Bu makalede, Microsoft Akıllı uygulama ağ geçidi (IAG) istemci bileşenleri yüklü olmayan bir bilgisayarda bir istemci tarafı izlemenin nasıl etkinleştirileceği açıklanır. Bu yordam, yalnızca sorun giderme için kullanılmalıdır.
Önemli Bu bölüm, yöntem veya görev kayıt defterini nasıl söyleyin adımları içerir. Ancak kayıt defterini hatalı olarak değiştirirseniz önemli sorunlar oluşabilir. Bu nedenle, bu adımları dikkatlice uyguladığınızdan emin olun. Ek koruma için, kayıt defterini değiştirmeden önce yedeklemeyi unutmayın. Bir sorun oluşursa kayıt defterini daha sonra geri yükleyebilirsiniz. Kayıt defterini yedekleme ve geri yükleme hakkında daha fazla bilgi için, Microsoft Bilgi Bankası'ndaki makaleyi görüntülemek üzere aşağıdaki makale numarasını tıklatın:
322756
(http://support.microsoft.com/kb/322756/
)
Windows'da kayıt defterini yedekleme ve geri yükleme
Istemci tarafı izlemeyi IAG istemci bileşenleri yüklü bir bilgisayarda etkinleştirmek için <a0></a0>, aşağıdaki adımları izleyin:
- Start Notepad, and then paste the following content in the new document.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom]
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging]
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\AWCleaner.exe]
"Enabled"=dword:00000001
"DebugOutput"=dword:00000001
"OutputPath"="%TEMP%"
"Count"=dword:00000001
"ForceFlush"=dword:00000000
"0000"=dword:00050004
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\AWCleaner.exe\Reporters]
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\AWCleaner.exe\Reporters\AW]
"ID"=dword:00000005
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\AWCleaner.exe\Reporters\ComponentsManager]
"ID"=dword:00000007
"ClassesCount"=dword:00000004
"0002"="ConfigXML"
"0000"="General"
"0003"="Service"
"0001"="SystemRestore"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\AWCleaner.exe\Reporters\EndpointDetection]
"ID"=dword:00000006
"ClassesCount"=dword:00000002
"0001"="DetectionScript"
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\AWCleaner.exe\Reporters\IPC]
"ID"=dword:00000002
"ClassesCount"=dword:00000003
"0000"="Client"
"0001"="Terminal Services"
"0002"="Utilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\AWCleaner.exe\Reporters\LSP]
"ID"=dword:00000003
"ClassesCount"=dword:0000000a
"0008"="Access Control"
"0004"="AsyncSelect"
"0005"="EventSelect"
"0000"="General"
"0001"="Overlapped"
"0009"="Passthru"
"0003"="SocketCreation"
"0007"="SocketsInfo"
"0006"="SOCKS"
"0002"="SPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\AWCleaner.exe\Reporters\NSP]
"ID"=dword:00000001
"ClassesCount"=dword:00000005
"0000"="General"
"0001"="Lookups"
"0002"="WSP"
"0003"="WSP Pipes"
"0004"="WSP ThreadPool"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\AWCleaner.exe\Reporters\RSASoftToken]
"ID"=dword:0000029a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\AWCleaner.exe\Reporters\Security]
"ID"=dword:00000009
"ClassesCount"=dword:00000001
"0000"="CheckSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\AWCleaner.exe\Reporters\SSLVPN]
"ID"=dword:00000004
"ClassesCount"=dword:00000003
"0000"="General"
"0002"="TunnelLifetime"
"0001"="XPSP2Check"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\AWCleaner.exe\Reporters\TCPDump]
"ID"=dword:00000008
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\AWCleaner.exe\Reporters\VistaUtils]
"ID"=dword:0000000a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Common]
"Enabled"=dword:00000001
"DebugOutput"=dword:00000001
"OutputPath"="%TEMP%"
"Count"=dword:00000012
"ForceFlush"=dword:00000000
"0000"=dword:00010004
"0001"=dword:00010013
"0002"=dword:00010024
"0003"=dword:00010034
"0004"=dword:00010042
"0005"=dword:00020004
"0006"=dword:00020011
"0007"=dword:00020024
"0008"=dword:00030004
"0009"=dword:00030014
"000a"=dword:00030024
"000b"=dword:00030034
"000c"=dword:00030044
