DataVault™ technology provides real-time notification of security and policy events. As the agents pass desktop activity information to the DataVault™, it is analyzed for security breaches and policy violations. There are two ways users receive notification. 

The first source of notification is through status indicators on the main page when logging in to the server. Each event is coupled with green, yellow and red indicators. Green signifies that the event is enabled, and there has not been an issue. Yellow signifies that the event has been disabled (organizations can customize their systems as they see fit, and this is a recorded action). Red signifies that there has been an event that has not yet been looked at.

The second source of real-time notification is through automated email. Any event can be emailed to the appropriate individual (IT, Administration, Human Resources, etc.) as it happens. This reduces the time departments spend shuffling information, and it keeps your data in the appropriate hands – appropriate as you define it.

Security Events Covered by Real-time Notification

• System File Change: a file in the OS system directory has been changed
• System Directory Creation: a new directory or file has been created in the OS system directory
• Application Install/Set-Up: a new application has been installed on the network
• New User(s) Added to the System: a new username has logged onto the network
• Inactive User(s) or Computer(s): a computer or user has been inactive on your system for 14 days
• Detection of File Download: a file has been downloaded from an Internet browser
• Agent Status (Paused, Stopped, Removed): a computer’s agent has been paused, stopped or removed 
• Backdoor Activity Detection: a known backdoor executable filename has been discovered on the network
• Known Exploit Port Activity: a known exploit port is open
• New Computer(s) Added to the System: a new computer has been added to the network
• Packet Sniffer Detection: a packet sniffer has been discovered on the network
• Modem Usage/Network Properties: an outside connection from your network has been made, or there has been a network property change

• Use of an Inappropriate Program: an inappropriate program has been run**
• Use of a Windows Registry Editor Program^®: the registry editor has been tampered with
• Use of a Windows Policy Editor Program^®: a user is trying to access the policy editor
• Status of the Enterprise Logon and Logoff Policy: a user has logged onto the network during a timeframe when there should be no usage**
• Detection of an Unregistered User(s) from the Logon Server: a user was not authenticated on Windows 95^® or 98^®
• Detection of Inappropriate Content: an inappropriate word or phrase has been typed**
• Internet Time Usage Policy: a user has surpassed the set time limit for Internet use**
• Concurrent Application Licensing Status: concurrent use for license compliance has been surpassed**

**Administrator can customize this setting (All administrative changes are recorded)