français Deutsch 日本語

SurveilStar -- Flexible Monitoring Policies

SurveilStar provides administrators with 14 flexible monitoring policies, including basic policy, device policy, application policy, web policy, screen snapshot policy, logging policy, system alert policy, bandwidth policy, network policy, email policy, IM file policy, etc.    

SurveilStar, a powerful employee monitoring software solution, is used to monitor employees, increase productivity, prevent data leakage, and reduces IT management workload for organizations of all sizes.

SurveilStar employee monitoring software provides you with 14 comprehensive and flexible monitoring policies. Such control policies can be optionally selected and packed according to different management requirements to meet different employee monitoring needs and effectively regulate the employees' computer activity.

SurveilStar Employee Monitoring Policies

A Monitoring Policy dictates when a PC/Internet activity is detected, what kind of action should be automatically taken against that activity. Control policy can be applied to the whole network, a certain group, or a selected computer/user.

The adoption of the monitoring policy is similar to that of the firewall's policy approach. Each group of policy can be a combination of multiple policies, matching according to the precedence relationship, and executing based on the priority match; meanwhile, each object will automatically inherit the parent's policy. Administrators can set the entire network policy, group policy, computer policy and user policy in sequence.

User Policy > Computer Policy > Group Policy > Whole Network Policy

High priority < ------------------------------ > Low priority

You can assign any of the following policies to any employees, computers, specified computer group, or even the whole network:

Basic Policy

Administrator can regulate the computer network operation privileges, restrict the client machine from minifying any computer system settings, prevent malicious or unintentional damage, and enhance the use of computer security by setting the basic policy.

To carry out basic policy, you can modify the registry value. The basic policy, a policy to maintain a state, not a real-time triggered-policy, is different from application policy and other monitoring policies. Thereof, the performing of modify, delete, and other actions are distinctive.

Basic policy supports control over: Control Panel, Computer Management, System, Network, IP/MAC binding, ActiveX, Others.

Available Basic Policy Control Description
Control Panel Control Panel, Modify Display Properties, Add printers, Delete printers, Fast switching user in XP
Computer Management Device manager, Disk management, Local users and groups, Service management, Other computer managements
System Task Manager, Regedit, CMD, Run application in the "Run" of registry, Run application in the "RunOnce" of registry
Network Modify network property, Display "My Network Places", Default netshare, Netshare, Add netshares
IP/MAC binding Change IP/MAC Property
ActiveX Chat ActiveX, Media ActiveX, Game ActiveX, FLASH ActiveX
Others PrintScreen keystroke, System restore, Windows Automatic Updates


Go to the top of this page

Device Policy

Device policy aims to control various computer-related devices, regulate the use of storage devices and communication devices, prevent confidential data leakage via external devices, and enhance corporate governance norms and security.

Device policy supports monitoring devices including storage device, communication device, USB device, dial-up device, burning device, network device, etc. What IT administrators have to do is to set control policies for specified devices and the policies will be automatically distributed to the agent computer immediately and then executed instantly. All triggered events are logged and IT administrators can trace the details through the console easily. [Read more...]

Application Policy

Application policy aims to control and monitor application usage. Application control can help administrators to prohibit their staff from using their own software such as BT, chatting, online gaming software and other unwanted applications.

Application policy not only helps to limit the usage of inappropriate and non-work related applications, but also helps administrator to simplify the task of determining which applications are traversing the network, who is using them, the potential security risk and then easily determine the appropriate response. Armed with these data points, administrators can apply policies with a range of responses that are more fine-grained than allow or deny. [Read more...]

Web Policy

Web policy can effectively control employees' access to web pages, and prohibit access to non-work related Web sites or malicious sites, so as to improve efficiency, and protect the internal network security.

Administrators can set a policy to block individual website; or establish a website class under "Tools -> Classes Management -> Websites", and then tell SurveilStar to block the specific website class. Website name can be the full URL, or contain wildcards, such as: "*.", "* mail *","* game *","*. com / mail / *" and so on. [Read more...]

Go to the top of this page

Screen Snapshot Policy

Screen snapshot policy allows administratot to capture and playback screen activities to completely review all the operations on the employees' computer. Due to the large amount of data, the system doesn't record screen snapshots by default. The administrator can set screen snapshot policies based on actual needs. [Read more...]

Screen snapshot policy properties include:

Property Name Description
Application Specify the application name you need to take snapshots; default is <All>; specify the applications you are most concerned about.
Interval The default interval time for capturing screen snapshot is 15 seconds. That means SurveilStar will take one snapshot every 15 seconds. The valid interval time range is 1s to 999s.