"000d"=dword:00030054
"000e"=dword:00030064
"000f"=dword:00030071
"0010"=dword:00030084
"0011"=dword:00030094
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Common\Reporters]
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Common\Reporters\AW]
"ID"=dword:00000005
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Common\Reporters\ComponentsManager]
"ID"=dword:00000007
"ClassesCount"=dword:00000004
"0002"="ConfigXML"
"0000"="General"
"0003"="Service"
"0001"="SystemRestore"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Common\Reporters\EndpointDetection]
"ID"=dword:00000006
"ClassesCount"=dword:00000002
"0001"="DetectionScript"
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Common\Reporters\IPC]
"ID"=dword:00000002
"ClassesCount"=dword:00000003
"0000"="Client"
"0001"="Terminal Services"
"0002"="Utilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Common\Reporters\LSP]
"ID"=dword:00000003
"ClassesCount"=dword:0000000a
"0008"="Access Control"
"0004"="AsyncSelect"
"0005"="EventSelect"
"0000"="General"
"0001"="Overlapped"
"0009"="Passthru"
"0003"="SocketCreation"
"0007"="SocketsInfo"
"0006"="SOCKS"
"0002"="SPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Common\Reporters\NSP]
"ID"=dword:00000001
"ClassesCount"=dword:00000005
"0000"="General"
"0001"="Lookups"
"0002"="WSP"
"0003"="WSP Pipes"
"0004"="WSP ThreadPool"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Common\Reporters\RSASoftToken]
"ID"=dword:0000029a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Common\Reporters\Security]
"ID"=dword:00000009
"ClassesCount"=dword:00000001
"0000"="CheckSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Common\Reporters\SSLVPN]
"ID"=dword:00000004
"ClassesCount"=dword:00000003
"0000"="General"
"0002"="TunnelLifetime"
"0001"="XPSP2Check"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Common\Reporters\TCPDump]
"ID"=dword:00000008
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Common\Reporters\VistaUtils]
"ID"=dword:0000000a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\DMService.exe]
"Enabled"=dword:00000001
"DebugOutput"=dword:00000001
"OutputPath"="%TEMP%"
"Count"=dword:00000007
"ForceFlush"=dword:00000000
"0000"=dword:00070004
"0001"=dword:00070014
"0002"=dword:00070021
"0003"=dword:00070034
"0004"=dword:00090004
"0005"=dword:000a0004
"0006"=dword:029a0004
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\DMService.exe\Reporters]
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\DMService.exe\Reporters\AW]
"ID"=dword:00000005
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\DMService.exe\Reporters\ComponentsManager]
"ID"=dword:00000007
"ClassesCount"=dword:00000004
"0002"="ConfigXML"
"0000"="General"
"0003"="Service"
"0001"="SystemRestore"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\DMService.exe\Reporters\EndpointDetection]
"ID"=dword:00000006
"ClassesCount"=dword:00000002
"0001"="DetectionScript"
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\DMService.exe\Reporters\IPC]
"ID"=dword:00000002
"ClassesCount"=dword:00000003
"0000"="Client"
"0001"="Terminal Services"
"0002"="Utilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\DMService.exe\Reporters\LSP]
"ID"=dword:00000003
"ClassesCount"=dword:0000000a
"0008"="Access Control"
"0004"="AsyncSelect"
"0005"="EventSelect"
"0000"="General"
"0001"="Overlapped"
"0009"="Passthru"
"0003"="SocketCreation"
"0007"="SocketsInfo"
"0006"="SOCKS"
"0002"="SPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\DMService.exe\Reporters\NSP]
"ID"=dword:00000001
"ClassesCount"=dword:00000005
"0000"="General"
"0001"="Lookups"
"0002"="WSP"
"0003"="WSP Pipes"
"0004"="WSP ThreadPool"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\DMService.exe\Reporters\RSASoftToken]
"ID"=dword:0000029a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\DMService.exe\Reporters\Security]
"ID"=dword:00000009
