Version History

Show All Releases


Version 4.0.3 released

2019-05-02

Features:

  • Network Services: Added Syslog TCP+TLS receiver
  • NetFlow: Switched & improved threat detection to use OTX cache and AbuseIPDB lookups (may require subscription)
  • Agent: Added GET request option to HTTP requests
  • Web Reports: Added regex parser to generic search tile
  • Web Reports: Added NetFlow IP threat context
  • Web Reports: Added additional NetFlow threat fields

Bugfixes:

  • ADMonitor: Fixed issue where enabling monitoring of sub domains would not work
  • ADMonitor: Improved ADMonitor installation in configuration assistant and management console
  • NetFlow: Fixed issue with processing sFlow packets under certain circumstances
  • Sysmon Process Tracking: Added indexes to speed up search performance
  • Heartbeat Agent: Fixed issue where service would crash if no database was configured
  • Agent: Fixed issue where agent could not self-update via collector if %TEMP% variable points to a different drive than %SYSTEMROOT%
  • Web Reports: Fixed custom time range when switching from Summary to Detailed
  • Web Reports: Improved MySQL 8 support

Version 4.0.1 released

2019-03-28

Features:

    ADMonitor
    • Track all changes to Active Directory objects down to the attribute level with before and after values
    • Monitor group policy changes
    • User inventory to help identify idle, administrative and other problematic accounts
    New Features
    • Visual overhaul of the EventSenry management console
    • NetFlow threat and port scan detection
    • Track IP addresses in the web reports
    Improved Features
    • Web Reports: Various tweaks throughout for better usability
    • Event Log Monitoring: Filter timers can now support linking events using different insertion strings
    • Log File Monitoring (delimited): Convert columns representing a date and time to a native timestamp field
    • Log File Monitoring (delimited): Support for fields enclosed in quotes
    • Performance Monitoring: Counters can be configured to only keep the current value in the database
    • Performance Monitoring: A new "alert" flag supports queries and dashboard tiles that return any performance counter in an alert state
    • Software History: Now shows user who (un)installed packages for MSI-based software packages
    Under the Hood
    • Various fixes and tweaks to NetFlow/sFlow and bandwidth monitoring
    • Many other bug fixes and stability improvements throughout the product

    Version 3.5.1 released

    2018-07-13

    Features:

      New Security Features
      • Registry Tracking: Normalize Windows registry tracking audit events
      • Process Monitoring now features Sysmon integration: Track and correlate network activity from Sysmon (optionally with NetFlow)
      • Netstat: Monitor and enumerate processes which have active connections or listen on TCP ports
      New Features
      • Syslog actions now include TLS support
      Improved Features
      • File Integrity Monitoring (FIM): Verify the digital signature of files, optionally suppress alerts for signed files
      • Software Inventory: Show hosts where software is not installed
      • Process Tracking: Generate SHA checksum for processes
      • Disk Space Monitoring now supports smart thresholds for large volumes
      • Heartbeat Status pages now indiciate of one or more hosts are in maintenance mode
      Under the Hood
      • Tag hosts or groups for more flexible configuration management
      • EventSentry agents now use a different SHA algorithm for less resource utilization when calculating SHA 256 checksums of files
      • Heartbeat Agent service is now available as a 64-bit process on 64-bit platforms
      • Management Console: Additional context menu and ribbon buttons
      • Crash Dumps: Agents and server-side components are automatically configured for crash dumps for easier troubleshooting
      • Many other bug fixes and performance improvements

      Version 3.4.1 released

      2017-11-06

      Features:

        Security
        • Collector-side thresholds extend the agent-side threshold capabilities and support detecting network-wide patterns like lateral movement
        • Additional capabilities to detect and prevent against new types of Ransomware infections, including variants that modify the boot sector.
        • Actual audit settings on a Windows host can sometimes deviate from group policy settings - due to conflicts, errors and so forth. A new Audit Policy Status page periodically inventories the current audit settings so you can verify the actual audit settings.
        • NIST 800-171 compliance reports
        • A new user activity tracking page makes seeing all activity by a user easier than ever!
        Integrations
        • EventSentry agents can now be integrated with many open source and commercial log solutions with additional Syslog options - even custom JSON formatting is supported!
        New Monitoring Features
        • The new software version check feature identifies outdated software on your network to help you reduce your attack surface. This new feature supplements the software inventory component.
        • UPS & Battery monitoring now inventories all attached UPS batteries as well as integrated batteries (laptops) regardless of the manufacturer
        • BIOS changes are now detected
        Network Monitoring
        • Response Time page now includes packet loss percentage
        • NetFlow monitoring now supports calculating the bandwidth of an interface, including additional statistics such as packet count, bytes per packet and more.
        Improved Features
        • A new navigation menu in the web reports enhances usability
        • Log file monitoring alerts (events) now include 3 lines before and after a line matched
        • Disk space alerts now include a list of the largest files and folders of a volume
        • Growl action now supports multiple recipients
        Under the Hood
        • Web reports are now available in 64-bit and support running larger reports
        • Web reports utilize Java 8
        • The speed of all dashboards and other pages in the web reports has been dramatically improved
        • Managing the configuration through the collector is more reliable
        • Many other bug fixes and performance improvements

        Version 3.3.1 released

        2016-12-06

        Features:

