DonationCoder.com Software > N.A.N.Y. 2019

N.A.N.Y. 2019 idea: file modification monitor and alert tool

(1/2) > >>

Nod5:
N.A.N.Y. idea: file modification monitor and alert tool.

A Windows version of Marvin ( https://github.com/dgsharpe/marvin ) but with fewer features. Only daily or manually started checks (not realtime), only local notifications (not email/push).

Perhaps simply an AutoHotkey script that makes use of Everything's database and command line tool ( https://www.voidtools.com/support/everything/command_line_interface/ ) to check for changes to a user specified list of files/folders.

Useful as a safety precaution when using non-versioning, mirroring only backup tools like Bvckup2 ( https://bvckup2.com/ ).

Before each backup job, check for unwanted modifications to files/folders on the monitoring list. A scheduled task for daily backups could first run the modification check tool and take conditional action: if no changes to files on the monitoring list then perform backup, else alert the user and postpone backup until manual confirmation.

For example if you accidentally and unknowlingly delete an important folder (on your monitoring list) in Explorer this tool would halt/alert you before you run a mirroring backup job that would delete the important folder also from the backup drive.

Shades:
How big is the set of files you want to monitor?  Because in most cases (and with a proper filter) 'Process Monitor' from SysInternals can show you your (set of) monitored file(s), which process has doing the modifying and when the modifying did occurred. It doesn't prevent any modification though.

Perhaps auditing software is more of a fit to your request. A free solution from Netwrix.

In combination with proper ACL settings on the set of files you wish to keep an eye on, auditing software might be the only thing you need. If I remember correctly, 4wd mentioned recently that 'SetACL Studio' could now be used for free. More precisely, the creator of the software provides a license code with which you can register SetACL Studio gratis. An alternative piece of freeware, that also happens to be portable as well, could be: NTFS Permissions Tools (is from China, but has an English interface).

*   edit: added NTFS Permissions Tools link.
* edit2: added SetACL link

KodeZwerg:
If you like Python, here is a project that does what you wrote = WatchDog.

wraith808:
Have you tried the options that are out there?  Is there anything you want that's not there?

I'm thinking about https://directorymonitor.com/ (which I'm using) or any of the others mentioned by raymond.cc (which is where I first looked, but found that directory monitor was on chocolatey) at https://www.raymond.cc/blog/3-portable-tools-monitor-files-folders-changes/

Nod5:
Thanks for the feedback everyone. I haven't really researched other preexisting tools like this in the Windows space much. Your links will be useful reading.

I now also found a discussion on reddit about Marvin and some there use the term FIM, File Integrity Monitoring, for tools of this kind.

I suppose it remains to be seen if there really is some useful niche left to be filled by creating one more tool.

How big is the set of files you want to monitor? 
-Shades (July 22, 2018, 11:32 AM)
--- End quote ---

Good question! I'm not sure yet. One issue is how to balance between annoyingly distracting notification overload (a big risk with any tool of this type I suspect) and useful prevention of bad effects from mistakes. I do like the idea of a tool that doesn't at the time of edit/move/deletion prevent the action nor require confirmation but instead only notifies of the change at some later time, in order to prevent a mistake from spreading into the backups.

in most cases (and with a proper filter) 'Process Monitor' from SysInternals can show you your (set of) monitored file(s), which process has doing the modifying and when the modifying did occurred. It doesn't prevent any modification though.
-Shades (July 22, 2018, 11:32 AM)
--- End quote ---
Like with my idea with using Everything perhaps a small tool can make effective use of Process Monitor logs instead of doing all that natively.

Navigation

[0] Message Index

[#] Next page