[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Program to monitor activities of another application

Posted on 2011-03-24
16
Medium Priority
?
382 Views
Last Modified: 2012-05-11
We need to check a certain application and make sure its not going to unauthorized folders.  

Is there an application that we can run, have in memory, and see what X application is accessing what folder?

We need something like SQL Profiler but for application to monitor the folder it visits.
0
Comment
Question by:rayluvs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
  • 3
  • +2
16 Comments
 
LVL 10

Accepted Solution

by:
abbright earned 1000 total points
ID: 35211132
You can use diskmon to monitor disk accesses of a program: http://msdn.microsoft.com/en-us/library/bb896646.aspx
0
 
LVL 3

Expert Comment

by:Josef Al-Chacar
ID: 35211247
Get COMODO fire wall free edition it monitors all programs that try to to anything . If you set it to paranoid protection level. If you set the level to lower it will monitor less programs

It will ask you if you want to let the program do what it wants to.
0
 

Author Comment

by:rayluvs
ID: 35211263
Two things:

   1.  It seems that it doesn't monitor a specific program, it looks that it monitors all read/access.  

         Can we configure to monitor one apps?

    2.  Can we configure to display the path & files is accessing?
          (it seems it uses sectors)
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 3

Expert Comment

by:Josef Al-Chacar
ID: 35211607
You can mark files as unrecognized so it monitors those files. Also you can sandbox files which means you can run programs in a virtual environment and if they cause problems you can remove them with no damage to your computer.
0
 

Author Comment

by:rayluvs
ID: 35211871
josefah:

  I have used COMODO as a firewall for long time.   I checked the software but where do I tell to monitor
  a specific program?
0
 
LVL 3

Expert Comment

by:Josef Al-Chacar
ID: 35212036
Yeah i only know how to restrict certain programs. I recommend setting defense plus to paranoid mode then run your program and it will then show what it is trying to access. Yes it will show other stuff too but the end result will be the same.

Something else you could use but would be kind of overkill would be dependency walker. You can select certain files and it tells you exactly what other files it depends on to run. That may point you in the right direction.  
0
 

Author Comment

by:rayluvs
ID: 35212116
Ok... let me say that what we need is to monitor only one application.  Can I do this with Comodo?

Also, what is "dependency walker"?
0
 
LVL 2

Expert Comment

by:Hapexamendios
ID: 35214181
Dependancy walker is a development tool which would show you all dependencies for a particular binary - e.g. all the DLL files a program uses.

Might or might not be useful here.

Try this instead:

Download Sysinternals Suite from http://technet.microsoft.com/en-us/sysinternals/bb842062
Unzip the contents to any folder you like
Locate and run Process Monitor
(When I launch mine, it launches the "Filter" editor by default - you may need to start teh Filter editor manually byu going to the Filter menu, and selecting "Filter..."
In the left drop-down, select "Path", then leave the operator at "is", and enter the path you want to monitor

"Simples", as they say :)

HTH - ping back if not...
0
 

Author Comment

by:rayluvs
ID: 35215154
True, Dependancy walker is not useful; I need to see what folders or files the application hits.  I'll download your link and give it a try.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 35245117
You could use NTFS auditing to see if anyone (or any process) accesses that folder. However, auditing will not prevent processes from doing so.
0
 

Author Comment

by:rayluvs
ID: 35245434
Yes, ok interestimg... where do I find this?
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 1000 total points
ID: 35245473
Right where you set the NTFS permissions. Rightclick the folder - properties - security - advanced - auditing ->setup auditing there. That's only the first half. The second half is here: open secpol.msc - loc. policies - audit policy - audit object access. Done.

Now any sort of access you configured to audit on that folder will be logged to the security event log (open eventvwr).
0
 

Author Comment

by:rayluvs
ID: 35312927
Thanx
0
 

Author Closing Comment

by:rayluvs
ID: 35312950
Thanx
0
 
LVL 56

Expert Comment

by:McKnife
ID: 35317451
I really wonder how diskmon has helped you with that task. It does not show processes nor folder activity - or how do we use it right, abbright?
0
 
LVL 10

Expert Comment

by:abbright
ID: 35317877
Looks like I had something wrong here, sorry. The tool I meant was "filemon" rather than "diskmon": http://en.wikipedia.org/wiki/FileMon. This has been incorporated into sysinternal's process monitor: http://technet.microsoft.com/en-us/sysinternals/bb896645.
I'm really sorry for the confusion.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question