        • NetFlow with support for NetFlow v1, v5, v9 & sFlow. NetFlow supports visualization, geolocation, alerts, correlation with workstation logon events to map flows to ActiveDirectory users, filtering and more
        • Web Reports - Notes & Documentation: Web reports users can submit notes to document infrastructure updates, maintenance, fixes and more. Documentation files can be uploaded and associated with hosts
        • Web Reports: Added ISO 27001:2013 compliance reports
        • Web Reports: New security features
        • Web Reports: New dashboard tiles
        • Web Reports: Treemap visualization available for most pages
        • Web Reports: Updated look and improved menu
        • Deployment: Agents using the collector can receive configuration and agent binary updates automatically through the collector without user intervention.
        • Deployment: MSI installers can now be created in a few seconds directly from the management console (requires free WiX Toolset)
        • Agent: A 64-bit agent is now available for 64-bit Windows
        • Agent: Removed limit and improved management of custom event logs
        • Agent: Support for chaining events
        • Agent / Collector: Emails containing IP addresses sent through collector can be enhanced to display geolocation and reverse lookup data inline.
        • Agent: Emails from security event log will automatically be enhanced with descriptions for many status and error codes
        • Agent: Database performance of delimited log files has been significantly improved
        • Agent: Insertion strings of events can be created or replaced using regular expressions
        • Agent: Install date of software is now available for most software even if it was installed before EventSentry
        • Agent: USB drives are now detected in real-time
        • Heartbeat Agent: Agent status is now retrieved directly from collector and/or database for faster and more efficient monitoring
        • Network Services: Database performance for Syslog component has been improved for MSSQL databases
        • Network Services: License count for network devices is now more accurately enforced
        • Database: Built-In database now uses PostgreSQL v9.6, optional upgrade path is available
        • Configuration: Improved out-of-the-box filter rules for less noise
        • Management Console: Ability to reset the configuration to post-installation defaults (new v3.3 installations only)
        • Management Console: Remote configuration can now removed when uninstalling an agent even when remote registry service is unavailable
        • Management Console: Version checks and update/patch downloads are now performed over TLS for enhanced security

        Version 3.2.1 released

        2016-02-18

        Features:

        • Central collector service which enables a 3-tier architecture between an action (e.g. database, email server) and the EventSentry agents. Supports compression and secure data transmission via TLS encryption.
        • Management Console: Ability to import computers from a network (subnet) scan
        • Management Console / Remote Update: Record activity in log files
        • Management Console / Remote Update: Toggle fields in result list
        • Management Console: Export all configured filters to CSV file
        • Switch inventory with switch port to MAC/hostname mapping
        • Detection of highest supported USB version
        • Ability to reduce the size of security events in the database by removing common, static footers
        • Web Reports: Additional language support for French, Dutch, Spanish, Polish, Portuguese and Italian
        • Web Reports: Out-of-the-box compliance reports for PCI-DSS, FISMA, Sarbanes Oxley, HIPAA and GLBA
        • Web Reports: Improved & faster performance trend reporting with ability to display multiple trend charts on a single page
        • Web Reports: New Bulk assignment for easier report management
        • Web Reports: Report jobs can be saved to a folder
        • Web Reports: Improved host inventory page now shows switch port (if available), USB version and VM hosts (if available)
        • Web Reports: Health matrix displays computer notes
        • Web Reports: Improved usability throughout
        • Web Reports: Improved connection pool support

        Version 3.1.1 released

        2014-12-05

        Features:

          Windows & General Monitoring
          • Task Scheduler inventory and change detection
          • Large File enumeration
          • Inventory of virtual machines (Hyper-V & ESX)
          • HTTP action now supports POST/PUT for better interoperability with web-based APIs
          • Disk space monitoring now supports multiple disk space packages assigned to a single host
          • Improved remote update / host management, especially of Non-Windows hosts in management console
          Heartbeat & SNMP Monitoring
          • Process Monitoring support for SNMP-enabled hosts
          • Improved router functionality, configure routers based on IP subnet
          • Status change detection and uptime calculation is more reliable
          • Overall stability improvements in the heartbeat agent
          Web Reports
          • Support for multiple dashboards, including automatic iteration between dashboards
          • Dashboards can be shared
          • Support for graphical gauges (Clock, meter, number, bullet)
          • New heatmap tile for uniquely visualizing log, syslog and performance data
          • New generic search tile supports embedding data from any feature in dashboard
          • Support for TV mode and dark/light theme in dashboard
          • Various tweaks and improvements to existing dashboard tiles

          Version 3.0.1 released

          2013-12-10

          Features:

            Web Reports
            • Scheduled Jobs: Receive reports via email
            • PDF & JSON Output
            • UTC Support
            • Cross-platform: Supports Windows, Linux and OS X
            • Complex queries for all features
            • Full API
            • Easier installation & setup
            • Better dashboards
            • Better summary pages
            • Flash is no longer required
            • Access control with LDAP integration
            Network Monitoring (Heartbeat Agent)
            • Poll SNMP counters (integrates with performance monitoring)
            • Retrieve disk space information from SNMP-enabled hosts
            • Retrieve basic system & hardware information from SNMP-enabled hosts
            • Retrieve uptime from SNMP-enabled hosts
            Windows Monitoring
            • Log file monitoring supports sub folders
            • Recurring filters now support time intervals
            • Compliance "Logon By Type" tracking can exclude logons by computer accounts
            • Event Log filters can override email subject & message body
            • Packages can by dynamically assigned based on platform (32bit vs 64bit)
            • Threshold filters can utilize insertion strings
            • Disk space prediction feature (predicts when disk will be full)
            • Identify reasons why hosts were shut down or rebooted
            • Desktop notification supports Growl
            • Network notification supports remote desktop services
            • Application scheduler support process isolation
            • New email format "HTML Modern"
            Management Console
            • Includes ribbon & visual improvements
            • New authentication manager
            • Better filter search functionality
            • Many common tasks have been simplified
            • Improved built-in event viewer for Application & Services Logs
            • Hour / Day configuration has been simplified
            • Feature Utilization dialog
            Network Services
            • ARP daemon detects & tracks new MAC addresses and MAC to IP mappings

