Support FAQ

Who do I contact in case I have question not covered in the FAQ?
Please send an email to support@syspeace.com.

I already have antivirus software and a firewall. Why should I use Syspeace?
Syspeace provides complementary protection to antivirus software and firewalls. Read more about Syspeace protection.

How does Syspeace know when someone’s failed to log in?
Syspeace follows the Windows Security Audit event logs. This requires that Windows log such “login failure” events; instructions are available in the manual.

If a user forgets their password but logs in correctly just before they are blocked, will Syspeace deem them attackers if they log in incorrectly once more?
Whether a successful login resets the record of incorrect login attempts is configurable in the Syspeace settings.

How does Syspeace block attackers?
By adding a block of the attacker’s IP address to the Windows Firewall.

What does the attacker see?
Nothing; connections of all kinds to the attacked computers are simply dropped, usually giving the attacker an error message about being unable to connect. Beyond these effects, the attacker is not aware of Syspeace or of being blocked.

Why do Syspeace blocks expire at all? Why not just continue blocking attackers for all eternity?
Syspeace blocks IP addresses and not individual attackers. IP addresses are reassigned periodically in many circumstances and the IP address leading to an attacker today might lead to your best customer tomorrow. If an attacker has been seen to return under the same IP address, a stricter rule can be instated to block repeat offenders for a longer time, or that IP address can be added to the local blacklist.

The global blacklist sounds great, but what information is sent to the Syspeace server for this to work?
This information is sent:

  • the local IP address of the server
  • the local hostname of the server
  • the IP address of the attacking IP
  • the hostname, as resolved by DNS, of the attacker
  • a traceroute from the server to the attacker
  • the point in time at which the attack happened
  • the version of Syspeace
  • the version of Windows
  • the Syspeace account ID

The information is collected to facilitate the logic to find the worst blacklist offenders. The information about the local computer and Syspeace account ID is used to let the blacklist algorithm contrast between an attack against many computers in the same account and many computers across many accounts.

What about Windows XP/Vista/7/8/10?
Although Syspeace is not technically restricted from being used on a Windows client operating system, our End User License Agreement does not cover this and we do not support this scenario, license or no license. Our customers have so far told us that they like to use Syspeace on servers and that they like to use Windows Server operating systems on their Windows servers. We are not planning on officially supporting any Windows client operating system as long as that is the case.