cause]
Updating during authentication The following are possible:
information process.
 The user logged in is deleted from the Manager.
Failed to retrieve  An error occurred in the Manager process.
data from Manager.
[Remedy action]
Log out of Chart and then log in.
If the problem is not resolved, contact the system administrator for
assistance. The system administrator should check the Manager
system log and take action according to the content of the messages.
Manager returned no [Cause]
data to display. The Segment Groups accessed by the user are not assigned.
[Remedy action]
Assign Segment Groups accessed by the user in the Manager.
CSV output Failed to export CSV [Cause]
file. The following are possible:
 File exists with the same name as the reported CSV file
 No writing privileges for the folder where the CSV file is to be
saved
 Insufficient space on the disk where the CSV file is to be saved
 Attempting to save the CSV file to the read-only drive
[Remedy action]
Perform the following:
 Check if the folder where you are trying to save the CSV file,
contains a CSV file of the same name. Refer to "7.7 Saving to a
CSV File".
 Select a folder that can be written to when saving a CSV file.
 Create sufficient space on the disk where you are attempting to
save the CSV file.
 Check if you are able to write to the drive where you are
attempting to save the CSV file.
Printing The number of items [Cause]
and exceeds maximum Too many rows in tables shown in the window to be printed/previewed.
Previewing number of items for
preview. Please [Remedy action]
change number of Keep the number of rows in tables in the window to 300 or less. In the
rows in the table Summary window and the Devices window, keep the total number of
equal or less than
rows in all tables to 300 or less.
300.
To print a table with more than 300 rows, first save the data into a CSV
file and then print the CSV file from a spreadsheet application.

269
Chapter 11 Error Messages

11.7 Detail Codes for Sensor Self Checks


Table 11.11 Detail Codes for Sensor Self Checks

Code Meaning and Remedy Actions

0 A processing error occurred.


If this event occurs multiple times, collect Sensor maintenance information and contact our
technical support.
00006001 The Sensor stopped working because the power button was pressed and held (for 4 seconds or
longer) or the power was cut off while the Sensor was operating.
Pressing and holding the power button (for 4 seconds or longer) is used to forcibly shut down
the system when a Sensor error occurs or when the power cannot be turned off. If this operation
is performed while the Sensor is running, a fault might occur the next time the Sensor is started.
You should press and hold the power button only when required in an emergency situation. If a
fault occurs after performing a forced shutdown, it is necessary to initialize the Sensor.
Before pressing and holding power button after a Sensor error occurs, first record the status of
the LED(s) and collect the Sensor maintenance information. Then, contact our technical
support.
You should adjust and improve the Sensor operation and installation conditions.
If the power is cut off while the Sensor is running (pulling out the power cable, etc.), a serious
fault might occur the next time the system is started. Be sure to cut off the power supply only
after the Sensors have stopped.
00007001 The Sensor stopped working due to the detection of an error in the Sensor hardware or
firmware. Collect the Sensor maintenance information and contact our technical support.
40000016 A communication error occurred in the LAN controller for one of the following reasons, and a
recovery process was performed.
1. A temporary communication error occurred.
2. An error occurred in the LAN cable connected to the LAN port or in a network device (such
as operation error, fault, and incorrect setting).
3. A fault occurred in the LAN controller.
Perform the following actions and match the number of the cause with the number of the actions
to perform.
1. The recovery process was performed and communication is now possible. No action is
required.
2. Check the LAN cable connected to the LAN port and network devices.
 Check if the LAN cable is connected correctly.
 Check for issues in the LAN cable. If there is an issue, replace the LAN cable.
 Check for operation errors and/or faults in connected network devices. Refer to the
manuals.
 Check if the settings for connected devices (such as communication mode and link
speed) are correct.
3. If communication is still not possible after this message is reported, or if this message is
reported frequently and having an effect on operations, contact our technical support.
80005039 A CPU error due to a temporary cause is detected and then resolved by restarting the Sensor. It
is now possible to connect and run the device.
If the error occurs again, collect the Sensor maintenance information and contact our technical
support.
80007002 The ALARM LED is detected at startup.
The ALARM LED occurred at startup or while the Sensor was running before restarting. Collect
the Sensor maintenance information and contact our technical support.
C0001001 A POST error occurred. The Sensor is shut down.
If it is necessary to replace the Sensor, collect the Sensor maintenance information and contact
our technical support.

270
Chapter 11 Error Messages

Code Meaning and Remedy Actions

C0003005 The temperature monitored by the exhaust temperature monitor exceeded the error threshold
value. The Sensor shuts down.
Adjust and improve the installation conditions of the Sensor. Check if the exhaust openings
around the Sensor are blocked. If this event occurs multiple times even after improvements are
made, either a temperature monitor error or hardware error is possible. Collect Sensor
maintenance information and contact our technical support.
C0003006 The temperature monitored by the exhaust temperature monitor exceeded the warning
threshold value and the fan is running.
Adjust and improve the installation conditions of the Sensor. Check if the exhaust openings
around the device are blocked. If this event occurs multiple times even after improvements are
made, either a temperature monitor error or hardware error is possible. Collect Sensor
maintenance information and contact our technical support.
00003011 The temperature monitored by the exhaust temperature monitor has been returned to a value
within the warning threshold. The fan has stopped running.
No action is required.
C0004002 The temperature monitored by the CPU temperature monitor exceeded the error threshold
value.
The Sensor is shut down.
Adjust and improve the temperature environment around the installation location of the Sensor.
If this event occurs multiple times even after improvements are made, a heat error or CPU error
is possible. Collect Sensor maintenance information and contact our technical support.
C0005001 An error occurred in fan operation during an exhaust temperature error (or warning). The Sensor
is shut down.
If it is necessary to replace the Sensor, collect the Sensor maintenance information and contact
our technical support.
C0005005 An error was detected in a device that contains the Sensor firmware. The Sensor is shut down.
If it is necessary to replace the Sensor, collect the Sensor maintenance information and contact
our technical support.
C0005008 A communication error was detected in the temperature monitor inside the Sensor. The Sensor
is shut down.
If it is necessary to replace the Sensor, collect the Sensor maintenance information and contact
our technical support.
C000500B A DC voltage error was detected in the power supply to the Sensor. The Sensor is shut down.
If it is necessary to replace the Sensor, collect the Sensor maintenance information and contact
our technical support.
C000500C A thermal trip down occurred due to overheating in the Sensor CPU. The Sensor is shut down.
If it is necessary to replace the Sensor, collect the Sensor maintenance information and contact
our technical support.
C000500D An internal error occurred in Sensor's CPU. The Sensor is shut down.
If it is necessary to replace the Sensor, collect the Sensor maintenance information and contact
our technical support.
C000500E A Watchdog timeout occurred. The Sensor was shut down. This message is reported after the
Sensor is restarted.
Collect the Sensor maintenance information and contact our technical support.
C000500F A hard reset signal error was detected by the Sensor. The Sensor is shut down.
If it is necessary to replace the Sensor, collect the Sensor maintenance information and contact
our technical support.
C0005030 An error was detected in a file system that contains the Sensor firmware. The Sensor is shut
down.
If it is necessary to replace the Sensor, collect the Sensor maintenance information and contact
our technical support.

271
Chapter 11 Error Messages

Code Meaning and Remedy Actions

C0005038 The Sensor was shut down due to a CPU error.


Since a CPU error occurred, collect the Sensor maintenance information and contact our
technical support.
C000503B An error has occurred in the PCI bus. The Sensor is shut down.
Since a Sensor error occurred, collect the Sensor maintenance information and contact our
technical support.
40F01001 The firmware managed by the Manager is older than the firmware in the Sensor. Apply the latest
correction module to the Manager as soon as possible.

272
Chapter 11 Error Messages

11.8 Operation Log


This section describes log information related to the following operations.
 Manager login/logout operations
 Changes of settings in the following windows:
 Devices Window
 Applications Window
 Sensors window
 Users window
 Segment Groups Window
 Event Viewer Window
 System Window
 Export operations
 Operations related to iNetSec Smart Finder commands

Operation log files are in CSV format and separated by commas and the character code is UTF-
8.
The line break code is CRLF.
The default filename for operation log files is as follows:

Manager installation folder\OperationLogs\Operation.log

Operation log files are created every day. The operation log up until the previous day is saved
with "Operation.log.MMDDYYYY" as the file name. Logs are maintained for 400 days.

Table 11.12 Operation Log File Format

Column
Item name Value format Remarks
No.

1 Date/Time MM/dd/yyyy hh:mm:ss.SSS tt Time on the Manager when the operation was
performed.
"tt" represents AM or PM when the 12-hour
clock is used.
2 Session ID Alphanumeric letters, up to 24 The same value is used during a single login
bytes session.
This is not set in the operation log when a
command is executed.
3 IP Address xxx.xxx.xxx.xxx Connected IP Address

273
Chapter 11 Error Messages

Column
Item name Value format Remarks
No.

