There is an end user at my company whose machine has had multiple malware infections in a small amount of time. ...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Each time IT has reformatted the drive and, in one instance, given him an entirely new machine from the factory. We have scanned the user's data with multiple tools, and no malware is detected. Do you know of a good file/registry monitoring tool that can be automated to track items on a PC/laptop? I know Microsoft has a filemon tool, but I believe that must be run manually.
There are several different Windows file and registry monitoring tools, including Tripwire, OSSec and Filemon/Regmon, which have been replaced by Process Monitor. All of these tools can be used to track malware and monitor the file or registry activities on a Windows system in-depth.
Process Monitor can be used to monitor a system on boot for all registry and file system access by a process. You can configure it to monitor a system from boot, and then go back and analyze the data to determine what was accessed by a process. You may first want to identify the suspicious process and then investigate further what registry or file system access or changes it made. OSSec has similar functionality to Process Monitor for monitoring registry and file system access, but isn’t configured by default to monitor a system in real time. OSSec uses Syscheck to scan a system on a pre-configured interval to identify changes.
You can identify suspicious registry or file system access by a process and then investigate the process further. Once you identify the process, you can potentially identify the executable on the file system, and then submit the file to an antimalware vendor or antimalware service to see if it is detected by the antimalware scanners. If the executable isn’t identified as malware, you can do further advanced investigation on the file to determine if the file is malware or wait for your antimalware vendor.
There are other advanced tools for monitoring file and registry, and some anti-malware software include functionality for monitoring all access to the registry or file system regardless of the process used to make the change.
Dig Deeper on Enterprise Data Governance
Related Q&A from Nick Lewis
Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust ...continue reading
Hajime malware was discovered to have links to the Mirai botnet that launched powerful DDoS attacks last year. Expert Nick Lewis explains how Hajime ...continue reading
Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.