Application Not Working after Installing Proventia Desktop? Check the attack-list.csv!
Proventia Desktop is installed on a computer and there’s an application not opening or functioning properly. The first thing you’ll want to do is, determine if Proventia Desktop is the culprit. This can be done simply by disabling the BlackICE Service (from the Services console). After Proventia is disabled test the application again. If it’s now working, then you’ll need to find out what Proventia is blocking. The easiest way to do this, is to look at the attack-list.csv file.
The attack-list.csv file is located in the Proventia Desktop folder. This is typically C:\Program Files\ISS\Proventia Desktop. If you can’t find it there, look in the folder the BlackICE is running from. After finding the attack-list.csv, open it and view the contents. This is most easily done in Microsoft Excel, or other comparable spreadsheet application.
Once you have it open, you’ll see a variety of information including Severity, timestamp, issueID, issueName, intruderIp and name, victimIP and name, ports and other assorted information about what Proventia has done. It’s important to know the date and time that the application didn’t function as expect. Compare that date and time with what’s in the attack-list.csv file which is typically GMT.
Once you have this information, you’ll know what IP, port, Event or Buffer Overflow Exception (only in Proventia 9) needs to be modified in the Proventia Desktop policy.
sample attack-list.csv
| #Severity | timestamp (GMT) | issueId | issueName | intruderIp | intruderName |
| ## 2009-08-05 14:18:45 | 27 | All Proventia protection stopped | 0.0.0.0 | 0.0.0.0 | |
| ## 2009-08-05 14:18:55 | 26 | All Proventia protection started | 0.0.0.0 | 0.0.0.0 | |
| 4 | 2009-08-05 16:19:43 | 2114083 | Flash_NavigateToURL_XSS | 72.246.239.148 |