The important distinction between SurveilStar and other screen shot software is that, while generally good, does so at timed intervals or in an "always on" mode, which means more data to sift through. In contrast, SurveilStar can be used to just to capture the need-to-know items and bring them to your attention.

Go to the top of this page

Logging Policy

All logs on the client machines are recorded by default, except the Window Title Change logs. In some enterprise, not all logs are neccessary to record, e.g. dial-up logs, IM logs, etc. So, the administrator will need to decide what logs should be recorded and set appropriate logging policy.

System has a default policy, that is, all other logs are recorded by default except the window title change logs.

Example: If you don't want to record application logs, simply add a new logging policy, select "Not Record" mode, uncheck Application property, and then save and apply the policy.

Logging Policy Properties

Logging Policy

Go to the top of this page

Remote Control Policy

By setting the remote control policy, administrator can decide whether or not to allow remote control to the client machine.

Remote control has two types: Remote Control and Remote File Transfer. Select any of these two types, then you can proceed with the following properties:

Property Name Description
Authorization is required This property is valid only when the policy mode is set to [Allow]. Check this option, you can take remote control only with user authorization; uncheck this option, you can take remote control with user authorization or password authorization.
Manager Name Control managers which has the right to logon SurveilStar Console. e.g. You can restrict some managers from taking remote control over specified client machines.
Console IP Address Control computer IP address range where the Console is located. e.g. Restrict all computers within an IP range from logging on SurveilStar Console to use the remote control function. If you enter, or nothing, or an invalid IP range, SurveilStar will regard it as ALL IP address, and display it as <All>
Console Name Control the Console logon computer names.

Manager name, Console IP address and Console Name support semicolon ";" or comma "," as separator, so you can specify multiple inputs at the same time.

Go to the top of this page

System Alert Policy

System alert policy aims to notify administrators in real-time when computer hardware and software assets are changed, when removable storage devices or communications devices are plugged in or removed, when system information is changed, as well as when system information is changed. This function helps administrators to detect changes in time, and make response to increase the maintainability of the computer LAN.

System alert policy supports alerting items include: Hardware change, Plug in/out, Plug in/out Storage Device, Plug in/out Communication Device, Software changes, System service change, System item change, System time change, Computer name change, and Network Configuration Change.

System alert contents include alert types and specific description information, which can help administrators to quickly locate the problem and handle it better.

Go to the top of this page

Bandwidth Policy

Bandwidth control policy aims to limit and control clients' bandwidth usage in order to avoid network congestion caused by improper use of network resources, such as such as way of using Peer-to Peer and FTP download. With appropriate control at specified times, directions, network address and ports, bandwidth can be allocated to each computer specifically, and administrators can increase workflow efficiency.

Band with control policy is only valid for computer not for user. Band with control policy properties include:

Property Name Description
IP Range Specify the other part's IP address range. The default IP range is <All>. Administrators can add it one by one manually, or specify a category in the Network Address Classes. The specified IP class is displayed as {...}.
Port Range Port range used in communication. The default port range is <All>, including TCP:0-65535;UDP:0-65535;ICMP. Administrator can manually add port or port range, or specify a category in the Network Port Classes. The specified port class is displayed as {...}.
Custom ports must be preceded by "TCP:" or "UDP:" in order to distinguish TCP ports and UDP ports. Otherwise, UDP ports will also be regarded as TCP ports.
Direction Network traffic directions in the communication process. From client's computer to the other computer is the Traffic(Send); on the contrary, that is Traffic(Receive). Traffic(Receive) + Traffic(Send) = Total Traffic
Limited Speed (<=KB/s) Set flow limits. The unit is KB / s. This property is not available when "Unlimited Traffic" mode is selected.

What IT administrators have to do is to set control policies for specified devices and the policies will be automatically distributed to the agent computer immediately and then executed instantly. All triggered events are logged and IT administrators can trace the details through the console easily.

Go to the top of this page

Network Policy

Network policy aims to control and monitor network communications, as well as prevent unauthorized external computers from accessing internal network in order to keep away from intrusion and virus attack.

Network control policy is only valid for computer not for user. Network policy properties include: Direction, Port Range, IP Range, Remote host has agent installed, Belong to the same group, Belong to selected group(s), Group of Agent, and Include subgroup.

In practice, the network control policies and access detection policy can be used in combination to prevent outside computers from communicating with the internal computer.

As to the remote host which has agent install, administrator can specify network polity to allow computer communications within the enterprise only, so that external computer cannot access the agent computer which has applied such network policy. [Read more...]