4 User Name Alphanumeric, symbols Name of logged in user


"admin" is set in the operation log when a
command is executed.
5 Name Window names and command names
One of the following is shown for window name:
 Device List (Devices window)
 Application List (Applications window)
 Sensor List
(The [Sensor List] tab on Sensors window)
 Segment List
(The [Segment List] tab on Sensors
window)
 User List (Users window)
 Segment Group List
(Segment Groups window)
 Event Viewer (Event Viewer window)
 System Configuration
(System Configuration window)
6 Message Operation details

7 Detailed Repeated "Item Name = Detailed operation information


Information Value" An argument is shown in the operation log
when a command is executed.
Multiple items are delimited with spaces and
shown repeatedly.
If the value includes control letters such as line
break codes, they are converted to spaces.

274
Chapter 11 Error Messages

11.8.1 Operation Log Contents


The following table describes the operation log contents (name, message, and detailed
information) for each user operation.

Operation Log Related to the Manager Login/Logout


Operation Log Contents
Operation
Name Message Detailed information

Successful Login Login success Account=<user name>


login
Failed login Login failure
Logout One of the following below appears Logout
depending on the window that was last
displayed when the [Logout] button is
clicked.
 Device List (Devices window)
 Application List 
(Applications window)
 Sensor List
(The [Sensor List] tab on Sensors
window)
 Segment List
(The [Segment List] tab on Sensors
window)
 User List (Users window)
 Segment Group List 
(Segment Groups window)
 Event Viewer 
(Event Viewer window)
 System Configuration
(System Configuration window)

275
Chapter 11 Error Messages

Operation Log Related to Device Information


Operation Log Contents
Operation
Name Message Detailed information

Changing the Device List Change approval MAC Address=<MAC address>


approval status of status[Approve/ Segment Group Name=<Segment Group
device using the Reject] name>
Devices window
Changing the Change Application MAC Address=<MAC address>
Application Monitoring[Disabled/ Segment Group Name=<Segment Group
Monitoring using the Monitor Only/Monitor name>
Devices window & Block]
Changing the Change Behavioral MAC Address=<MAC address>
Behavioral IPS IPS (Malware Segment Group Name=<Segment Group
(Malware Detection) Detection)[Disabled/ name>
using the Devices Monitor Only/Monitor
window & Block]
Clearing the malware Clear malware MAC Address=<MAC address>
detection using the detection Segment Group Name=<Segment Group
Devices window name>
Deleting a device Delete Devices info MAC Address=<MAC address>
using the Devices Segment Group Name=<Segment Group
window name>
Importing device Import Devices List MAC Address=<MAC address>
information using the (Register) Segment Group Name=<Segment Group
Devices window name>
Import Devices List
(Update) Device Type=<device type>
Approval Status=<approval status>
Approval Status Policy=<approval status
policy>
Application Monitoring=<application
monitoring>
Application Monitoring Policy=<application
monitoring policy>
Behavioral IPS (Malware Detection)
=<behavioral IPS (malware detection)>
Behavioral IPS (Malware Detection) Policy
=<behavioral IPS (malware detection) policy>
Average Power Consumption=<average power
consumption>
Device Type Update=<automatic update for
device information>
Change of IP Address=<change of IP address>
(*1)
Exporting device Export Devices List Count=<detected devices>
information using the (*2)
Devices window
Updating device Device Apply Devices info MAC Address=<MAC address>
information using the Information Segment Group Name=<Segment Group
Device Information name>
window
(*3)

276
Chapter 11 Error Messages

Operation Log Contents


Operation
Name Message Detailed information

Registering a device Device Register Device info MAC Address=<MAC address>


using the Device Registration Segment Group Name=<Segment Group
Registration window name>
Device Type=<device type>
Approval Status=<approval status>
Approval Status Policy=<approval status
policy>
Application Monitoring=<application
monitoring>
Application Monitoring Policy=<application
monitoring policy>
Behavioral IPS (Malware Detection)
=<behavioral IPS (malware detection)>
Behavioral IPS (Malware Detection) Policy
=<behavioral IPS (malware detection) policy>
Average Power Consumption=<average power
consumption>
Device Type Update=<automatic update for
device information>
Change of IP Address=<Change of IP address>
(*4)

*1: When the settings are newly registered or changed, the following details are displayed: 
Device Type=<device type>
Approval Status=<approval status>
Approval Status Policy=<approval status policy>
Application Monitoring=<application monitoring>
Application Monitoring Policy=<application monitoring policy>
Behavioral IPS (Malware Detection) =<behavioral IPS (malware detection)>
Behavioral IPS (Malware Detection) Policy=<behavioral IPS (malware detection) policy>
Average Power Consumption=<average power consumption> 
Device Type Update=<automatic update for device information>
Change of IP Address=<change of IP address>
When the settings are entered, the following details are displayed:
Details=<details of device type>
Model=<model name>
OS Type=<OS type>
Vendor=<vendor name>
Validity Period=<validity period>
Authorized IP Address=<authorized IP address>
Note 1=<note 1>
Note 2=<note 2>
Note 3=<note 3>
Item 1=<(registration item 1)> 
Item 2=<(registration item 2)> 
Item 3=<(registration item 3)> 
Item 4=<(registration item 4)> 
Item 5=<(registration item 5)>
*2: When the filtering conditions are set, the following details are output:
Approval Status=<approval status>
Approval Status Policy=<approval status policy>
Application Monitoring=<application monitoring>
Application Monitoring Policy=<application monitoring policy>
Behavioral IPS (Malware Detection) =<behavioral IPS (malware detection)>

277
Chapter 11 Error Messages

Behavioral IPS (Malware Detection) Policy=<behavioral IPS (malware detection) policy>


Malware Detection=<malware detection>
Segment Group Name=<Segment Group name>
Sensor Name=<sensor name>
Segment Name=<detected segment name>
NetBIOS Name=<NetBIOS name> 
MAC Address=<MAC address>
IP Address/Host Name=<IP address/host name>
Note=<note>
Show Devices with Validity Period =<show devices with validity period >
Missing/Disposed=<only when the [Missing/Disposed] tab was selected>
*3: When the settings are changed, the following details are displayed:
Device Type=<device type>
Details=<details of device type>
Model=<model name>
OS Type=<OS type> 
Vendor=<vendor name>
Device Type Update=<automatic update for device information>
Average Power Consumption=<average power consumption>
Approval Status=<approval status>
Approval Status Policy=<approval status policy>
Application Monitoring=<application monitoring>
Application Monitoring Policy=<application monitoring policy>
Behavioral IPS (Malware Detection) =<behavioral IPS (malware detection)>
Behavioral IPS (Malware Detection) Policy=<behavioral IPS (malware detection) policy>
Malware Detection=<malware detection>
Validity Period=<validity period>
Change of IP Address=<change of IP address>
Authorized IP Address=<authorized IP address>
Note 1=<note 1>
Note 2=<note 2>
Note 3=<note 3>
Item 1=<(registration item 1)> 
Item 2=<(registration item 2)> 
Item 3=<(registration item 3)> 
Item 4=<(registration item 4)> 
Item 5=<(registration item 5)>
*4: When the settings are changed, the following details are displayed:
Details=<details of device type>
Model=<model name>
OS Type=<OS type>
Vendor=<vendor name>
Validity Period=<validity period>
Authorized IP Address=<authorized IP address>
Note 1=<note 1>
Note 2=<note 2>
Note 3=<note 3>
Item 1=<(registration item 1)> 
Item 2=<(registration item 2)> 
Item 3=<(registration item 3)> 
Item 4=<(registration item 4)> 
Item 5=<(registration item 5)>

278
Chapter 11 Error Messages

Operation Log Related to Application Management


Operation Log Contents
Operation
Name Message Detailed information

Updating the Application Change application Application ID=<application ID>


application policy List status[Permitted/ Name=<application name>
using the Prohibited]
Applications window Segment Group Name=<Segment Group
name>
Importing application Import applications Application ID=<application ID>
policy using the list Name=<application name>
Applications window
Segment Group Name=<Segment Group
name>
Status=<status>
Policy=<policy>
Resetting statistics Reset statistics Segment Group Name=<Segment Group
using the name>
Applications window
Exporting application Export applications Count=<detected applications>(*1)
policy using the list
Applications window
Updating application Apply application Application ID=<application ID>
policy using the info Name=<application name>
Application Detailed
Information window Segment Group Name=<Segment Group
name>
(*2)

*1: When the filtering conditions are set, the following detailed information is output:
Text in Application Info=<keyword>
Risk Level=<risk level>
Category=<category>
Status=<status(Permitted, Prohibited, Not Detected)>
Policy=<policy>
*2: When the settings are changed, the following details are displayed:
Status=<status>
Policy=<policy>

