Disable Keystroke Logging

Question

How to disable keystroke logging (keylogging) in Netwrix Privilege Secure?

Answer

IMPORTANT: The following steps will disable all screen recordings of SSH activity.

Locate the sbpam_iolog.json file in the C:\ProgramData\Stealthbits\PAM\ProxyService directory. Edit it to include the following lines:

{
"idletimeout" : 300000000000,
"path" : "C:\ProgramData\Stealthbits\PAM\ProxyService\iolog",
"replicas" : 1,
"disableMetadata" : true
}

If no such file exists in the directory, create it, name it sbpam_iolog.json, and add the lines in the code block to the new file. Save the changes — this will disable all metadata recording, keylogging, and capture of all SSH session recordings.

IMPORTANT: This will not affect the previous records.

Delete recordings from a specific time window

Locate the iolog directory — the default path is C:\ProgramData\Stealthbits\PAM\ProxyService\iolog.
Sort the contents by date and delete the folders matching the desired time window.
Locate the sbpam_metadata database in the C:\ProgramData\Stealthbits\PAM\ProxyService\iolog\.meta directory and delete it.
Run the following PostgreSQL query to delete references for recordings:

delete from proxy_session where start_datetime_utc <= '2023-10-31 13:54:22.315271';

Question​

Answer​

Delete recordings from a specific time window​

Question

Answer

Delete recordings from a specific time window