topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • August 22, 2018, 02:18 AM
  • Proudly celebrating 13 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: N.A.N.Y. 2019 idea: file modification monitor and alert tool  (Read 651 times)

Nod5

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 907
    • View Profile
    • Donate to Member
N.A.N.Y. idea: file modification monitor and alert tool.

A Windows version of Marvin ( https://github.com/dgsharpe/marvin ) but with fewer features. Only daily or manually started checks (not realtime), only local notifications (not email/push).

Perhaps simply an AutoHotkey script that makes use of Everything's database and command line tool ( https://www.voidtool...mand_line_interface/ ) to check for changes to a user specified list of files/folders.

Useful as a safety precaution when using non-versioning, mirroring only backup tools like Bvckup2 ( https://bvckup2.com/ ).

Before each backup job, check for unwanted modifications to files/folders on the monitoring list. A scheduled task for daily backups could first run the modification check tool and take conditional action: if no changes to files on the monitoring list then perform backup, else alert the user and postpone backup until manual confirmation.

For example if you accidentally and unknowlingly delete an important folder (on your monitoring list) in Explorer this tool would halt/alert you before you run a mirroring backup job that would delete the important folder also from the backup drive.

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,355
    • View Profile
    • Donate to Member
Re: N.A.N.Y. 2019 idea: file modification monitor and alert tool
« Reply #1 on: July 22, 2018, 11:32 AM »
How big is the set of files you want to monitor?  Because in most cases (and with a proper filter) 'Process Monitor' from SysInternals can show you your (set of) monitored file(s), which process has doing the modifying and when the modifying did occurred. It doesn't prevent any modification though.

Perhaps auditing software is more of a fit to your request. A free solution from Netwrix.

In combination with proper ACL settings on the set of files you wish to keep an eye on, auditing software might be the only thing you need. If I remember correctly, 4wd mentioned recently that 'SetACL Studio' could now be used for free. More precisely, the creator of the software provides a license code with which you can register SetACL Studio gratis. An alternative piece of freeware, that also happens to be portable as well, could be: NTFS Permissions Tools (is from China, but has an English interface).

*   edit: added NTFS Permissions Tools link.
* edit2: added SetACL link
« Last Edit: July 22, 2018, 11:54 AM by Shades »

KodeZwerg

  • Member
  • Joined in 2018
  • **
  • Posts: 135
    • View Profile
    • Donate to Member
Re: N.A.N.Y. 2019 idea: file modification monitor and alert tool
« Reply #2 on: July 22, 2018, 11:53 AM »
If you like Python, here is a project that does what you wrote = WatchDog.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 9,653
    • View Profile
    • Donate to Member
Re: N.A.N.Y. 2019 idea: file modification monitor and alert tool
« Reply #3 on: July 22, 2018, 11:59 AM »
Have you tried the options that are out there?  Is there anything you want that's not there?

I'm thinking about https://directorymonitor.com/ (which I'm using) or any of the others mentioned by raymond.cc (which is where I first looked, but found that directory monitor was on chocolatey) at https://www.raymond....les-folders-changes/

Nod5

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 907
    • View Profile
    • Donate to Member
Re: N.A.N.Y. 2019 idea: file modification monitor and alert tool
« Reply #4 on: July 22, 2018, 05:16 PM »
Thanks for the feedback everyone. I haven't really researched other preexisting tools like this in the Windows space much. Your links will be useful reading.

I now also found a discussion on reddit about Marvin and some there use the term FIM, File Integrity Monitoring, for tools of this kind.

I suppose it remains to be seen if there really is some useful niche left to be filled by creating one more tool.

How big is the set of files you want to monitor? 

Good question! I'm not sure yet. One issue is how to balance between annoyingly distracting notification overload (a big risk with any tool of this type I suspect) and useful prevention of bad effects from mistakes. I do like the idea of a tool that doesn't at the time of edit/move/deletion prevent the action nor require confirmation but instead only notifies of the change at some later time, in order to prevent a mistake from spreading into the backups.

in most cases (and with a proper filter) 'Process Monitor' from SysInternals can show you your (set of) monitored file(s), which process has doing the modifying and when the modifying did occurred. It doesn't prevent any modification though.
Like with my idea with using Everything perhaps a small tool can make effective use of Process Monitor logs instead of doing all that natively.

KodeZwerg

  • Member
  • Joined in 2018
  • **
  • Posts: 135
    • View Profile
    • Donate to Member
Re: N.A.N.Y. 2019 idea: file modification monitor and alert tool
« Reply #5 on: July 23, 2018, 12:44 AM »
I havent tried out alot of such tools since i done my own BUT if your tool would monitor in realtime i would have a wish what for myself wasnt able to do:
- Set a folder to be monitored (that is the most basic feature)
- ability to intercept modification/deletion before changes happen <<< here myself has failed
example:
Monitor Folder "X:\YZ\" if now user delete/modify/add a file i want a Message Box pops up to confirm that action

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 9,653
    • View Profile
    • Donate to Member
Re: N.A.N.Y. 2019 idea: file modification monitor and alert tool
« Reply #6 on: July 23, 2018, 07:52 AM »
Interestingly, Ghacks had an article on FRSSystemWatch today, which wasn't on one of the links above.

https://www.ghacks.n...with-frssystemwatch/

It also includes changes to the system registry.