• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 513
  • Last Modified:

detect changes made to windows 7 pc

i had to hand my laptop over to my customers IT dept to install vpn, on my personal laptop.

i don't trust anyone, and this technician took my computer to his office for nearly a hour.

vpn is working great, but i'd like to know if any other system changes were made.


any tips/tricks to audit my laptop, and learn of anything else that this technician may have done?  honestly, i just want to make sure no keyloggers, intentional spyware was installed.  call me a freak, i just know how easy a system can be comprimised.

thanks
0
sknoll84
Asked:
sknoll84
  • 2
1 Solution
 
Dale MaySecurityCommented:
In the search menu type in Event Viewer< administrative actions log will be one of the displays.
You will be able to see what if any changes have been done to your computer.  Our IT dept. is know for installing "stuff" that they don't tell the end user that they installed.  By opening up event view you will be able to tell what action were taken by your IT dept.
Thank-you,
d_may
0
 
David Johnson, CD, MVPOwnerCommented:
restore your system from a backup once the job is done.  If you don't trust the company that you are outsourcing for then leave..
0
 
Anthony DeaverCommented:
Assume:
The tech installed more than the VPN.
The tech erased Event Log entries.

Since you did not take a registry snapshot or system restore/image before releasing custody, you cannot know.  If you cannot trust the tech,you cannot trust Event Viewer.
0
 
Anthony DeaverCommented:
All due respect to D_May's excellent suggestion, but the Event Viewer is NOT a 100% effective method for detecting a malevolent act.  At a minimum, the Windows Event Log can be suspended - preventing the collection of data.  Else, individual logs can be modified to hide any single act or group of actions.

If I was motivated to illegally install something on someone's PC, there would be no evidence available in the Event Logs.

In an atmosphere where you suspect that such a malevolent act was performed, the Event Viewer does not come close to providing any warranty to the contrary.

It's like the day after a thunderstorm - the sidewalk is dry.  You cannot conclude from that evidence that it did not rain.
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now