"ClassesCount"=dword:00000001
"0000"="CheckSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\DMService.exe\Reporters\SSLVPN]
"ID"=dword:00000004
"ClassesCount"=dword:00000003
"0000"="General"
"0002"="TunnelLifetime"
"0001"="XPSP2Check"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\DMService.exe\Reporters\TCPDump]
"ID"=dword:00000008
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\DMService.exe\Reporters\VistaUtils]
"ID"=dword:0000000a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\IExplore.exe]
"Enabled"=dword:00000001
"DebugOutput"=dword:00000001
"OutputPath"="%TEMP%"
"Count"=dword:0000001b
"ForceFlush"=dword:00000000
"0000"=dword:00010004
"0001"=dword:00010013
"0002"=dword:00010024
"0003"=dword:00010034
"0004"=dword:00010042
"0005"=dword:00020004
"0006"=dword:00020011
"0007"=dword:00020024
"0008"=dword:00030004
"0009"=dword:00030014
"000a"=dword:00030024
"000b"=dword:00030034
"000c"=dword:00030044
"000d"=dword:00030054
"000e"=dword:00030064
"000f"=dword:00030071
"0010"=dword:00030084
"0011"=dword:00030094
"0012"=dword:00060004
"0013"=dword:00060014
"0014"=dword:00070004
"0015"=dword:00070014
"0016"=dword:00070021
"0017"=dword:00070034
"0018"=dword:00090004
"0019"=dword:000a0004
"001a"=dword:029a0004
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\IExplore.exe\Reporters]
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\IExplore.exe\Reporters\AW]
"ID"=dword:00000005
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\IExplore.exe\Reporters\ComponentsManager]
"ID"=dword:00000007
"ClassesCount"=dword:00000004
"0002"="ConfigXML"
"0000"="General"
"0003"="Service"
"0001"="SystemRestore"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\IExplore.exe\Reporters\EndpointDetection]
"ID"=dword:00000006
"ClassesCount"=dword:00000002
"0001"="DetectionScript"
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\IExplore.exe\Reporters\IPC]
"ID"=dword:00000002
"ClassesCount"=dword:00000003
"0000"="Client"
"0001"="Terminal Services"
"0002"="Utilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\IExplore.exe\Reporters\LSP]
"ID"=dword:00000003
"ClassesCount"=dword:0000000a
"0008"="Access Control"
"0004"="AsyncSelect"
"0005"="EventSelect"
"0000"="General"
"0001"="Overlapped"
"0009"="Passthru"
"0003"="SocketCreation"
"0007"="SocketsInfo"
"0006"="SOCKS"
"0002"="SPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\IExplore.exe\Reporters\NSP]
"ID"=dword:00000001
"ClassesCount"=dword:00000005
"0000"="General"
"0001"="Lookups"
"0002"="WSP"
"0003"="WSP Pipes"
"0004"="WSP ThreadPool"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\IExplore.exe\Reporters\RSASoftToken]
"ID"=dword:0000029a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\IExplore.exe\Reporters\Security]
"ID"=dword:00000009
"ClassesCount"=dword:00000001
"0000"="CheckSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\IExplore.exe\Reporters\SSLVPN]
"ID"=dword:00000004
"ClassesCount"=dword:00000003
"0000"="General"
"0002"="TunnelLifetime"
"0001"="XPSP2Check"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\IExplore.exe\Reporters\TCPDump]
"ID"=dword:00000008
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\IExplore.exe\Reporters\VistaUtils]
"ID"=dword:0000000a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\MSTSC.exe]
"Enabled"=dword:00000000
"DebugOutput"=dword:00000000
"OutputPath"="%TEMP%"
"Count"=dword:00000012
"ForceFlush"=dword:00000000
"0000"=dword:00010004
"0001"=dword:00010013
"0002"=dword:00010024
"0003"=dword:00010034
"0004"=dword:00010042
"0005"=dword:00020004
"0006"=dword:00020011
"0007"=dword:00020024
"0008"=dword:00030004
"0009"=dword:00030014
"000a"=dword:00030024
"000b"=dword:00030034
"000c"=dword:00030044
"000d"=dword:00030054
"000e"=dword:00030064
"000f"=dword:00030071
"0010"=dword:00030084
"0011"=dword:00030094
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\MSTSC.exe\Reporters]
