Main Area and Open Discussion > General Software Discussion

How to monitor changes being made on computer? (portable related)

(1/2) > >>

superboyac:
For programs that are portable, how can you be sure no changes are being written outside of the program directory?  Or sometimes, these programs claim to make a change, but remove the changes when the program is exited.  Is there a program that monitors changes or something like that, just to be sure?  Maybe something that has to do with cirtual machines...I don't know.

argv:
Maybe sandboxie can do it, as long as no drivers are implied: http://www.sandboxie.com/

PhilB66:
Yes, Sandboxie with SandboxDiff (List differences in registry and files). RegFromApp also very useful.

widgewunner:
RegMon (Registry Monitor) for monitoring changes made to the registry and
FileMon (File Monitor) for monitoring changes made to the file system.

These are just two of the free utilities available from SysInternals (from the wicked smart mind of Mark Russinovich). Other excellent SysInternals utilities include:

ProcExp (Process Explorer) for monitoring/controlling running processes.
AutoRuns for monitoring/controlling startup tasks.
PageDfrg (System File Defragmenter) for defragmenting system files which are normally untouchable: pagefile and registry files.

The versions I run (2006) are older - (from before SysInternals was bought out by Microsoft). I haven't tried the latest versions but they are probably A-Ok too. Highly recommended.

MerleOne:
I would use RSIT, described and discovered here : http://www.raymond.cc/blog/archives/2009/03/25/check-for-recently-created-or-modified-files-and-installed-software/

It's based on Hijackthis.

Navigation

[0] Message Index

[#] Next page