Not Registered? Sign Up Now!
myNetWatchman Privacy Statement

Log in for advanced features

E-mail:

Password:

 
  Remember Me

mNW Reports  FAQ: mNW Reports





(Registered Users Only)


Look Up Incidents by IP Address
 

 

Release Notes

Click here for a detailed list of bug-fixes.

2002-09-24 - v1.25-1 Enhancements/bug fixes:

  • (mNWLib) Added new set of reserved log formats (ID 21-40, inclusive)
  • (mNWLib) Fixing a missed update that was necessary to support new formats
  • (mNWLib) Add WallWatcher Format support

2002-09-22 - v1.25 Enhancements/bug fixes:

  • (mNWLib) Added better support for HTTP 1.1 defaults -- keep-alives
  • (mNWLib) NWCLIENT.LOG file only created if event needs to be logged.
  • (mNWLib) Adding/updating log format list and more flexibility for future log formats
  • (mNWLib) Decoupling the save of autorun and debug config parameters from user config
  • (mNWLib) Program status edit control automatically clears when text size > 64 KB
  • (NWClient) Handling Shell/Explorer restart event ("TaskbarCreated" message)
  • (NWClient) Adding upload back-off on upload failure(s)

v1.24 Enhancements/bug fixes:

  • (NWClient) Upload status list automatically clears after 1000 entries
  • (mNWLib) Reset HWM to zero if it is larger than current file size
  • (NWClient) Reset GUI display when log file is reset
  • (NWClient) Fix defect in startup on NT 4.0

v1.23 Enhancements/bug fixes:

  • Upload failed loop: Add logic to handle case where IE browser is put into "offline mode" (either on purpose by user or due to transient loss of Internet connection)
  • Upload failed loop: BlackICE users only. Add logic to prevent attempts to upload empty log lines
  • Re-add logic to discard any log lines with less than 50 characters

v1.22 Enhancements/bug fixes:

  • Use common variable for agent version # (on 'about' screen) and upload script

v1.21 Enhancements/bug fixes:

  • Log tracking pointer (high-watermark - HWM) saved to registry after every upload. Previous versions intermittently failed to update the HWM in the registry after upon system shutdown/reboot resulting in the upload old data .
  • New pre-filter file enables client-side filtering of *inbound* events only. Outbound events now filtered by client rather than by mNW server script.
  • Pre-filter is not throttled, this enables rapid fast-forward over all non-inbound events
  • The mNW registry keys have been moved from HKCU to HKLM...this enables mNW to work properly if you use multiple Windows login accounts on one system

v1.15-5 07-Mar-2002:

  • Bugfix: Agent now correctly saves Highwater mark on system shutdown...preventing duplicate uploads

v1.15-4 28-Feb-2002:

  • Bugfix: firewall log deletion/archival is now auto-detected and agent now starts processing new file from beginning
  • Add: Write error message to Program Status window when selected LogFile doesn't exist
  • Debug checkbox now activates "Program Status" tab showing detailed diagnostic info
  • Log file chooser button now properly captures selected file name
  • If no log format is initially configured, agent will auto-configure if user has Zone Alarm (2.x) BlackICE firewalls installed
  • Provides scrolling status window of upload status
  • Right click on upload item to copy to clip board (makes it easy to post or email questions about an item)
  • Status window now displays log file size and mNW tracking pointer value
  • Added LogFile chooser dialog box (this isn't finished)
  • Added Listbox to select log format
  • Added checkbox to enable/disable automatic startup

v1.14-3: 11-Nov-2001

v1.13: 09-May-2001

(includes all fixes from v1.13d2, plus:)

  • Under heavy uploading or loss of Internet connectivity agent user interface would "lock-up"...fixed!!! (Special thanks to Brian Hayes for assistance here)
  • Occasionally you would see HTML (actually the mNW home page) displayed in the status window. Had an char array that wasn't sized properly..fixed.

v1.13d4: 05-May-2001

  • Only try to get HTTP data if HTTP response was HTTP_OK (200)
  • Only display first 1024 characters of HTTP response in status Message screen

v1.13d2: 05-May-2001

  • NEW: Status tab shows the HTTP status of last upload attempt

  • NEW: Status tab has message box shows you what server did with your upload request, cases where your request was pre-filtered, or where log fragments where discarded

  • NEW: Message box shows you the tenative backtracing results

  • NEW: If you try to upload but aren't configured properly, you'll get appropriate error messages here too (e.g. Invalid password, e-mail, etc.)

  • BUG fixed: mNW v1.12 will throw a fatal exception if you are receiving a prolonged attack from the same source. My attempt to fix this issue in v1.12 failed...hopefully I did a better job this time.

  • BUG fixed: Previously if you had the Status screen open it would not dynamically update...now it does.

v1.12: 04-May-2001

  • Added throttling mechanism so that only ONE log record is uploaded during each polling interval (7 seconds). This is partly to control the load on the server, minimize client-side impact, and prevent possible DoS attacks by rogue agents.
  • Eliminated obsolete user-interface elements (e.g. Upload Now button)
  • Fixed bug where agent would fail to autostart after a system reboot
    Note: if you are having this problem, shut down the agent, delete the myNetWatchman registry key under HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run, then restart the agent
  • Eliminated problem where user interface would lockup when doing prolonged uploads
  • Changed log file monitoring logic. In previous version any file modification would trigger an upload attempt. If the firewall modified the logfile, but did not actually ADD more log records, this would cause the agent to reset it's file pointer to zero and thus start transmitting the log file from the beginning--potentially sending lots of duplicate data. This would only occur in the rare cases where the firewall would update the attack count of a pre-existing record (both Zone Alarm and Black ICE do this)
  • Agent version number is transmitted during upload...this essential for debugging purposes and helps me ensure that everyone applies patches in a timely fashion

v1.11: 14-Apr-2001

  • Your firewall log is now polled every 7 seconds...if new attacks have been logged they are uploaded to the mNW server, immediately

  • All uploads are done using plain vanilla HTTP...this should avoid the various problems we had with FTP (e.g. ICS)

  • HTTP upload process supports proxy servers (it will use whatever you have configured in Internet Explorer)

  • Firewall logs are no longer manipulated (e.g. renamed) as with previous versions. The mNW agent keeps track of which records it uploaded to prevent sending duplicate reports. I now leave it up to you to clear your logs at the interval you prefer.

  • Generic log file support. Agent only monitors the log file and sends the raw data to the mNW server...the server does all the logic to parse the log file. This makes it much easier to support a wide variety of firewall log formats since all I have to do is add new logic on the server to support it.

  • Zone Alarm support added! I have already added the database support for Zone Alarms log format. Since ZA is also so popular, the Agent will also auto-detect this firewall and configure the log location automatically (make sure you have logging enabled in ZA).

  • Uploads are authenticated using your mNW username and password. This eliminates the possibility that unsavory characters would send bogus attack reports using the previous loosely authenticated mechanisms (this has never been a problem, but need to be prepared). (Don't worry, encrypted passwords are coming too.)

Update: Zone Alarm auto-detect isn't working for some reason...if you have this problem then do the following:

 

v1.04: 03-Nov-2000 - Initial official release
v1.02: 11-Sep-2000 - beta
v1.01: 02-Sep-2000 - beta