            Version 2.93.1 released

            2012-06-25

            Features:

            • New installer for a better installation and upgrade experience
            • Now includes a built-in (PostgreSQL) database
            • Added support for PostgreSQL 9.x
            • ODBC drivers for PostgreSQL and MySQL are now installed automatically (when needed)
            • New installation includes performance monitoring packages for Exchange Server and others
            • Preliminary support for Windows 8 and Windows Server 2012
            • Support for USB-only temperature & humidity sensors
            • Introducing the Configuration Assistant, which supersedes the database setup wizard, and introduces additional functionality
            • Heartbeat monitoring can now scan hosts in parallel using multiple threads
            • Heartbeat monitoring: Maintenance schedule can be set to the "nth" weekday (e.g. 2nd Tuesday)
            • Performance Monitoring supports floating point counter values
            • Performance Monitoring can log counter data to multiple databases
            • Performance Monitoring can combine values from two different counters
            • Performance Monitoring can detect leaks in performance counters
            • Performance Monitoring can suppress alerts based on past values
            • Performance Monitoring alerts are more verbose and include additional information, including counter descriptions
            • Process Monitoring: Supports wildcards and can evaluate the command line of a process
            • Event Log Backups: Better alerts and alerts now include SHA checksum of .evt(x) files
            • Event Log Monitoring: Content filter supports perl regular expression syntax
            • Event Log Monitoring: Day/Hour filter can be set to the "nth" weekday (e.g. 2nd Tuesday)
            • Event Log Monitoring: For Windows 2008 and later, processing performance has been optimized for higher throughput and lower CPU utilization
            • Process Tracking: Now collects process elevation level when UAC is enabled
            • Embedded scripts now verify temp file contents with checksum
            • Embedded scripts called from the applications scheduler now support command-line arguments
            • Hardware Inventory: On DELL & HP servers (when required manufacturer management tools are installed), collects fan speed, redundant power supply status, remote management card information, temperature information, detailed RAID information
            • Hardware Inventory: Retrieves warranty information for DELL, HP, IBM and Lenovo hardware
            • Hardware Inventory: Retrieves configured UAC level
            • Actions: Filter notes can now be posted to HTTP action
            • Management Console: Saving configuration is about 10 times faster
            • Management Console: Added better keyboard and mouse scroll wheel navigation for better user experience and section 508 compliance
            • Management Console: Status of all local EventSentry services is now monitored in the background
            • Management Console: Environment monitoring dialog now shows serial ports with descriptions
            • Web Reports: Performance Status and Heartbeat Status pages load significantly faster
            • IIS: IIS no longer has to be switched to 32-bit mode on 64-bit systems

            Bugfixes:

            • Added support for 64-bit event numbers (Vista and later)
            • Audit policies for compliance tracking features are now set correctly on Vista and later systems
            • Resolved problems in various features when Japanese file names were processed
            • Computer names exceeding the maximum NetBIOS length of 15 characters are now properly stored in the database
            • Event message text is now properly formatted before submitting to SNPP (Pager) server
            • Software Inventory: Internet Explorer is now properly detected on Vista and later
            • Software Inventory: Patches are new enumerated even when TrustedInstaller.exe is active
            • Event Log Backup: Resolved small memory leak
            • Heartbeat Monitoring: Improved reliability
            • Heartbeat Monitoring: Resolved memory leaks
            • Environment Monitoring: Location is now included in alerts
            • Performance Monitoring: Performance Status and other related pages (including network status, mobile apps) now load significantly faster
            • Fixed bugs in Console Logon Tracking
            • Agent startup speed has been improved when service monitoring is enabled
            • File Access Tracking: Fixed issue on Windows 2008 and later
            • Network Services: Japanese Syslog messages and SNMP traps are now correctly logged to the event log and database

            Version released

            2011-04-15

            Features:

            • SNMP trap daemon is introduced and logs v1, v2c and v3 SNMP traps either to the event log or the database
            • Syslog daemon has been moved from the EventSentry agent into the "Network Services" service, together with the SNMP daemon. Stability as well as reliability have been improved in the new Syslog daemon
            • Performance (optional) as well as environment email alerts now include an attached chart which shows recent performance / environmental data
            • Management Console: Clicking a computer icon now displays a summary page
            • Event Log Monitoring: Insertion string matching can now match empty strings
            • Event Log Monitoring: Number of supported custom event logs has been increased to 30
            • Service Monitoring: A recurring alert can be configured when a service remains in the "Stopped" state
            • Hardware Inventory: Network adapter speed is now collected, and speed changes are logged to the event log
            • Hardware Inventory: Addition and removal of Removable drives (e.g. USB drives) are now detected and logged to the event log
            • Hardware Monitoring: The S.M.A.R.T. status of physical drives (when supported) is monitored
            • Disk Space Monitoring: Volumes linked to by junction points are now included when disk space alerts are evaluated / generated. Note: Disk space information in web reports does not yet take junction points into consideration
            • Process Monitoring: The number of required instances of a process can now be specified
            • Print Tracking: Print tracking now works with Vista and later operating systems
            • Network Logon Tracking: When capturing "Logon By Type" events, "Audit Success" can now be excluded
            • A new HTTP action submits events to web pages via http or https
            • The SMTP action dialog now includes a wizard to build email addresses for common email to SMS gateways
            • Additional variable support for the Process, Syslog and Snmp action
            • Heartbeat Agent: Improved detection of remote agent status
            • Removed: Microsoft Access is no longer officially supported, and no MS Access database is shipped with the installer

