Resolution
How do I install the VigilEnt Security Agent for WebServer Detect/Prevent Plug-In for IIS?
fact
VigilEnt Security Agent for WebServers 3.0
fact
VigilEnt Security Agent for WebServers 3.1.1
fix
If Detect/Prevent for IIS was not selected during the installation of VigilEnt Security Agent for WebServers 3.0, execute the following steps to enable the Detect/Prevent component on IIS servers.
- From the
install_dir\IDS\bin
directory, execute the following command from acmd.exe
window:.\installDetectIIS.bat
The batch file will execute commands to create web server configurations from the default templates for IIS, register the ISAPI filter with IIS, create the registry entry that points to the rule file, install the logging service used by Detect/Prevent for high-speed, optionally encrypted and non-repudiated logging, and adjust service dependencies to start the logging service before IIS.
- Restart IIS by typing:
iisreset /restart /timeout:600
Use your normal timeout interval instead of 600 if you normally do not use the default setting (60 seconds).
- Check the Application Log in the Event Viewer.
- Navigate to Control Panel | Administrative Tools | Event Viewer.
- Check the Application Log to look for startup messages or error messages. (Alternately, from a command line type:
%SystemRoot%\system32\eventvwr.msc
to access the Event Viewer console.)
To manually remove Detect/Prevent for IIS, first stop the IIS Admin Service from the Services Control Panel, then run the removeDetectIIS.bat
file from a command window in the install_dir\ID\bin
directory. Restart IIS with the iisreset/start
command.