Instructions for trying out the CyberSensor demo ================================================ . Make sure that you have Windows NT 4.0 on your machine. . Copy and unzip the attached .ZIP file in some directory on your harddrive. . Run CyberSensor.Exe Conventions =========== The machine on which you running CyberSensor.Exe is termed as "Source Machine" and the machine which you want to spy is termed as "Target Machine". In case of single machine demo, both "Source Machine" and "Target Machine" are same. Single machine demo =================== 1. Make sure that you are logged in as administrator on the "Source Machine". You can verify this by starting programs such as windisk. Windisk will run without any "access denied" errors if you are administrator. 2. From the CyberSensor machine list, select the same machine on which you are running CyberSensor. 3. Select the appropriate agent from the agents list box. Select the process you want to spy on from process list box. You can skip selecting process if you want to spy system wide. 4. Click the Start Agent icon/menu item. Look at your spy agent selection and Click "Start Spy". 5. After successful installation of spy, you will get one window which will show the spy specific activity. 6. Perform any spy specific activity on the machine e.g If you have selected process spy then start and stop some processes on the target machine. Multi-machine demo ================== 1. Make sure that you have administrator privilege on the "Target Machine". You can verify this by connecting to C$ admin share. e.g If "Source Machine" named "A" and the "Target Machine" is named "B". Run the following command on "Source Machine" net use \\B\C$ If this command succeeds, then you have admin privilege on the target. Note: If both the "Source Machine" and "Target Machine" belongs to same domain say CYBERDOM and you are logged in as user X on machine "A" then make sure that "CYBERDOM\X" belongs to local administrator group of machine "B". This can be done as follows. Logon to machine "B" as local administrator, run musrmgr.exe select "Administrators" group. You should see "CYBERDOM\X" belonging to this group. If not, then add the user to local administrator group by selecting from the user list. If you are logged in as Domain administrator on machine "A", then make sure that "Domain Admins" group belongs to local administrator group of machine "B" If both the "Source Machine" and "Target Machine" are peer i.e not belonging to same domain, then make sure that you have an account with same name and password on both the machines and this account is belonging to local administrator group of the "Target Machine". 2. Rest of the steps i.e 2 to 6 are same as single machine demo. Comments ======== . There are two spy agents provided along with this demo. ProcessSpy - Monitors execution of processes. Shows total CPU time, user time and kernel time spent by process. RegSpy - Monitors registry activity e.g Registry key/value creations/deletion/modification etc. . For ProcessSpy agent, you need to have PSAPI.DLL in your windows system directory, otherwise the agent will not show the executable names. It will show "Unknown" process name. PSAPI.DLL is present in the attached .ZIP file. . When starting spy agent, you might get "Failed to start service" message. Please try again in this case.MegaSecurity