            Bugfixes:

            • Hosts configured with multiple NICs that are added to the configuration with just the IP address, will properly determine their group membership
            • Print tracking works with Vista, Win7 and Windows 2008

            Version released

            2009-11-16

            Features:

            • Event Log Monitoring: Filtering capabilities have been improved to allow for insertion string matching, including the ability to interpret insertion strings as numbers, usernames or file names
            • Actions: SNMP action now supports v2c and v3 traps
            • Service Monitoring: Now collects service account as well as executable, in both alerts as well as reporting
            • Service Monitoring: Service history report now shows every service change per line, with easier readability
            • Process Tracking: Command line arguments of an active can now be collected
            • Logon Tracking: Group information is now collected
            • Software Monitoring: Uninstallation events now include same information as installation events
            • Software Monitoring: Windows updates are now collected on Vista, Windows 2008 and Windows 7, and more easily searchable in the web reports
            • Hardware Monitoring: IP addresses are now collected, and changes updated dynamically in the background
            • File Monitoring: Processing of a file's checksum can now be skipped if the size has not changed
            • Management Console: Authentication can now be set globally, in addition to being set on a per-group and per-computer level
            • Management Console: Computers in AD-linked groups can be sorted.
            • Management Console: Notes can now be added to computers
            • Environment monitoring: The minimum monitoring interval has been reduced to 5 minutes
            • Reporting: Health status of multiple computers can be displayed in a visual health matrix, scalable to display hundreds of computers in a single page
            • Reporting: The network status page now allows the customizations of performance counters as well as disks displayed
            • Reporting: Reports are more accessible, and can now be accessed from every page
            • Reporting: Most pages have been overhauled and improved for improved usability

            Bugfixes:

            • Software Monitoring: Duplicate records of software is not longer shown in the software inventory
            • Compliance Tracking: Temp file was used even when its maximum size was set to 0 Mb
            • Network Status: This feature has been improved to avoid problems with computers missing, being displayed in the wrong group or not showing up at all
            • Disk space Monitoring: Alerts for low disk space are no longer generated when the total disk space is less than the alert (hard) limit to begin with
            • Hardware Inventory: Virtual machine detection, as well as Hyper-V detection has been improved for more reliability

            Version released

            2008-10-29

            Features:

            • Vista, Windows 2008 are monitored with new API
            • Event Log Backup feature supports .evtx files
            • Database Import Utility supports .evtx files
            • New NTP monitoring and synchronization feature
            • Event Log Filter Timers now support insertion strings for easier setup & more flexibility
            • Scripts can now be embedded into the <%PRODUCT%> configuration and referenced in applicationschedules & process actions
            • Actions: Jabber action supports chat rooms
            • Actions: Process action supports time-based termination and more event logging options
            • Actions: Fields in SMTP action can now be customized
            • Actions: In addition to controlling services, processes can be terminated (with support for insertion strings)
            • Actions: Certain actions can track their trigger history in database
            • Actions can now be enabled/disabled based on weekday and time of day
            • Compliance: New File Access Tracking feature
            • Compliance: Account Management Tracking
            • Compliance: Successful & Failed network logon tracking
            • Compliance: Audit, Domain & Kerberos policy tracking
            • Compliance: Trust Relationship tracking
            • Compliance: User & Logon Right change tracking
            • Compliance: Improved logon tracking to include domain role and indicate administrative logons
            • Compliance: Process tracking includes domain role
            • Heartbeat Monitor: Can now utilize credentials set on group or computer items
            • Heartbeat Monitor: Can notify you via email when the EventSentry agent is not running
            • Variables can now be assigned to computers in addition to global & groups
            • Service Monitoring: Events now distinguish between services and drivers
            • File Monitoring: Can detect alternate data streams (ADS)
            • Performance Monitoring: Added "between" condition and "divide by # of processors"
            • Software Monitoring: Monitors and records system uptime
            • Hardware Inventory: Detects more details about the OS (e.g. editions) as well as hardware
            • Management Console: Group-Level Inheritance can be blocked on a per-computer basis
            • Management Console: Remote update feature now uses threads for much faster update speeds
            • Management Console: Added "Quicktools" to execute any application against a remote computer
            • Web Reports: Extremely granular, built-In authentication has been added
            • Web Reports: Users can customize their settings in web reports without affecting global profile settings
            • Web Reports: Network Status includes switch to only show erroneous machines
            • Web Reports: Network Overview shows disk & performance alerts and event log trends
            • Web Reports: Network Overview shows overdue reports and most active machines
            • Web Reports: Computer Overview includes event log trend, overview and common errors
            • Web Reports: Report management has been improved
            • Web Reports: Reports support review as well as a report trigger history
            • Web Reports: Right-click menu for column headers allows toggling columns
            • Web Reports: Maintenance wizard supports deleting multiple computers at once, and much more
            • Web Reports: Database usage page shows storage details of database
            • Web Reports: Database can now be created and/or updated using the web reports
            • Web Reports: Print output has been significantly improved Three completely redesigned widgets using the Yahoo Widget Engine

            Bugfixes:

