DP Tool Club 17

home *** CD-ROM | disk | FTP | other *** search

/ DP Tool Club 17 / CD_ASCQ_17_101194.iso / vrac / sysmon30.zip / SYSMON.DOC < prev next >

Wrap

Text File | 1994-05-07 | 38KB | 839 lines

System Monitor Version 3.0 Copyright 1991, 1993 all rights reserved Rosenthal Engineering, P.O.Box 1650 San Luis Obispo, CA USA 93406 ----------------------------------------------------------------------- System Monitor - Monitor & report problems early, maintain performance, resolve hardware/software & MS Windows conflicts, virus defense, with support for single & LAN users. ----------------------------------------------------------------------- What is System Monitor? System Monitor maintains your system at its optimum performance and integrity when installed in an IBM PC/XT/AT 386, 486 or 586 compatible computer, by testing and extensively monitoring a number of performance and security indicators. Each time the computer is used, System Monitor re-evaluates the system and alerts its user to any discrepancies it finds with an announcement that is hard to ignore. Install System Monitor as soon as you're confident that the computer is properly configured and operational. From then on, System Monitor will intervene immediately upon detecting problems, usually long before a user even suspects any difficulty. This early monitoring and detection is essential in avoiding and correcting problems before they can compound. It is especially useful to individuals or system administrators when resolving hardware/software and MS Windows conflicts. - - - - - - - - - - - What Does System Monitor Do? The first time you run System Monitor, it will guide you through a simple installation procedure and then generate extensive reports (REPORTSM.EXE) unique to your computer, a report (CONFIGSM.EXE) containing information about your system configuration file (CONFIG.SYS), and an AUTOEXEC.BAT file (AUTOSM.EXE). The REPORTSM.EXE, AUTOSM.EXE and CONFIGSM.EXE are referred to by System Monitor from then on, automatically, each time the computer is turned on or booted. The information contained in these files is very valuable when attempting to resolve conflicts, especially when you request customer support assistance for products supplied by a number different vendors. Much of the information in these files is encrypted to protect it against corruption (whether accidental or intentional). The embedded information deals with System Monitor's formidable anti-virus protection; however, you can view much of the more public information by simply entering the files name, as these files are also directly executable. For example, once you have installed System Monitor, enter "C:\REPORTSM" at the DOS prompt. - - - - - - - - - - - How Does System Monitor Work? Because you install System Monitor prior to developing problems, the report files (REPORTSM.EXE, CONFIGSM.EXE and AUTOSM.EXE) generated at that time provide a detailed baseline for comparison. Abnormal deviations from the established baseline cause System Monitor to issue warning messages. In most cases both the current monitored value and the original baseline information are displayed for comparison. For an example of some of these warning messages refer to the /D demonstration mode section. - - - - - - - - - - - How Does System Monitor Protect Against Viruses When System Monitor discovers a virus contamination or its effect, a warning will be issued. Again refer to the /D demonstration mode for examples. Many of the current viruses have mechanisms to help them circumvent and avoid infection detection and prevention schemes, so System Monitor's anti-virus and security methods are encrypted and will not be disclosed. Computer viruses have an extremely difficult time existing in System Monitor's environment of such close scrutiny, especially when every system in an office or LAN is monitored. The time to be concerned about viruses is before you get one. Don't wait until problems develop before performing backups or installing System Monitor. - - - - - - - - - - - How will System Monitor support other protection schemes? There are a number of excellent anti-virus programs that interface well with System Monitor. These programs can be installed ahead of System Monitor. With this recommended configuration, a virus that attempts to disable either of these programs, will have the Herculean task of disabling or circumventing them both, or risk detection by the other. There are a number of hardware password security cards available from other sources that System Monitor will support. If an attempt has been made to bypass a computer's access restriction by removing one of these security cards, System Monitor reports its absence. - - - - - - - - - - - Installation System Monitor should be installed after your system is configured and completely operational. System Monitor is designed to be installed before you