Komodia's Interceptor installation guide
- 1 Quick installation guide
- 2 Introduction
- 3 Components
- 4 Working mode
- 5 Installation
- 6 Updating
- 7 Uninstallation
- 8 Usage
- 8.1 Required external files
- 8.2 Settings load sequence
- 8.3 Rules type
- 8.4 Rules logic
- 8.5 Items to never intercept
- 8.6 Recommended rules for evaluating the Redirector
- 8.7 Saving, loading and clearing the data
- 8.8 Creating the interception logic file
- 8.9 Propagation time
Quick installation guide
You can view the Komodia's Interceptor quick installation guide incase you just want to install quickly without going into details.
This manual covers the installation and usage of: Komodia's Interceptor product.
Trial versions connect to our provisioning server to receive license status, the software is not sending out any information that the Redirector processes.
The Redirector package includes the following components:
Acts both as the proxy that accepts connections from the redirected clients and as the server that handles configuration and control of the product. (exposes API using COM interface and can be programmed by any COM able language such as: VB, Delphi, VC)
This module performs the actual redirection. It communicates with the PCProxy service to get the redirection rule set.
Used to install and uninstall the LSP DLL.
Interceptor SDK DLL
This DLL is the SDK you interface with to receive the data from all the intercepted apps.
Interceptor SDK COM DLL
This dLL is the COM interface DLL which can be used with developing languages such as: VB, VB.NET, C#
The Interceptor has two working modes: online and offline.
Online working mode
This mode is used during the development phase, the Interceptor service is needed only to create the config file that is used on the deployed machines, but the when the LSP detects that the service is installed and there’s no configuration file present, it will connect with the Interceptor service to receive the interception logic. In online mode it’s not possible to intercept system services.
Offline working mode
This mode is used during deployment, in the deployment computer you place the file “PCProxyOff.ini” inside %system32%, this file contains the interception logic you produced on the development computer. In this mode the LSP also intercepts system services.
First, extract the .zip file into a single directory and follow the installation instructions of each component.
All installation commands are run from a console window (cmd.exe). In Vista you must run this with “administrative privileges”. The current directory must be the directory into which you unpacked the .zip file.
Under Vista and abbove you must install PCProxy as a service only.
To install the “PCProxy” as a service run:
To install the “PCProxy” as an EXE (Will run when the LSP or VB console tries to communicate with it, this option is for XP only):
PCProxy as a service
PCProxy can be started and stopped from either the services control panel or via “net” (OS utility).
To start the service - run from the command prompt:
net start pcproxy
To stop the service - run from the command prompt:
net stop pcproxy
This flag is used to set the PCProxy as a service with auto start:
PCProxy /Auto /Service
This flag is used when you don't want PCProxy to accept service stop commands, keep in mind that the service can be still terminated using "end task" (to fully protect the SDK you can use Komodia's Watchdog.
PCProxy /NoStop /Service
Another variation with auto start:
PCProxy /Auto /NoStop /Service
PCProxy load sequence
After PCProxy is installed as a standalone or as a service, the first call from the LSP or GUI console will activate it. Of course, it is possible to set PCProxy to load automatically when installed as a service.
To install the “LSP DLL” run:
RegisterLSP –b –d PCProxy.dll
Installing the LSP on 64bit OS involves installing once for 32bit and once for 64bit:
RegisterLSP –b –d PCProxy.dll RegisterLSP64 –b –d PCProxy64.dll
If PCProxy.EXE file has the same COM interface (this will be mentioned whenever an update is sent), then the file can simply be replaced. In case the COM interface was changed (which will be mentioned in the update), then you must replace the file and re-run the installation command like you did at the install phase.
To update the LSP DLL, replace the old LSP DLL and re-run the installation command like you did at the install phase.
All uninstallation commands are run from a console window (cmd.exe). In Vista you must run this with “administrative privileges”. The current directory must be the directory into which you unpacked the .zip file.
