| KFSensor |
| About |
| Overview |
| Screen shots |
| Features |
| Enterprise edition |
| Compare editions |
Download trial  |
| Buy KFSensor |
| News |
| Manual |
| Knowledge Base |
| Links |
| Extras |
Factsheet (.pdf)  |
Installing KFSensor
Before installing KFSensor it should be decided whether to install the full version or the high integrity version.
The choice of which version to deploy depends on the users attitude to risk.
Full Functionality Version
The full functionality version contains all the available options and features of KFSensor.Some of these features could be considered potentially risky. Every effort has been made to make these features secure, and all these features are turned off in the default configuration. However if the machine on which KFSensor is running is compromised then it would be possible for someone to reconfigure KFSensor in such a way that may lead to a further compromise.
High Integrity Version
The high integrity version of KFSensor has certain features disabled. These features are 'compiled out' of the high integrity version, making it impossible for them to be enabled.The following features are disabled:
| Feature | Description |
| HTTP Sim Server | The ability of the HTTP Sim Server to host files is disabled. All valid requests will return an Unauthorized response which accurately simulates a password protected web site. |
| SMTP Sim Server | The ability of the SMTP Sim Server to relay emails it receives to another server is disabled. |
| Relay Sim Server | This sim server type is completely disabled. |
| External Console App | This sim server type is completely disabled. |
| External Alerts | This alert mechanism is completely disabled. |
Installing WinPCap
KFSensor's Network Protocol Analyzer feature makes use of the WinPCap library.
WinPCap is the industry standard network packet capturing library and by using it KFSensor can work along side other security software such as
Wireshark.
KFSensor will work without WinPCap being installed but functionality associated with the Network Protocol Analyzer will then be disabled. It is best to download and install WinPCap before installing KFSensor, though it is also possible to install it later.
Important Note
KFSensor will only work with WinPCap version 3.1
The WinPCap installation program can either be obtained from the KeyFocus web site or direct from the WinPCap web site:
http://www.winpcap.org/
See the Network Protocol Analyzer Administration section of the Advanced Service Configuration section of this guide for more information.
Running the KFSensor set up
To install KFSensor you must be logged on with full administration rights to the local machine.
If you are installing from the KFSensor CD-ROM the KFSensor installation program will start automatically when you insert the CD-ROM if you have "auto-play" enabled.
If the installation does not start automatically or if you are installing from a downloaded copy of KFSensor, simply locate the installation executable in Windows Explorer and double click on it.
After you have agreed to the KFSensor License you will be presented with four set up options:
| Setup Type | Description |
| Full version | This option installs the complete KFSensor system |
| High Integrity | This option installs the high integrity version |
| Upgrade Full Version | This updates a current installation with the full version |
| Upgrade High Integrity | This updates a current installation with the high integrity version |
In the next step you will be asked to choose the folder where KFSensor should be located.
The "Program Files" path is a good place to install KFSensor as it inherits a high level of access security.
This is explained in the next section.
After selecting the program group where KFSensor should be installed in the Start menu, the installation will begin.
You will need to restart your machine before KFSensor can become operational.
You should register your copy of KFSensor within two days to make it fully operational.
You can then either start using KFSensor straight away or complete the secure aspects of the configuration, as described in the next section.
Log Path
The first time KFSensor is run it creates a log folder.The default location of the folder is "C:\kfsensor\logs".
It does this to keep the logs in a separate area from the program and configuration files to improve security.
Un-installing KFSensor
You can uninstall KFSensor by taking the following steps.- If you have installed KFSensor as a systems service then you will need un-install it first.
Within the KFSensor monitor application select the "File -> Service -> Un-install System Service" menu.
Then exit the KFSensor monitor application. - Go to the Windows Control Panel and select "Add or Remove Programs". Select KFSensor and press the "Change/Remove" button.
- The un-install program will not remove the log files generated. If you want to remove these then you will need to locate and delete the KFSensor log directory with Windows Explorer.
Next: Using the Set up Wizard