Exewatch ??

There is a thread here explaining the author's difficulties and that he moved his site and that site is now gone too. (http://dre.redmartian.org/)

Unfortunately:
Homepage: http://dre.tx0.org/
Download: http://dre.tx0.org/exewatch.exe
Have vanished utterly.

Does anyone know of any existing mirror for this, please ??

Thanks.

PS:
Yes, I like older, proven software and as such I am a happy XP user as well.

 

Maybe this could serve as an alternative ??

-http://www.novirusthanks.org/product/pe-dropper-monitor/-

 

Try the famous "FileFuzzfas" mirror

https://www.wilderssecurity.com/showpost.php?p=2174339&postcount=12

I 've included a trojan for free! (just kidding).

 

Thank You Very Much !!!:

Maximally helpful and hugely appreciated !!!

 

You 're welcome. The real thanks go to the dev. It's a fine,ultralight little application and covers also .bat, ocx and some other extension. If you have a PC in "steadystate" it's very nice to keep an eye for new things that drop in your hard disk.

 

@Fuzzfas

You are using Exewatch and NVT Exe radar pro, are they both needed ?

 

I use NVT with default settings for usability reasons. For example, scripts can run, anything from program folders can run. So, theoretically, something may drop in there and NVT won't react or a script may run. To give you an example. I use ClownBD. It's in the programs folder. NVT auto-allows it. ClownBD, when put to work, creates 2 batch files that also run "undetected" by NVT. Exewatch flags them both. The good thing with Exewatch, is that it doesn't need your immediate attention. It just flashes when something new was executed. So you don't have to click "allow" all the time. You can go see what it was, at your leisure. So, i consider it complementary to NVT, in a more "usability"-oriented setup. After all, my current take on infections is: "The only thing i care about, is be able to tell that i was infected. If i do, i restore a Macrium image, which will also rewrite the MBR and bye bye malware. Important information is either encrypted or locked up and exist in copies in DVDs. So the worst case, is ransomware. Fine. Let's say the ransomware encrypts everything in my HDDs (included the Macrium images on my HDD). I still have an offline copy of the important stuff, i will lose some unimportant stuff. I will restore a Macrium image of Windows only (freshly installed) that i keep in DVD, bye bye ransomware and copy the important stuff from the DVD".

You can set NVT to behave in a more restrictive manner, but it becomes more of a pain with popups for legitimate things as it is now.

On the bright side, the PC feels sooooooooo snappy without antivirus/heavy HIPS. ExeWatch is superlight, it's as if it didn't exist and if you 're bored with it, you can simply ignore it. It will keep flashing, but you can simply ignore it. A pop up that asks you all the time and waits for input, you can't ingore it.

 

Ah, another use of ExeWatch, is a bit like "post-mortem" of NVT decisions. Say you install something. You click allow on the NVT to allow install. NVT will leave the installer do it's job without further hassle. Exewatch will keep tracking all exes that will be created, even if in the programs folder (which NVT auto-allows), so if you 're not too bored, you can give a look to see if all "seems normal".

 

Thanks.I will try it this weekend. Any known problems on windows 8 ×64 bit ?

 

I don't know. Unfortunately the developer stopped updating the program before Windows 8 was officially released, so we don't know. But on Win7 x64 it works just fine, so with a bit of luck it will work on Windows 8 too.

 

@Fuzzfas

I just installed. Thanks!...I don't know why I never noticed this utility, before.

P.S. I usually try everything, once.

 

where can i get it from?i also want to try it for the first time

 

Ah, i see it works for XP too! Nice! Well, it's not exactly famous as application. I only noticed it here in Wilders where the dev had a thread about it. Otherwise it was unknown. But it works as advertized and is a useful monitoring tool. Even for people who can't stand classical HIPS, this is a viable alternative for watching for new exes without having to answer any pop up. Won't stop the malware, but at least you ll know about it.

Oh, careful about the "Panic mode". This is supposed to be used only in case you are sure to be witnessing a massive infection. It will then start renaming all new exes in an extension i don't remember, in an attempt to stop the infection.

See link in post no.3!

 

thanks

 

What is the MD5 of your copy Fuzzfas?
Mine is: 15C8521B8DDFB0C7ECAA72DEA02E1047
I can't DL yours as my DNS is blocking me. lol

 

Same (v.1.28, the last one AFAIK).

MD5 Hash 15C8521B8DDFB0C7ECAA72DEA02E1047
SHA-1 Hash 951AA882FC6A1F67FD1ED0E12E194E15D6AEF8C6

 

Thanks! I wonder what became of the dev?

 

The author "svenfaw", has posted for last time in Wilders in July 2012. After that, he is missing and the website that was hosting the application is gone. Who knows...

 

How do you add it to start up?

 

Put the executable in a folder, place the folder in your Program Files directory.
Right click on the executable, send to desktop (shortcut). Take the shortcut and drop it to :

C:\Users\Yourusername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Reboot. It should now be loading with Windows.

This for Win7. For XP i don't remember where the startup folder is.

 

Thanks

 

Hi,

thanks all for your feedback. I'm sorry I was away from these forums for so long.
I'm very grateful to see that ExeWatch wasn't forgotten in the meantime.

I have just released v1.30, which is a minor update that adds an autostart option, support for JAR files and a proper about dialog.

The MD5 for v1.30 is C60FEF21B20FF5C468058392B65740C0
and the new URL is http://dre.natverk.org.

Sven

 

Welcome back!


Can you add .scr and .msi extensions?
I think maybe popup instead of four rectangles would be better choice?

 

Welcome back, Sven! Thank you for the update and the ultralight,useful program.