To uninstall the “PCProxy” (same procedure for Service and for non Service installation) run:
To uninstall the “LSP DLL” run:
Same like installing, to uninstall on 64bit you must do it for 32bit as well:
RegisterLSP –f RegisterLSP64 –f
The LSP intercepts all traffic based on the rules predefined by the user, and redirects it to the proxy. The rules are all configured by using the application: “PCController.exe”, which is using a public COM API to control the Redirector (on various installation some of the buttons are missing, this is because some buttons are relevant to an optional component which is not present)
Required external files
The VB console uses two external system OCX files, comdlg32.ocx and mscomctl.ocx. Some computers don’t have them installed, so if the console outputs an error you must obtain them.
Settings load sequence
The Redirector’s settings are saved in a file called PCProxy.ini and it is located under %system32% This file is loaded automatically whenever PCProxy starts (this file is updated whenever pressing the “save” button)
There are three separate rules. Each can be set into one of two modes:
- Intercept only the items in the list (default) - Only session information that matches the information in the list will be redirected. For example, placing “iexplore.exe” in the applications list will cause all traffic from Internet Explorer to be redirected.
- Intercept all except items in the list – The LSP will intercept all sessions but ignore those whose information are on the list. For example, placing “iexplore.exe” in the application list will cause all traffic except that which originates from Internet Explorer to be redirected.
The LSP automatically intercepts SSL traffic for Internet Explorer and FireFox, the rules are only relevant to non SSL traffic.
Will intercept/exclude (depending on mode) the session based on application name, the name is case insensitive.
Will intercept/exclude (depending on mode) the session based on:
- Outgoing TCP: destination port.
- Outgoint UDP: destination port.
- Incoming TCP: source port.
- Incoming UDP: source port.
Ports can be in the form of a single port, for example of HTTP port:
Ports can also be in the form of port range, for example:
Will intercept/exclude (depending on mode) the session based on:
- Outgoing TCP: destination IP.
- Outgoint UDP: destination IP.
- Incoming TCP: source IP.
- Incoming UDP: source IP.
IPs can be specified in either normal format:
And you can also specify CIDR format:
Rules are logical OR, which means that if one of the rules matches the session information, then the session will be redirected.
For example, placing port 80 in the ports list and “iexplore.exe” in the application list means that redirected sessions will be those that either are opened to port 80, or originate from Internet Explorer, or both.
Items to never intercept
Items on this list will never be intercepted regardless of the regular interception list mode (include/exclude). For example, placing “iexplore.exe” in this list means that sessions coming from Internet Explorer will never be intercepted, even if other rules match those sessions’ information (a port 80 rule, for example.)
Recommended rules for evaluating the Redirector
There are couple of ways which could be used to intercept rules.
Intercept based on port
Set the ports you want to intercept (the example rule will redirect every HTTP traffic to port 80):
Intercept based on applications
Set the names of the applications you want to intercept (the example rule will redirect every traffic that is made by either Internet Explorer or Firefox):
Intercept based on applications and ports
You can merge the settings in the previous two examples to intercept both applications and ports (merging the example will create a rule that will redirect all traffic from Internet Explorer or Firefox and all port 80 traffic from any application)
Intercept all traffic
To intercept all traffic you need to make sure you don't have any applications, ports and IP set and then switch the button in the application tab from: "Intercept only applications in the list" to: "Intercept all applications beside those in the list":
Saving, loading and clearing the data
The PCProxy service loads the data as it loads. All subsequent modifications are not saved until the “Save” button is pressed. The “Clear” button will reset the configuration.
Creating the interception logic file
The button “Save offline file” will save the current settings under %system32% inside a file called PCProxyOff.ini, make sure to also use normal save before you exit because the Intercept service saves all the online data in a different configuration file.
Inside online mode
LSP only affects application that ran after the installation. For example, if you installed the LSP while an Internet Explorer instance was running, that instance will not be affected, but every new instance will be affected. After restart, all applications, including OS core services, are affected.
Running LSP instances refresh the rule set every 60 seconds (this value can be changed at compile time by request). New instances take the latest rules from the service upon loading.
Inside offline mode
If you update the file, it will only affect application loaded from that point on, all loaded applications will use the settings they had before you updated the file.