Operation Log Related to Sensor Management


Operation Log Contents
Operation
Name Message Detailed information

Deleting the Sensor using Sensor List Delete Sensors info Sensor MAC Address=<MAC address>
the [Sensor List] tab on the
Sensors window
Exporting Sensor list Export Sensors List Count=<detecteddevices>
information using the (*1)
[Sensor List] tab on the
Sensors window
Updating Sensor information Sensor Apply Sensors info Sensor MAC Address=<MAC address>
using the Sensor Information Information (*2)
window

279
Chapter 11 Error Messages

Operation Log Contents


Operation
Name Message Detailed information

Changing the operation Segment List Apply segment Operation Mode=<operation mode>
mode of the segment using operation mode Segment Name=<segment name>
the [Segment List] tab on the
Sensors window
Changing the Application Apply segment Application Monitoring=<application
Monitoring mode of the Application monitoring>
segment using the [Segment Monitoring Segment Name=<segment name>
List] tab on the Sensors
window
Changing the Behavioral IPS Apply segment Behavioral IPS (Malware Detection)=
(Malware Detection) mode of Behavioral IPS <behavioral IPS (malware detection)>
the segment using the (Malware Segment Name=<segment name>
[Segment List] tab on the Detection)
Sensors window
Changing the event Apply segment Event Notification=<Notify/Do Not
notification mode of the event notification Notify>
segment using the [Segment Segment Name=<segment name>
List] tab on the Sensors
window
Changing the license Change license License Settings=<license>
settings of the segment settings Segment Name=<segment name>
using the [Segment List] tab
on the Sensors window
Updating Segment Segment Apply Segment info Sensor MAC Address=<MAC address>
information using the Information (*3)
Segment Information window

*1: When the filtering conditions are set, the following detailed information is output: 
Sensor Name=<sensor name> 
MAC Address=<MAC Address>
*2: When the settings are changed, the following details are displayed: 
Sensor Name=<sensor name> 
Time zone=<time zone> 
Automatically adjust time for Daylight Saving Time=<automatically adjust time for daylight saving
time>
*3: When the settings are changed, the following details are displayed:
Segment Name=<segment name>
Blocked a Device using IP addresses out of IP Segment=<blocked a device using IP addresses out of
IP segment>

280
Chapter 11 Error Messages

Operation Log Related to User Management


Operation Log Contents
Operation
Name Message Detailed information

Deleting user information User List Delete Users info User=<user name>
using the User Information
window
Adding User information using User Register User info User=<user name>
the User Information window Registration Password=****** 
User Role=<role>
Segment Group Name=<Segment
Group name>
Export/Import Encoding=<export/
import character code> 
Event Viewer Time=<event viewer
time>
(*1)
Updating user information User Apply Users info User=<user name>
using the User Information Information (*2)
window

*1: When the setting items are entered, the following detailed information is output:
E-mail Address=<e-mail address>
E-mail Notification=<e-mail notification>
New Device Detection=<notification for new device detection>
Registration Form=<Registration Form>
Rejected Device Detection=<rejected device detection>
Change of IP Address=<change of IP address>
Unauthorized IP Address Violation=<unauthorized IP address violation>
Change of Device Information According to Policy=<change of device information according to policy> 
Change of Device Information According to Policy (Manager)=<change of device information
according to policy (manager)>
Automatic Approval=<automatic approval device>
New Application Detection=<detected new application>
Prohibited Application Detection=<detected prohibited application>
Prohibited Application Unblocking=<unblocked prohibited application>
Change of Application Information According to Policy (Manager)=<change of application information
according to policy (manager)>
Malware Detection=<malware detection>
Clear Malware Detection Result=<Clear Malware Detection Result>
Sensor Registration=<sensor registration>
Segment Registration=<segment registration>
System Error=<system error>
Append Authorized IP Address=<append authorized IP address> 
Automatically adjust time for Daylight Saving Time=<automatically adjust summary time>
Note=<note>
*2: When the settings are changed, the following detailed information is displayed:
Password=****** 
User Role=<role>
Segment Group Name=<Segment Group name>
E-mail Address=<e-mail address>
E-mail Notification=<e-mail notification>
New Device Detection=<new device detection>
Registration Form=<Registration Form>
Rejected Device Detection=<rejected device detection>
Change of IP Address=<IP address change>
Unauthorized IP Address Violation=<Unauthorized IP address violation>

281
Chapter 11 Error Messages

Change of Device Information According to Policy=<change of device information according to policy> 


Change of Device Information According to Policy (Manager)=<change of device information
according to policy (manager)>
New Application Detection=<detected new application>
Prohibited Application Detection=<detected prohibited application>
Prohibited Application Unblocking=<unblocked prohibited application>
Change of Application Information According to Policy (Manager)=<change of application information
according to policy (manager)>
Malware Detection=<malware detection>
Clear Malware Detection Result=<Clear Malware Detection Result>
Sensor Registration=<sensor registration>
Segment Registration=<segment registration>
System Error=<system error>
Note=<note>
Export/Import Encoding=<export/import character code>
Append Authorized IP Address=<append authorized IP address> 
Event Viewer Time=<event viewer time> 
Automatically adjust time for Daylight Saving Time=<automatically adjust summary time>

Operation Log Related to Segment Groups Window


Operation Log Contents
Operation
Name Message Detailed information

Deleting Segment Group Segment Delete Segment Group Segment Group Name=<Segment
information using the Group List info Group name>
Segment Groups window
Registering a Segment Segment Register Segment Group Segment Group Name=<Segment
Group using the Segment Group info Group name>
Groups window Registration (*)
Updating Segment Group Segment Apply Segment Group info Segment Group Name=<Segment
information using the Group Group name>
Segment Groups window Information (*)

*: When the settings are changed, the following detailed information is output: 
Note=<note>
Segment Assignment=<segment name>

Operation Log Related to Event Viewer Window


Operation Log Contents
Operation
Name Message Detailed information

Exporting event information Event Export Event List Count=<number of events> 


Viewer (*)
Deleting all events Delete all

*: When the filtering conditions are set, the following details are output:
Level=<Level (event level)>
Event Date=<event date>
Event ID=<event ID>
Message=<message>

282
Chapter 11 Error Messages

Operation Log Related to System Configuration Window


Operation Log Contents
Operation
Name Message Detailed information

Updating system configuration System Apply Configuration Changed configurations are


Configuration displayed in the following
format: <Item name>=<value>

Operation Log Related to IP Address Change Notification - Exception setting


Window
Operation Log Contents
Operation
Name Message Detailed information

Exporting IP Address IP Address Export IP Address Change Count=<specified number>


Change Notification Change Notification Exception
Exception File Notification -
Exception
Updating the settings for IP setting Apply IP Address Change Segment Group
Address Change Notification Notification Exception Name=<Segment Group
Exception (Register) name> IP Address range=< IP
Apply IP Address Change address range for notification
Notification Exception exception >
(Delete)

Operation Log Related to Automatic Control Settings for OS Type Window


Operation Log Contents
Operation
Name Message Detailed information

Updating the automatic Automatic Apply Automatic Control Segment Group Name=
control settings for OS type Control Settings for OS Type <segment group name>
Settings for (Register) Controlled OS Type=
OS Type Apply Automatic Control <controlled OS type>
Settings for OS Type Approval Status=<approval
(Update) status>
Apply Automatic Control Application Monitoring=
Settings for OS Type <application monitoring>
(Delete)
Behavioral IPS (Malware
Detection)=<behavioral IPS
(malware detection)>

283
Chapter 11 Error Messages

Operation Log Related to Automatic Approval for MAC address (Vendor ID)
Window
Operation Log Contents
Operation
Name Message Detailed information

Exporting the automatic Automatic Approval Export Automatic Count=<specified number>


approval for MAC address for MAC Address Approval for MAC
(vendor ID) file (Vendor ID) Address (Vendor
ID)
Updating the automatic Apply Automatic Segment Group
approval settings for MAC Approval for MAC Name=<Segment Group name>
address (vendor ID) Address (Vendor Vendor ID=<Automatic approval
ID) (Register) settings for MAC address
Apply Automatic (vendor ID)>
Approval for MAC Approval Status=<approval
Address (Vendor status>
ID) (Update)
Apply Automatic
Approval for MAC
Address (Vendor
ID) (Delete)

Operation Log Related to Automatic Approval Settings for IP Address Window


Operation Log Contents
Operation
Name Message Detailed information

Exporting the Automatic Automatic Export Automatic Count=<specified number>


Approval for IP Address file Approval Approval Settings
Settings for IP for IP Address
Address
Updating the automatic Apply Automatic Segment Group
approval settings for IP address Approval Settings Name=<Segment Group name>
for IP Address approved IP Address
(Register) range=<Automatic approval
Apply Automatic settings for IP address>
Approval Settings Approval Status=<approval
for IP Address status>
(Update)

Operation Log Related to Device Dictionary Update Window


Operation Log Contents
Operation
Name Message Detailed information

Updating the Device Dictionary Device Dictionary Import dictionary Version=<Device Dictionary
setting Update version>

Operation Log Related to Application Dictionary Update Window


Operation Log Contents
Operation
Name Message Detailed information

Updating the Application Application Import dictionary Version=<application dictionary


