Using AHM to detect new software\spyware installs?

Need new test, action, option? Post request here.
Post Reply
mikepiet
Posts: 19
Joined: Tue Nov 30, 2004 10:32 pm

Using AHM to detect new software\spyware installs?

Post by mikepiet »

I am posting this here as it's not really a configuration question and surely is not a bug. It's more of a function that I am looking for and wondering if anyone is doing this now and\or if anyone could offer any ideas on how I might accomplish it?

Basically, I am looking for a way to detect if a user installs a new application or a machine becomes infected with spyware\malware.

All I have been able come up with is to monitor the size of the "Program Files" directory for a change in file size but that might not work if the program installs into the root of C:\ or somewhere else. It especially wouldn't work for spyware as it usually hides itself.

I was also thinking of monitoring processes but there is no way to check for new processes, at least no way I know of.

Finally, I played around with trying to incoperate some scripts to check the registry but most didn't work as their context didn't fit into HostMonitor very well.

Anyways, if anyone is performing these kind of functions with hostmonitor, I would love to hear from you.

Thanks,

Michael
KS-Soft
Posts: 13012
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:

Post by KS-Soft »

I think there are a lot of specialized software for such purpose: antiviruses, spyware monitors/removals and so on
This task is not for HostMonitor

Regards
Alex
Post Reply