You are here: Home > Products > Connection Monitor > FAQ

10-Strike Connection Monitor FAQ

Please send your questions to our support team.

How to monitor the file deletion/creation? The program's log file does not contain records about these events.

The program does not display names of persons (or their computer names) who deleted or created files. Why is this? I need to know who deleted my file.

I added a user to the black list but he still can read my folders. Why is that?

How to disable access to the system hidden shares (when all disks are shared for administrators – c$, d$, admin$, etc.)? I am trying to disable it in Explorer folder properties but they appear again after a reboot.

I cannot configure email notifications. What SMTP server address should I provide? What are those ports for? What is the sender address?

I use the Pro version and have configured the file creation/deletion monitoring in a network share. I specified the folder path in this form: "\\Server\Folder\". Sometimes, I see the screen alert messages, but the alert log is empty and no email notifications are sent to me. Why?

Sometimes, I see the ::1 computer in the access list. What is it?

 

Q: How to monitor the file deletion/creation? The program's log file does not contain records about these events.

A: File and folder deletion can be detected but this feature is not enabled by default. You need to configure the creation/deletion alert for a monitored folder.

 

Q: The program does not display names of persons (or their computer names) who deleted or created files. Why is this? I need to know who deleted my file.

A: The standard system mechanism for monitoring access to shares cannot log file deletion and creation. It logs user connections and the file open events.

The program has its own mechanism for monitoring the file creation and deletion in a specified folder. Unlike the connection monitoring mechanism, it cannot determine a user who performed the delete/create/rename operation. However, by analyzing the alert and connection logs, you can figure out which user was connected to the folder at the time the file was removed. Please note that the program will log file deletions and creations performed by a local user as well. So, this method of detecting a person who deleted a file is not 100% accurate.

Anyway, we suppose this is better than nothing. :)

 

Q: I added a user to the black list but he still can read my folders. Why is that?

A: The "Black list" function allows disconnecting annoying users when they are downloading a huge amount of data slowing down your PC. The blacklist function does not block such users completely from accessing your shares. It allows them to list your folders and open small files, but when they try to download large files (which take several seconds or more for downloading), they will be disconnected.

If you need to block some users completely, please use the system share access and security settings.

 

Q: How to disable access to the system hidden shares (when all disks are shared for administrators – c$, d$, admin$, etc.)? I am trying to disable it in Explorer folder properties but they appear again after a reboot.

A: The administrator shares are created automatically after the OS installation and enabling the network. You cannot disable it using Explorer like you do this with regular shares. Before disabling the system shares, please consult with your network administrator. If your PC belongs to a company and you do this on your work, you possibly should not do disable the admin shares because the administrator might need these shares for managing your PC, updating software, etc. You also might not have the necessary administrator rights for disabling the shares or installing any software in this case. If you can install software, you can track the administrator's activity on your disks using 10-Strike Connection Monitor. :)

If the computer is at home and you are the administrator, feel free to proceed. The admin shares can be disabled in the registry. Find the

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

registry path and create the value "AutoShareWks"=0 (dword) for workstations or "AutoShareServer"=0 (dword) for servers.

 

Q: I cannot configure email notifications. What SMTP server address should I provide? What are those ports for? What is the sender address?

A: In order to send automatic email notifications on alerts, you need to do the following:

  1. Find the "E-Mail" section in the program settings and provide the SMTP server address. This can be a public external server (gmail, yahoo) or internal corporate server. You can find correct SMTP settings on the Internet for public email services or ask your system administrator for the corporate server settings. For example, the server address for Gmail is smtp.gmail.com. Some public services like Gmail might require you to change the mailbox security settings in order to enable the SMTP/POP3/IMAP access to your mailbox. Please note that if you generate too many outgoing emails, public email services might block these emails or even block your account. If you expect a lot of alerts to be sent, it is better to use a corporate email server.
  2. Provide the sender address. This can be your address. When the program sends notifications, recipients will see this address in the "From:" field. This address cannot be empty. For better message delivering, we recommend that this address should belong to that SMTP server you provided on the previous step. For example, user777@gmail.com.
  3. Specify the message subject. Use only letters, digits, symbols, and substitution keys displayed on the screen (for substituting the actual alert information to the subject line).
  4. Select code page (if your language is not English).
  5. The most of SMTP servers require authorization. Enable the "SMTP authorization..." setting and specify your email username and password. In many of cases, the SMTP credentials are the same as used for the POP3/IMAP access. A typical username is the entire email address of that user (including the user login, @, and the domain name after it). You can find the username format information on the Internet for public servers. The password for sending emails is usually the same as you use for receiving emails using any email client software.
  6. The standard SMTP port is 25. Some Internet providers block it to avoid spam sending by malware and your notifications will not be sent. For this case, find another possible SMTP port on your server. It can be 2525, for example . Or use secure SMTP on port 465.
  7. When you have finished with the email settings and checked that test messages are sent out fine, you need to configure alerts and notifications. In the alert settings, enable sending email messages and specify the recipient email address (a mailbox for sending messages to).

Basically, our program's email configuration is the same as any other email software's configuration (outlook, thunderbird, live mail, etc.) If you use public email services, you can find typical email IMAP/POP3/SMATP settings on their web sites.

 

Q: I use the Pro version and have configured the file creation/deletion monitoring in a network share. I specified the folder path in this form: "\\Server\Folder\". Sometimes, I see the screen alert messages, but the alert log is empty and no email notifications are sent to me. Why?

A: In the Pro version, the file creation/deletion monitoring is provided by the GUI console and the monitoring service both. However, the log recording and the email sending are performed by the service only. In this case, the service cannot monitor the folder because of not having necessary access rights. By default, all Windows services are started under the LocalSystem account. This account does not have rights on the network access. If you want the monitoring service to access that network share, you need to modify its starting settings and change the starting account to one that have access rights to that remote share. For example, if the program application (GUI part) monitors that share successfully, use the same account that is used for starting the GUI console for starting the monitoring service.

Steps to do:

  1. Open the Service Manager: "Start" -> "Run…" -> Enter services.msc and click "??".
  2. Find "10-Strike Connection Monitor Service" in the list and open its properties (double click).
  3. Go to the "Log On" tab. Select the "This account" option. Click "Browse...", "Advanced...", and then "Find Now". Select a necessary admin account (it should have the admin rights on your computer). Click "OK" and "OK" again. Below, in the "Password" and "Confirm password" fields, enter the password of this account. Click "OK" and restart the service and the program.

 

Q: Sometimes, I see the ::1 computer in the access list. What is it?

A: ::1 is the short form of the local host IPv6 address (the same as 127.0.0.1). If you want to see regular addresses in the list (and you does not need IPv6), you can disable the "IP version 6" protocol in properties of network interfaces on your network computers.

System processes (drivers and services) can access local shares using a network path. The program detects and displays these connections in the list too. This is a normal situation . Moreover, you should not add the localhost address to the black list. If you do this, you can get problems in the whole system operation.