VisualICE

The Best
Intrusion
Analyser
for
BlackICE
Defender

VisualICE Report Utility 4.7

So what DO you do if you would like to know more about what the hacker tried to do, who he is, where he's from or how to report him to the proper authorities?

That's where VisualICE Report Utility comes in. VisualICE is absolutely the fastest, easiest way to find out all the information you would like to know about any hack attempt from any intruder. And VisualICE makes it easy to report hackers directly to their Internet Service Provider so they won't bother you again.

Whether simply trying to find out more or wanting to dig deeper inside the hackers mind, VisualICE is the right tool for the job. And it doesn't require any technical knowledge to get the job done.
And best of all, VisualICE Report Utility is absolutely FREE !

 
    VisualICE Report Utility
FREE Download
Current version
4.7.0.5090
 
 

What's new in version 4.7

WhoIs - The format of the ARIN whois database server has changed. This caused problems when retrieving Whois information from the ARIN server. Version 4.7 solves this problem.

When upgrading VisualICE to a newer version, you do not need to uninstall the previous version first. In fact it is better to install over the existing installation. That way all your configuration settings remain in tact.

What was new in version 4.6

New Configuration Option:

"Close button minimizes to system tray"
Several users have asked for this option. If this option is enabled, the Close button will minimize VisualICE to the system tray instead of closing the application.

Bug Fix - A problem has been solved that prevented VisualICE from saving its configuration settings if Windows was shut down or restarted or if the user logged off without closing VisualICE first.

Bug Fix - On very rare occasions, VisualICE would produce an error when trying to filter on information that contained a certain combination of characters.

Abuse Notification - The layout of the abuse notification E-mail has been changed to comply with the requirements of certain ISP's.

WhoIs - The output format of the RIPE whois database server has changed. This caused problems when trying to find Whois information on non-american IP addresses. Version 4.6.2 solves this problem.

Uninstall - This long overdue feature has finally been added to VisualICE Report Utility.
Previous versions of VisualICE had to be "uninstalled" by manually deleting the VisualICE program folder and the VisualICE shortcuts from the desktop and the Start menu. Starting with version 4.6.1, VisualICE adds itself to the Windows "Add/Remove Programs" list accessible from the Control Panel. This makes uninstalling VisualICE easier and more intuitive.

What was new in version 4.5

Network ICE has released an update for BlackICE Defender:
Version 2.9.cai
 This BlackICE Defender update causes some compatibility problems with previous versions of VisualICE Report Utility. Visualize Software has released an update of VisualICE (Version 4.5) to address these issues:

 

1. New fields: "Source", "Target", "Flags" and "Firewall".
VisualICE 4.5 introduces four new fields. "Source" is the port number where the attack originated from. "Target" is the port number that was attacked and "Flags" contains information from the IP packet that was received.
The column "!" has been replaced by the column "Firewall" which gives a more descriptive explanation of the way BlackICE handled the attack.

2. Severity values have changed.
In previous versions of BlackICE, "severity" was a value between 19 and 99. In the new BlackICE version these have been replaced by values between 1 and 9. This also means that the default configuration values in the "Alarm" tab for "Minimum Severity level for trayicon animation" and "Minimum Severity level for audible alarm" have changed. Although VisualICE 4.5 can handle both the new and the old type of BlackICE attack-lists, if you mix the two, you'll have to decide whether to use the old severity levels or the new ones. To avoid these problems we recommend that you clear the attack-list before installing BlackICE 2.9.cai.

3. BlackICE menu plugin no longer supported.
Unfortunately Network ICE has changed the support for menu plugins. It is no longer possible to start executables from the menu inside BlackICE (only webpages are supported). This means that it is no longer possible to start VisualICE from the BlackICE "Tools" menu.
Starting with version 4.5, the option for creating a BlackICE menu plugin has been dropped.

Although the Readme file that accompanies the new BlackICE version only mentions possible problems when upgrading from version 2.1, we have had several reports from VisualICE users who also had problems upgrading from version 2.5. In all those instances the solution was to uninstall 2.5 first and then do a new clean install of version 2.9.cai. (Please make a note of your current BlackICE settings before uninstalling BlackICE!).

 

 
What was new in version 4.4

Geographical Location Information - Due to the overwhelming popularity of VisualICE, the geographic mapping server has been brought to its knees. In the past few weeks the server has crashed several times and the problem keeps getting worse while the number of VisualICE users grows day by day.
To remedy this situation we have developed a new mapping algorithm that creates the maps on the fly from inside VisualICE. The original mapping server is therefore no longer required.

 

A nice side effect is that the new algorithm is much faster. Previously the map generation process could take up to a minute, sometimes even more. Now it takes just one maybe two seconds on a standard Pentium III PC. Also the geographic information has been updated. The previous service used world map information from 1985. The new service uses current geographic information showing all the new country borders (like the Balkan republics and the Russian states for instance).
We urge all VisualICE users to upgrade to version 4.4 as soon as possible so that the mapping server is relieved of all the traffic and can function normally again. The server is also used for educational purposes by many schools who are currently having problems accessing the service, so please upgrade your copy of VisualICE now.

 

 

Version Check - The situation with the geographic mapping server has made us think about a solution how we would be able to inform you of important information in the future since we don't have your E-mail address to notify you directly. This has led to the development of the "Version Check" feature. This new service allows you to quickly check for new versions of the software. It will also check for important announcements and will alert you if there are. All this is done without sending any information to Visualize Software of course!
Just click on the "New" button on the toolbar and within a few seconds you'll know if there is any important information regarding VisualICE that you should know about.
This feature can also be configured to check for new versions and announcements automatically in the VisualICE configuration window.

