Hey Guys,

I would like to thank you for the great job, I wanted to ask if you plan to add support for Windows Server 2019 ?

I tried to run the program after running the installer with no error.

I end up with exception HRESULT 0x8007007E regarding SQLite.interop.dll

Replacing the DLLs from github files did not solve the issue, maybe a different sqlite package could work ?? could you give me a hint ?

The error text itself:

************** Exception Text **************
System.DllNotFoundException: Unable to load DLL 'SQLite.Interop.dll': The specified module could > not be found. (Exception from HRESULT: 0x8007007E)
at System.Data.SQLite.UnsafeNativeMethods.sqlite3_config_none(SQLiteConfigOpsEnum op)
at System.Data.SQLite.SQLite3.StaticIsInitialized()
at System.Data.SQLite.SQLiteLog.Initialize()
at System.Data.SQLite.SQLiteConnection..ctor(String connectionString, Boolean
parseViaFramework)
at Cyberarms.IntrusionDetection.Shared.Database.Configure(String directory)
at Cyberarms.IntrusionDetection.Admin.SplashScreen.StartupComponents()
at Cyberarms.IntrusionDetection.Admin.SplashScreen.t_Tick(Object sender, EventArgs e)
at System.Windows.Forms.Timer.OnTick(EventArgs e)
at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr > lparam)

************** Loaded Assemblies **************
mscorlib
Assembly Version: 4.0.0.0
Win32 Version: 4.7.3468.0 built by: NET472REL1LAST_C
CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll

IntrusionDetectionAdmin
Assembly Version: 2.2.0.0
Win32 Version: 2.2.0
CodeBase:
file:///C:/Program%20Files/Cyberarms/Cyberarms%20Intrusion%20Detection/IntrusionDetectionAdmin.exe

System.Windows.Forms
Assembly Version: 4.0.0.0
Win32 Version: 4.7.3324.0 built by: NET472REL1LAST_C
CodeBase:
file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll

System
Assembly Version: 4.0.0.0
Win32 Version: 4.7.3451.0 built by: NET472REL1LAST_C
CodeBase:
file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll

System.Drawing
Assembly Version: 4.0.0.0
Win32 Version: 4.7.3190.0 built by: NET472REL1LAST_C
CodeBase:
file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll

System.Configuration
Assembly Version: 4.0.0.0
Win32 Version: 4.7.3324.0 built by: NET472REL1LAST_C
CodeBase:
file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll

System.Core
Assembly Version: 4.0.0.0
Win32 Version: 4.7.3570.0 built by: NET472REL1LAST_B
CodeBase: > file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll

System.Xml
Assembly Version: 4.0.0.0
Win32 Version: 4.7.3190.0 built by: NET472REL1LAST_C
CodeBase: > file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll

Cyberarms.IntrusionDetection.Shared
Assembly Version: 2.2.0.0
Win32 Version: 2.2.0
CodeBase: > file:///C:/Program%20Files/Cyberarms/Cyberarms%20Intrusion%20Detection/Cyberarms.IntrusionD> etection.Shared.DLL

System.Data.SQLite
Assembly Version: 1.0.84.0
Win32 Version: 1.0.84.0
CodeBase:
file:///C:/Program%20Files/Cyberarms/Cyberarms%20Intrusion%20Detection/System.Data.SQLite.DLL

System.Data
Assembly Version: 4.0.0.0
Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
CodeBase:
file:///C:/Windows/Microsoft.Net/assembly/GAC_64/System.Data/v4.0_4.0.0.0__b77a5c561934e089/>System.Data.dll

System.Transactions
Assembly Version: 4.0.0.0
Win32 Version: 4.7.3260.0 built by: NET472REL1LAST_C
CodeBase:
file:///C:/Windows/Microsoft.Net/assembly/GAC_64/System.Transactions/v4.0_4.0.0.0__b77a5c5619> 34e089/System.Transactions.dll

If you need any further details or provide some additional logs, feel free to contact me, I will try my best to provide everything needed.