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\MSTSC.exe\Reporters\AW]
"ID"=dword:00000005
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\MSTSC.exe\Reporters\ComponentsManager]
"ID"=dword:00000007
"ClassesCount"=dword:00000004
"0002"="ConfigXML"
"0000"="General"
"0003"="Service"
"0001"="SystemRestore"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\MSTSC.exe\Reporters\EndpointDetection]
"ID"=dword:00000006
"ClassesCount"=dword:00000002
"0001"="DetectionScript"
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\MSTSC.exe\Reporters\IPC]
"ID"=dword:00000002
"ClassesCount"=dword:00000003
"0000"="Client"
"0001"="Terminal Services"
"0002"="Utilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\MSTSC.exe\Reporters\LSP]
"ID"=dword:00000003
"ClassesCount"=dword:0000000a
"0008"="Access Control"
"0004"="AsyncSelect"
"0005"="EventSelect"
"0000"="General"
"0001"="Overlapped"
"0009"="Passthru"
"0003"="SocketCreation"
"0007"="SocketsInfo"
"0006"="SOCKS"
"0002"="SPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\MSTSC.exe\Reporters\NSP]
"ID"=dword:00000001
"ClassesCount"=dword:00000005
"0000"="General"
"0001"="Lookups"
"0002"="WSP"
"0003"="WSP Pipes"
"0004"="WSP ThreadPool"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\MSTSC.exe\Reporters\RSASoftToken]
"ID"=dword:0000029a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\MSTSC.exe\Reporters\Security]
"ID"=dword:00000009
"ClassesCount"=dword:00000001
"0000"="CheckSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\MSTSC.exe\Reporters\SSLVPN]
"ID"=dword:00000004
"ClassesCount"=dword:00000003
"0000"="General"
"0002"="TunnelLifetime"
"0001"="XPSP2Check"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\MSTSC.exe\Reporters\TCPDump]
"ID"=dword:00000008
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\MSTSC.exe\Reporters\VistaUtils]
"ID"=dword:0000000a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Outlook.exe]
"Enabled"=dword:00000000
"DebugOutput"=dword:00000000
"OutputPath"="%TEMP%"
"Count"=dword:00000012
"ForceFlush"=dword:00000000
"0000"=dword:00010004
"0001"=dword:00010013
"0002"=dword:00010024
"0003"=dword:00010034
"0004"=dword:00010042
"0005"=dword:00020004
"0006"=dword:00020011
"0007"=dword:00020024
"0008"=dword:00030004
"0009"=dword:00030014
"000a"=dword:00030024
"000b"=dword:00030034
"000c"=dword:00030044
"000d"=dword:00030054
"000e"=dword:00030064
"000f"=dword:00030071
"0010"=dword:00030084
"0011"=dword:00030094
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Outlook.exe\Reporters]
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Outlook.exe\Reporters\AW]
"ID"=dword:00000005
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Outlook.exe\Reporters\ComponentsManager]
"ID"=dword:00000007
"ClassesCount"=dword:00000004
"0002"="ConfigXML"
"0000"="General"
"0003"="Service"
"0001"="SystemRestore"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Outlook.exe\Reporters\EndpointDetection]
"ID"=dword:00000006
"ClassesCount"=dword:00000002
"0001"="DetectionScript"
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Outlook.exe\Reporters\IPC]
"ID"=dword:00000002
"ClassesCount"=dword:00000003
"0000"="Client"
"0001"="Terminal Services"
"0002"="Utilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Outlook.exe\Reporters\LSP]
"ID"=dword:00000003
"ClassesCount"=dword:0000000a
"0008"="Access Control"
"0004"="AsyncSelect"
"0005"="EventSelect"
"0000"="General"
"0001"="Overlapped"
"0009"="Passthru"
"0003"="SocketCreation"
"0007"="SocketsInfo"
"0006"="SOCKS"
"0002"="SPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Outlook.exe\Reporters\NSP]
"ID"=dword:00000001
"ClassesCount"=dword:00000005
"0000"="General"
"0001"="Lookups"
"0002"="WSP"
"0003"="WSP Pipes"
"0004"="WSP ThreadPool"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Outlook.exe\Reporters\RSASoftToken]