develop problems. Your CONFIG.SYS, AUTOEXEC.BAT (and WIN.INI and SYSTEM.INI files for MS Windows users) should already be configured for your system. If your system has a clock (most do) make sure the time and date are set correctly before continuing. Erratic clock behavior is often a sign of other problems (such as impending death your configuration ram battery) and it's one of the things System Monitor evaluates. It's all right to use DOS TIME and DATE functions to check the time and date, but not to set them. Use your SETUP program to set the correct time and date, otherwise your system may not retain the correct settings when you turn off the power. Copy all the System Monitor files to the ROOT directory of your BOOT drive where your AUTOEXEC.BAT and CONFIG.SYS files are. Example: COPY A:SYSMON.* C:\ Remove the distribution disk from the floppy drive and store it in a safe place. Enter SysMon at the DOS prompt, and System Monitor's built in editor will allow you to install SysMon.EXE into your AUTOEXEC.BAT file. Use the cursor (arrow) keys to add SysMon.EXE near the end of your AUTOEXEC.BAT file after any TSR's and before applications or Windows. System Monitor will then "WARM BOOT" the system and conduct an extensive series of tests before generating several report files. If the system doesn't reboot within three minutes, turn the power off/on. The report files are displayed confirming installation. These report files are only displayed automatically when they are first created. From then on you can recall them by entering REPORTSM, AUTOSM or CONFIGSM at the DOS prompt. Installation is now complete and System Monitor will operate automatically each time the system is turned on or BOOTed. - - - - - - - - - - - Shareware Announcement Please feel free to use and evaluate this software without charge for 10 days. You are encouraged to copy and distribute it freely provided it remains unmodified, complete in its original form, and no fee (other than a nominal copy charge) is required. This software is provided "as is" without warranty either expressed or implied. System Monitor is fully functional and not copy protected or crippled (other than the shareware announcement). If you determine System Monitor to be useful, you must register it before the end of the 10 day evaluation period. Once the required, single user registration fee of $49 (US) is received, the latest registered version of System Monitor (without shareware announcement) will be sent by priority first class mail. Software License agreement This Software is copyrighted material. It is not sold, but licensed. The registration fee must be paid before the free 10 day evaluation period expires, or its use discontinued. You are encouraged to copy and distribute only the unregistered version freely, provided it remains unmodified, complete in its original form, and no fee (other than a nominal copy charge) is required. This software is provided "as is" without warranty either expressed or implied. You may not make any changes or modifications to the software, and you may not decompile, disassemble or in anyway reverse engineer the software. This constitutes the entire agreement and understanding between the parties and supersedes any prior agreement or understanding whether oral or written and may only be modified in writing. This software is provided "as is" without warranties of any kind. Responsibility rests entirely with the user to determine its fitness for a particular purpose. ROSENTHAL ENGINEERING SHALL NOT IN ANY CASE BE LIABLE FOR SPECIAL, INCIDENTAL, CONSEQUENTIAL, INDIRECT OR OTHER SIMILAR DAMAGES ARISING FROM ANY USE OF THIS SOFTWARE. Some states may not allow these limits on warranties, so they may not apply to you. In no case shall Rosenthal Engineering's liability exceed the license fees paid by you to Rosenthal Engineering for the right to use the Licensed Software. Corporate, business, institutional and government users require an additional negotiated site license. The single user license for System Monitor is obtained by sending your check for $49 (US) to: Rosenthal Engineering, P.O.Box 1650, San Luis Obispo, CA 93406 USA - - - - - - - - - - - Demonstration of Warning Messages When System Monitor discovers a discrepancy, it will issue a Warning announcement (try the /D demonstration mode for an example). Remember, these are only warnings. Often these warnings can easily be accounted for. For example, installing a new device driver or version of DOS etc. will trigger a warning. When this happens just erase the report file REPORTSM.EXE and reBOOT the system. System Monitor will then re-evaluate the system and create a new REPORTSM.EXE unique to your system and its new configuration. Some warning messages will not require any attention to correct. For example, a warning message caused by setting the clock back for daylight savings time. System Monitor