Dictionary Update window Dictionary Update version>

284
Chapter 11 Error Messages

Operation Log Related to License Setting Window


Operation Log Contents
Operation
Name Message Detailed information

Registering the license settings License Settings Add license License Key=<license key>

Operation Log Related to iNetSec Smart Finder Commands


Operation Log Contents
Operation
Name Message Detailed information

Backup command pq_backup.exe Success Argument=<argument>


Restore command pq_restore.exe
Investigate command pq_investigate.exe
Investigate Sensor command pq_investigate_sensor
.exe
Export device command pq_export_device.exe Argument=<argument>
Count=<number of devices>
Import device command pq_import_device.exe Success Argument=<argument> (*)
(Register)
Success
(Update)
Success
(Delete)
Export event command pq_export_event.exe Success Argument=<argument>
Count=<number of events>
Export Sensor command pq_export_sensor.exe Argument=<argument>
Count=<number of sensors>
Control Sensor command pq_control_sensor.exe Argument=<argument>

Inherit Sensor command pq_inherit_sensor.exe

*: When the settings are newly registered or changed, the following details are displayed: 
Device Type=<device type>
Approval Status=<approval status>
Approval Status Policy=<approval status policy>
Application Monitoring=<application monitoring>
Application Monitoring Policy=<application monitoring policy>
Behavioral IPS (Malware Detection) =<behavioral IPS (malware detection)>
Behavioral IPS (Malware Detection) Policy=<behavioral IPS (malware detection) policy>
Average Power Consumption=<average power consumption> 
Device Type Update=<automatic update for device information>
Change of IP Address=<change of IP address>
When the setting items are entered, the following details are output:
Details=<details of device type>
Model=<model name>
OS Type=<OS type>
Vendor=<vendor name>
Validity Period=<validity period>
Authorized IP Address=<authorized IP address>
Note 1=<note 1>

285
Chapter 11 Error Messages

Note 2=<note 2>


Note 3=<note 3>
Item 1=<(registration item 1)> 
Item 2=<(registration item 2)> 
Item 3=<(registration item 3)> 
Item 4=<(registration item 4)> 
Item 5=<(registration item 5)>

Operation Log Related to the Approval by E-mail


Operation Log Contents
Operation
Name Message Detailed information

Approving by e-mail Approve by e-mail Success MAC Address=<MAC address>


Segment Group
Name=<Segment Group name>
Approval Status=<approval
status>
Serial Number=<serial number>
From Address=<from address>

286
Appendix A File Format

Appendix A 
File Format

This appendix describes the file format of the following CSV files:
 Device Information File to be imported or exported
 Event Information File to be exported
 Sensor Information File format
 Automatic Approval for MAC Address (Vendor ID) File format
 IP Address Change Notification Exception File
 Automatic Approval for IP Address File
 Application Information File
When a CSV format item contains "," (comma) or a line feed, enclose the item in double
quotation marks. When an item contains a double quotation mark ("), change the mark to two
double quotation marks ("") and then enclose the item in double quotation marks.

One of the following file character codes is used for output:


 UTF-8

A.1 Device Information File Format............................................................................... 288


A.2 Event Information File Format................................................................................. 294
A.3 Sensor Information File Format .............................................................................. 295
A.4 Automatic Approval for MAC Address (Vendor ID) File .......................................... 296
A.5 IP Address Change Notification Exception File ...................................................... 297
A.6 Automatic Approval for IP Address File .................................................................. 297
A.7 Application Information File..................................................................................... 298

287
Appendix A File Format

A.1 Device Information File Format


This section describes the format of device information files imported or exported from the
Devices window of the Manager.
The default name of the file that you export from the Devices window is as follows:

deviceList_<MMDDYYYY>.csv

Device information files can also be imported/exported using a command.


Refer to "10.6 Import Device Command (pq_import_device.exe)" and "10.5 Export Device
Command (pq_export_device.exe)".

Table A.1 Device Information File Format (Export)

Item name Value format

MAC Address XX:XX:XX:XX:XX:XX ("X" represents an alphanumeric letter.)


Segment Group Name Up to 32 letters
Approval Status Any of the following:
 Detected
 Requested
 Approved
 Rejected
Policy Settings Any of the following:
 Individual Policy
 Preassigned Policy
Application Monitoring Any of the following:
 Disabled
 Monitor Only
 Monitor & Block
Application Monitoring Policy Any of the following:
 Individual Policy
 Preassigned Policy
Behavioral IPS (Malware Any of the following:
Detection)  Disabled
 Monitor Only
 Monitor & Block
Behavioral IPS (Malware Any of the following:
Detection) Policy  Individual Policy
 Preassigned Policy
Malware Detection Result Any of the following:
 Detected
 Not Detected

288
Appendix A File Format

Item name Value format

Device Type Any of the following:


 Detecting
 Unclassified
 Windows
 Mac
 Linux/UNIX
 Routers/Switches
 Printers
 NAS
 Scanners
 VoIP Phones
 Kiosk Terminals
 Mobile Devices
 Others
Details Up to 64 letters
Model Up to 64 letters
OS Type Up to 64 letters
Vendor Up to 64 letters
Device Type Update Any of the following:
 Yes
 No
Average Power Consumption Integer between 0 - 65535
Note 1 Up to 256 letters
Note 2
Note 3
Registration Form (Item1) Up to 64 letters
Registration Form (Item2)
Registration Form (Item3)
Registration Form (Item4)
Registration Form (Item5)
Validity Period Start Date MM/dd/yyyy
Validity Period End Date MM/dd/yyyy
IP Address Change Notification Any of the following:
 Notify
 Do Not Notify
MAC Vendor Up to 64 letters
IP Address xxx.xxx.xxx.xxx ("xxx" represents a numeric value between 0 - 255)
Host Name Up to 255 alphanumeric letters or symbols
NetBIOS Up to 15 alphanumeric letters or symbols

289
Appendix A File Format

Item name Value format

Role Any of the following:


 Manager
 Gateway
 Registration Form Server
Registration Date MM/dd/yyyy hh:mm tt or MM/dd/yyyy hh:mm tt ±hh:mm
Registration Requested Date MM/dd/yyyy hh:mm tt or MM/dd/yyyy hh:mm tt ±hh:mm
Approval Date MM/dd/yyyy hh:mm tt or MM/dd/yyyy hh:mm tt ±hh:mm
Last Detected MM/dd/yyyy or MM/dd/yyyy hh:mm tt ±hh:mm
Segment Name Up to 32 letters

Authorized IP Address(*1) XXX.XXX.XXX.XXX

*1: The item selected in [Device Information for export] in the [User Specific Settings] tab on the System
Configuration window is added.

Hint
 The files are exported from the Devices window in the same order as the sort order
displayed in the window.

Table A.2 Device Information File Format (Import)

Item name Value format Remarks

MAC Address XX:XX:XX:XX:XX:XX Cannot be omitted.


("X" represents a "XX-XX-XX-XX-XX-XX" or no delimiter format is also
hexadecimal applicable.
alphanumeric letter.)
When the strings ":" or "-" are used as delimiters, "XX" can
be a one digit value.
Since the device information is uniquely managed based
on the MAC address, description of the same MAC
address multiple times results in an error.
Segment Group Name Up to 32 letters Can be omitted.
If omitted, files are imported to the "default" Segment
Group.
Approval Status Any of the following: Can be omitted.
 Detected If omitted, the current value is valid. ("Approved" is set
when newly registered.)
 Requested
Only "Approved" or "Rejected" can be described. If
 Approved "Detected" or "Requested" is specified, the current value is
 Rejected valid.

Policy Settings Any of the following: Can be omitted.


 Individual Policy If omitted, the current value is valid. ("Individual Policy" is
set when newly registered.)
 Preassigned
Policy
Application Monitoring Any one of the Can be omitted.
following: If omitted, the current value is valid. ("Monitor & Block" is
 Disabled set when newly registered.)
 Monitor Only
 Monitor & Block

290
Appendix A File Format

Item name Value format Remarks

Application Monitoring Any of the following: Can be omitted.


Policy  Individual Policy If omitted, the current value is valid. ("Individual Policy" is
set when newly registered.)
 Preassigned
Policy
Behavioral IPS Any of the following: Can be omitted.
(Malware Detection)  Disabled If omitted, the current value is valid. ("Monitor & Block" is
set when newly registered.)
 Monitor Only
 Monitor & Block
Behavioral IPS Any of the following: Can be omitted.
(Malware Detection)  Individual Policy If omitted, the current value is valid. ("Individual Policy" is
Policy set when newly registered.)
 Preassigned
Policy
Malware Detection Any of the following: Cannot be specified.
Result  Detected Even if a value is specified, it is ignored.
 Not Detected
Device Type Any of the following: Can be omitted.
 Detecting If omitted, the current value is valid. ("Unclassified" is set
when newly registered.)
 Unclassified
If "Detecting" is specified, it is ignored. (The current value
 Windows is valid.)
 Mac
 Linux/UNIX
 Routers/Switches
 Printers
 NAS
 Scanners
 VoIP Phones
 Kiosk Terminals
 Mobile Devices
 Others
Details Up to 64 letters Can be omitted.
Model If omitted during registration of a new device, no value is
set. If omitted during setting change, the current value is
OS Type valid.