"ID"=dword:0000029a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Outlook.exe\Reporters\Security]
"ID"=dword:00000009
"ClassesCount"=dword:00000001
"0000"="CheckSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Outlook.exe\Reporters\SSLVPN]
"ID"=dword:00000004
"ClassesCount"=dword:00000003
"0000"="General"
"0002"="TunnelLifetime"
"0001"="XPSP2Check"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Outlook.exe\Reporters\TCPDump]
"ID"=dword:00000008
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\Outlook.exe\Reporters\VistaUtils]
"ID"=dword:0000000a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\rundll32.exe]
"Enabled"=dword:00000001
"DebugOutput"=dword:00000001
"OutputPath"="%TEMP%"
"Count"=dword:00000019
"ForceFlush"=dword:00000000
"0000"=dword:00010004
"0001"=dword:00010013
"0002"=dword:00010024
"0003"=dword:00010034
"0004"=dword:00010042
"0005"=dword:00020004
"0006"=dword:00020011
"0007"=dword:00020024
"0008"=dword:00030004
"0009"=dword:00030014
"000a"=dword:00030024
"000b"=dword:00030034
"000c"=dword:00030044
"000d"=dword:00030054
"000e"=dword:00030064
"000f"=dword:00030071
"0010"=dword:00030084
"0011"=dword:00030094
"0012"=dword:00060004
"0013"=dword:00060014
"0014"=dword:00070004
"0015"=dword:00070014
"0016"=dword:00070021
"0017"=dword:00070034
"0018"=dword:000a0004
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\rundll32.exe\Reporters]
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\rundll32.exe\Reporters\AW]
"ID"=dword:00000005
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\rundll32.exe\Reporters\ComponentsManager]
"ID"=dword:00000007
"ClassesCount"=dword:00000004
"0002"="ConfigXML"
"0000"="General"
"0003"="Service"
"0001"="SystemRestore"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\rundll32.exe\Reporters\EndpointDetection]
"ID"=dword:00000006
"ClassesCount"=dword:00000002
"0001"="DetectionScript"
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\rundll32.exe\Reporters\IPC]
"ID"=dword:00000002
"ClassesCount"=dword:00000003
"0000"="Client"
"0001"="Terminal Services"
"0002"="Utilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\rundll32.exe\Reporters\LSP]
"ID"=dword:00000003
"ClassesCount"=dword:0000000a
"0008"="Access Control"
"0004"="AsyncSelect"
"0005"="EventSelect"
"0000"="General"
"0001"="Overlapped"
"0009"="Passthru"
"0003"="SocketCreation"
"0007"="SocketsInfo"
"0006"="SOCKS"
"0002"="SPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\rundll32.exe\Reporters\NSP]
"ID"=dword:00000001
"ClassesCount"=dword:00000005
"0000"="General"
"0001"="Lookups"
"0002"="WSP"
"0003"="WSP Pipes"
"0004"="WSP ThreadPool"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\rundll32.exe\Reporters\RSASoftToken]
"ID"=dword:0000029a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\rundll32.exe\Reporters\Security]
"ID"=dword:00000009
"ClassesCount"=dword:00000001
"0000"="CheckSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\rundll32.exe\Reporters\SSLVPN]
"ID"=dword:00000004
"ClassesCount"=dword:00000003
"0000"="General"
"0002"="TunnelLifetime"
"0001"="XPSP2Check"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\rundll32.exe\Reporters\TCPDump]
"ID"=dword:00000008
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\rundll32.exe\Reporters\VistaUtils]
"ID"=dword:0000000a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\SFHlprUtil.exe]
"Enabled"=dword:00000000
"DebugOutput"=dword:00000000
"OutputPath"="%TEMP%"
"Count"=dword:00000001
"ForceFlush"=dword:00000000
"0000"=dword:00090004
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\SFHlprUtil.exe\Reporters]
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\SFHlprUtil.exe\Reporters\AW]
"ID"=dword:00000005
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\SFHlprUtil.exe\Reporters\ComponentsManager]
"ID"=dword:00000007
"ClassesCount"=dword:00000004
"0002"="ConfigXML"
"0000"="General"
"0003"="Service"