will figure out that the problem has corrected itself when the clock advances normally again, and the the warning message will go away on its own. SEE Establishing a New Baseline - - - - - - - - - - - Demonstration Mode /D System Monitor will normally operate a few seconds when you first turn on the system without finding anything wrong. To demonstrate a few of the tests being monitored enter SYSMON /D at the DOS prompt. This demonstration mode self test is not a substitute for the independent internal audit controls described in the Virus Simulator documentation. Virus Simulator is available separately from Rosenthal Engineering, for a single user license registration fee of $25. (US). - - - - - - - - - - - Optional Service Referral Message System administrators, service organizations and consultants can promote their services by including an optional text message. When an ascii text file (SYSMON.TXT) is included in the root directory, it will be displayed at installation and whenever System Monitor issues a warning message. The SYSMON.TXT file is optional and allows users to receive a referral message when assistance may be required. A SYSMON.TXT file is included as an example. This file can be deleted, or edited with a ("non- document") text editor to display your own, personalized announcement. - - - - - - - - - - - Scheduled Preventive maintenance The best way to minimize computer down time is with a periodic preventive maintenance and backup schedule. Inspection checks, hard disk file defragmentation, cleanings, lubrication, etc. must be performed regularly to be effective. Every six months is generally acceptable for most offices, with some adjustments made for hostile environments or where systems are more heavily relied upon. System Monitor will issue a reminder warning when maintenance is scheduled if that option is selected. - - - - - - - - - - - Monitoring TSR's System Monitor returns all the memory it uses back to the system when it's finished. It leaves nothing behind as a TSR program (terminate and and stay resident). Since System Monitor runs at power up (from your AUTOEXEC.BAT) after your authorized TSR's and device drivers where installed, it will report any that failed to load, where unauthorized or installed since System Monitor established its baseline, whether by an application or a virus. You can re-evaluate the system at any time by entering SysMon once again at the DOS prompt. - - - - - - - - - - - Speech or Beep Mode /S System Monitor evaluates a number of performance indicators that directly access the computer's internal hardware. Some (a very few) systems may have compatibility problems in this area. If you have one of these comparatively rare systems you may have noticed other problems, especially with programs that produce sounds. If at all possible, you should not disable the speech and additional hardware tests unless the system just won't run any other way. Before disabling the speech, try to run System Monitor normally. To disable the additional hardware performance tests and replace the speech with a beep, reBOOT the system and press <CTRL> <BREAK> to abort the AUTOEXEC.BAT routine before SysMon is called. Use your (Non-Document) editor to add /S to the command line following the SysMon.EXE. Example: SysMon.EXE /S - - - - - - - - - - - DOS Version System Monitor requires DOS version 2.0 minimum, and has been tested using DOS 2.0 - 6.0. SEE - Warning Message - Active version of DOS - - - - - - - - - - - Sign on message When System monitor is run, the sign on message is displayed, and the version and copyright date are shown. Be sure your are using the latest version available. If you are entitled to use a registered version, be sure it is installed in place of the unregistered version. The Unregistered version is fully functional, but will prompt the user to register after the free evaluation period has expired. System Monitor Version XX.XX (Unregistered) Copyright 199X Rosenthal Engineering, all rights reserved. 3737 Sequoia, San Luis Obispo, CA. USA 93401 or System Monitor Version XX.XX Copyright 199X Rosenthal Engineering, all rights reserved. 3737 Sequoia, San Luis Obispo, CA. USA 93401 - - - - - - - - - - - Warning Messages When System Monitor is installed it generates several report files which it uses to establish a baseline for later comparison. Each time System Monitor is run, it extensively re-evaluates the system and compares the present information to the baseline recorded earlier. If there is a discrepancy between the present system and the baseline data recorded earlier, a warning is issued. The baseline reports are executable programs which are displayed when System Monitor is installed or a new baseline is established. The baseline reports are stored in the root directory and may also be reviewed by entering REPORTSM, AUTOSM or CONFIGSM at the DOS prompt. Example: WARNING! System