            • Several bug fixes in the database import utility for importing log files
            • Issues with filter times have been resolved
            • Filter test feature has been improved
            • Event Log Monitoring has been improved for better reliability

            Version released

            2007-09-06

            Features:

            • Database Setup Wizard now supports database connection strings and EventSentry Actions as a destination in addition to System DSNs
            • Nessus Import Utility and reporting now supports XML files from Nessus v3 as well
            • Web Reports: New "Network Status" overview page
            • New SMTP engine now supports TLS/SSL connections
            • Event Log Backup files can now be automatically compressed
            • Line delimiter can now be specified for non-delimited files as well
            • Actions now support a Limit feature
            • Management Console can automatically check for new versions and patches
            • Event Log Database Import utility is now called "Database Import Utility" and supports importing delimited and non-delimited log files
            • You can now specify a router for a Heartbeat-Enabled group to suppress duplicate alerts when a router goes down
            • Hardware inventory can now distinguish between logical and physical CPUs and show more detailed CPU information
            • Web Reports: Computer Overview page supports automatic iteration between computers
            • Web Reports: Weekly Logon Reports in Logon Tracking
            • Web Reports: Ability to email event records and copy event records to the clipboard
            • Web Reports: Calendar popup improved on newer browsers

            Bugfixes:

            • Improved SQL queries drastically improve speed of most searches on the web reports
            • Detailed hardware inventory information (NIC, memory, etc.) would sometimes not be recorded correctly
            • Host names / IP addresses of remote Syslog hosts would not be included in events or the database if the IP address of the remote host could not be resolved
            • Resolved bug in environment monitoring dialog
            • Computers logging on to Citrix or Terminal Servers would show up in the "Computers" field of the Logon Tracking page
            • Active Directory Auto-Refresh: Computers that were removed from AD would not automatically be removed from the corresponding group
            • Web Reports: Improved Correlation between logon and process tracking
            • Web Reports: Several bug fixes in combination with MySQL, profile editor

            Version released

            2007-05-25

            Features:

            • Log File Monitoring allows you to monitor both non-delimited and delimited files. You can either consolidate content into the database or receive alerts based on text logged to the log files
            • File Monitoring allows you to be notified when files in a monitored directory are changed (includes checksum hashes), and you can either track changes in the database or receive alerts
            • Directory Monitoring alerts you when a monitored directory exceeds a preset size
            • Jabber notifications allow you to send IM notifications, e.g. using Google Talk!
            • The hardware inventory feature now includes detailed information about installed memory and available slots, installed network cards, optical drives and you can remotely power on computers using WakeOnLAN!
            • Logon Tracking now includes more detailed information such as remote IP address, session connections/disconnections and workstation unlocks
            • The heartbeat agent now supports recurring alerts
            • As always we also fixed minor bugs and optimized various aspects of the agent to continuously increase the availability of the agents
            • Two new wizards were added for the log file monitoring and for setting up thresholds
            • A filter test utility has been added that allows you to test events against your filter rules by simply right-clicking an event in the built-in event viewer
            • Insertion Strings of events can now be displayed in the subject of an email ($STR1, $STR2, ...)
            • System Health features now include an "Alerts" button to easily create filters for events logged by the respective feature
            • Package summary pages now include description of packages
            • Hardware inventory feature can generate alerts when memory, CPU count or number of installed drives change

            Bugfixes:

            • Custom event log settings are now completely transferred to remote machines when pushing the configuration
            • Some events would not be transferred correctly with the SNMP action

            Version released

            2006-09-07

            Features:

            • Remote configuration updates do not require the Remote Registry Service anymore, but instead use the ADMIN$ share. A work-around without the ADMIN$ share exists
            • Remote update shows the total and average time it took to perform an action in the status bar
            • Event Log Backup Files (.evt) can be imported into the EventSentry database
            • An event browser lets you browse for all installed event log messages on a system
            • Two wizards where added to accomplish common tasks
            • Disk space alerts are now cleared after an alert, the volume name is also shown in alerts
            • Disk space web-reports can be filtered/grouped on the group level
            • Speed of performance charts was improved significantly
            • Expanded the "toggle" functionality to most search pages
            • A user-configured IP address will now be used on the web reports

            Bugfixes:

            • Deleting a database target could incorrectly configure the notifications of existing health and tracking features, including notifications set on the package-level
            • Remote update would not work correctly when the EventSentry was not installed locally
            • Creating a new package and immediately configuring it to be global would not work
            • The automatic configuration backup feature would not correctly delete old files
            • A temperature-only sensor could not be configure for a position other than 1
            • The temperature and/or humidity sensor would not work correctly
            • Remotely connected event logs would sometimes not be restored correctly
            • Filters and folders with the same name would crash the GUI
            • The event log summary dialog would display incorrect data when connected to remote hosts
            • Finding Event IDs works correctly now
            • Creating multiple SNPP target notifications was not possible
            • Resolved problems with event reports on SQL Server 2005
            • Resolved problems with IP address lookup
            • Resolved problems with the performance reports
            • "Update Configuration" feature would not work for x64-bit target systems when the host machine would run Windows Server 2003

            Version released

            2006-07-06

            Features:

            • Filter Timers for event-log relation
            • Additional hardware sensors: Motion-, Smoke- and Water sensors
            • Nessus reporting support
            • Database purge utility (command-line based)
            • Installer now supports MySQL
            • Agent: New Shutdown/Reboot and Service Control target
            • Agent: Support for more runtime variables in SMTP Header/Footer
            • Heartbeat Monitoring: Ping tracking
            • Heartbeat Monitoring: Maintenance schedule can be accounted for in uptime statistics
            • Improved hardware inventory (now also detects serial numbers, model and graphic adapter/resolution)
            • Remote Update utility to automate remote update tasks
            • Improved dashboard
            • Ability to save the configuration as a HTML file
            • Maximum temp file size mechanism change
            • Various improvements in the web reports