Vendor
Automated Device Type Any of the following: Can be omitted.
Update  Yes If omitted during registration of a new device, "Yes" is set.
If omitted during setting change, the current value is valid.
 No
Average Power Integer between 0 - Can be omitted.
Consumption 65535 If omitted during registration of a new device, "default
value according to the type" is set. If omitted during setting
change, the current value is valid.
Note 1-3 Up to 256 letters Can be omitted.
Registration Form Up to 64 letters If omitted, the current value is valid.
(Item1-5)

291
Appendix A File Format

Item name Value format Remarks

Validity Period Start MM/dd/yyyy Can be omitted.


Date If omitted during registration of a new device, "No validity
period" is set. If omitted during setting change, the value
before change is inherited.
A past date can be specified.
Specifying any of the following results in an error:
 Format other than date format
 Approval status other than "Approved"
 With the end date omitted, the start date is not
omitted.

Validity Period End Date MM/dd/yyyy Can be omitted.


If omitted during registration of a new device, "No validity
period" is set. If omitted during setting change, the value
before change is inherited.
Specifying any of the following results in an error:
 Format other than date format
 Past date
 Date earlier than the start date
 Approval status other than "Approved"
 With the start date omitted, the end date is not
omitted.
IP Address Change Any of the following: Can be omitted.
Notification  Notify If omitted during registration of a new device, "Notify" is
set. If omitted during setting change, the value before
 Do Not Notify
change is inherited.
MAC Vendor Up to 64 letters Cannot be specified. Even if a value is specified, it is
ignored.
IP Address xxx.xxx.xxx.xxx ("xxx"
represents a numeric
value between 0 - 255)
Host Name Up to 255
alphanumeric letters or
symbols
NetBIOS Up to 15 alphanumeric
letters or symbols
Role Any of the following: Even if a value is specified, it is ignored.
 Manager
 Gateway
 Registration Form
Server
Registered Date MM/dd/yyyy hh:mm tt
Registration Requested MM/dd/yyyy hh:mm tt
Date
Approved Date MM/dd/yyyy hh:mm tt
Last Detected MM/dd/yyyy
Segment Up to 32 letters

292
Appendix A File Format

Item name Value format Remarks

Authorized IP Address IPv4 format Can be changed.


If omitted, [Authorized IP Address] is set to "None". Specify
the IP address that is to be associated with the MAC
address.

Hint
 Blanks (space and tab) before and after a comma that separate items are handled as an
input value when importing. If the items are enclosed in ("), any blanks before or after a
comma are omitted.
 Up to 10,000 devices can be imported.
 If letters that include a comma, tab, or linefeed are used for an item, enclose the item with
("). If (") is used for the item in any other way other than for enclosing, replace (") with ("")
and then enclose the item with (").

Attention
 If a file is imported with a value different from the above-mentioned "value format"
described, an error message appears. Check the description and try the import again. If
items are omitted, subsequent commas can be omitted when a MAC address is
described.
 If an error occurs during import, all import data becomes invalid. Check the file format and
try the import again.

293
Appendix A File Format

A.2 Event Information File Format


This section describes the format of event information files exported from the Event Viewer
window.
The default name of the file that you export from the Event Viewer window is as follows:

eventList_<MMDDYYYY>.csv

Table A.3 Event Information File Format

Item name Value format

Detected Date MM/dd/yyyy hh:mm:ss tt or MM/dd/yyyy hh:mm:ss tt ±hh:mm


Event ID XXXXXXXX (8 letters)
Level ERROR
WARNING
INFO
Segment Group Name Up to 32 letters
(For events for the whole system, "-" is set.)
Message Up to 256 letters

Hint
 The files are exported from the Event Viewer window in the same order as the sort order
displayed in the window.

294
Appendix A File Format

A.3 Sensor Information File Format


This section describes the format of Sensor settings files exported from the Sensors window.
The default name of the file that you export from the Sensors window is as follows:

sensorList_<MMDDYYYY>.csv

Table A.4 Sensor Information File Format

Item name Value format

Sensor Name Up to 32 letters


IP Address (*1) xxx.xxx.xxx.xxx ("xxx" represents a numeric value between 0 - 255)
MAC Address XX:XX:XX:XX:XX:XX ("X" represents an alphanumeric letter.)
Default Gateway Address xxx.xxx.xxx.xxx ("xxx" represents a numeric value between 0 - 255)

Operation Mode (*1) Monitor


Block (Unblock After Registration)
Block (Unblock After Approval)
Application Monitoring (*1) Disabled
Monitor Only
Monitor & Block
No Monitor Port
Behavioral IPS (Malware Disabled
Detection) (*1) Monitor Only
Monitor & Block
No Monitor Port
Event Notification (*1) Notify
Do Not Notify
Configuration Device Complete
Information Incomplete
Application Complete
Information Incomplete
Sensor Complete
Information Incomplete
System Complete
Information Incomplete
Version For iNetSec Smart Finder Sensor: VXXLXXNFXXXXSXX
("X" represents a number.)
Operation Status Normal
Abnormal

*1: Exported only when [Includes Segment Information] is selected.

Hint
 The files are exported from the Sensors window in the same order as the sort order
displayed in the window.

295
Appendix A File Format

A.4 Automatic Approval for MAC


Address (Vendor ID) File
This section describes the format of configuration files imported or exported from the Automatic
Approval for MAC address (Vendor ID) window.
The default name of the file that you export from the Automatic Approval for MAC address
(Vendor ID) window is as follows:

venderIDList_<MMDDYYYY>.csv

Table A.5 MAC Address(Vendor ID) Automatic Approval File Format

Item name Value format Remarks

Vendor ID XX:XX:XX (8 letters) Cannot be omitted for the import operation.


For "X", specify any of the following: Specify the vendor ID to be approved.
0 - 9, a - f, A - F
":", "-", or no delimiters can be used
for the delimiters of a vendor ID.
Approval Status "Approved" Cannot be omitted for the import operation.
The results of the values that are specified for the
import operation are as follows:
The value should be "Approved" or a blank for
the import operation otherwise the operation will
fail.
MAC Vendor Any name (255 letters) This item is ignored for import operations.

Attention
 Up to 1,000 vendor IDs can be imported. When over 1,000 IDs are imported, an import
error occurs.
 The same vendor ID cannot be specified more than once in the import file. When the
same vendor ID is specified more than once, an import error occurs.
 If an error occurs during the import operation, all of the imported data become invalid and
the system is restored to the state before the import operation. Check the file format and
try the import operation again.

296
Appendix A File Format

A.5 IP Address Change Notification


Exception File
This section describes the format of IP Address Change Notification Exception Files.
The default filename is as follows:

notifyExcepts_<MMDDYYYY>.csv

Table A.6 IP Address Change Notification Exception File Format

Item name Value format Remarks

Start IP Address xxx.xxx.xxx.xxx  Cannot be omitted.


("xxx" represents a numeric value
between 0 - 255)
End IP Address xxx.xxx.xxx.xxx  Cannot be omitted.
("xxx" represents a numeric value If an address "before" the start address is
between 0 - 255) specified, an error occurs.

Attention
 If an error occurs during import, all import data becomes invalid. Check the file format and
try the import again.

A.6 Automatic Approval for IP Address


File
This section describes the format of configuration files imported or exported from the Automatic
Approval Settings for IP Address window. The default filename is as follows:

autoAdmitIPAddressList _<MMDDYYYY>.csv

Automatic Approval for IP Address files are in CSV format, separated by commas.
The line break code is CRLF and spaces or tabs inserted before and after commas are omitted.
The item details are as follows.

Table A.7 Automatic Approval for IP Address File Format

Item name Value format Remarks

Start IP Address xxx.xxx.xxx.xxx ("xxx" Cannot be omitted.


represents a numeric
value between 0 - 255)
End IP Address xxx.xxx.xxx.xxx ("xxx" Cannot be omitted. If an address "before" the start
represents a numeric address is specified, an error occurs.
value between 0 - 255)
Approval Status "Approved" Can be omitted.

