Cyber Exploit IdentiKit (CXI) Frequently Asked Questions

CXI Console Window for Install Discovery PLUS

Q.   What information is displayed in the CXI Console Window?

A.   CXI Console Window displays all the crucial change events caused by all the running processes during the specific installation activities. However, all the "involved processes" reported in the "Setup Information" section of the Install Discovery Report Window are highlighted in an "Orange" color. To examine the installation relevant events, click on one of the highlighted processes, and all of the process, folder/file, and registry events are displayed in the detail pane.

CXI Console Window Description

Q.   What information is displayed in the CXI Console Window?

A.   CXI Console displays the detailed, crucial events of live or exited processes of a specific "Session". Each "Session" has a start time and an end time. For Install Discovery PLUS, the session starts at the time of the execution of the installation software and ends when the installation software exits.

In the left window, CXI Console depicts all live and exited processes of the selected Session. This information can be displayed in either process tree hierarchy or sorted by the name or startup time. In the right window, CXI Console depicts all the relevant crucial change events of the selected process on the left window.

Processes Window

Q.   How does one get the most out of the Processes Window?

A.   The Processes Window contains a list of all of the systems' processes during the selected Session. These processes can be displayed in two different forms: Tree Hierarchy Form and List Form. To obtain the Tree Hierarchy Form, click on the "Process Tree" button under the "Processes" tab. This view organizes the processes into a tree representing their proper parent/child node order. To obtain the List Form, click on the "Process List" button under the "Processes" tab. This view simply organizes the processes into a regular list that can be sorted alphabetically or chronologically. To sort alphabetically, simply click on the "A-Z" button and to sort chronologically, simply click on the "Clock" button. You may also reverse the sort order by clicking on the arrow button.

The blue window icons next to the process entries represent the processes that were active at the selected time span of the selected Session. When a process finishes and goes inactive, it is represented by the blue icon changing to a faded white icon. If that process is restarted and becomes active again, the previous entry will remain the same while a new entry is created for this new process cycle.

Details Window

Q.   How does one get the most out of the Details Window?

A.   The Details Window displays all of the recent events monitored. Each event in the main window is color coded to represent what type of event it is. The event types include: Process Events, File Events, Folder Events and Registry Events. These events can be filtered according to which types of events you would like to view simply by selecting or deselecting the corresponding Event Buttons above the Details Window. Additionally, when you click on an individual event, the corresponding process that is responsible for creating the selected event is then highlighted in the Process Window to the left.

The Details Window displays all events in chronological order from most recent to less recent. These events are shown in blocks of time. This setting can be changed according to 10 minute blocks, 30 minute blocks and 1 hour blocks. Additionally, you can "rewind" or "fast forward" this display by the same block increments in order to view past events. This action can be performed all the way back to when the CXI started for this session.