The IDSMonitor program works as the inspector (auditor) of operating system.
It makes system "snapshots", and then compares them, showing changes to the user. In essence it is analog of the programs like "Kaspersky Inspector" and "ADInf".
Currently the IDSMonitor program makes "snapshots" of:
- file system, including ADS (NTFS streams);
- Windows Registry and its elements like the "Browser Helper Objects" type;
- Ini-files;
- services and drivers;
- processes;
- DACL (Discretionary Access Control List) for above-mentioned elements.
Currently Plugins are realized to many programs (look below "Program restrictions").
List Of Plugins to Analyse CSV Log-files of Programs:
- Nirsoft ServiWin;
- Nirsoft CProcess;
- Nirsoft AdapterWatch;
- NirSoft Alternate Stream View;
- Nirsoft CurrPorts;
- Nirsoft DevManView;
- Nirsoft DiskSmartView;
- Nirsoft DriveLetterView;
- Nirsoft DriverView;
- Nirsoft EventLogSourcesView;
- Nirsoft FileTypesMan;
- Nirsoft GACView;
- Nirsoft InstalledCodec;
- Nirsoft InstalledDriversList;
- Nirsoft MIMEView;
- Nirsoft MyEventViewer;
- Nirsoft NetRouteView;
- Nirsoft NetworkInterfacesView;
- NirSoft NTFS Links View;
- Nirsoft OfficeIns;
- Nirsoft RegDllView;
- Nirsoft ShellExView;
- Nirsoft ShellMenu New;
- Nirsoft ShellMenu View;
- Nirsoft ShortcutsMan;
- Nirsoft URLProtocolView;
- Nirsoft USBDeview;
- Nirsoft UserProfilesView;
- Nirsoft WhatInStartup;
- Nirsoft WinsockServicesView;
- Nirsoft WinUpdatesList;
- SysInternals AutoRuns;
- SysInternals Junctions;
- SysInternals ListDlls;
- SysInternals Logon Sessions;
- SysInternals PipeList;
- Sysinternals RegDelNull;
- SysInternals RootKit Revealer;
- SysInternals Streams;
- SysInternals TCPView;
List Of Plugins to Analyse difficult Log-files of Programs:
- ADInf32 Log;
- AIDA64 Log;
- AVZ Log;
- HijackThis Log;
- Microsoft Baseline Security Analyzer Log;
Also currently Plugins are realized to Windows-scripts, small programs (look below "Program restrictions"):
- Windows Accounts;
- Alternative Browsers JavaScript-Files;
- Control Panel Applets;
- Windows Environment Vars;
- Network Shared Resources;
- Installed Printers;
- RPC Endpoints;
- NTFS HardLinks;
- NTFS Links (Junctions and Symlinks);
- HDD NTFS Bad Clusters Information;
- HDD FileSystem Information;
- BIOS and CMOS Information;
The program scanning system from the "User" Mode and using of ANSI WinAPI.
Respectively, it sets restrictions on program functioning - for example, it is powerless against Rootkit-technologies, doesn't see Unicode-objects (but only their ANSI analogs), doesn't see register NULL elements, etc.
Realization of system scanning at lower system level ("Kernel" Mode) isn't planned yet. But for an bypass of the above described "unpleasant" features of the program, the system of plugins connected to the "IDSMonitor" is developed. This plugins analyze the logs of external utilities, programs, Windows-scripts and add them in "snapshots".
IDSMonitor isn't the competitor to specialized utilities like the AVZ and antivirus software.
For fight against malware software "IDSMonitor" is used several options:
1) Launch "IDSMonitor" under the AVZ module "AVZGuard" in a mode of counteraction to Rootkits;
2) Use of a boot disk like the VistaPE , Win7PE (WinPE)
3) Use IDSMonitor Plugins for analyze logs of external programs for Rootkits search (likes "Rootkit Revealer", "AVZ", etc.)
The first 2 options will allow to find Rootkits at comparison of 2 scanning "snapshots", 3 - with using of capacities of more specialized software.
P.S. It is impossible to create ideal tool to fight against Rootkit-technologies, this work demands a large quantity of time and serious qualification. Therefore it is used software, written by other developers with good recommendations, instead of "the bicycle inventing"...
Unpack archive in any folder and start the "IDSMonitor.exe" file.
Launch "IDSMonitor.exe" file with a key /? will list of starting keys of the program.
If "IDSMonitor.exe" file launching with keys -D -L - RS - SPR it will occur following:
- the file of debugging information of program working will be created;
- the scanning log of system scanning will be save;
- it will be automatically launched system scanning with creation of scanning "snapshots".
P.S. After program installing, "IDSMonitor" is "Portable". You may move its folder to any another Folder (it is desirable that new Folder path not contains spaces) and run it from this Folder (it is desirable that You run it from Windows-shortcut with working folder settings)
The program was tested under Windows XP, Windows 7.
Should works (but not tested) in Windows 2000 (not all features) , Windows Server 2003 and Windows Vista.
Should works (but not fully tested) in Windows 8 , Windows 8.1 , Windows 10.
Working in Windows Vista , Windows 7 , Windows 8.xx , Windows 10 will be only under the administrator account with elevated priviledges.
Fully supports x86-version of Windows and restrictedly supports x64-version of Windows.
Necessary minimum resolution of the monitor: 1024 x 768.
The program is in a testing stage therefore launch it only with existing Backup of the file system and the register. The author doesn't bear responsibility for possible failures of functioning and information loss on your computer though it was made at most for minimization of similar risks...
Screenshot 1. Main window of the program.
Screenshot 2. Main window of the program.
Screenshot 3. Settings window of the program.
Screenshot 4. Settings window of the program.
THERE IS NO PUBLIC RELEASE ( Version is compatible with "Windows XP", "Windows Vista", "Windows 7", "Windows 8.1" and "Windows 10" )
P.S. After program installing, "IDSMonitor" is "Portable". You may move its folder to any another Folder (it is desirable that new Folder path not contains spaces) and run it from this Folder (it is desirable that You run it from Windows-shortcut with working folder settings)
The program can freely distribution in that look in which it is delivered, i.e. without any changes.
The program is free for personal use. Program using for commercial purposes should be coordinated with the author.
For communication with the author you can:
Please respond all users of the program IDSMonitor.
If You are using the program, write to the author on E-Mail specified in the window "About" of IDSMonitor, your feedback, comments or simple information about how You are using the program.
This will depend on my decision, releasing or not new public version of the program.
This version of the program contains only main plugins. Version of the program contains all plugins currently isn't public. If someone is interested in its using, write to the author on the e-mail address specified in the IDSMonitor window "About".
Screenshot 5. Main window of the program "IDSMonitor" version 1.0.20.3525.1 (Authors variant with Russian Language Pack loaded).
The program is in a testing stage therefore launch it only with existing Backup of the file system and the register. The author doesn't bear responsibility for possible failures of functioning and information loss on your computer though it was made at most for minimization of similar risks...
P.S. Please, sorry for not good english language, It's not our native language...
| Powered by uCoz |