Main Area and Open Discussion > General Software Discussion
Alert on File/Folder Access
Nzyme:
I would like to know if there are any programs that can alert the user (who is currently logged in as Administrator) about an intruder trying to access a file/folder that has been specified in the program.
Scenario: I have set the folder to monitor as C. Hacker has somehow hacked into my PC and when trying to access any file/folder within C drive, I should get an alert informing me "who" is trying to access "what". Further, it should not allow the intruder to access the file/folder nor make any changes to them.
I basically need a second level of defense (after the Antivirus and Firewall). There are programs that display the log of files/folders accessed and the particular operation (create/modify/delete) performed but I need some kind of access control here that will prevent access. Thanks!
mouser:
This came up as an idea a while ago -- i think it's a great idea -- especially as an early warning tool.
Maybe someone could work on it as a NANY 2016 project.
A nice option would be the ability to alert on read and/or write, and the ability to exclude certain processes from triggering an alert.
Shades:
For inspiration... ;)
http://leelusoft.altervista.org/watch-4-folder.html
https://blogs.manageengine.com/it-security/eventloganalyzer/2012/06/20/object-access-auditing-simplified-find-the-who-what-where-when-of-file-folder-access.html
https://technet.microsoft.com/en-us/library/cc771070.aspx
http://venussoftcorporation.blogspot.com/2010/05/thefolderspy.html
https://directorymonitor.com/
http://trackfolderchanges.codeplex.com/
http://www.nirsoft.net/utils/folder_changes_view.html
http://www.isdecisions.com/products/fileaudit/file-folder-access-alert.htm
x16wda:
For inspiration... ;)
http://leelusoft.altervista.org/watch-4-folder.html
https://blogs.manageengine.com/it-security/eventloganalyzer/2012/06/20/object-access-auditing-simplified-find-the-who-what-where-when-of-file-folder-access.html
https://technet.microsoft.com/en-us/library/cc771070.aspx
http://venussoftcorporation.blogspot.com/2010/05/thefolderspy.html
https://directorymonitor.com/
http://trackfolderchanges.codeplex.com/
http://www.nirsoft.net/utils/folder_changes_view.html
http://www.isdecisions.com/products/fileaudit/file-folder-access-alert.htm
-Shades (November 26, 2015, 08:47 AM)
--- End quote ---
Just as info, when I looked into stuff like this a few years ago (6-10 maybe?), TheFolderSpy seemed to be the best combination of features and - more importantly - reliability. Several of the other programs for this sort of thing did not seem to implement the file system hook very well and caused instability and crashing, or at the least missed some number of test accesses. But NOTHING was really satisfactory for what I was looking for (which, in part, meant that the monitor could run as a service).
Nzyme:
For inspiration... ;)
http://leelusoft.altervista.org/watch-4-folder.html
https://blogs.manageengine.com/it-security/eventloganalyzer/2012/06/20/object-access-auditing-simplified-find-the-who-what-where-when-of-file-folder-access.html
https://technet.microsoft.com/en-us/library/cc771070.aspx
http://venussoftcorporation.blogspot.com/2010/05/thefolderspy.html
https://directorymonitor.com/
http://trackfolderchanges.codeplex.com/
http://www.nirsoft.net/utils/folder_changes_view.html
http://www.isdecisions.com/products/fileaudit/file-folder-access-alert.htm
-Shades (November 26, 2015, 08:47 AM)
--- End quote ---
Thanks Shades! Most of what I have tested only monitors the file/folder for changes and displays a log/alert and some actions to perform post access.
If there is an intrusion, the program should alert who is trying to access what and should not allow the action to complete. The program should exclude operations from the system and the logged in user to avoid too many alerts.
Is this possible by applying any policy in Windows itself or any other programs that can do this? Thanks!
Navigation
[0] Message Index
[#] Next page
Go to full version