The intrusion detection agent runs as a Windows NT
service. There is nothing
special about it different from any other 'service'.
Windows NT services run upon boot up. They run even when
nobody is logged in. Services are not affected when users
log out; they continue to run in the background.
The intrusion detection agent is installed as a service
automatically by the installation program. At the end
of the installation process, the service is automatically
started (no reboot necessary). It will continue to
automatically start upon bootup thereafter.
This discussion focuses on the intrusion detection agent.
Our product consists of two programs, the intrusion detection
agent blackd.exe (the service) and a user interface
component blackice.exe. The two components are independent
of each other. The user interface does not
run as a service, but instead is launched when the user logs
in. The interface exits when the user logs out.
The interface may also be killed by the user. All
of this activity has no effect on the background intrusion
detection agent; it continues to run in the background.
Stopping and Disabling the Service
The animation below demonstrates stopping and disabling
the service. You might want to do this for debugging
purposes.