            Bugfixes:

            • Pushing the agent to a remote host running the x64 edition Windows Server 2003 would sometimes not work
            • Fixed problems with application scheduler that would not execute certain files properly
            • Fixed various small bugs in management console application
            • Fixed problem with certain threshold settings
            • Fixed bug with performance monitoring
            • Fixed XSS vulnerability in web reports
            • Fixed minor issues in database setup wizard
            • Fixed problem with event log backup assignments
            • Fixed problem when computers where added with FQDN instead of NetBIOS name

            Version released

            2006-02-09

            Features:

            • Management console now supports filter, health and tracking package for easier and more flexible administration
            • NETIKUS.NET offers standard filter and health packages that can be updated directly from the management console over the Internet
            • Performance monitoring to track performance information (e.g. CPU usage, memory usage) in a database and/or receive performance alerts via notifications (e.g. email)
            • Filter packages can be configured to be automatically active when one or more services are installed
            • Environment monitoring now supports temperature and humidity ranges and also clears previously issued alerts
            • Pager support for paging providers that support the SNPP protocol
            • Service monitoring now includes database support, allowing you to query service status, history and uptime through the web reports
            • Autorun Monitoring is now called "Software Monitoring"
            • Software inventory is now included as Software Monitoring now includes database support. This allows you to query installed applications and installation history through the web reports
            • Software monitoring also monitors the ActiveSetup registry key
            • 3rd Party Application is now called "Application Scheduler" and supports running custom monitoring tasks in a recurring fashion, e.g. every 30 seconds.
            • Logon tracking monitors logon's and logoff's, enabling you to view detailed logon/logoff information about users through the web reports
            • Print tracking monitors all print jobs and allows you to see print job data and statistics through the web reports, including the ability to assign cost to print queues for invoicing
            • The threshold feature has been simplified and offers new features
            • The built-in event log viewer supports opening .evt files, you can also open .evt files directly from explorer
            • Remotely connected event logs can automatically be restored after restarting the management console
            • The remote update computer list can automatically be sorted
            • Heartbeat agent now supports maintenance schedules that can be set for individual computers and/or groups
            • Management console supports searching for filters and computers
            • Management console can automatically backup the entire configuration at preset intervals
            • The completely redesigned web reports now offer a dashboard, event log reports, a profile editor, a maintenance wizard and much more!

            Bugfixes:

            • Reduced size of configuration in registry for faster remote updates
            • Increased agent stability
            • Fixed problems with moving and cutting/pasting filters
            • Several problems in the web reports have been fixed
            • Duplicate computers cannot be entered anymore and no longer cause problems with the heartbeat agent

            Version released

            2005-06-01

            Features:

            • SNMP Support (sending traps)
            • Monitoring of application installation/uninstallation
            • Monitoring of machine-based autorun registry keys and directories
            • Web reports now feature an uptime calculation page
            • Ping option for remote update can be toggled
            • System health options can now be set to block inheritance
            • Process Monitoring can be configured to start after X seconds
            • Various enhancements in the management application, including proxy server support for feedback and news feature
            • Added ping dependency in heartbeat monitoring
            • Added additional monitoring options in heartbeat monitoring
            • Added database backup feature (if database is temporarily unavailable) to heartbeat monitoring
            • Agents installed through remote update can now be uninstalled on target machines using "Add/Remove Programs"
            • Desktop target notification now supports remote hosts in addition to the local host
            • "Online Configuration Update" feature was improved for higher stability
            • Map IP address to alias in remote update
            • Changed MSI installer from Wise to InstallShield for higher stability and more future features
            • PHP web reports are no longer available

            Bugfixes:

            • Some SIDs were not resolved to usernames correctly
            • Clicking on the "Computers" container would show a wrong path in an error message
            • Computers would randomely not show up in the web reports computer list
            • Saving the configuration would increase the memory usage on the agent, without freeing it (~200kb)
            • Some processes in "Process Tracking" would incorrectly show up as "still running" when they had exited
            • Bootscan feature of Process Tracking would not record all activity correctly
            • Recurring event filters would not work 100% correctly when a schedule would end exactly at midnight
            • SMTP Footer would not appear in Mini Emails
            • Under certain circumstances on very busy event logs (e.g. security event log on domain controllers) some event records would be skipped and not processed
            • The agent would crash under special circumstances when using the summary notification feature
            • When clearing an event log the agent would not continue to monitor this log
            • Fixed various issues with SP1 of Windows Server 2003
            • Various bug fixes in the management application
            • Various bug fixes in the agent
            • Fixed problems in combination with DEP (data execution prevention) in SP1 of Windows Server 2003
            • Various fixes in the installer, including ability to run installation on Windows NT 4.0

            Version released

            2005-01-26

            Features:

            • Temperature & Humidity monitoring with external device
            • Heartbeat monitoring of remote hosts (ES agent monitoring, PING and TCP port checks)
            • Local computername may now be added to remote update list
            • ODBC Target supports ODBC connection strings in addition to DSN names for easier deployment
            • "Audit Process Tracking" can now also be switched off through "Process Tracking" feature
            • Recurring event feature lets you define events that you expect to appear (such as a tape backup) during a certain time period, and become notified if they are not
            • Computer field added to event log filter properties
            • Event Log Backup feature now supports environment variables in file name
            • Event Log Full detection now also supports the ODBC, NET SEND, SYSLOG and DESKTOP targets
            • GUI: Event Log Viewer supports sorting
            • GUI: Remote Update results window allows for sorting
            • GUI: Remote Update also sends computer names
            • GUI: Remote Update "Computers" container supports sorting and drag/drop
            • GUI: Targets support drag/drop
            • GUI: Active Directory linked groups now show the actual computers under the "Computers" container and allow for authentication to be set on a per-host level
            • GUIDs in event log records are resolved to display name
            • Filter Source, Category and Users allow for multiple values, separated by comma
            • Filter Source, Category and Users support negation with exclamation mark
            • Binary data of events now also available in all notifications, GUI and web reports
            • Additional variable support for the FILE target
            • ASP and PHP Web reports now work with all supported databases (Access, MSSQL, MySQL, Oracle), the PHP web reports have been switched to use ODBC
            • A new Database Wizard now creates all tables, indexes and permissions automatically on MSSQL, MySQL and Oracle
            • The new MSI installer optionally creates a virtual IIS directory and/or sets up the MS SQL Server database automatically
            • SMTP target now supports an optional header and footer that can be added to every email
            • Service Monitoring: Included/Excluded services now support wildcards
            • Process Tracking: Included/Excluded processes now support wildcards

            Bugfixes:

            • Database layout completely redesigned for faster web reporting
            • Event Log Scanning engine significantly improved
            • Memory Leak in filter processing removed
            • Absolute diskspace limits now work for values > 4Gb
            • Selecting a particular set of logical drives would not work
            • ASP Web pages corrected to support Access databases without restrictions
            • ASP Web pages corrected to support non-US date formats
            • Threshold feature incorrectly counting excluded events towards limits
            • Filtering of "Filter Text" would not work correctly when filter text attempted to match the last character of an event log record
            • Password for group (remote update) not saved correctly
            • GUI will not allow more than one instances anymore on computers running Terminal Services to avoid data corruption
            • GUI will not freeze while performing remote updates and switching to another application
            • Several bug fixes in ASP and PHP web reports
            • Unsupported characters were allowed in filter names, resulting in configuration corruption

            Version released

            2004-07-22

            Features:

            • Process Tracking records all process activity in a database and allows you to see a process history on all monitored hosts
            • Service monitoring can control services and maintain a set status. Failed services can now be automatically restarted
            • Disk Space Monitoring allows for more granular settings for warnings and database connections
            • Disk Space Monitoring will now recognize when new (fixed) disks are added or removed during runtime
            • Event Log Backup allows for backups of all event logs for faster configuration
            • Database table names can now be specified for each of the features requiring a database (ODBC target, disk space trend collection and detailed process tracking)
            • GUI: "Force News Update" reloads latest news
            • GUI: Filters can be commented

            Bugfixes:

            • Critical handle leak in eventsenry_svc.exe (nonpaged pool leak)
            • Memory leak in NonPaged pool when using the TCP syslog target and remote syslog host is not accepting TCP connections
            • Launching applications with the "3rd Party Applications" feature might show error "Invalid access to memory location" and the application would not run.
            • An error with the summary notification feature could crash the application when a large amount of events (more than the configured maximum) were summarized.
            • Right-Click on SYSTEM event log in tray icon opens security log (no other logs are affected)
            • Other minor bugfixes in service and GUI

            Version released

            2004-06-07

            Features:

            • Added $HOSTNAME variable to event log backup feature

            Bugfixes:

            • Warning messages in PHP interface removed
            • Wrong $DAY, $MONTH and $YEAR variables in event log backup feature
            • OLE DB error in index.asp file removed when using an MS Access database

            Version released

            2004-05-25

            Features:

            • Tree in navigation pane restructured for easier navigation, general usability improvements
            • Maximum groups, targets were increased
            • Active Directory Import (with "Link" feature) added
            • Up to 5 remote event logs can be added to navigation pane
            • Change detection added, GUI tries to determine whether changes were made and only prompts to save then
            • Event Log Viewer filter added (filter for errors, warnings, information, audit success & failure)
            • Only active group is sent to remote computers with remote update
            • One-Button remote agent installation
            • Tree status is now also saved/restored when connecting to remote computers
            • ODBC target has a test button now too
            • Mini-Emails can now be customized
            • Dial RAS connections before sending emails
            • This target has been optimized and should offer higher throughput
            • Custom variables are introduced, variable processing improved
            • Variable $EVENTMESSAGE for SMTP subject added
            • Automatically backup and clear event logs on a regular basis
            • Run command-line applications and log their output to the event log
            • Monitor memory consumption of processes to detect possible memory leaks
            • Monitor diskspace, including trend change detection
            • Trial Version & Full Version are now one product

            Bugfixes:

            • Remote Update: Health settings of a group could be deleted when only updating filters
            • Service Monitoring would not save changes when adding services that don't exist on local machine
            • Feedback forms do not disappear when connection was unsuccessful
            • Renaming groups could yield random results
            • Filter processing has been optimized
            • Some boot time events could be ignored
            • Formatting of event log records has been corrected and improved
            • SMTP message now contain a Message ID
            • Memory leak in trial version resolved

            Version released

            2003-12-05

            Features:

