Monitor installation process

I download quite a few freewares/sharewares, and I would be more comfortable if there were some kind of program to monitor what is really going on when I double-click on setup.exe -- like, all the files created, the regkeys added, and so on. I do have ProcessGuard paid, so I get a chance to see if another exe is called or if the setup exe tries to install some driver/service, but I do not have the full picture. I've heard of progs like uninstall pros that take a snapshot of virtually everything before installing somthing, but this is a really ugly solution to me (let alone that it takes ages to do such snapshots). I believe a HD/FS interception strategy would be much more reliable.
Does such a monitoring tool exist, for winXP ?
If I recall correctly, netware had such a thing for network installation setup -- so it's definitely doable.

-RE

 

Tiny has this option to monitor the files created and registry entries and delete them.

There was another freeware program which took a snap shot of registry and files on the system before the installation and after the installation. It was a bit of the pain in the a** waiting for the snap shot to finish. Will let you know if I recall the name of the program.

 

Total Uninstal,could this be of help.Last free version.
http://freeware4u.com/modules/mydownloads/singlefile.php?lid=234

 

TY for the replies. Actually snapshot-based solutions, freeware or not, are not what I am looking for. I've seen threads on sandbox strategies (eg. sandboxie, shadowuser...), and this is more like what I want -- though I don't a need a real sandbox, only the "write routines" interception/hooks and a status report when the installation process is done. I don't necessarily want to block, I just want to know.

-RE

 

Take a look at installwatch @ http://www.epsilonsquared.com/

Be sure to leave me positive feedback if this is what you want... oh right thats ebay. lol

AsianTiger

 

I already knew this one, and it crashes before completing the 1st scan (and it already takes a looooong time to do that). Scanning the whole box doesn't seem practical on a 200GB DD. The trashit, TU and others all work on the same paradigm. The only (sensible) alternative would be real sandboxes, ala sandboxie, greenborder and co. A bit too heavyweight for my purposes (let alone that sandboxie has pbs with sandboxing installers than install low-level hooks/drivers....). Some people have also tried to repackage some installers into MSI installers with wininstall, so as to get full logs. Dunno if it's practical either.

-RE

 

I think Online Armour has such a tool built in.
Search the forum here or check the tall emu forums http://www.tallemu.com/forum/

Regards

 

^^^
+1

 

TY, but it seems to be browser-security tool with some processguard-like feature, and I already got what I need on that side. It doesn't work with Opera either, which is my default browser. TY anyway.

-RE

 

Norton Goback can do that. It has a feature called Safe Try Mode that will allow you to test any new software in complete safety, and if you then don't want it you can completely remove it.

 

TY for pointing Goback out. Actually it is the "Norton" part that makes me cringe ;-) I simply do not trust their products, for different reasons. I checked out some recent user reviews and it confirmed my suspicions. Though the safe try mode sounds nice, I don't imperatively need to be able to revert an installation automatically; just knowing what happens during the installation would be good enough, for a start.

-RE

 

InCtrl5 ? (IIRC it was a PCMag utitlity; I used to use it and it did what you're asking for. Haven't used it since I upgraded to XP though.)

Edit : found it again here : http://www.pcmag.com/article2/0,1895,1655158,00.asp
It's NOT for XP, only 98, 2000, ME acc.tp PCMag.

 

Right, I'm on XP, hopefully.
Actually only two programs got my attention so far: sandboxie and shadowuser. The latter is expectedly better, but more, er, "intrusive". Like, if it goes haywire, it's gonna screw your box big time. I'm also concerned about being able to make drive images with Acronis stuff and co. OTOH, sandboxie is simple and light, but one has to fish into its special mock-up folder to see what has been done. Well, I'm still looking for alternatives....

-RE

 

InControl will work with XP

 

As for file-changes, you might have a look at ADinf32.
See following thread with some info:
https://www.wilderssecurity.com/showthread.php?t=72131

As for reg-entry changes: maybe RegDefend and/or RegRun for the most important parts of the Reg.

Cheers, Jan.

 

I've been trialing RegDegend for about a week and I will possibly buy it.
As for ADinf32, while it could probably do the job like the other tripwire-like softs mentionned, scanning the whole machine more frequently than once a month is too big a hassle for me (and my HD).

-RE

 

I have a couple of virus/trojans which I use to test security programs and when testing with Online Armor, using the "Track" option, I was not only able to see the .tmp files and the Registry entries made but an .exe file in system32 dropped during the installation. At the time I was in a 'sandbox' (Racxo First Defense) and also had Process Guard monitoring the install and the subsequent activities. When I'd had enough of this test, I used OA to stop the overall functioning of the trojan and then to also remove the .tmp files and registry entries. The .exe files were listed but not deleted by OA, however I just used explorer to get the one out of system32. I kept the 'original' for testing other security apps.
So, OA may be what you want. It tracks anything you ask it to, good, bad or unknown.... and helps remove them.

Jim

 

Their site is not explicit enough on how this feature works. It really seems to me like I already got 95% of OA features covered.
Lately I've been playing with BufferZone, and it's pretty nice, even if it's still beta. The product is still under development (though the bulk of the work is done) so there's room for adding what I would like to have.
BTW First Defense seems like a very nice toy, but I cannot install it as non-english versions of windows are not supported :-(

-RE