297
Appendix A File Format

A.7 Application Information File


This section describes the format of application information files imported or exported from the
Applications window of the Manager.
The default name of the file that you export from the Applications window is as follows:

appPolicyList_<MMDDYYYY>.csv

Table A.8 Application Information File Format (Export)

Item name Value format

Application ID An eight-digit numeric value


Segment Group Up to 32 letters
Status Any of the following:
 Permitted
 Prohibited
 Mix
 Not Detected
Policy Any of the following:
 Individual Policy
 Preassigned Policy
 Mix
Name Up to 32 letters including alphanumerics or symbols ("_", "-", "(", ")", "+", ":",
".").
Summary Up to 128 letters

298
Appendix A File Format

Item name Value format

Category Any of the following:


 blog-bbs
 content-delivery
 email
 instant-messaging
 internet-search-engine
 internet-utility
 online-storage
 p2p-file-sharing
 social-networking
 directory-discovery
 management-apps
 management-protocol
 system-update
 audio-video-sharing
 game
 media-streaming
 photo-doc-sharing
 voice-video
 internet-core
 ip-protocol
 layer2-legacy
 pinging
 proxy-cache
 remote-access
 routing
 business-apps
 business-collaboration
 business-infrastructure
 database
 file-system
 storage-backup
 authentication
 security-system
 tunnel-encapsulation
 testing
 device

299
Appendix A File Format

Item name Value format

Risk Level Any of the following:


 Very High
 High
 Medium
 Low
 Very Low
Traffic A numeric value
Sessions A numeric value
Policy Update Time MM/dd/yyyy hh:mm tt or MM/dd/yyyy hh:mm tt ±hh:mm
Dictionary Version The format is "A-<version>.<level>.<revision>-<number>". Each of <version>,
<level>, and <revision> is a decimal number between 0 and 255. <number>
is a decimal number between 0 and 99.
Dictionary Update MM/dd/yyyy
Class Any of the following:
 web-service
 peer-to-peer-static
 peer-to-peer-dynamic
 rpc-based
 l4-protocol-static
 l4-protocol-dynamic
 l2-protocol
 l3-protocol
Type Any of the following:
 p2p-application
 web-application
 rpc-application
 l4-application
 l3-application
 l2-application
Detection Method Any of the following:
 port-base
 context-base
 heuristic
 other
Description Up to 2048 letters
URL Up to 2083 letters
Upper Layer Applications Up to 256 letters
Protocol Number The format is <protocol name>(<number>).
Conventional TCP Port The port number is between 1 and 65543.
Number If the application uses multiple ports, the numbers are separated by commas
(no spaces in between), or connected with a hyphen (-) to indicate the range.
"ANY"indicates that the application uses dynamic port numbers.
Conventional UDP Port The port number is between 1 and 65543.
Number If the application uses multiple ports, the numbers are separated by commas
(no spaces in between), or connected with a hyphen (-) to indicate the range.
"ANY" indicates that the application uses dynamic port numbers.

300
Appendix A File Format

Item name Value format

Standard Document Up to 32 letters separated by a comma.


Evasion Capability Yes or No
Information Leakage Risk Yes or No
File Transfer Capability Yes or No
Remote Control Capability Yes or No
Known Vulnerabilities Yes or No
Bandwidth Occupancy Yes or No
Popularity Yes or No
Port Confliction Up to 256 letters.

Table A.9 Application Information File Format(Import)

Item name Value format

Application ID An eight-digit numeric value


Segment Group Up to 32 letters
Status Any of the following:
 Permitted
 Prohibited
 Mix
 Not Detected
Policy Any of the following:
If omitted, the current value is retain.
 Individual Policy
 Preassigned Policy
 Mix

Hint
 Spaces or tabs before and after commas that separate items are considered as input
values. For items enclosed with "", spaces before and after commas are ignored.
 For items which have commas, tabs and line breaks, enclose the items with "". For items
which have " , replace " with "" and then enclose the items with "".

301
Appendix B Changing Settings after Starting Operation

Appendix B 
Changing Settings after Starting
Operation

This section describes how to make changes after operations begin for the configured settings
that were performed during installation of the Manager.

B.1 Changing a Window Port Number .......................................................................... 303


B.2 Changing the Communications Protocol for the Windows ...................................... 304

302
Appendix B Changing Settings after Starting Operation

B.1 Changing a Window Port Number


This section describes how to change the port number used when displaying the Management
window or Chart.

For Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and
Windows Server 2012 R2
1. For Windows Server 2008, click [Control Panel] - [System and Maintenance] -
[Administrative Tools] and then select [Internet Information Services (IIS) Manager]. For
Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2, click
[Control Panel] - [System and Security] - [Administrative Tools] and then select [Internet
Information Services (IIS) Manager].
2. Open the Local Computer settings in the Internet Information Services (IIS) Manager
window. Click [Sites] - [iNetSecSmartFinder] and select [Bindings] in the [Actions] menu.
3. When the Site Bindings window appears, select either http or https and click [Edit].
4. In the Edit Site Binding window, change the port number and click [OK].

Attention
 If a firewall is used, configure the firewall to approve the port set above.

303
Appendix B Changing Settings after Starting Operation

B.2 Changing the Communications


Protocol for the Windows
This section describes how to change the connection protocol used when displaying the
Management window or Charts.

For all operating systems


 Changing HTTP to HTTPS
First, import an official certification.
For details about how to import a certification, refer to the IIS manual for the operating
system.

For Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and
Windows Server 2012 R2
 Changing HTTP to HTTPS
1. For Windows Server 2008, click [Control Panel] - [System and Maintenance] -
[Administrative Tools], and then select [Internet Information Services (IIS) Manager].
For Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2
click [Control Panel] - [System and Security] - [Administrative Tools], and then select
[Internet Information Services (IIS) Manager].
2. Expand [Sites] node in the [Connections] menu, select [iNetSecSmartFinder] and then
select [Bindings] in the [Actions] menu.
3. When the Site Bindings window appears, select [Add], set the following information,
and then click [OK].
Type: https
IP address: All Unassigned
Port: Any value (default: 443)
SSL certificate: Select the certification imported for [All operating systems]
4. Select the following information and then click [Delete].
Type: http
Port: Number set during installation (default: 8109)
5. Click [Close] in the Site Bindings window, expand [Sites] node in the [Connections]
menu, and select [iNetSecSmartFinder].
6. Double-click [SSL Settings] for [IIS] in [Features View], select [Require SSL]
checkbox, and then click [Apply] in the [Actions] menu.
 Changing HTTPS to HTTP
1. For Windows Server 2008, click [Control Panel] - [System and Maintenance] -
[Administrative Tools], and then select [Internet Information Services (IIS) Manager].
For Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2
click [Control Panel] - [System and Security] - [Administrative Tools], and then select
[Internet Information Services (IIS) Manager].
2. Expand [Sites] node in [Connections] window and select [iNetSecSmartFinder].
3. Double-click [SSL Settings] for [IIS] in [Features View], clear [Require SSL] checkbox,
and then click [Apply] in the [Actions] menu.

304
Appendix B Changing Settings after Starting Operation

4. Expand [Sites] node in [Connections] window, select [iNetSecSmartFinder] and then


select [Bindings] in the [Actions] menu.
5. When the Site Bindings window appears, click [Add], set the following information, and
then click [OK].
Type: http
IP address: All Unassigned
Port: Any value (default: 80)
6. Select the following information and then click [Delete].
Type: https
Port: Number set during installation (default: 8109)
7. In the Site Bindings window, click [Close].

Attention
 If the Manager is uninstalled after HTTPS is changed to HTTP, the "inetsecsmartfinder"
used as certification for the trusted root certificate authority is not deleted. Use the
Windows Management Console to delete the certification.
 If a firewall is used, configure the firewall to approve the port set above.

305
Appendix C Specifications

Appendix C 
Specifications

This appendix describes various specifications of iNetSec Smart Finder.

C.1 Upper Limits for iNetSec Smart Finder System ...................................................... 307
C.2 List of the Ports used by iNetSec Smart Finder ...................................................... 308

306
Appendix C Specifications

C.1 Upper Limits for iNetSec Smart


Finder System
The following shows the upper limits for each parameter that can be introduced or defined for the
iNetSec Smart Finder system.

Table C.1 Upper Limits for iNetSec Smart Finder System

Parameter Upper limit Description

Detected devices 10000 The number of devices (the number of MAC addresses)
managed by the Manager.
If the upper limit is exceeded, the exceeding number of devices
cannot be registered.
If the same Mac address is registered in more than one Segment
Group, it is counted only once.
Number of Sensors 100 The number of the Sensors managed by the Manager.
If the upper limit is exceeded, the exceeding number of the
Sensors cannot be registered.
Number of Segment 75 The number of Segment Groups managed by the Manager.
Groups If the upper limit is exceeded, the exceeding number of Segment
Groups cannot be registered.
Number of 250 The number of segments managed by the Manager.
segments If the upper limit is exceeded, the exceeding number of segments
cannot be registered.
Number of users 50 + 10  n The number of users managed by the Manager.
(*) Up to 50 system administrators + 10 (Segment Group
administrators + read-only users) per Segment Group can be
registered.
Users that exceed the upper limit cannot be registered.
Number of printers 500 The number of printers managed by the Sensor.
If the upper limit is exceeded, the exceeding number of printers
cannot be obtained. It is undetermined from which printer the
amount of printing cannot be obtained.
Number of devices Manageable The number of devices that can be managed by the Sensor. Note
per Sensor devices: 3000 that 1000 devices can be managed by the Sensor simultaneously.
Concurrent If the upper limit (3000 devices) is exceeded, the exceeding
devices: 1000 number of devices cannot be detected/blocked/redirected.
Number of Segment 5 The number of devices that can be managed by the Sensor.
Groups per Sensor If the upper limit is exceeded, the exceeding number of Segment
Groups cannot be registered.
Number of 10  n The number of Exception Servers managed by the Manager. Up
Exception Servers (*) to 10 servers can be registered per Segment Group.
Exception Servers that exceed the upper limit cannot be
registered.

