Diagnostic Tool

What is a Diagnostic Tool?

In a standard Windows, the MS Outlook service does not offer support for monitoring and reporting the functionality of the add-ins installed on it. This service has been developed in order to monitor and report whether Keepnet Outlook add-in functions properly or not.
Using this service, system administrators will be aware of the potential errors related to the Keepnet Outlook Phishing Reporter add-in and are able to take action.
The service periodically retrieves certain information from the client computer and transmits it to the Keepnet server set on the client's own network (if the on-premise version is used) or to the dashboard.keepnetlabs.com server (if cloud version is used).
In the light of this information, it is ensured that the system administrator monitors the Outlook add-in and makes improvements.

Installation Requirements

Keepnet outlook monitoring service requires from the client the minimum following features for a healthy operation:
  • The monitoring service must be installed and run with administrator rights.
  • ‌There are no time intervals for the application to run by default. It is recommended to scheduling it to run every 60 minutes in accordance with the corporate policy.
  • ‌If the Keepnet is used on-premise, in order to send the report, the application must have access to http(s)://yourkeepnetserver /.
  • ‌The .NET Framework 4.5.2 or later must be installed.

Supported Operating Systems

Keepnet Outlook add-in monitoring service supports a minimum of 32 and 64 bit all Windows 7 and above operating systems for client computers.

Installation Types

Phish Diag supports installation in two different ways. Normal Installation is the direct installation on a computer, while Silent Installation is the type that is installation is made on hundreds of thousands of systems using centralized software distribution tools.

Normal Installation

This section describes the installation of the Phish Diag service. You can get your Phish Diag service by contacting [email protected]
  • After downloading the application, you can start the installation process by double-clicking on exe file and clicking the Next button.
  • Continue with the default settings by clicking Next.
  • Click Next to allow installation.
  • In the last step, approve the installation by clicking on Yes.
  • Now, the Phish Diag service has been successfully installed on your computer.

Silent Installation

For silent installation and removal, the following commands are available.
Silent installation process
C:\Windows\System32\msiExec.exe -i "KeepnetPhishDiagInstaller.msi" /QN /norestart
Silent removal
C:\Windows\System32\msiExec.exe -x "KeepnetPhishDiagInstaller.msi" /QN /norestart
Product Guid to detection
get-wmiobject Win32_Product | Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize
Silent removal with Product Guid
C:\Windows\System32\msiExec.exe -x {product-guid} /QN /norestart

Understanding Configuration Options

After the application is installed, the configuration file path is C:\Program Files (x86)\Keepnet Labs\KeepnetLabs Phishing Reporter Diagnostic Service\KeepnetPhishDiag.exe.config
Sample configuration file
<?xml version="1.0" encoding="utf-8" ?>
<supportedRuntime version="v4.0" sku=".NETFramework, Version=v4.5.2" /> </startup> <appSettings> <add key="KeepnetApiUrl"
value="https://dashboard.keepnetlabs.com/api/OutlookAddInV1/CreateAddInDiagnostic" />
<add key="IsProxyActive" value="false" />
<add key="CompanyId" value="324b6c74-9690-4068-96e5-d031495038EA" />
The configuration file contains the address to which the application sends information, the company ID, and the options to enable proxy support if required for communication.

Understanding the Log File

The logs for the application are located on each user computer on which the application is installed in the C:\Program Files (x86)\Keepnet Labs\KeepnetLabs Phishing Reporter Diagnostic Service\Log.txt.
Sample output,
19:05:31.8654|INFO|KeepnetPhishDiag.Logger|HostName:WIN-U476PGRNF1D|CompanyId:324b6c74-9690-4068-96e5-d031495038ba|Os:Microsoft Windows 7 Ultimate 64-bit Version (Build 7601)|OsLanguage:en-US|OutlookVersion:16.0.11901.20176|OutlookArchitecture:x64|IsOutlookRunning:True|OutlookLastStartupTime:10/28/2019 6:36:33 PM|IsAddInInstalled:True|AddInVersion:|AddInLoadLoadBehaviorValue(HKLM):3|AddInBootTime:172|LastDisabledTime:|ThresholdTime:|TimeTaken:|DisableReason:
2019-10-28 19:05:31.8654|INFO|KeepnetPhishDiag.Logger|SId:S-1-5-21-840305792-373996970-2194471766-1000|LoadBehaviorValue:|IsAddInInDisabledItems:False|LogonName:test|Email:[email protected]|EmailServiceName:MSEMS

Post-Installation Review

The Phish Diag (add-in monitoring service) has been successfully installed, operated and can communicate with the keepnet portal (cloud or on-premise) to help you obtain status information in the following 6 different scenarios.

Scenario 1: Monitoring the Situations where Add-in is not installed

If Phishing Reporter Outlook Desktop add-in is not installed on a user's computer, it is reported as “Not Installed".
Figure 6. Not Installed

Scenario 2: Which Users Add-in Installed and Active

If Phishing Reporter Outlook Desktop add-in is installed on a user's computer, running and communicating with the Keepnet portal, it is reported as “Online".
Figure 7. Online

Scenario 3: Add-in Disabled

If the Phishing Reporter Outlook Desktop add-in is installed but disabled, it will be reported as "Disabled".
Figure 8. Disabled

Scenario 4: Inactive Add-ins

If the Phishing Reporter Outlook Desktop add-in is installed but disabled by the user, it appears in the list of inactive add-ins and is reported as “Deactivated" in the Keepnet portal.
Figure 9. Deactivated

Scenario 5: Outlook is Offline

If the Phishing Reporter has successfully installed the Outlook Desktop add-in, but the Outlook Desktop application is closed, then the user will appear as “Offline".
Figure 10. Offline

Scenario 6: Disabling or Deleting User Accounts

When a Windows user account in Active Directory is disabled or deleted, it is reported as "User Unavailable" because the user is no longer in Active Directory.
Figure 11. User Unavailable

Downloading the User List

By downloading the entire user list as an Excel report, you can perform various filtering and reporting operations. When you click on the “Download Excel Report” button, the report will be ready to download.
Figure 12. Downloading Excel Report
Like in the screenshot below, the report will be ready to be downloaded.
Figure 13. Downloading Excel Report
When you download the report, the report contains all the details as follows.
Figure 14. Details within Report

Creating a Scheduled Report

You can receive Excel reports by email at certain times. For this, click on the Schedule Report button, type in the email addresses you want to send your scheduled report and determine how often it will be sent.
Figure 15. Scheduling Report
The email will look like this.
Figure 16. The Report Email
Copy link
On this page
What is a Diagnostic Tool?
Installation Requirements
Supported Operating Systems
Installation Types
Normal Installation
Silent Installation
Post-Installation Review
Scenario 1: Monitoring the Situations where Add-in is not installed
Scenario 2: Which Users Add-in Installed and Active
Scenario 3: Add-in Disabled
Scenario 4: Inactive Add-ins
Scenario 5: Outlook is Offline
Scenario 6: Disabling or Deleting User Accounts
Downloading the User List
Creating a Scheduled Report