Looking for pure "installation monitor" tool

Discussion in 'other anti-malware software' started by Joeythedude, Jun 30, 2009.

Thread Status:
Not open for further replies.
  1. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    I'd like to find something that would scan an installation as its happening , and then report at the end with a checklist of what the installation has done.

    This checklist could then have some sort of malware analysis rating
    i.e
    autostart entries made *
    driver installed **
    exe created in sys32 ***
    windows exe renamed ****
    ....something like that.

    Then I could take a look at it , and if I didn't like the look of it , rollback the entire install.

    Does anyone know of a product like that ?

    I've thought of sandboxie , and rollback rx , but I don't think they have the logging I require.
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    MalWare Defender is what i can recomend or D+ these 2 has that abilities you need plus more
     
  3. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
  4. Henk1956

    Henk1956 Registered Member

    Joined:
    Dec 3, 2007
    Posts:
    55
    PC Armor (http://www.datadrivethru.com/pcarmor_product.asp), previously known as Spyberus, tracks installations in real time as its happening and produces a report with all registry and file changes. It can also be used to undo all changes.

    I have used Spyberus (which was freeware) for some time and it worked well. I only noticed that if you keep a lot of installation packages (tracked installations) in its database it tends to slow down new installations quite a bit.
     
  5. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Total Uninstall is a very good example of this type of program with a lot of features - I use it myself. It can monitor an installation for all changes to the file system and registry, which can later be reversed if required. It's not free, but definitely worth considering if you don't mind paying.

    Here's a link to the author's website in case you want to check it out: http://www.martau.com/
     
  6. pbust

    pbust AV Expert

    Joined:
    Apr 29, 2009
    Posts:
    1,173
    Location:
    Spain
    These pop to mind:

    InCntrl (from pcmag I believe)
    InstallSpy
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    I'd sure love to know how Malware Defender can roll back an install. Please explain.
     
  8. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i didnt pay attention to the actual question i guez,but i use malware defender to find files/registries entries and delete them from system:D
     
  9. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Inctrl5 does exactly what you're asking for. It takes a full system snapshot before the install starts, launches the installer, then takes another snapshot when it's done. Afterwards, it compiles a full report of all new, altered, replaced, or deleted files and folders and all changes made to the registry. You can save the reports as text or html files. It also has a "two phase mode" that can be used to record the changes made by malicious web pages. I've used it for years and have records of every application, patch, and update on my system. It's made it possible for me to account for every file on my system, where it came from, and when.

    Install Spy is similar but not quite as featured. It also has problems if the install requires a reboot (not an issue with Inctrl5).
     
  10. PaulBB

    PaulBB Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    708
  11. cet

    cet Registered Member

    Joined:
    Sep 3, 2006
    Posts:
    867
    Location:
    Turkey/İzmir
    Does InCtrl5 1.0 work on WinXP Pro SP3.I think it is an old program.In the readme file it says only for win 98 and 2000.
     
  12. Eirik

    Eirik Registered Member

    Joined:
    Oct 6, 2008
    Posts:
    544
    Location:
    Chantilly, Virginia
    How long do these snapshots take to run?
     
  13. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I don't have access to an XP unit on which to try Inctrl5. The basic design of XP isn't much different than 2K so I don't see why it wouldn't work.

    The amount of time used creating the snapshot will depend on the speed of your PC and the amount of data on your hard drive. On my 2K unit, each snapshot takes about 2 minutes. On systems with partitioned or multiple hard drives, you can select which drives you want monitored. If it takes too long, the snapshot can be cancelled with no ill effects. Sometimes when an install is really big, generating the report can take some time and the app can look like it's frozen. It did that when I installed Open Office on a low power unit. The report took several minutes to make.
     
  14. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    I've never used it but doesn't WinPatrol have all of the asked for features?

    Acadia
     
  15. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    938
    WinPatrol hasn't the useful snapshot feature.

    I use System Explorer that has a good snapshot function.
     
  16. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Has anyone heard of a piece of software that would scan/analyze what an exe would install , without having to run the exe itself ?

    And does anyone use PC armour ?
     
  17. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    I think what you want is OLLYDBG:) .This is a analysis software.It can monitor all the actions of the software regardless of Installation software or Executive Application.And you don't have to run the Installer by yourself.
     
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yep works fine of XP Pro SP3
     
  19. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    It actually does not save the snapshots, just assesses a pre and post installation situation, on an E5200@3Ghz it takes max 20 seonds.
     
  20. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    Here is a blog post on Raymond.cc that lists a bunch.

    From the ones listed i've used SpyMe Tools, RegShot and Total Uninstall. The best is Total Uninstall, it's a little pricey at $40 for a Pro license but it's a great tool. The other freeware tools listed serve the purpose as a monitor though.

    You could upload it to Anubis if it's under 8MB but probably the better solution would be to setup a VM or Dual Boot and install it on that and use one of the free analyzers above. If the program is ok, install it on your actual OS.
     
  21. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    ive been looking at a software like this as well, is ZSoft Uninstaller compatible with Windows 7? and between Total Uninstall and ZSoft Uninstaller which do u think is easier to use and more effective? ZSoft says it supports the ability to continue the uninstallation process after reboots (which some programs require after an uninstall) this sounds like a very important feature and was wondering if Total Uninstall can also do this?
     
  22. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Another vote for InCtrl5 which works flawlessly as designed. I also tested spyberus a while ago which I liked, but it had some issues with some other security apps.

    /C.
     
  23. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I haven't used ZSoft so I can't say how it compares to Total Uninstall 5. To answer your other question, Total Uninstall can continue both the installation process and the uninstallation process after a reboot. I suggest you try both programs for yourself and see which you like better.
     
  24. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Regard ZSoft, Total Uninstall etc as a more flashier variant of MS "Add and Remove". InCtrl5, Spyberus/PC Armor etc are a different beast, where Spyberus/PC Armor is an enhanced InCtrl5. Deduction is different from experience/recording.

    /C.
     
  25. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    Total Uninstall is the better of the two hands down, although at $40 for the Pro version the price tag is up there a little. But after your wallet recovers, you begin to see it's money well spent.

    Yes it covers reboot installs as well as being Win7 compatible.

    Definitely download the trial and give it a shot, just be sure to read up on the Advanced "Monitored Install" component before using it.
     
Loading...
Thread Status:
Not open for further replies.