How the Client Works

In this topic:

Once installed on a network computer, the Client Recorder automatically captures and records the computer's activity. You can configure the Client Recorder to operate in "Stealth Mode" or be visible to the computer user. Either way, the Client Recorder operates in the background, monitoring and recording all computer events without causing degradation in computer performance.

The Client Recorder has two components:

The Client Recorder Agent is the software module that monitors and records activities.
The Client Service is a Windows Service that communicates with the Primary Server to verify licensing information, with the Control Center to provide status and configuration information, and with the Data Vault Service to transfer recorded data.

Client Tasks

Client tasks begin after the Client is installed. Each of these tasks is described in more detail below.

To record activity:

The Client Service communicates with the Primary Server to establish licensing.
The Client agent begins recording activity.
The Client Service communicates Client status to the Control Center.
The Client Service periodically attempts to upload data to the Data Vault service at the specified port.
Once recorded events are pushed to the Data Vault, the Client deletes them from the local Data File every thirty minutes.

Communication with the Primary Server

Contact with the Primary Server establishes the Client licensing and allows the Client to begin recording. It also permits Client updates.

When the Client is first installed:

The Client Service attempts to contact the Primary Server once every minute in order to establish the initial communications, which will provide the Client software license.
When the Client communicates with the Primary Server, the computer name and license is verified.
When the license is verified, the installed Recorder Agent begins recording.
Recorded events are stored in files on the local Client computer.
After the initial communication and verification, the Client Service contacts the Primary Server every four hours to verify the software license is valid.

It is critical that the correct Primary Server configuration is made at installation time. Typically, the Deployment Utility does this automatically. If you suspect that the wrong setting for the Primary Server has been made for your Client installation, it is best to change the installation configuration. Install the Client again. It is likely that you will NOT be able to remotely communicate with the Client in order to change the Primary Server setting, as the Control Center will not communicate with the Client.

If the Client Service is unable to initially contact the Primary Server:

Spector will not begin recording.
The Manage Computers view of the Control Center will display “V 0.0 (0000)” in the Recorder column. This indicates the Client software is installed but it is unable to communicate with the Client Service.

If communication with the Primary Server is lost:

For example, if after recording has begun the Primary Server computer goes down or is removed from the network:

Client recording continues. Recorded events, however, will not be uploaded to the Data Vault until communication with the Primary Server resumes.
The Client will attempt to contact the Primary Server every hour to re-establish communications and to validate the software license.
The Client cannot be managed remotely by the Control Center when does not communicate with the Primary Server.

Recording Activity on the Client Computer

As a locally installed software module, the Client Recorder Agent begins recording computer activity as soon as it is installed and has an established license with the Primary Server. You can configure the Recorder to record as much or as little data as you like through Client Settings. Use the Deployment Utility to establish settings before installing the Client, and the Configure Computers view (after installing the Client.

The Recorder resides in the background, monitoring and recording events without degradation in computer performance. In Stealth Mode, the Recorder gives no indication to the user that it is on the computer.

To record activity:

The Recorder Agent records continuously, or as configured by a schedule.
The Recorder saves recorded activity in 15 minute chunks.
Events are compressed, encrypted, and stored in a hidden folder on the hard drive of the Client computer. Event data files on the Client can only be read by local Client Viewer.
When the recorded events are transferred to the Data Vault, they are deleted from the local Client computer.

Events captured include:

Email Activity -Email sent/received with or without email attachments
Web Sites Visited - Domain names and URLs visited
Chat/Instant Message Activity - Conversations in Chat Rooms and Instant Messages (IM)
Keystroke Activity - All typed keystrokes including hidden characters and true keystrokes
Program Activity - Every program opened and amount of activity
Network Activity - Communications on the Intranet or Internet
Files Transferred - Peer-to-Peer, FTP and HTTP file transfers and searching
Document Tracking - Creation, writing, renaming, deleting or printing of a file
Screen Snapshots - Graphical snapshots of the Client computer screen

In addition, the Client Record provides (as configured):

Keyword Alerts - Detection of keyword(s) across activities and email "alert" notification
Internet Blocking - Blocking of Internet usage by schedule or by specific web sites
Local Functions - You can install with the Client Recorder an optional local viewer to access recordings at the Client Computer, the ability to locally start or stop the Client, and the ability to manually take a snapshot at the Client Computer

Communication with the Data Vault

The Client Service facilitates the transfer of recorded data from the Client to the Data Vault.

To transfer the data:

The Data Vault listens on its configured port for communication from Clients.
Every few minutes, the Client Service attempts to communicate with the Data Vault via the configured name or static IP address, as set by the Deployment Utility Server Communication settings.
As soon as connection is made, the Client pushes all stored data to the Data Vault.
The transmission lasts a maximum of thirty seconds. Any remaining events are transmitted to the Data Vault on subsequent connections. The Client would only reach this thirty-second threshold if it has been disconnected from the Data Vault for a long period and has accumulated a large number of recorded events in the local Data File.

If the Client Service cannot make contact with the Data Vault, the recorded data remains on the Client computer, subject to the configuration settings for days of recording and maximum storage space available.
As soon as the Client Service makes contact with the Data Vault, all recorded events are automatically transferred to the Data Vault, which processes them for the Database and File Storage.

Communication with the Control Center

The Client Service provides Client Recorder status (installed or not, recording or not, and which settings are in place) and enough information to the Control Center so that you can use it to remotely configure and control the Clients.

Communication with the Control Center allows:

Install or uninstall the Client Recorder from the Control Center
View configuration settings and change Client settings from the Control Center
Start or stop recording
Schedule recording
Change communication settings

Security

Though the Client Service is installed as a Windows service, it is sufficiently hidden so that it will not be observed by the computer's user—unless they specifically know what to look for and where. In addition, the Service cannot be removed from the computer unless the user has Administrator privileges to remove the service.