*: "n" represents the number of Segment Groups.

307
Appendix C Specifications

C.2 List of the Ports used by iNetSec


Smart Finder
The list of receiving ports used by the iNetSec Smart Finder system is shown below.

Table C.2 List of Receiving Ports for iNetSec Smart Finder

Receiving
Receiving Port Sending Communication
Protocol Remarks
Device (default Port Destination
value)

Manager 8877 (*1) TCP Any Sensor Used for


communication
between the Sensor
and the Manager.
8109 (*2) HTTP Any Computer to display the Used for
or HTTPS Management window, communication
Registration Form between each window
window on the Manager and the Manager.
or Chart.
Sensor 8877 (*3) TCP Any Sensor Used for Sensor to
Sensor Status
Monitoring.
80 HTTP Any Computer that displays Used for
the Registration Form communication with the
window, or the Manager Registration Form
that obtains Sensor window and
maintenance information communication
(*4) between the Manager
and the Sensor.
81 HTTP Any Computer that displays Used for
the Basic Settings communication with the
window Basic Settings window.

*1: This can be changed when installing the Manager. The setting must be changed on the Sensor side.
*2: This can be changed when installing the Manager.
*3: This can be changed in the Basic Settings window to match the settings for the Manager.
*4: This is used when the -d option is specified for the Investigate Sensor command.

308
Appendix D Time Zone

Appendix D 
Time Zone

This appendix describes the time zone used to indicate the displayed time on the screen and the
time when an operation is performed.

D.1 Time Zone ............................................................................................................... 310

309
Appendix D Time Zone

D.1 Time Zone


The time zone is used to indicate the event local time on the screen and the time when an
operation is performed. Different time zones are used to indicate the event local time on the
screen and the time when an operation is performed according to the iNetSec Smart Finder
functions and the displayed items.
The following table shows the relationship between each item and time zones.

Table D.1 Relationship between Items and Time Zones

Time Zone
displayed in Time Zone for
Function Item
"Event Local Operation Time
Time"

 Management Window (Device) Approved Date Manager Computer -


 CSV File for Exporting Validity Period -(*3) Sensor
 Chart
Registered Date Sensor -
Registration Manager Computer -
Requested Date or Sensor (*1)
Last Detected Sensor -

 Management Window Policy Update Time Manager Computer -


(Application Monitoring) or Sensor (*4)
 CSV File for Exporting

 Management Window (Sensor) Operation Confirmed Manager Computer -


 CSV File for Exporting

 Management Window (Event) Detected Date Manager Computer -


or Sensor (*2)
 CSV File for Exporting

 Management Window Last Updated Manager Computer -

 Operation Log Operation Time Manager Computer -

 Scheduled Manager Process - - Manager


Computer

 Chart Checking changes in Sensor -


the number of devices
Amount of Printed Sensor -
Pages
Power Consumption Sensor -
(Uptime)
Data obtained Computer where -
Chart is running

 Scheduled Sensor Process - - Sensor

 Notification E-mail Manager Computer -


or Sensor (*2)

*1: If a registration is submitted from the Registration window on the Manager, the event local time is the
local time zone where the Manger Computer is located. If a registration is submitted from the
Registration window in the Sensor, the event local time is the local time zone where the Sensor is
located.

310
Appendix D Time Zone

*2: For Events that occur on the Manager Computer, the event local time is the local time zone where the
Manger Computer is located. For events that occur on the Sensor, the event local time is the local time
zone where the Sensor is located.
*3: The displayed time does not depend on the time zone.
*4: If the application usage policy is updated through the Registration window, the event local time is the
local time where the Manager Computer is located. If the policy is updated by detection of a new
application, the event local time is the local time where the Sensor that detects the application is
located.

311
Appendix E Monitor Port Connection

Appendix E 
Monitor Port Connection

This appendix describes the monitor port connection.

E.1 Monitor Port Connection ......................................................................................... 313

312
Appendix E Monitor Port Connection

E.1 Monitor Port Connection


A Monitor Port should be connected to a network so that the Sensor can monitor network traffic
to, from and within the IP segments that the Sensor controls as much as possible. Avoiding
monitoring of other traffic is also important because traffic can put an excessive load on the
Sensor.

In a simple configuration where the Sensor controls an IP segment with a single network switch,
a Monitor Port can connect to a mirror port on the switch. If you mirror all other ports except for
upper link port to the mirror port, the Sensor can monitor all packets to and from devices on IP
segments.

Layer 3 Switch

Connect the Sensor Monitor


Port to a mirror port
Layer 2 Layer 2
on a network switch.
Switch Switch

Devices Devices

An IP segment under Application Monitoring

313
Appendix E Monitor Port Connection

In a layered configuration, an ideal point for a Monitor Port to be connected is the Layer 3 switch
on the top of the layers where all traffic passes from the lower layer switches. If you configure a
mirror port on the switch and mirror all lower link ports to the mirror port, the Sensor can monitor
all traffic except for traffic that passes between devices on a switch in the lower layers.
Connect the Sensor Monitor
Port with a mirror port on a
network switch.
Layer 3 Switch

Layer 2 Layer 2
Switch Switch

Sensor cannot Devices Devices


monitor traffic that
passes between
IP segments under Application Monitoring
devices on a switch in
the lower layers.

314
Appendix F Management Window

Appendix F Management Window

This appendix describes the Management window configuration.

F.1 Management Window ............................................................................................. 316

315
Appendix F Management Window

F.1 Management Window


The Management window consists of the following windows:

Table F.1 Management Window Configurations

Menu or Tab Description


Devices Use this windows to manage all the wired and wireless devices that access
your network.
It displays the full list of devices that are managed by iNetSec Smart Finder,
and you can manually approve or reject devices that try to access your
network or visualize the device information.
Applications Use this window to manage the applications.
The Application List is displayed per Segment Group, and you can permit or
prohibit application use on the network.
Sensors Use this window to manage the Sensors deployed on your network.
You can manage the Sensor using the following two tabs.
Sensor List A list of the Sensors is displayed, and you can view the Sensor status.
Segment List A list of IP Segments is displayed, and you can set control modes for devices
or applications per Segment.
Users Use this window to manage iNetSec Smart Finder user accounts.
A list of administrative user accounts is displayed, and you can create, update,
or delete iNetSec Smart Finder administrative accounts.
Segment Groups Use this window to manage the Segment Groups.
Segment Groups are displayed, and you can create, change, or delete them.
Events Use this window to view the event information.
The events that occur on the Manager or the Sensor can be viewed.
System Use this window to create network policies and control system operations.
You can control system operations using the following three tabs.
User Specific Specify the following user account specific settings:
Settings  Password and e-mail address
 The event notification setting and target events
 The information displayed and the Export Device setting
Segment Group Specify the following Segment Group specific settings:
Specific Settings  Information on the mail server or SNMP that is used for the event
notification
 Policies of device network access control, Application Monitoring, and
Behavioral IPS (Malware Detection)
 Customization of the messages that are notified to device users
System Settings Specify the settings that are applied to the entire system.

316
Glossary

Glossary

Access Control Function


To identify the restrictive status of unauthorized devices connected and block their access to
the network.

Application
A general term for a service or protocol on the application layer.

Application Dictionary
The Application Dictionary contains the application information and a recommended default
policy for the applications.

Application Monitoring
To monitor, visualize, and control the use of applications.

Application Monitoring Mode


An option to specify whether to monitor applications.

Application Policy
A policy that decides whether or not to permit applications used on the network.

Application Status
A status that indicates whether detected applications are permitted or prohibited. There are
three types of the application statuses: Permitted, Prohibited, or Not Detected.

Applications Window
To view and operate the application information managed by the Manager. Applications
Window is one of the Management Windows.

317
Glossary

Approval Status
Approval status determines if a device connected to the network is approved for connection
(Approved), blocked for connection (Rejected) or not authorized by the administrator
(Registered).

Approved
Determines if a device detected by the Sensor is approved for network connection.

Automatic Approval for IP Address


This function automatically approves devices with IP addresses specified in the Automatic
Approval settings for IP Address window.

Automatic Approval for IP Address File


A file imported or exported from the Automatic Approval settings for IP Address window.

Automatic Approval for MAC Address (Vendor ID) File


A file imported or exported from the Automatic Approval for MAC address (Vendor ID)
window.

Automatic Approval for MAC address (Vendor ID) Window


To specify the MAC addresses (vendor ID) automatically approved.

