v8.01 (build: Jan 4 2020)

Network driver

Network driver is used to intercept and control network traffic at low level.
If you turn off, there will be no interception of network data.
By default (implicitly) for interception added processes of popular web-browsers, mail clients, Skype, as well as standard ports of supported protocols (SMTP,POP3,HTTP(S),FTP(S)). In addition you can add non-standard TCP-ports (for example, proxy), and also exclude some ports. Similarly, with the processes for which monitoring is carried out. All the data must be specified in comma-separated list.

Unlike programs (processes) launched by the user, the network driver intercepts traffic from all services (this is made to support the interception when using some antiviruses), but there are situations when some services need to be added to exceptions list. In the exclude services list you need to specify exe-file of such services (not service name!). Masks also allowed. For example, *.* prohibits traffic monitoring from all services.

The option of blocking the QUIC protocol is recommended to use for correct interception of data in Google-services.

It is important to note that to intercept encrypted (SSL) traffic, program set the root certificate named in the system. At the same time, some programs use their own root certificate databases, so they can issue a warning.
For example, the Yandex browser (process browser.exe) issues a warning in any case.
For the most browsers and e-mail clients, there will be no warnings if the client was installed when the windows of these applications were closed. Otherwise, you need to restart the client machine, or LogOff the session, or add the certificate to the trusted in the application itself (using warning window).

In exceptions list you can add hosts names or IP addresses for which the network driver will not be used. Typically, this can be done for sites that are sensitive to SSL certificate replacement.
Every exception in the list should start with a new line.
You can specify DNS-name (masks "*" and "?" are allowed), exact IP address (IPv4/IPv6), address with masks, as well as address ranges (only IPv4).
Examples:
134.17.23.*
192.168.1.15-192.168.1.20
10.10.1.5
*.dep.domain.com

It's important to note that to intercept visited URLs in browsers for reports, the network driver is not used!

In the old OS - Windows XP and Windows 7 (without Windows Update) the driver will not work!

Attention when using antivirus software! Very rarely there is a conflict situation, when network traffic is blocked immediately after installing the client, in this case you need to reboot machine. If you are using remote installation on a group of machines, you can first enable the "Activate the driver only after reboot" option, in this case the conflict will be excluded, but interception will start only after the client machines will restarted!

The option "Always use WFP-driver" can be enabled only for client machines with OS Windows7/8 and only if there are conflicts present in some third-party software with TDI-drivers. Currently such conflict has been detected only for Lotus Notes Sametime chat. After enabling the option and applying the settings, you must perform two reboots of the client machine to activate it!

© Mirobase