Diagnostic Tool

What is a Diagnostic Tool?

In a standard Windows, the MS Outlook service does not offer support for monitoring and reporting the functionality of the add-ins installed on it. This service has been developed in order to monitor and report whether Keepnet Outlook add-in functions properly or not.

Using this service, system administrators will be aware of the potential errors related to the Keepnet Outlook Phishing Reporter add-in and are able to take action.

The service periodically retrieves certain information from the client computer and transmits it to the Keepnet server set on the client's own network (if the on-premise version is used) or to the dashboard.keepnetlabs.com server (if cloud version is used).

In the light of this information, it is ensured that the system administrator monitors the Outlook add-in and makes improvements.

Installation Requirements

Keepnet outlook monitoring service requires from the client the minimum following features for a healthy operation:

The monitoring service must be installed and run with administrator rights.
‌There are no time intervals for the application to run by default. It is recommended to scheduling it to run every 60 minutes in accordance with the corporate policy.
‌If the Keepnet is used on-premise, in order to send the report, the application must have access to http(s)://yourkeepnetserver /.
‌The .NET Framework 4.5.2 or later must be installed.

Supported Operating Systems

Keepnet Outlook add-in monitoring service supports a minimum of 32 and 64 bit all Windows 7 and above operating systems for client computers.

Installation Types

Phish Diag supports installation in two different ways. Normal Installation is the direct installation on a computer, while Silent Installation is the type that is installation is made on hundreds of thousands of systems using centralized software distribution tools.

Normal Installation

This section describes the installation of the Phish Diag service. You can get your Phish Diag service by contacting support@keepnetlabs.com.

After downloading the application, you can start the installation process by double-clicking on exe file and clicking the Next button.
Continue with the default settings by clicking Next.
Click Next to allow installation.
In the last step, approve the installation by clicking on Yes.
Now, the Phish Diag service has been successfully installed on your computer.

Silent Installation

For silent installation and removal, the following commands are available.

Silent installation process

C:\Windows\System32\msiExec.exe -i "KeepnetPhishDiagInstaller.msi" /QN /norestart

Silent removal

C:\Windows\System32\msiExec.exe -x "KeepnetPhishDiagInstaller.msi" /QN /norestart

Product Guid to detection

get-wmiobject Win32_Product | Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize

Silent removal with Product Guid

C:\Windows\System32\msiExec.exe -x {product-guid} /QN /norestart

Understanding Configuration Options

After the application is installed, the configuration file path is C:\Program Files (x86)\Keepnet Labs\KeepnetLabs Phishing Reporter Diagnostic Service\KeepnetPhishDiag.exe.config

Sample configuration file

<?xml version="1.0" encoding="utf-8" ?>

<supportedRuntime version="v4.0" sku=".NETFramework, Version=v4.5.2" /> </startup> <appSettings> <add key="KeepnetApiUrl"

value="https://dashboard.keepnetlabs.com/api/OutlookAddInV1/CreateAddInDiagnostic" />

</appSettings>

</configuration>

The configuration file contains the address to which the application sends information, the company ID, and the options to enable proxy support if required for communication.

Understanding the Log File

The logs for the application are located on each user computer on which the application is installed in the C:\Program Files (x86)\Keepnet Labs\KeepnetLabs Phishing Reporter Diagnostic Service\Log.txt.

Sample output,

Post-Installation Review

The Phish Diag (add-in monitoring service) has been successfully installed, operated and can communicate with the keepnet portal (cloud or on-premise) to help you obtain status information in the following 6 different scenarios.

Scenario 1: Monitoring the Situations where Add-in is not installed

If Phishing Reporter Outlook Desktop add-in is not installed on a user's computer, it is reported as “Not Installed".

Scenario 2: Which Users Add-in Installed and Active

If Phishing Reporter Outlook Desktop add-in is installed on a user's computer, running and communicating with the Keepnet portal, it is reported as “Online".

Scenario 3: Add-in Disabled

If the Phishing Reporter Outlook Desktop add-in is installed but disabled, it will be reported as "Disabled".

Scenario 4: Inactive Add-ins

If the Phishing Reporter Outlook Desktop add-in is installed but disabled by the user, it appears in the list of inactive add-ins and is reported as “Deactivated" in the Keepnet portal.

Scenario 5: Outlook is Offline

If the Phishing Reporter has successfully installed the Outlook Desktop add-in, but the Outlook Desktop application is closed, then the user will appear as “Offline".

Scenario 6: Disabling or Deleting User Accounts

When a Windows user account in Active Directory is disabled or deleted, it is reported as "User Unavailable" because the user is no longer in Active Directory.

Downloading the User List

By downloading the entire user list as an Excel report, you can perform various filtering and reporting operations. When you click on the “Download Excel Report” button, the report will be ready to download.

Like in the screenshot below, the report will be ready to be downloaded.

When you download the report, the report contains all the details as follows.

Creating a Scheduled Report

You can receive Excel reports by email at certain times. For this, click on the Schedule Report button, type in the email addresses you want to send your scheduled report and determine how often it will be sent.

The email will look like this.

PreviousREST API for SSO Authentication NextFAQ

Last updated 3 months ago