Provides Windows Server 2003 support for SQL Server-based blocking, a better interface for viewing current and possible blocks and improves behavior when Syspeace servers are unreachable. For more information about all improvements, see the full release notes.
Syspeace now supports SQL Server-based blocking on Windows Server 2003.
The list in the status window has been replaced with a new list, containing a summary of current blocks and suspected upcoming blocks.
Suspected upcoming blocks refers to observed failed logins that have yet to trigger a rule.
For current blocks, the observed failed logins that triggered a rule are shown.
Single IP address entries show the geographical location if available.
The list can be filtered in the bottom left of the window. Current blocks based on observations are always shown. Blacklisted IP addresses can be shown or hidden.
IP addresses can directly be added to the local blacklist, removed from the local blacklist and added to the whitelist from the info pane directly. Current blocks can also be forgiven (the block is removed and the IP address’ failed login record starts over).
When the Syspeace client is started and there are Windows login rules enabled, Syspeace will check to make sure that the current security policy will allow logon failure audit events to be produced and warn if this is not the case. Without this properly set, Syspeace will not be able to detect Windows login failures.
The description for each entry in the local blacklist and whitelist can now be changed without having to recreate the entry.
Duplicate entries for IP addresses can no longer be added in the local blacklist and whitelist.
Syspeace’s behavior and stability when the Syspeace backend and license server is unreachable is improved.
Changes to bring the size of the local database down.
Fixed a bug preventing the removal of the ban corresponding to the last blacklist entry.
Improved migration from Syspeace 1.1.*.