• Live Messenger Monitor
• AIM Monitor
• Yahoo Monitor
• Block P2P
• Block Instant Messenger
• Supported Protocols List

1. Deployment

2. Usage

3. Purchase

WFilter is a sniff and only analysis the copy of network packets.So it will not influence your network speed. Sometimes you need to add a broadcasted hub or a port mirror switch to deploy WFilter.Because a broadcasted hub only support 10M based ethernet,so if your wan bandwidth is larger than 4M,we suggest you to use a port mirror switch instead of a broadcasted hub.

• Please check your configuration first. Open the "Monitoring Settings" of WFilter and check whether the monitor device is what you are using. If no adapter presents, check whether your trial period has expired. Otherwise reinstall WFilter and try again. If still no adapter presents, you network card may not be supported.
• If you are using a local proxy server to connect to Internet, please add the local proxy server ip address to "Local Servers" in "Monitoring Settings".

It's because you're not using a broadcasted hub or a port mirror switch.WFilter should be install at a signal location where it can see all Internet traffics.Please refer to the "Deploy Guide" for more information.

It's the same problem as #1.3.

• 1). WFilter only support windows 2000/XP/2003.
• 2). WFilter need to listen on local port 9090 and 9091.Some firewalls will ban creating port by default. Please stop your firewall and reinstall WFilter.

• Check your firewall configuration first. Mostly because your firewall disallow connections from other computer.
• Check the configuration of "Remote Access Control" of WFilter and make sure remote access is allowed.

Sure you can. Conside two situations:

• 1. If WFilter is installed in your gateway, you can access WFilter from Internet directly by visit the gateway's wan IP.
• 2. If WFilter is installed in another computer which is not directly connected to the Internet, you shall do port forwarding in the router first.

ARP spoof can spoof other computers to take your computer as the gateway.So you can monitor other computers without using a broadcasted hub or a port mirror switch.But if your computer hangs or power off without exiting ARP spoof correctly,the computers being spoofed will not be able to reach Internet in several minutes. So you shall use ARP spoof carefully.

WFilter runs in your LAN and it does not access Internet except for version check.All messages are archived at local computer.So you will not face the risk of exposing your organization's privacy.

• 1). WFilter is a sniffer.
Broadcasted hubs and port mirror switches allow a computer to receive other computers' network packets.WFilter will analysis these packets and get the information we need.
• 2). How can WFilter block Internet connections?
A TCP connection can easily be destroyed by some fake packets.That how WFilter can block TCP connections.But WFilter can not block UDP data by now.

Because QQ's message is encrypted. The QQ client will get a session key to encrypt the whole conversation when login. And the session key can only be decrypted by QQ's password. We have two suggestions for you:

• 1. Block QQ, If QQ is not needed in your organization,we suggest you block QQ.
• 2. Apply for work QQ ids and manage the password uniformly.You may add the work QQ id into the id list to avoid unauthorized QQ's usage.

First you need to block UDP port 8000,8001 at your gateway.Then you also need to enable block QQ in WFilter.

Yes. Enable the monitor checkbox in the "User-computer Table" can enable monitor of this computer.

• By click the IP address in "User-computer Table", you can see detail information of this computer(computer name,group name,mac address,ip address and so on).If you still can not know who is using this computer,you can take a look at its chat record or email record which will give you more information.
• WFilter use "By MAC address" mode by default.In a single network segment environment,each MAC address is releated to a unique computer.So if user change its ip address , it will not affect your configuration.In a multi-segments network,we can only use "By IP Address" mode because MAC address changes when network packets pass through a route, so you shall use IP-MAC binding to avoid changing of ip address.

MAC address is the NIC's physical address.Click "Start"->"run",type "cmd" then press ENTER. Type "ipconfig /all" in the command window, you will see the "Physical Address".

We have three programs need to access the network:webservd.exe,startsys.exe,cgiproj.exe.You shall make sure your firewall allow these programs.

By default, WFilter listens on port 9090 and 9091.You can change the ports by modify LanMonitor.cfg manully. LanMonitor.cfg is located in the config directory of WFilter's installation directory. (Default:c:\program files\IMFirewall\WFilter)
  1).Open LanMonitor.cfg using notepad.
  2).There are two configurations in the "system" section:Port1=9090,Port2=9091.Modify the port number and save this file.
  3).To apply new configurations, you need to restart WFilter.The easiest way is simply restart the computer. You also can restart the WFilterd service manully.

By now, WFilter is working on the new ports.To make convenience,you may also need to change the target of WFilter shortcuts to the new port.(Default: http://localhost:9090)

Reading and sending web based email are just like web surfing and posting.Mails sent will be recorded in the "Post" catagory.But web based emails received will only dump the page title like web surfing.

If you use a broadcasted hub,it maybe because your hub's connection is incorrect.Make sure the port near the uplink port is unused. And please try another port if the problem still exists.

If you use a port mirror switch,make sure you have set your switch to monitor both incoming and outgoing traffic.

As a registered user, you will receive:

• 1).Fully functional, unrestricted copy of the software.
• 2).Free upgrade to the latest version.
• 3).Information on updates and new products.
• 4).Free technical support with priority.

WFilter Enterprise is charged by license.Each license can only monitor 1 station.Example,If you want to monitor 10 stations,you shall buy 10 licenses.

You can purchase more licenses from us, and you only need to pay for the added licenses.We will provide you a new serial-no to active more licenses.