forum.wfiltericf.com

Forum of WFilter, internet content filtering solutions
http://forum.wfiltericf.com/

Wfilter sending false alarm

http://forum.wfiltericf.com/viewtopic.php?f=4&t=229

Page 1 of 1

Wfilter sending false alarm

Posted: Mon Jul 09, 2012 1:31 am
by kksg2000
Hi,

I installed Wfilter (chinese) on my china server. I have been receving manay false alarms from the system. I am receving notifications on application launch like FreeCast, QQlive, 脱兔下载 and 浩方对战平台. I checked on many of these computers and couldn't find these software on them except for a few computers which are running QQ messengers (not the QQlive) whereas the rest do not have any of these related software installed at all.



Could you help?



Thanks


Wfilter sending false alarm

Posted: Mon Jul 09, 2012 1:57 am
by kksg2000
kksg2000 wrote: Hi,

I installed Wfilter (chinese) on my china server. I have been receving manay false alarms from the system. I am receving notifications on application launch like FreeCast, QQlive, 脱兔下载 and 浩方对战平台. I checked on many of these computers and couldn't find these software on them except for a few computers which are running QQ messengers (not the QQlive) whereas the rest do not have any of these related software installed at all.



Could you help?



Thanks








I put my computer on the monitor list and I recevied XunLei,QQDownload,Flashget alert. I do not have these software installed in my computer.



Could you advise?

Wfilter sending false alarm

Posted: Mon Jul 09, 2012 2:13 am
by gengw2000
QQ messenger can produce "QQLive" and "QQDownload" traffic, because QQ messenger has integrated so many features.



But I am not sure why you have "FreeCast", 脱兔下载 and 浩方对战平台.


Wfilter sending false alarm

Posted: Mon Jul 09, 2012 2:19 am
by gengw2000
Can you run a protocol bandwidth report to check the bandwidth details of these three patterns?

Wfilter sending false alarm

Posted: Mon Jul 09, 2012 3:12 am
by kksg2000
gengw2000 wrote: Can you run a protocol bandwidth report to check the bandwidth details of these three patterns?



Hi,

I attached the report. I had put in the english names next to the chinese characters for your reference. I do not know how this is going to help me. Please kindly advise.



Thanks.



Attached files report.zip (7.6 KB) 

Wfilter sending false alarm

Posted: Mon Jul 09, 2012 5:35 am
by gengw2000
As you can see, the 10th bandwidth is 0.408MB in total. It means other false alarm protocols are less than 0.408M.



I recommend you to ignore protocols <1M, because 1MB traffic can not do anything useful in practice.



We will setup a bandwidth threshold of alert trigger in later versions of WFilter to reduce false alarms.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/