Best Regards
Miroslav

Great tool!

Is it possible to add informations about the agent (e.g. TLS/SSL Security Agent) and the related port (e.g. 3389) information to the "Cyberarms"-Eventlog?

So for example "Hard lock: Unsuccessful login attempts from ip address xxx.xxx.xxx.xxx exceeded threshold. Firewall rule is being created to block the address specified (TLS/SSL-Agent | Port 3389)."

This would be nice to work with scripts that can do something with these information.

Thank you very much.

Hi, I am trying to install Cyberarms Intrusion Detection on my Win 10 Pro machine.

I am getting the error during the Visual C++ install that setup has detected vcredist_x64.exe has changed since it was initially published.

Any guidance you can provide will be appreciated. Thanks in advance.

Hello,
IDDS have already hard locked 176.113.115.151.
Intrusion from 176.113.115.15 detected, after 10 attempts IP listed as hard locked in Current locks tab, but no line about hard lock in Security log tab, and also IP not added to FW rule.

Same situation also with pair 92.63.194.36 and 92.63.194.3

After some months cyberarms.odds.dbf is very big and the program working very slow.
How I can clean dbf file?

Hi,
When I tried to install V2.2.0 It tries to download the C++ 2020 runtime and the link the setup uses is no longer valid. Also I cannot find the redistributable elsewhere. Any work around? Thx

Hi

if I start a copy process to transfer files between PCs on the same network, CPU load is going up to more than 25 %.
Is this normal ? For what this soft needs to scan the smb protocol ?

In light of the recent uptick in RDP attacks, it would be good to have a 32-bit build of this for systems of clients unable to perform upgrades. I tried running VS2010 and building it myself but got hit by too many errors I don't understand. Please provide an x86 installer package if it can be done.

Hello Everyone,

We have a DC with 2 NIC interfaces one for local access and the second for TS, how do I tell cyberarms
software to manage or monitor the 2nd interface instead of the first one? or does it do it automatically

I tried to login server times with a Wrong password to test the application but it will not detect me fail attempts

thank you

We discovered that the locks (here RDP) do not Keep the attackers away on various systems. The IP's get locked and are Show in the lock table but the attacker is still able to brute force. On some systems there'is also an unlock error, that may be a hint. Reinstalling does not solve the problem.

hello
it seems i'm constantly under attack from an external ip , but the security log in cyberarms intrusion detection shows :
Intrusion 10/5/2018 x:xx xx 2 fe80::490:xxxx:xxxx:1b39%14 AD Credential Validation Security Agent: Invalid logon from localhost. Local addresses will not be blocked

is it real local address , or is it a bug ?

thanks for your software , and excuse me for my bad english

I see a constant 25% CPU usage on the service. Once I stop it, then it of course drop. Is this normal?

Also I noticed that even the configuration window of the application (the main application) when opened keeps my CPU >40%.

Anything I need to do?

Attached also my system config. IDDS is 2.2.0
DxDiag.txt

I'm using Windows 10 Pro 1803 and with the TLS/SSL agent enabled to detect failed remote desktop attempts it isn't picking them up. Could you offer any advice?

Hi All
Encountered a problem on Windows 2016 (VPS installation):
CID does not create a rule in the firewall. And also does not show illegal login attempts for RDP agent. The agent is enabled and the port is specified correctly

I've installed Cyberarms on several PCs that are exposed to RDP.
Most of the time it works flawlessly.
Always test after install from across wan.
Not sure why, but IDDS is not detecting attack over WAN, but it is detecting attacks from lan.
I thought that maybe the router was somehow stripping IP info from the packet header, etc... but I installed "RDP guard" and it worked and detected the WAN attack (and reports the offending IP).
I have rebooted the computer several times and checked that windows firewall is running. The IDDS service is running and the proper agent is running as well.
Any help is appreciated.

Hello, I would like to know how I can delete the logs from the Security Log tab, over time will accommodate thousands of logs, and I would like a button or know how to delete the logs.

Thank you for this fantastic program, you're the guy. @jorgecc @ProfessorJoe