Program to monitor activities of another application

We need to check a certain application and make sure its not going to unauthorized folders.  

Is there an application that we can run, have in memory, and see what X application is accessing what folder?

We need something like SQL Profiler but for application to monitor the folder it visits.
rayluvsAsked:
Who is Participating?
 
abbrightConnect With a Mentor Commented:
You can use diskmon to monitor disk accesses of a program: http://msdn.microsoft.com/en-us/library/bb896646.aspx
0
 
Josef Al-ChacarSystems AdministratorCommented:
Get COMODO fire wall free edition it monitors all programs that try to to anything . If you set it to paranoid protection level. If you set the level to lower it will monitor less programs

It will ask you if you want to let the program do what it wants to.
0
 
rayluvsAuthor Commented:
Two things:

   1.  It seems that it doesn't monitor a specific program, it looks that it monitors all read/access.  

         Can we configure to monitor one apps?

    2.  Can we configure to display the path & files is accessing?
          (it seems it uses sectors)
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Josef Al-ChacarSystems AdministratorCommented:
You can mark files as unrecognized so it monitors those files. Also you can sandbox files which means you can run programs in a virtual environment and if they cause problems you can remove them with no damage to your computer.
0
 
rayluvsAuthor Commented:
josefah:

  I have used COMODO as a firewall for long time.   I checked the software but where do I tell to monitor
  a specific program?
0
 
Josef Al-ChacarSystems AdministratorCommented:
Yeah i only know how to restrict certain programs. I recommend setting defense plus to paranoid mode then run your program and it will then show what it is trying to access. Yes it will show other stuff too but the end result will be the same.

Something else you could use but would be kind of overkill would be dependency walker. You can select certain files and it tells you exactly what other files it depends on to run. That may point you in the right direction.  
0
 
rayluvsAuthor Commented:
Ok... let me say that what we need is to monitor only one application.  Can I do this with Comodo?

Also, what is "dependency walker"?
0
 
HapexamendiosCommented:
Dependancy walker is a development tool which would show you all dependencies for a particular binary - e.g. all the DLL files a program uses.

Might or might not be useful here.

Try this instead:

Download Sysinternals Suite from http://technet.microsoft.com/en-us/sysinternals/bb842062
Unzip the contents to any folder you like
Locate and run Process Monitor
(When I launch mine, it launches the "Filter" editor by default - you may need to start teh Filter editor manually byu going to the Filter menu, and selecting "Filter..."
In the left drop-down, select "Path", then leave the operator at "is", and enter the path you want to monitor

"Simples", as they say :)

HTH - ping back if not...
0
 
rayluvsAuthor Commented:
True, Dependancy walker is not useful; I need to see what folders or files the application hits.  I'll download your link and give it a try.
0
 
McKnifeCommented:
You could use NTFS auditing to see if anyone (or any process) accesses that folder. However, auditing will not prevent processes from doing so.
0
 
rayluvsAuthor Commented:
Yes, ok interestimg... where do I find this?
0
 
McKnifeConnect With a Mentor Commented:
Right where you set the NTFS permissions. Rightclick the folder - properties - security - advanced - auditing ->setup auditing there. That's only the first half. The second half is here: open secpol.msc - loc. policies - audit policy - audit object access. Done.

Now any sort of access you configured to audit on that folder will be logged to the security event log (open eventvwr).
0
 
rayluvsAuthor Commented:
Thanx
0
 
rayluvsAuthor Commented:
Thanx
0
 
McKnifeCommented:
I really wonder how diskmon has helped you with that task. It does not show processes nor folder activity - or how do we use it right, abbright?
0
 
abbrightCommented:
Looks like I had something wrong here, sorry. The tool I meant was "filemon" rather than "diskmon": http://en.wikipedia.org/wiki/FileMon. This has been incorporated into sysinternal's process monitor: http://technet.microsoft.com/en-us/sysinternals/bb896645.
I'm really sorry for the confusion.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.