Go to the top of this page

Email Policy

Email policy aims to help system administrator to control outgoing emails and record all emails with attachments including SMTP/POP3 email, Exchange email, webmail, and Lotus Notes email.

Please note that incoming emails cannot be controlled, even though they can be recorded. Besides, Lotus emails and web-based emails such as such as Hotmail, Yahoo! Mail, Gmail, and AOL Mail currently cannot be controlled. [Read more...]

Email control policy is only valid for computer not for user. Email policy properties include:

Property Name Description
From (Sender) Control the sender's email address. Support wildcards, and multiple inputs with "," or ";" as separator.
To (Recipient) Control recipient's email address. The recipient includes CC and BCC email addresses. Input rules are the same as "From".
Subject Control the email subject. Input rules are the same as "From".
Has Attachment Control email that has attachment(s).
Attachment Check "Has Attachment" property, then you can enter the attachment name here and control specified attachment. Input rules are the same as "From".
Email Size(>=KB) Control outging email size. The default is "0", that is all. Enter a specified value, then the email size which is greater than or equal to the specified value will under control.

Go to the top of this page

IM File Policy

IM file policy aims to control outgoing files which are transferred through IM applications so as to prevent information leakage via this channel. Also, the IM conversation contents can be logged and saved for your review in the future days.

IM file policy supports over ten popular IM applications which are MSN Messenger, Skype, ICQ, Yahoo! Messenger, Lotus Sametime, Tecent QQ, etc. [Read more...]

IM File Policy Properties

Property Name Description
File Name Set IM transferred file name. Support wildcard. Use a semi-colon (;) as well as a comma (,) to separate file names.
Limited Size(>=KB) Prohibit sending a file which is larger than the limited size. Only when the mode is set to "Block", this property is available. This value ranges from 0 to 100000 KB.
Backup Decide whether to back up specified transferred file. Backup files can be retrieved under "Events Log -> Document -> Document Operation Logs".
Minimum Size(>=KB) Maximum Size(<=KB) If Backup property is selected, then the backup file size range can be specified here. Specify a minimum size and maximum size respectively, then the system will automatically backup the files within the range.

Go to the top of this page

Document Policy

Document policy aims to control all document actions in different types of storage media such as local hard disk, CD-ROM, Floppy, network drive and removable drive.

IT administrator can set different document policies targeting on different types of disks to control the file operations such as read, modify and delete. Therefore, document security can be ensured and the intellectual property can be protected. [Read more...]

Document Policy Properties

Property Name Description
Operation Type Operation Type includes Read, Modify and Delete. Allow modify will be able to read, and allow delete will be able to read and modify.
Disk Type Disk Type includes Fixed, Floppy, Cdrom, Removable, Network, and Unknown. The default is for <All> disk types, so you have to select at least a disk type, otherwise the system will automatically take it for all.
File Name Specify the control file name which can contain the file path, e.g. C:\surveilstar\*, then the policy will apply to all files in the surveilstar folder. Support wildcard. Use a semi-colon (;) as well as a comma (,) to separate file names.
Backup before modify Backup modified files. It will only back up source file before modify to prevent important documents being malicious or unintentional modified.
Backup when copy/cut to/from Backup document when it's being copied / moved to/from the specified drive. Help administrator to check whether the user is trying to copy / move the important files to/from the illegal disk type.
Backup before delete Backup files before delete to avoid loss caused by accidentally deleted of important data.
Minimum Size(>=KB) Maximum Size(<=KB) Specify document backup size range.
Application Specify document operation application.

Go to the top of this page

Printing Policy

Printing policy aims to help corporations to manage printing facilities and optionally back up the image of printed documents.

Administrator can prevent users from using specified printer types including local, shared, network and virtual printers. [Read more...]

Printing Policy Properties

Property Name Description
Printer Type Printer Type includes Local Printer, Shared Printer, Network Printer, and Virtual Printer.
Printer description Set the printer name. Administrator can specify any printer on any computer within the network, e.g. "\ \ Server \ *" indicates that all printers on \ \ server; "SomePrinter" is the name of the SomePrinter.
Application Specify the application that is used to print.
Record Printed image This property is available in "Allow" and "Ignore" modes, but not available under "Block" mode.
Record Mode "Not Record" by default. Select "Record" from the drop down list if needed.
Maximum Recorded Pages This option is available when "Record" is selected in Record Mode property. Administrator can set the maximum number of recorded printing pages according to the actual situation. The more the number of recorded pages, the larger amount of space is needed.

Go to the top of this page