Notification when a file is open

Posted on 2007-10-19
Last Modified: 2012-08-13
Well this is a long story. The problem is that some guys at work have started to read the event log of other computers looking for the "Net Send" messages received by other people, you know, that if you go to My Network Places/Entire Network/Directory/Computers, right click on  any of the computers listed, select the option Manage, you will see the Computer Management window of the computer selected. Once you are already there you can go System Tools/Event Viewer/System, and you will see the Event Log. After this, it  is just a matter of double-clicking on any of the events that have "Application Popup" as source, to see the messages that computer has received.
Having telling the story, what I need is to code a program that detects when someone has open a session in my computer to see the event log. I've noticed that when this happens I can see the session in Computer Management/ System Tools/Shared Folders/Sessions and an entry in Computer Management/ System Tools/Shared Folders/Open Files, this entry shows PIPE\EVENT-LOG as file name. So I suppose that since this is detected as a shared file opened then using the NetFileEnum Api, the PIPE\EVENT-LOG will be listed and I can identify it by the name. However, this will require the program to be a sort of demon that reads the shared files opened periodically, say every, 5 seconds. I do not see much of a problem on that because it is a very light process that will not affect my PC performance at all. However, I'd like to know if there is a way of generating a notification at the moment it happens.

Thanks a lot for any help.
Question by:rvaldivia
    LVL 44

    Expert Comment

    an active firewall would be the better solution
    LVL 16

    Accepted Solution

    Hi Rvaldivia.

    Some solutions :
    1) You can disable event log service.
        Start--> Run-->Type :    Services.msc
        Disable "Event Log" service in your system. Tell your friends to do the same.

    2) Since the intruder is in your LAN then you can do the following :
    Monitor all running tasks in the computers in LAN...
    So when mmc.exe loads at a certain computer you can send him a message to stop reading your messages...
    View running processes in LAN :

    Hope this helps.

    Author Comment

    Aikimark and Codedk,
    Thanks to both for the quick response.

    I like both ideas: disabling the "Event Log" service and catching the intruder red handed. I'll tell my friends to disable this service. However, first, I'd like to know if disabling the "Event Log" might cause any unwanted side effect that could affect the system in some way or if it is 100% sure to do this. With regards to detecting the intruder, I already coded a program that detects open shared files and identifies the PIPE\EVENT-LOG "file" and sends "net send" message to the person accessing that file. However I believe that your solution is more straight forward and detects more things. So I'll give you the points. Thank you.

    LVL 16

    Expert Comment

    Yes i think its a clever approach and funny too.
    Disabling Event Log is 100% safe. The only problem is if you want to see some log ... You want be able to see it. Just that.
    If sometime you want to see a log of an error you can re-enable it and reproduce the error.
    See the log...
    Then disable it again :)

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    This article explains how to create forms/units independent of other forms/units object names in a delphi project. Have you ever created a form for user input in a Delphi project and then had the need to have that same form in a other Delphi proj…
    Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now