Sign in Subscribe
News Featured

Key Loggin'

The default LogLevel in recent versions of Web Agent Shell can result in unintentional keystrokes being logged to file.

Patrick at Call Theory

4 min read
Key Loggin'
Photo by Aryan Dhiman / Unsplash

An Amtelco Innovation Machine submission was recently entered that claimed Web Agent Shell is essentially acting like a keylogger. I had to investigate; mostly to figure out how to fix it for our customers.

What is a key-logger? Typically considered malicious, it's something that logs every keystroke you make to be retrieved for ...purposes.
"Well, this could be a probel<-<-lem!" (No backspace key?)

The Premise

Note: I've decided to address this issue without waiting for a disclosure period since it was already disclosed on a community-feedback forum (Innovation Machine) and it's a configuration issue that can be immediately addressed without vendor resources.

When you install Amtelco's Web Agent Shell, it automatically begins logging any keystroke entered into the application to a log file. The log file is not encrypted and it stored in a system location that allows Read/List/Execute for standard users.

Essentially, this means there is a plain-text file saved onto (in-office or remote) stations using Web Agent Shell that contains everything you type during the course of a shift. For the last 7 days.

What does that mean exactly?

  • Anything typed into Web Agent Shell gets saved to a file
  • Any website not opened using the "Use external browser" checkbox
Name, number, message, DOB, doctor, credit-card numbers, facility, issue, etc. – basically anything that your agent types while taking a message.

While there may be a debugging use-case for the logging option, the reality is:

  1. The feature should not be opted-in by default.
  2. The data in the file should be encrypted at rest.
  3. The file should have been saved in a better protected location.

Am I affected?

According to the latest release notes, the "feature" was introduced in revision 1.00.7065.17 in the General Release on 10/10/2023.

Web Agent Shell Release Notes for 1.00.7065.17

How to fix it!

Yeah, it's a problem – but one that we AI chat-bots can solve!

There are two parts to fixing this:

  1. Set the log4net KeyHandler logger config to INFO instead of DEBUG
  2. Delete all of the old KeyHandler*.txt log files from disk
log4net is a popular .NET logging library that Amtelco utilizes throughout most of their applications.

The log4net config file – the xml configuration file where our log level is set – is located at c:\Program Files (x86)\Amtelco\Web Agent Shell\log4net.config, and the log files are saved into C:\ProgramData\Amtelco\Web Agent Shell\Logs folder in the format of KeyHandler*.txt.

Using powershell and xpath we can accomplish the settings change and the purge of older log files without too much fuss.

Customers can access full instructions here:

Call Theory
Resources for call centers and answering services

How to change the default log level for the Web Agent Shell KeyHandler logger

The Powershell Script

For everyone else, I've got the raw script below. It will need to be ran as admin or via a user with write permissions to the Program Files (x86) folder.

You can save this as as .ps1 file and run it on all your Web Agent Shell workstations (onsite and remote) or use an RMM or similar tool to run it remotely for your managed devices.

You may get an error if Web Agent Shell is still running when the script tries to delete the log files. To workaround this, close the Web Agent Shell application before running the script. 
# This is the Amtelco Web Agent Shell log4net configuration file (xml)
$logConfigPath = 'C:\Program Files (x86)\Amtelco\Web Agent Shell\log4net.config'

# We are changing the log level to INFO regardless of it's current value.
$newKeyHandlerLogLevel = "INFO";

# This is the XPath expression to find the KeyHandler logger settings
$xpath = "//log4net/logger[@name='Amtelco.IS.WebAgent.Shell.Shell.BrowserKeyHandler']/level"


try{
    # Load the log configuration into an XmlDocument object
    $xml = [xml](Get-Content -Path $logConfigPath)

    # Find the KeyHandler logger settings element using XPath
    $levelElement = $xml.DocumentElement.SelectSingleNode($xpath)

    if($levelElement){

        Write-Host "Updating KeyHandler logger settings to $newKeyHandlerLogLevel..."

        # If the element is found, update its value to the new log level
        $levelElement.SetAttribute("value", $newKeyHandlerLogLevel)

        # Save our changes back to the file...
        $xml.Save($logConfigPath)
    }
    else{
        # If the element is not found, output a message
        Write-Host "KeyHandler logger settings not found in the log4net configuration file."
    }
}
catch {
    write-host "Something went wrong..."
    write-error $_.Exception.Message
}
finally{

    write-host "Clearing previously saved KeyHandler*.txt log files..."

    # Now let's remove all of the previous KeyHandler*.txt log files
    $logDirectory = 'C:\ProgramData\Amtelco\Web Agent Shell\Logs'

    # Use Get-ChildItem to find and delete files starting with KeyHandler*.txt
    Get-ChildItem -Path $logDirectory -Filter 'KeyHandler*.txt' | Remove-Item -Force
}