What was new in version 4.3

Geographical Location Information - The resolution of the geographical location information has been greatly enhanced. VisualICE now queries two separate location servers. This not only results in a much larger database with information, but provides greater accuracy as well. No longer is the geographical location information for countries outside the US/Canada restricted to the capital+country level. And results are more accurate inside the US and Canada as well.

Filter - Although not spectacular on the outside, this little addition greatly enhances the functionality of VisualICE's Filter feature. Suppose you would like to see all attacks EXCEPT those directed at port 80. In previous versions of VisualICE this was very difficult, but now with the "is not" condition you can accomplish queries like this with ease.

ShieldsUP - "Without your knowledge or explicit permission, the Windows networking technology which connects your computer to the Internet may be offering some or all of your computer's data to the entire world at this very moment! ShieldsUP quickly checks the security of your computer's connection to the Internet." This great service is provided by Steve Gibson, internet guru and maintainer of the www.grc.com website.
 BlackICE will report the port scans that the ShieldsUP service uses to test how well your PC is protected, as possible hack attempts. They are NOT! Never send abuse notifications about alerts originating from the ShieldsUP service!

Import - VisualICE now uses SynchronICE™ to keep it's database in sync with BlackICE's attack-list. SynchronICE™ uses a highly optimized and much faster algorithm for determining what records need to be updated. A complete rebuild is no longer required to keep VisualICE's database in perfect sync with BlackICE's attack-list.
What was new in version 4.2

Geographical Location Information VisualICE now has a really cool lookup feature that displays a map of the part of the world where the intruder is located. For the USA and Canada, the resolution is to the city+state level. For the rest of the world it's capital+country level.

SPAMCOP.NET Lookup -This service allows you to gather more information about the intruder. Spamcop can function as an alternative to the WhoIs feature of VisualICE. In some cases the information about a particular IP address is unavailable on the WhoIs server. You can try the Spamcop lookup service to find out if there is any additional information that VisualICE may have missed.

Configuration - VisualICE now allows you specify the minimum severity level before an alarm is triggered. You can also specify silent hours between which you do not want to receive any alert notifications and you can even select the sound file you wish to be played - instead of the default Windows beep - when a new intrusion is detected.
 
 

Key features

Easy to use Interface
New menus, dialogues and settings configurations make VisualICE easier to use than ever!



Toolbar - A fully customizable toolbar with direct easy access to all features of VisualICE.


Sorting - Many new features have been added to help you find the information you need. The attack list can now be sorted on 7 different fields including 4 new ones: "Date/Time", "Severity", "Victim IP" and "Intruder IP".
Filter - Information can be filtered to your requirements. Any field can function as a filter field and with the powerful boolean conditions, you can quickly get a list of attacks that you wish to investigate further. You can also use a filtered list for printing reports, so that only those records get printed that you want.
Find - The find function has been greatly enhanced. Now you can search on any field. Searches can be case sensitive or not and you can specify whether to search for complete fields or only partial data.
Reports - VisualICE includes powerful reporting features for keeping lists of hack attempts and intruder details.
BlackICE Plugin - VisualICE contains a neat feature that enables you to access VisualICE directly from within BlackICE Defender. Simply click on the "BlackICE Plugin" button and press "Yes". From now on, each time you start BlackICE, you can start VisualICE from the "Tools" menu inside BlackICE.
Power Features such as "WhoIs", "advICE from Network ICE", "Google Groups search" and "Abuse Notification" improve the overall functionality of the program.
advICE from Network ICE - Network ICE has a comprehensive website with information about all attacks detected by BlackICE. And now you can access this information directly from within VisualICE. Simply select an attack and click on the "advICE" button and you will be instantly transported to the correct page describing the nature of the hack attempt.
Google Groups search - Want to know more about a hacker? Click on the link to the Google Groups search website and enter some information about the hacker, for instance his DNS name. If at any time in the past, this hacker has ever posted a message in any newsgroup, you will know his E-mail address! You could warn the hacker directly to stay away from your PC. You can also read his messages and even post a reply exposing the hacker to the world!
 This was originally the DejaNews function of VisualICE. In February 2001, Google acquired DejaNews. Luckily they continued this great service, however they dropped the ability to search for IP addresses which will make it a bit more difficult to find information about an intruder.
Abuse notification - If you have had enough of a hacker, you probably want to report his behaviour to the proper authorities. VisualICE makes this easy. Simply select the hacker you wish to report and press the "Abuse Notification" button. VisualICE will automatically generate an E-mail containing detailed information about all hacks attempted by the intruder.
Who Is - If you decide to report a hacker, you should do so to the webmaster of the Internet Service Provider of the hacker. To find out who this Internet Service Provider is, open the attack details form and choose "WhoIs". Then click on the "WhoIs" button and VisualICE will instantly report all available information about the owner of the IP address. This information usually includes a special E-mail address for reporting hack attempts for you to send the abuse notification to.
HTTP - VisualICE can try to establish a direct HTTP connection to the IP address of the attacker. If the intruder has a webserver running, you'll be able to contact it making it very likely that you'll be able to identify who he is.
FTP - Similar to the HTTP feature, VisualICE can also try to establish a direct FTP connection to the IP address of the attacker. Many hackers have FTP servers running and although most will be password protected, many times you'll be able to find out more even by just looking at the reject message!
 
 
    VisualICE Report Utility is compatible with
Windows 95/98/ME/NT4 and 2000
Copyright © 2000-2002, Visualize Software. All Rights Reserved Worldwide.