File monitoring

[tonyjl]

Hi guys,how is everyone?

I have MJ RegWatcher,but replaced it with RegDefend and have been using MJ RW as a file monitor. The problem is that it doesn't say what is accessing the files,nor can it pause/block modifications or quarantine any files.

Are there any file monitors that are light on resources,have a customizable watch list and do the above?

Basically,give the features i mentioned to MJ RW,and that's the sortta thing i'm after.

If not,can you say what you are using,how close it comes to above,and give a link if possible.

I'm fussy i know

Thanks

[Bubba]

I'm not sure how indepth you are needing but FileChecker by Javacool Software might serve your needs.

[tonyjl]

Thanks Bubba,tried that while ago,a bit heavy on resources if i remember correctly. But i'll give the latest a spin.

Thanks again

[Graphic Equaliser]

Quote:

Originally Posted by tonyjl

I have MJ RegWatcher,but replaced it with RegDefend and have been using MJ RW as a file monitor. The problem is that it doesn't say what is accessing the files,nor can it pause/block modifications or quarantine any files.

MJRW can quarantine files that may have been added, but you must be in prompt or reject mode. This is from the help file :-

Subkey additions, and file and directory additions are quarantined, in that .reg files are made of the subkeys in the directory MJQuarantine off of the installation directory. File and directory additions are moved to this directory.

I just tested it with the windows\tasks directory, and MJRW automatically quarantined any new task I tried to setup, when running in reject mode.

HTH,

[tonyjl]

Yes but it doesn't do that for all files/directories,just the startup folder and tasks folder.

[Graphic Equaliser]

No, it does it for any file or directory spec you have in your list. It is simple to test it out. Put a simple text directory spec in the list, and put MJRW into reject or prompt mode. Deliberately add a file to this directory (use explorer to copy and paste it in if you like). MJRW will popup offering to quarantine the added file if in prompt mode, or automatically quarantine it if in reject mode. It works for any directory spec and wildcarded directories. Files that are added can always be quarantined. Files that are changed or deleted cannot be undone by MJRW. This has been discussed on the Wilders thread at http://www.wilderssecurity.com/showthread.php?t=54666 - preventing such changes (or rolling them back) would involve far too many resources, especially on large system files. However, MJRW's purpose is to spot when trojans are foisting themselves upon your system, and that's when many many file additions occur.

I must add for the record that i only just started with RegWatcher only recently but after reviewing the many posts to the Topics right here on it plus doing an early review of my own, i am Highly Impressed!! And it takes a lot anymore to flip that switch in this camp.

Quote:

I have MJ RegWatcher,but replaced it with RegDefend and have been using MJ RW as a file monitor. The problem is that it doesn't say what is accessing the files,nor can it pause/block modifications or quarantine any files.

Heh, i done the exact opposite, tried RegDefend and found it not exactly on par to my expectations, but then we all have our own personal preferences or that might be systems compatibility confidence.
On an XP Pro unit running alongside SSM (latest beta) i find RegWatcher already far surpasses my highest expectations and it would take a Fort Knox app to pull me away from this now. It is very light on resources for this old 1250MHZ AMD (Duron) CPU w/512MB.

Quote:

Are there any file monitors that are light on resources,have a customizable watch list and do the above?

RegWatcher! What else would you need?
I was looking for coverage specifically on certain folders and this is the ticket to the confidence i was hoping for.
btw, as a researcher i have a nice collection of the worse possible types of malicious ugh ware i will be putting up against these programs locally and from what i seen so far i don't feel any need to have to ready my XP Pro install Cd from out of the closet.