Monitor has discovered a discrepancy between system baseline data "B" recorded earlier and the present "?" system status. - - - - - - - - - - - Warning Message - Active version of DOS Example: B Active version of DOS 3.30 ? Active version of DOS 6.0 The version of DOS has changed since baseline was established. The most obvious cause for this warning is the operating system has been upgraded. If this is the case, see "Establishing a new Baseline". Other possible causes for this warning include: The operating system has been accidentally or intentionally overwritten by a different version. The operating system has been modified by a malicious program or virus and replaced by one that is probably infected. - - - - - - - - - - - Warning Message - Bios source Example: ? Bios source PC-XT B Bios source PC-AT - - - - - - - - - - - Warning Message - Machine model type ? Machine model type PC-AT 3x9 B Machine model type PC-AT This error message is extremely rare as the bios source is hard coded in the read only memory of the computer (ROM). In a few rare systems, the manufacture provides a way to upgrade the bios through software. Unless the system ROMs have been upgraded, suspect something unusual, rather than an equipment failure or software conflict. For example, the REPORTSM.EXE file may have been inadvertently replaced with one generated on another system by a backup program. - - - - - - - - - - - Warning Message - Rom bios revision level Example: B Rom bios revision level 0 ? Rom bios revision level 1 SEE - Warning Message - Bios source - - - - - - - - - - - Warning Message - Active Display Adapter Example: B Video Graphics Array (VGA) display adapter active. ? Enhanced Graphics (ECA) display adapter active. Most video cards support a number of modes including VGA, EGA and monochrome. Additionally some systems may employ more than one video monitor. This warning message usually indicates a modification the systems set-up file or removal/failure of the video card to pass a more exhaustive diagnostic test conducted by System Monitor. - - - - - - - - - - - Warning Message - Accessible memory Example: B Accessible memory 000A0000h bytes ? Accessible memory 000BFF00h bytes The base (first 640k) memory available reported has changed. This is a very suspicious event and more likely an indication of the presence of a virus than an equipment failure. Registered users of Virus Simulator may want to experiment with the "B" Supplement for a safe demonstration of how System Monitor reports this suspicious activity. When the virus takes control of the system, it hides in memory and forces the system to lie about how much memory is actually available. The virus hides in the unreported portion of memory and does its dirty work from there, usually undetected because the system isn't even aware that the memory (or virus) exist, or ever did. - - - - - - - - - - - Warning Message - Memory used Example: B Memory used...... 00000270h bytes ? Memory used...... 00000265h bytes For some reason the total amount of memory used by operating system, device drivers, and terminate and stay resident (TSR) programs has changed. The most likely cause of this warning message is either a driver or TSR was added, or unable to load. If none of these programs have been changed or added since the baseline was established, a memory resident virus may be suspected. For a safe example of how this occurs, use Virus Simulator and select the "Install memory test simulated virus." option. Then run System Monitor directly from the DOS prompt by entering "SYSMON". Registered users of Virus Simulator can also use the "B" supplement. System Monitor examines a number of memory usage indicators which makes it especially effective against stealth type viruses. These viruses attempt to hide their activity from conventional anti-virus measures in order to avoid detection. Stealth viruses have an extremely difficult time evading System Monitor's level of scrutiny. This warning can also be caused when there is a conflict between two programs, especially if they are TSR or fail to correctly release allocated memory when through. Sometimes a software driver that supports a piece of peripheral hardware, such as a laser printer or document scanner, will not load if the peripheral does not respond. The corrective action may be as simple as switching on the piece of equipment and rebooting the system to try again. - - - - - - - - - - - Warning Message - Memory free Example: B Memory free...... 0009FD90h bytes ? Memory free...... 0009FC00h bytes The amount of base memory (first 640k) free for application programs to use has changed since the baseline was established. Most likely the amount of memory used, or the amount of memory accessible has changed. SEE - Warning Message - Memory used SEE - Warning Message - Accessible memory - - - - - - - - - - - Warning Message - Hardware