Aug 14
Explorer.exe Verbose Logging

If Explorer.exe is crashing and you are unable to identify the root cause, you can implement Explorer verbose logging by adding the following to the Windows registry. When explorer.exe crashes it will create a DMP file at C:\CrashDumps.

 

  1. Copy and paste the following in Notepad and save as a .reg file

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\explorer.exe]

    "DumpFolder"=hex(2):43,00,3a,00,5c,00,43,00,72,00,61,00,73,00,68,00,44,00,75,\

    00,6d,00,70,00,73,00,00,00

  2. Right-click the .reg file and select "Merge" to add to the registry
  3. Replicate the process to cause Explorer to crash and review the .dmp file located in the C:\CrashDumps folder.

 

You can use this information to debug the Explorer.exe crash(s) further.

 

Jun 01
Spirion Search API

Spirion provides an Application Programming Interface (API) that allows developers to create their own rules and definitions for finding personal information and sensitive data. This provides functionality to create logic to find a pattern of numbers or characters near certain other keywords if certain other keywords are not in a file.

File Modification

Download the SearchDLL folder and modify the SearchDLL.cpp file as appropriate.

  • This file is self-documenting and is only supported when building with Visual Studio 2015.
    • During testing – you will need to build the release version of your dll – only that will work with your application

Spirion Policy

Configure the following setting in a System Policy applied to the endpoint(s).

  • Initialization > Plugins > Enable to 1

 

File Placement

Place the compiled .dll in a subfolder of the folder where IdentityFinder.exe is installed.

  • The folder should be named "Plugins" or placed in a folder that the full path is defined in the following setting in a System Policy applied to the endpoint(s).
    • Initialization > Plugins > Path

 

On the Console's > Admin > Sensitive Data Types screen you select to Add then for the type select Search API.

​ ​

For results of this type to appear in the console, the custom data type dll must also exist on every Windows endpoint performing a search for results of this type. The following settings in a policy applied to an endpoint must be configured.

Initialization > Plugins > Enable
Initialization > Plugins > Path

The Search API Page is used to select the custom data types that allow a client to search for data unique to your environment. The custom data type is in the form of a dll that you provide.

May 31
Spirion Save Local Results File (Scheduled Tasks "Background")

When scanning using a Scheduled Task "Background" scan and you want to have a local encrypted file (.idf file) for those results saved to the client being scanned, use these settings.

  1. Remove from existing policy and value(s) set for the SaveKey within the Scheduled Task in the Web Console policies and update the client(s) policy.
    1. As you proceed through this policy be aware that this is not a single client specific process, this process is generating a unique key that can be used for all clients.
    2. During this process it will warn that your profile password will be saved in clear text, this will be removed as soon as the key has been generated. This password is used to salt the encryption key so it's not reversible.
  2. Use the following settings for the Policy.

  3. After running the Scheduled Task (Background) scan, results will be saved to the specified location you set in the policy.

 

May 30
Spirion Console Password Recovery

When you lose or forget your local password for the Spirion console, you can recover the password by running the following SQL on the backend SQL server to regain local access.

For the Console you can recover the password by running this SQL (replacing secret with your database password): 

SELECT CASE WHEN Encrypted = 1 THEN CONVERT(nvarchar(max), DECRYPTBYPASSPHRASE('secret', Value)) ELSE CONVERT(nvarchar(max), Value) END AS Value FROM GlobalSettings WHERE Name = 'Auth.AdminUserPassword'

 

When the SQL is run, you will be presented with the admin password so you can log into the console and reset the credentials.

May 29
How Spirion Search’s Exchange

Spirion uses the Exchange services page https://ExchangeLocation/ews/exchange.asmx page.

Among the many other data repositories that Spirion searches (Dropbox, Amazon Cloud Drive, Microsoft Office 365 "Exchange", Google Drive, Box Sync, etc.) this includes Exchange on-premise and off premise deployments.