Automatic Approval settings for IP Address Window


To specify the IP addresses automatically approved for network connection.

Average Power Consumption


The defined value determines the total power consumption. This value can be specified for
each device.

Backup
This function backs up the system information of the Manager in case of an emergency.
iNetSec Smart Finder provides the command.

Basic Setting Window


To configure the basic settings on the Sensor.

Block
The Sensor blocks connection of non-approved client devices to the network.

318
Glossary

Blocking Mode
A mode used to block devices "Registered" in the network or devices using prohibited
applications. Blocking mode has the following functions for the devices "Registered" in the
network :
 Unblock After Registration
Connection to the network is unblocked if the network user submits a registration form
from the blocked device.
 Unblock After Approval
If the System or Group Administrator approves the request, the device is unblocked.

Chart
Chart is the software used to compile IT device information managed by the Manager with
detailed statistical information including displaying information in visual formats such as
graphs and tables. By using Chart, an administrator can analyze the network.

Client Device
The devices that are connected to the network and have an IP address. iNetSec Smart
Finder manages devices based on the MAC address.

Detection
The Sensor detects devices connected to the network.

Detection Sensor
The Sensor that detects a device connected to the network.

Device
A Client Device.

Device Dictionary
The Device Dictionary contains the keywords to classify the device types and the results of
the classification.

Dictionary File
This file is provided as maintenance service. The file is used to update the Dictionary.

Device Information
The Sensors collect device information from devices connected to the network. The
Manager consolidates and displays the information on the Management window and Chart.

Device Information File


The file contains useful information for network and device management. A device file of
information is imported/exported from the Manager. The file is also used for information
exchanged with other systems.

319
Glossary

Device Information Window


To view and operate the device information managed by the Manager. The Device
Information window is in Management windows.

Device Registration Window


To register device information managed by the Manager. The Device Registration window is
in Management windows

Device Type
The device types are automatically classified by the Sensor and manually classified by the
administrator. The device types are as follows:
 Windows
Devices with Windows installed
 Mac
Devices with Mac OS installed
 Linux/UNIX
Devices with Linux or UNIX installed
 Printers
Printers or all-in-one printers connected to the network
 Routers/Switches
Network devices such as routers and switches
 NAS
Network Attached Storage (NAS) devices
 Scanners
Scanners connected to the network
 VoIP Phones
VoIP phones
 Kiosk Terminals
Kiosk terminals connected to the network
 Mobile Devices
Terminals such as mobile phones or smartphones connected to the network
 Others
Other described devices not discussed.
 Unclassified
Devices that are not classified by iNetSec Smart Finder. "Unclassified" is displayed if
the device type cannot be classified within 24 hours after the Sensor detects the
device.
 Detecting
Device types that are being classified by iNetSec Smart Finder.

Devices Window
To view and operate the device information managed by the Manager. Devices window is
one of the Management windows.

320
Glossary

Event
When a significant event in the Manager or the Sensor occurs, the system administrator is
notified by an e-mail or SNMP trap. Events can be filtered from the list in the Event Viewer
window.

Event Information File


The Event Information File consists of the date of the event, ID, level and event message(s).
The file can be exported from the Event Viewer window.

Event Viewer Window


To view the events that occurred in the Manager or the Sensor. Event Viewer window is in
one of the Management windows.

Export
This function exports the information managed by the Manager to a file. The character code
for the exported files is UTF-8.
The following information can be exported:
 Device Information
 Sensor Information
 Event Information
 Application Information
 MAC Address (Vendor ID) Automatic Device Approval Settings
 IP Address Change Notification Exception Settings
 IP Address Automatic Device Approval Settings
 Sensor Basic Settings
 Information displayed in Chart

External Registration Form Server


The registration form on the server can be uniquely customized by users.

Import
This function imports the information from files to the Manager. The character code for
imported files is UTF-8.
The following information can be imported:
 Device Information
 MAC Address (Vendor ID) Automatic Device Approval Settings
 IP Address Change Notification Exception Settings
 IP Address Automatic Device Approval Settings
 Sensor Basic Settings
 Application Information

INIT Button
The button on the front panel of the Sensor used to initialize the Sensor.

321
Glossary

IP Address Change Notification Exception File


A file imported/exported from the IP Address Change Notification - Exception setting
window.

IP Address Change Notification - Exception setting Window


To disable notification to system administrators of IP address changes

Maintenance Information
The information includes the Manager maintenance information and Sensor maintenance
information.

Management Window
To view and operate the information managed by the Manager from a web browser.

Manager
The Manager is the abbreviation for iNetSec Smart Finder Manager. The Manager centrally
manages the device and application information detected by the Sensors.

Missing or Disposed
The Sensor determines devices not connected to the network for a specified period of time.

Monitoring Mode
A Sensor operation mode that detects the devices connected to the network and collects the
device information. Device types are classified in Monitoring Mode.
The Sensors block "Rejected" devices.

Notes
Device information set to add optional information to devices.

Notification Window
A window that appears on a client device when the device is blocked or unblocked.

Operation Mode
Operation mode is assigned to each segment with Monitoring and blocking modes. The
Sensor manages each segment in operation mode.

Operation Status
The Sensor status is displayed in the Sensor window.
The two types of operational status are: "Normal" and "Abnormal".

Permitted Application
An application that is permitted in the application policy. The newly detected application is
permitted by default.

322
Glossary

Power Consumption
An estimate of the power consumption. This is calculated by the device uptime and the
average power consumption set for each device.

Prohibited Application
An application that is prohibited according to the application policy. A device that uses
prohibited applications is blocked from the network in blocking mode.

Registered
A device detected by the Sensor whose status is not determined for approval to connect to
the network.
"Registered" includes the following:
 Detected
The Sensor detects a device connected to the network. Approval/rejection for
connection has not been determined.
 Requested
Registration approval to the network is requested. Approval/rejection for network
connection has not been determined.

Rejected
A device detected by the Sensor whose status is rejected for connection to the network.

Registration
Registration for connection to the network from a blocked device.

Restoration
This function restores the system information into the Manager. iNetSec Smart Finder
provides the command.

Retention Period
The Manager retains event information. The Retention Period of the event information can
be specified on the System Configuration window for 30, 60 or 90 days. The default value is
30 days.

Risk level
The degree of risk for applications. The risk level is specified in the dictionary provided by
iNetSec Smart Finder.

Segment
The IP segment in the network.

Segment Group
This is used to manage segments as a group. Automatic approval, application policies, and
event notification settings can be specified on a Segment Group basis.

323
Glossary

Segment Group Information Window


To edit Segment Group information.

Segment Group Registration Window


To register Segment Groups.

Segment Groups Window


To view, register, update and delete Segment Groups.

Segment Information Window


To view and configure the detailed segment Information

Sensor
The Sensor is the abbreviated name for the iNetSec Smart Finder Sensor. The Sensor
detects and classifies devices connected to the network and blocks devices that have
unauthorized network access. The Sensor also monitors applications on the network and
blocks devices that use prohibited applications.

Sensor Basic Information File


An XML file can be imported/exported from the Sensor Basic window.

Sensor Information
Information of the Sensor such as Sensor Name, Sensor IP address and Sensor MAC
address.

Sensor Information Window


To view and operate detailed Sensor information.

Sensors Window
To view and operate the Sensors.

Sensor to Sensor Status Monitoring


Sensor to Sensor Status Monitoring is performed between the Sensors within the same
Segment Group. This function enables status monitoring performed for the multiple Sensors
even while the Manager is not running. If there is a Sensor error, another Sensor sends an
e-mail or SNMP trap.

System Configuration Window


To configure the operational settings for the Manager.

Unauthorized Devices
Unauthorized devices are blocked for network access by iNetSec Smart Finder.

324
Glossary

Unblock After Approval


If the System or Group Administrator approves the request, the device is unblocked.

Unblock After Registration


Connection to the network is unblocked if the network user submits a registration form from
the blocked device.

User
iNetSec Smart Finder user who can log in to the Manager and Chart and manage segments
on a Segment Group basis. User roles can be set for each user. After installation, only a
user named "admin" is registered.

User Information Window


To register new user information or edit information that is already registered.

User Role
There are three types of user roles in iNetSec Smart Finder: system administrator, group
administrator and read-only.

Users window
To add, view and delete users.

Whitelist
Is a list of devices with "Approved" status in the Devices window. Devices labeled as
"Detected" can be "Approved" or "Rejected". After the Manager is installed and the Sensor is
setup in each IP segment, create a whitelist before starting operations.

325
iNetSec Smart Finder V3.0
User's Guide
P2WW-2834-01ENZ0

Date of issuance: June 2014


Issue-responsibility: PFU LIMITED

 The contents of this manual are subject to change without notice.


 PFU LIMITED assumes no liability for incidental or consequential damages arising
from the use of this Product, and any claims by a third party.
 Copying of the contents of this manual, in whole or in part, as well as the scanner
applications is prohibited under the copyright law.

Das könnte Ihnen auch gefallen