"0001"="SystemRestore"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\SFHlprUtil.exe\Reporters\EndpointDetection]
"ID"=dword:00000006
"ClassesCount"=dword:00000002
"0001"="DetectionScript"
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\SFHlprUtil.exe\Reporters\IPC]
"ID"=dword:00000002
"ClassesCount"=dword:00000003
"0000"="Client"
"0001"="Terminal Services"
"0002"="Utilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\SFHlprUtil.exe\Reporters\LSP]
"ID"=dword:00000003
"ClassesCount"=dword:0000000a
"0008"="Access Control"
"0004"="AsyncSelect"
"0005"="EventSelect"
"0000"="General"
"0001"="Overlapped"
"0009"="Passthru"
"0003"="SocketCreation"
"0007"="SocketsInfo"
"0006"="SOCKS"
"0002"="SPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\SFHlprUtil.exe\Reporters\NSP]
"ID"=dword:00000001
"ClassesCount"=dword:00000005
"0000"="General"
"0001"="Lookups"
"0002"="WSP"
"0003"="WSP Pipes"
"0004"="WSP ThreadPool"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\SFHlprUtil.exe\Reporters\RSASoftToken]
"ID"=dword:0000029a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\SFHlprUtil.exe\Reporters\Security]
"ID"=dword:00000009
"ClassesCount"=dword:00000001
"0000"="CheckSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\SFHlprUtil.exe\Reporters\SSLVPN]
"ID"=dword:00000004
"ClassesCount"=dword:00000003
"0000"="General"
"0002"="TunnelLifetime"
"0001"="XPSP2Check"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\SFHlprUtil.exe\Reporters\TCPDump]
"ID"=dword:00000008
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\SFHlprUtil.exe\Reporters\VistaUtils]
"ID"=dword:0000000a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlCach3.exe]
"Enabled"=dword:00000001
"DebugOutput"=dword:00000001
"OutputPath"="%TEMP%"
"Count"=dword:00000001
"ForceFlush"=dword:00000000
"0000"=dword:00050004
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlCach3.exe\Reporters]
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlCach3.exe\Reporters\AW]
"ID"=dword:00000005
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlCach3.exe\Reporters\ComponentsManager]
"ID"=dword:00000007
"ClassesCount"=dword:00000004
"0002"="ConfigXML"
"0000"="General"
"0003"="Service"
"0001"="SystemRestore"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlCach3.exe\Reporters\EndpointDetection]
"ID"=dword:00000006
"ClassesCount"=dword:00000002
"0001"="DetectionScript"
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlCach3.exe\Reporters\IPC]
"ID"=dword:00000002
"ClassesCount"=dword:00000003
"0000"="Client"
"0001"="Terminal Services"
"0002"="Utilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlCach3.exe\Reporters\LSP]
"ID"=dword:00000003
"ClassesCount"=dword:0000000a
"0008"="Access Control"
"0004"="AsyncSelect"
"0005"="EventSelect"
"0000"="General"
"0001"="Overlapped"
"0009"="Passthru"
"0003"="SocketCreation"
"0007"="SocketsInfo"
"0006"="SOCKS"
"0002"="SPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlCach3.exe\Reporters\NSP]
"ID"=dword:00000001
"ClassesCount"=dword:00000005
"0000"="General"
"0001"="Lookups"
"0002"="WSP"
"0003"="WSP Pipes"
"0004"="WSP ThreadPool"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlCach3.exe\Reporters\RSASoftToken]
"ID"=dword:0000029a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlCach3.exe\Reporters\Security]
"ID"=dword:00000009
"ClassesCount"=dword:00000001
"0000"="CheckSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlCach3.exe\Reporters\SSLVPN]
"ID"=dword:00000004
"ClassesCount"=dword:00000003
"0000"="General"
"0002"="TunnelLifetime"
"0001"="XPSP2Check"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlCach3.exe\Reporters\TCPDump]
"ID"=dword:00000008
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlCach3.exe\Reporters\VistaUtils]
"ID"=dword:0000000a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlClnt3.exe]
"Enabled"=dword:00000001
"DebugOutput"=dword:00000001
"OutputPath"="%TEMP%"