Spirion uses a process to query an Exchange services page /ews/exchange.asmx that all Exchanges services sites provide out of the box. This Exchange page provides functionality to connect to and examine information for Exchange. More information about this Spirion integration is located at http://my.spirion.com/Help/EnterpriseConsole/index.htm#3392.htm?Highlight=exchange for the console.

To begin the Spirion search of a Exchange site verify that you are able to open the Exchange site that the list service is running, for example - https://outlook.office365.com/ews/exchange.asmx. The page service is always accessed by appending /ews/exchange.asmx to any root site.

Now that you can resolve the list data you can add this working URL to the Spirion console using these instructions - http://my.spirion.com/Help/EnterpriseConsole/index.htm#3392.htm?Highlight=exchange.

 

May 02
Spirion “Limit the number of "Local" sessions opened”

Spirion provides functioinality to limit the number of sessions used or that remain open after a file is accessed when searching for PII.  When an  application makes a local connection to authenticate (access file resources) it will create a session.  Under normal circumstances, all sessions are closed when a search is completed.  If an application exits unexpectedly then the session is orphaned.  The operating system should close these during its normal clean up process however its possible that sessions could remain open.

Spirion strives to mitigate any behavior that could cause undesirable behavior and has a policy option to control this behavior.  These are Policy Settings available in the Console:

The following policy changes will prevent the lingering NuanceLS sessions for the local scans.

Settings\Locations\Files\OCR\ErrorHandling (Set this to MaxLocationProcessTime "1")
Settings\Locations\Files\OCR\ErrorHandling (Set this to MaxShutdownWaitTime "5")
Settings\Locations\Files\OCR\Version (Set this to "Use legacy")

Apr 02
Spirion G Suite Overview

RESOURCES

CONNECTION TO GMAIL AND STORAGE

The connection to Google services for G Suite (GDrive/Gmail/Calendar) is done through the following process. This is connection process using he API for Spirion to Google - https://my.spirion.com/help/enterpriseconsole/index.htm#3594.htm?Highlight=google.  You must use the Google Admin Authorization account, this account cannot be an account that has user roles such as GDrive, etc.

 

STORAGE CONNECTION

E-MAIL CONNECTION

SEARCH

RESULTS

PREVIEW OF RESULTS

GOOGLE DRIVE FILES

When downloaded to the desktop you can view its Tag (Data Classification) using Windows Explorer.

GMAIL

 

 

When a file is sent through Gmail and saved to the desktop you can see both the icon overlay which depicts the data classification, by viewing the file properties (right click) tab, or by opening the file to view the classification which is displayed in the Ribbon or menu options.

Mar 25
Solar Power Potential

This is a very useful web map for solar power potential that Google has created - ​https://www.google.com/get/sunroof

Enjoy!

Mar 22
LDAP Targeting Specific Mail Stores

Most organizations use service accounts with access to specified groups of mailboxes to target searches, however in some conditions or as a backup an option you can use is the LDAP method. For example, you can use LDAP to return mailboxes in chunks (all As or Bs, etc).

Below is an example query -  this is placed in the LDAP box for the Exchange server entry.

<LDAP:/server.domain.com/OU=ou,DC=domain,DC=com>;(& (mail=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))) ));mail;subtree

Feb 26
Spirion- Connect to Salesforce

Spirion is capable of searching many database types such as Microsoft SQL Server, Oracle, MySQL, PostgreSQL, Sybase, DB2, and many others.  Included is the ability to search other backend systems such as Salesforce using the Progress Software ODBC driver to connect to the Salesforce backend data.

SFDC ODBC Driver Information:

https://www.cdata.com/odbc/
DataDirect Connect for ODBC (Windows) Installation Tutorial  
Quick Start Guide

ZenDesk - https://querysurge.zendesk.com/hc/en-us/articles/205766086-Configuring-Connections-Microsoft-Excel

1 - 10Next
Copyright © | CoryRetherford, LLC | Contact MeNetwork Storage and Security Solutions, LLC, Rights Reserved.®
TLS 1.2, AES with 256 bit encryption

 ‭(Hidden)‬ Blog Tools