Diagnostic Tool
Last updated
Last updated
In a standard Windows, the MS Outlook service does not offer support for monitoring and reporting the functionality of the add-ins installed on it. This service has been developed in order to monitor and report whether Keepnet Outlook add-in functions properly or not.
Using this service, system administrators will be aware of the potential errors related to the Keepnet Outlook Phishing Reporter add-in and are able to take action.
The service periodically retrieves certain information from the client computer and transmits it to the Keepnet server set on the client's own network (if the on-premise version is used) or to the dashboard.keepnetlabs.com server (if cloud version is used).
In the light of this information, it is ensured that the system administrator monitors the Outlook add-in and makes improvements.
Keepnet outlook monitoring service requires from the client the minimum following features for a healthy operation:
The monitoring service must be installed and run with administrator rights.
There are no time intervals for the application to run by default. It is recommended to scheduling it to run every 60 minutes in accordance with the corporate policy.
If the Keepnet is used on-premise, in order to send the report, the application must have access to http(s)://yourkeepnetserver /.
The .NET Framework 4.5.2 or later must be installed.
Keepnet Outlook add-in monitoring service supports a minimum of 32 and 64 bit all Windows 7 and above operating systems for client computers.
Phish Diag supports installation in two different ways. Normal Installation is the direct installation on a computer, while Silent Installation is the type that is installation is made on hundreds of thousands of systems using centralized software distribution tools.
This section describes the installation of the Phish Diag service. You can get your Phish Diag service by contacting support@keepnetlabs.com.
After downloading the application, you can start the installation process by double-clicking on exe file and clicking the Next button.
Continue with the default settings by clicking Next.
Click Next to allow installation.
In the last step, approve the installation by clicking on Yes.
Now, the Phish Diag service has been successfully installed on your computer.
For silent installation and removal, the following commands are available.
Silent installation process
C:\Windows\System32\msiExec.exe -i "KeepnetPhishDiagInstaller.msi" /QN /norestart
Silent removal
C:\Windows\System32\msiExec.exe -x "KeepnetPhishDiagInstaller.msi" /QN /norestart
Product Guid to detection
get-wmiobject Win32_Product | Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize
Silent removal with Product Guid
C:\Windows\System32\msiExec.exe -x {product-guid} /QN /norestart
After the application is installed, the configuration file path is C:\Program Files (x86)\Keepnet Labs\KeepnetLabs Phishing Reporter Diagnostic Service\KeepnetPhishDiag.exe.config
The configuration file contains the address to which the application sends information, the company ID, and the options to enable proxy support if required for communication.
The logs for the application are located on each user computer on which the application is installed in the C:\Program Files (x86)\Keepnet Labs\KeepnetLabs Phishing Reporter Diagnostic Service\Log.txt.
Sample output,
The Phish Diag (add-in monitoring service) has been successfully installed, operated and can communicate with the keepnet portal (cloud or on-premise) to help you obtain status information in the following 6 different scenarios.
If Phishing Reporter Outlook Desktop add-in is not installed on a user's computer, it is reported as “Not Installed".
If Phishing Reporter Outlook Desktop add-in is installed on a user's computer, running and communicating with the Keepnet portal, it is reported as “Online".
If the Phishing Reporter Outlook Desktop add-in is installed but disabled, it will be reported as "Disabled".
If the Phishing Reporter Outlook Desktop add-in is installed but disabled by the user, it appears in the list of inactive add-ins and is reported as “Deactivated" in the Keepnet portal.
If the Phishing Reporter has successfully installed the Outlook Desktop add-in, but the Outlook Desktop application is closed, then the user will appear as “Offline".
When a Windows user account in Active Directory is disabled or deleted, it is reported as "User Unavailable" because the user is no longer in Active Directory.
By downloading the entire user list as an Excel report, you can perform various filtering and reporting operations. When you click on the “Download Excel Report” button, the report will be ready to download.
Like in the screenshot below, the report will be ready to be downloaded.
When you download the report, the report contains all the details as follows.
You can receive Excel reports by email at certain times. For this, click on the Schedule Report button, type in the email addresses you want to send your scheduled report and determine how often it will be sent.
The email will look like this.
Sample configuration file
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework, Version=v4.5.2" /> </startup> <appSettings> <add key="KeepnetApiUrl"
value="https://dashboard.keepnetlabs.com/api/OutlookAddInV1/CreateAddInDiagnostic" />
<add key="IsProxyActive" value="false" />
<add key="CompanyId" value="324b6c74-9690-4068-96e5-d031495038EA" />
</appSettings>
</configuration>
19:05:31.8654|INFO|KeepnetPhishDiag.Logger|HostName:WIN-U476PGRNF1D|CompanyId:324b6c74-9690-4068-96e5-d031495038ba|Os:Microsoft Windows 7 Ultimate 64-bit Version (Build 7601)|OsLanguage:en-US|OutlookVersion:16.0.11901.20176|OutlookArchitecture:x64|IsOutlookRunning:True|OutlookLastStartupTime:10/28/2019 6:36:33 PM|IsAddInInstalled:True|AddInVersion:2.0.2.12|AddInLoadLoadBehaviorValue(HKLM):3|AddInBootTime:172|LastDisabledTime:|ThresholdTime:|TimeTaken:|DisableReason:
2019-10-28 19:05:31.8654|INFO|KeepnetPhishDiag.Logger|SId:S-1-5-21-840305792-373996970-2194471766-1000|LoadBehaviorValue:|IsAddInInDisabledItems:False|LogonName:test|Email:bob@keepnetlabs.com|EmailServiceName:MSEMS