            • EventSentry now monitors services
            • Small enhancements in the management interface
            • Filter Groups are now referred to as "Groups"
            • Filter Groups can be added/removed in Remote Update, System Health and Filters tree
            • PHP version of web interface added (ASP + PHP now supported)
            • Added links to eventid.net, google, etc. to web file
            • Syslog facility/level now mapped to event category for incoming syslog packets

            Bugfixes:

            • Long date format problem in event viewer resolved
            • Rename problem in GUI resolved
            • Import Problem in GUI resolved

            Version released

            2003-11-05

            Features:

            • Syslog target now supports TCP in addition to UDP
            • Remote Update speed improved
            • Remote Update displays more informative error messages
            • Remote Update now supports different credentials
            • Added troubleshooting section in help file and GUI for every target
            • Numerous enhancements in the management application
            • Added EventSentry Quickstart Guide

            Bugfixes:

            • Event records containing a single dot per line could cut off email
            • Potential problems in wildcard feature
            • Problem in built-in Event Log viewer with certain events resolved

            Version released

            2003-09-08

            Features:

            • (X)HTML emails are sent in multipart/alternative including a non-HTML version of the content. This is useful for email clients that are not capable of displaying HTML messages and for filtering (rules) in MS Outlook
            • Wildcard support for filters was added
            • The following additional variables for the SMTP target were included: $EVENTSOURCE, $EVENTCATEGORY, $EVENTTYPE, $EVENTID
            • The $HOSTNAME variable is now supported in the SMTP Sender email field
            • The built-in event log viewer allows you to query web sites to obtain information on a particular event
            • Installer features (Management package) improved

            Bugfixes:

            • The syslog hostname (as logged & reported by the syslog daemon) was truncated
            • The welcome screen might show an invalid event log summary when connected to a remote machine
            • Day/Time summaries are sometimes not read correctly on the fly, a service restart is necessary
            • Changing the debug logging level requires a service restart
            • Various improvements in the management application

            Version released

            2003-08-18

            Features:

            • Customizable Welcome Screen shows important information such as event log summary and more
            • Display speed of the built-in event viewer was greatly improved
            • Invalid filter order is detected by management interface
            • Some menu options renamed for improved usability
            • Sample ASP pages for querying a ODBC database were added
            • On German Operating Systems EventSentry logs German messages to the event log

            Bugfixes:

            • Service (agent) underwent a major security code review
            • Memory usage reduced and optimized
            • Exclude filters using more than one target would not exclude events properly
            • Drag & Drop would sometimes not work properly
            • Creating filters or targets would fail when clicking with mouse instead of hitting enter
            • Remote update would sometimes not connect to certain machines
            • Import wizard would only show ~250 computers
            • Size & positioning issues with desktop notification feature were corrected
            • Potential problems in the network target have been resolved
            • Problems with the summary notification have been resolved

            Version released

            2003-07-03

            Features:

            • Custom event logs can now be managed and monitored

            Bugfixes:

            • Fixed problems in the built-in event viewer
            • Other minor fixes / optimizations

            Version released

            2003-06-18

            Features:

            • Added checkbox functionality for remote update
            • All filter groups can now be updated at once

            Bugfixes:

            • Fixed problems in the remote update feature (including service installation)
            • Fixed problems in built-in event viewer

            Version released

            2003-06-05

            Features:

            • Added installer software
            • Completely redesigned the GUI (graphical user interface)
            • Filters can be assigned to multiple targets
            • Smtp target enhancements
            • Added network target (ala net send)
            • Added process target
            • Added sound target
            • Added desktop target

            Bugfixes:

            • Permanent summary notification on Windows NT4 might not work due to missing %TEMP% variable

            Version released

            2003-03-11

            Features:

            • Summary features events are now stored through service restarts, filter option "Filter Text" is not case sensitive anymore

            Bugfixes:

            • "Stop processing other filters" didn't work in combination with summary feature under some circumstances
            • Other minor bug fixes

            Version released

            2003-02-25

            Features:

            • Targets can now be enabled/disabled, multiple concurrent instances of the GUI are prevented

            Bugfixes:

            • The "stop processing other filters" option didn't work correctly under some circumstances
            • Bootscan would report too many events under some circumstances
            • Using ODBC with a MS SQL Server would sometimes not write events to the database
            • Excluding filters for particular targets would under some circumstances not work

            Version released

            2003-02-10

            Features:

            • no new features

            Bugfixes:

            • The filter summary dialog box is cleared/reset under some circumstances
            • A filter group update does not correctly set the active filter group on the target computer
            • Sending emails with certain mail servers would fail.

            Version released

            2003-02-04

            Features:

            • Introduced filter groups (see help for an explanation)
            • Added the parallel ASCII-printer target
            • Added email importance flags
            • Added/improved computerlist import/export
            • Added GUI tips

            Bugfixes:

            • A special kind of eventlog entry could crash the service
            • Database DATETIME field was not used (text was used instead)
            • Eventlog entries would sometimes be ignored
            • Fixed GUI ALT-F4 issue
            • Other minor fixes in both GUI and service

            Version released

            2003-01-16

            Features:

            • Added the $HOSTNAME variable for the SMTP subject and FILE filename
            • Added HTML customization options

            Bugfixes:

            • If an eventlog is configured to "overwrite events as needed" and events are being overwritten (because the eventlog is full) then EventSentry can stop monitoring this particular eventlog under certain circumstances. All customers are encouraged to update.

            Version released

            2002-12-22

            Bugfixes:

            • Under some circumstances the GUI could crash when performing any kind of batch update. The EventSentry service is not affected by this problem.

            Version released

            2002-12-19

            Bugfixes:

            • This is the initial public release of EventSentry.