configuration Example: B Hardware configuration 1110000 ? Hardware configuration 1110001 A change in the motherboard switch settings that define the hardware configuration has occurred since the baseline was established. These switches are usually either a physical DIP type switch inside the computer on the motherboard, or part of the setup program. - - - - - - - - - - - Warning Message - Keyboard type. Example: B Keyboard is enhanced type. ? Keyboard is standard type. The keyboard attaches by a DIN type connector plug, and may have been exchanged. Also many keyboards have a DIP type switch (look underneath) that allow them to be used in several configurations. The switch settings may have been inadvertently disturbed. Other keyboard messages might indicate a defective keyboard, a stuck key or even the keyboard plug pulled out. - - - - - - - - - - - Warning Message - Math coprocessor Example: B Math coprocessor installed ? No Math coprocessor installed There are two likely reasons for this warning. The math coprocessor has failed, or someone has removed or installed it. These integrated circuit chips are quite expensive and System Monitor has been responsible for alerting more than one system administrator to an unauthorized disappearance. Other warning messages may indicate that the math coprocessor has failed one of System Monitor's more exhaustive hardware tests, and is no longer reliable. - - - - - - - - - - - Warning Message - Serial adapters Example: B Serial adapters = 3 ? Serial adapters = 2 There has been a change in the number or configuration of the serial adapters. Either the hardware cards themselves have changed, or the information in the set up file has changed. Other warning messages may indicate that the hardware has failed System Monitor's more exhaustive testing. - - - - - - - - - - - Warning Message - Serial adapters Example: B Parallel adapters = 3 ? Parallel adapters = 2 There has been a change in the number or configuration of the parallel adapters. Either the hardware cards themselves have changed, or the information in the set up file has changed. Other warning messages may indicate that the hardware has failed System Monitor's more exhaustive testing. - - - - - - - - - - - Warning Message - Program segment address Example: B Program segment address is at 2CE7h ? Program segment address is at 2CD0h The program segment address of memory for System Monitor is different from the established baseline. This usually means that something that belongs in memory didn't load or something loaded into memory ahead of System Monitor (a device driver, TSR or virus) that wasn't present when the baseline was established. SEE - Warning Message - Memory used SEE - Warning Message - Accessible memory - - - - - - - - - - - Warning Message - Environment space Example: B Environment space begins at 2CDBh ? Environment space begins at 2E00h The address of memory used by System Monitor is different from the established baseline. This usually means that something that belongs in memory didn't load or something loaded into memory ahead of System Monitor (a device driver, TSR or virus) that wasn't present when the baseline was established. SEE - Warning Message - Memory used SEE - Warning Message - Accessible memory - - - - - - - - - - - Warning Message - Bytes left in current segment Example: B Bytes left in current segment FEF0h ? Bytes left in current segment FE00h A change in the memory space available to System Monitor has changed from established baseline. SEE - Warning Message - Environment space SEE - Warning Message - Memory used SEE - Warning Message - Accessible memory - - - - - - - - - - - Warning Message - Rom bios extension Example: a Rom bios extension Segment C000 Length 1000h ? Rom bios extension Segment D000 Length 1000h The ROM bios extension is usually used by hardware peripheral cards such as video boards, security protection etc. If System Monitor finds one of these boards missing, inoperative or recently installed, this warning message can be expected. When adding new (or additional) circuit boards, hardware conflicts can often be avoided by referring to this System Monitor test. Before adding boards to a system, enter REPORTSM at the DOS prompt in the root directory to display System Monitor's report file. Most boards that use ROM bios extensions, have DIP switches to allow users to select from several addresses. Select an address that System Monitor does not already indicate as being occupied. Whenever possible, System Monitor will identify the circuit boards it finds as ROM bios extensions and displays the manufacturers name and/or copyright. Example: (C) Copyright 1993 XYZ Video Inc., All Rights Reserved. If System Monitor identifies a different manufacturer etc. it would indicate that the board was exchanged with the one examined at the time the baseline was established. - - - - - - - - - - - Warning Message - Inherited environment segment Example: B Inherited environment segment 2516h ? Inherited environment segment 2517h The memory space available to System Monitor has changed from established baseline. SEE - Warning Message - Environment space SEE - Warning Message - Memory used SEE - Warning Message - Accessible memory - - - - - - - - - - - Warning Message - Environment segment of parent Example: B Environment segment of parent 2516h ? Environment segment of parent 2516h The memory space available to System Monitor has changed from established baseline. SEE - Warning Message - Environment space SEE - Warning Message - Memory used SEE - Warning Message - Accessible memory - - - - - - - - - - - Warning Message - Segment of root environment Example: B Segment of root environment 2516h ? Segment of root environment 2517h The memory space available to System Monitor has changed from established baseline. SEE - Warning Message - Environment space SEE - Warning Message - Memory used SEE - Warning Message - Accessible memory - - - - - - - - - - - Warning Message - Demonstration example. Example: >> Demonstration example. This is only a test.(Sysmon /D entered by user) << Warning Message - File has been modified. Examples: System Monitor WARNING! \COMMAND.COM file has been modified. System Monitor WARNING! \IBMBIO.COM file has been modified. System Monitor WARNING! \IBMDOS.COM file has been modified. System Monitor WARNING! \IO.SYS file has been modified. System Monitor WARNING! \MSDOS.SYS file has been modified. The integrity of the system files is reviewed each time System Monitor re-evaluates the system. When these files have been corrupted, modified, replaced with an upgrade, or infected with a virus, System Monitor will produce this message. COMMAND.COM is an especially favored target for viruses. System Monitor also supports MS Windows by monitoring the Windows SYSTEM.INI and WIN.INI for changes. These files may be anywhere in the directory PATH for System Monitor to evaluate them. MS Windows installation programs are notorious for modifying these files, which often causes conflicts with other previously functional software. Often, installing a new MS Windows application will cause a completely unrelated program to fail because of changes to these files. System Monitor gives an insight to solving these conflicts by alerting any modifications of these files. Example: System Monitor WARNING! C:\WINDOWS\WIN.INI file has been modified. System Monitor WARNING! C:\WINDOWS\SYSTEM.INI file has been modified. - - - - - - - - - - - Warning - Boot sector file has been modified. This is a warning message you should take very seriously and is an example of one of System Monitor's early warning capabilities. System Monitor has detected a change in the boot sector or partition table of your hard drive. This is an especially critical portion of the drive, and if it gets corrupt, the system may not boot or even find the information stored on the hard drive. If the boot track becomes defective from a physical hardware failure (usually called a disk crash), the hard drive may be destroyed and all data contained on it lost. This should at least emphasize the need to make backups, as this warning message may indicate an impending disaster from a hard disk on the verge of catastrophic failure. The boot sector is also a favorite place for viruses to hide. System Monitor compares the present boot sector to the baseline established earlier. Viruses have a difficult time avoiding System Monitor,s close scrutiny. - - - - - - - - - - - Warning - Suspicious file may be infected. Example: Warning! Suspicious file C:\UTIL\XYZ_DIR\PROG.EXE may be infected. - - - - - - - - - - - Establishing a New Baseline When System Monitor evaluates the system, and detects a deviation from the baseline data recorded earlier, it issues a warning message. Often the change is not the result of a failure or virus infection, but a legitimate, intentional modification. Adding or removing a device driver or TSR, altering one of the system setup files (AUTOEXEC.BAT, CONFIG.SYS or Windows INI files) etc. will cause System Monitor to notify you that changes were made. Once you are confident that the changes are functioning properly, and not causing conflicts with other software, you can establish a new baseline. To establish a baseline that reflects the system in its present configuration, erase the REPORTSM.EXE file and reset the system. Example: ERASE C:\REPORTSM.EXE Wait a few seconds for the disk to finish, then turn the power off and back on again. When the system reboots, the user will be prompted through the process of recording a new baseline. - - - - - - - - - - - Error Messages Example: SysMon.EXE Disk file error! System monitor is unable to find, read or verify a file. System Monitor (SYSMON.EXE) must be in, and run from, the default root directory. - - - - - - - - - - -