"Count"=dword:00000005
"ForceFlush"=dword:00000000
"0000"=dword:00040004
"0001"=dword:00040012
"0002"=dword:00040021
"0003"=dword:00080004
"0004"=dword:00090004
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlClnt3.exe\Reporters]
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlClnt3.exe\Reporters\AW]
"ID"=dword:00000005
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlClnt3.exe\Reporters\ComponentsManager]
"ID"=dword:00000007
"ClassesCount"=dword:00000004
"0002"="ConfigXML"
"0000"="General"
"0003"="Service"
"0001"="SystemRestore"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlClnt3.exe\Reporters\EndpointDetection]
"ID"=dword:00000006
"ClassesCount"=dword:00000002
"0001"="DetectionScript"
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlClnt3.exe\Reporters\IPC]
"ID"=dword:00000002
"ClassesCount"=dword:00000003
"0000"="Client"
"0001"="Terminal Services"
"0002"="Utilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlClnt3.exe\Reporters\LSP]
"ID"=dword:00000003
"ClassesCount"=dword:0000000a
"0008"="Access Control"
"0004"="AsyncSelect"
"0005"="EventSelect"
"0000"="General"
"0001"="Overlapped"
"0009"="Passthru"
"0003"="SocketCreation"
"0007"="SocketsInfo"
"0006"="SOCKS"
"0002"="SPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlClnt3.exe\Reporters\NSP]
"ID"=dword:00000001
"ClassesCount"=dword:00000005
"0000"="General"
"0001"="Lookups"
"0002"="WSP"
"0003"="WSP Pipes"
"0004"="WSP ThreadPool"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlClnt3.exe\Reporters\RSASoftToken]
"ID"=dword:0000029a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlClnt3.exe\Reporters\Security]
"ID"=dword:00000009
"ClassesCount"=dword:00000001
"0000"="CheckSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlClnt3.exe\Reporters\SSLVPN]
"ID"=dword:00000004
"ClassesCount"=dword:00000003
"0000"="General"
"0002"="TunnelLifetime"
"0001"="XPSP2Check"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlClnt3.exe\Reporters\TCPDump]
"ID"=dword:00000008
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\Logging\WhlClnt3.exe\Reporters\VistaUtils]
"ID"=dword:0000000a
"ClassesCount"=dword:00000001
"0000"="General"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\Client\SSLWrapper]
- Dosyayı bir .reg dosyası olarak kaydedin ve dosyayı çalıştırmak için çift tıklatın.
- Internet Explorer'ı açın ve sonra günlükleri toplamak istediğiniz IAG Web sitesine gider.
- Istendiğinde, IAG istemci bileşenlerini yükleyin.
- Yükleme tamamlandıktan sonra IAG portala oturum açın.
NotAğ Bağlayıcısı'nı kullanıyorsanız, bu uygulamaları , çalıştırmak veya herhangi bir Güvenli Yuva Katmanı (SSL) sanal özel ağ (VPN) uygulama kullanıyorsanız veya <a0>ağ bileşen karşıdan yükleme ve yükleme işlemini tamamlamak için Bağlayıcısı'nı çalıştırın. - Yine de yazılan tüm günlük dosyalarını açmak için ınternet Explorer'? kapat?n.
Bu adımları tamamladıktan sonra günlük dosyaları geçerli kullanıcının geçici dizini oluşturulur. Bu dosyalar, çeşitli konumlarda depolanır. Kolayca toplamak için aşağıdaki adımları izleyin:
- Not Defteri'ni başlatın ve aşağıdaki içeriği yeni belgeye yapıştırın.
xcopy /y %temp%\*.csv %temp%\datacollection\user_temp\
xcopy /y %windir%\temp\*.csv %temp%\datacollection\win_temp\
xcopy /y <drive>:\temp\*.csv %temp%\datacollection\c_temp\
xcopy /y %temp%\low\*.csv %temp%\datacollection\temp_low\
xcopy /y %temp%\low\low\*.csv %temp%\datacollection\temp_lowlow\
xcopy /y "%programfiles%\Whale Communications\Client Components\3.1.0\*.log" %temp%\datacollection\NC\
- Dosyayı bir .bat dosyası olarak kaydedin ve dosyayı çalıştırmak için çift tıklatın.
Bu adımları tamamladıktan sonra günlük dosyaları, çeşitli konumlardan toplanır ve bunlar %temp%\Datacollection klasöre yerleştirilir.
Windows Live
Facebook
Twitter
Linkedin
Digg it
Yahoo
Delicious
StumbleUpon
Yammer
Reddit
Technorati
FriendFeed
Email
Otomatik Tercüme
Üste
