eEye Digital Security

I am trying to use the ADrive backup service (www.adrive.com).  They offer a basic level that uses a web interface to allow you to backup your PC.  If I have intrusion detection enabled I see a white block where there should be a user-interface (aka filemanager).  If I check the option to Enable IPS Passive mode, the site works correctly.  I am not sure how to correct the configuration as nothing I do seems to trigger a log so I can determine what Blink is doing.  I have the option to Enable Intrusion Prevention Event Logging checked, but don't see anything.  Even weirder is when you look at the help for this option it actually says to UNCHECK to ENABLE logging??? (I did uncheck just for grins without any logging taking place.)  I already had the Enable Intrusion Prevention Event Alerting, but I have yet to see any alert for this.

Is there a KB entry I am overlooking for how to troubleshoot and resolve these types of issues?

Copy/Paste of help file:

• Enable Intrusion Prevention Event Logging — if selected, Blink suppresses log entries for all IPS events. If deselected, Blink automatically displays log entries for all IPS events from the local IP addresses
• Enable Intrusion Prevention Event Alerting — if selected, Blink alerts you to all intrusion prevention events.

 I would disable all of the components in Blink except the IPS.  Next, follow the instructions at the top of this post:  http://forums.eeye.com/forums/t/873.aspx  this will collect debugging data for what is going on in Blink. 

Send the file zipped to lnicula@eeye.com and moh@eeye.com .  Be sure to reference this post so they can respond back when they are able to.

You may also consider creating an IPS exception Rule in the "Apiex.ini" file in Blink.

Navigate to:   C:\Program Files\eEye Digital Security\Blink\Config and then double click on the "apiex.ini" file to open it...use Wordpad for this.  The whole upper portion of the file is a description of how to make exclusion changes and it gives you examples of how to do it.

I had to create one of these for Cyberlink's PowerDVD8 because Blink's Application Protection engine (aka "Kevlar") did not like some of the kernel calls it was making when it started up.  So in my case, my rule that I added at the very end of the apiex.ini file was:

PowerDVD8.exe;;Kevlar;0

I would first try to exclude the executable file for your program in the same manner, except you enter IPS in yours instead of the Kevlar I have in mine above.

-------------------------------------------------

For the time being this will probably be a temporary fix until eEye can address your issue.  Hopefully the debugging logs that you send them can assist with this.

Thanks!  I have created and submitted the debug log to the folks at EEye.  In case someone else having problems using ADrive finds this while waiting for a reponse, the support person at ADrive suggested I try to whitelist static.adrive.com and www.adrive.com.  I added the current IP addresses as "Trusted" within Blink and things work properly with IPS enabled so I can leave IPS up while using the site.