cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Complete monitoring of applications in windows 10 Pro

Hi there,

 

I was hoping to find out if there is a feature in windows 10 Pro where you can completely monitor the actions of a program step by step as it executes.

 

i.e.

 

Instead of giving an installation program free reign over your system can you put it in a "baby sitting" mode where it tells you which files it is accessing, when/where it connects to the internet and anything else that would be suspicious.

 

If they don't already have it I think they should.

 

P.S. I have tried process explorer but I would prefer something easier to understand.

 

Cheers

10 Replies
JKWiniger
Community Champion

@galvinpaul1718 I have wanted this as well as it makes perfect sense but I have not some across something that would do this. I will be keeping an eye out and hopefully someone else will have a suggestion.

 

John-

LiuHuasong
Newcomer I

Sandboxie can be an alternative for the time being.

LiuHuasong
Newcomer I

If you search "windows malware analysis tool" in startpage , you will find Cuckoo Sandbox .

 

BTW, if you installed canvasblocker in firefox, you will found that bing, google and duckduckgo all try to get your browser's fingerprint.

JKWiniger
Community Champion

While I will thank both of you for your input a sandbox isn't what is being looking for, unless a sandbox can do things I am unaware of. I believe a sandbox just simply isolated a program from the rest of the environment to keep it from cause problems. What is being looked for is a program that can record exactly what a program does what it is run. I am sure these programs have to exist because they would be needed in malware and other analysis. Even for just basic use I would love to see where installs are touching and hiding things. And of course if these is another way of tracking this I'm all ears, or I guess being a forum I'm all eyes...

 

John-

Baechle
Advocate I

John,

The class of software you’re looking for is a “Debugger.”

It allows you to step through disassembled code, instruction by instruction.

Sincerely,

Eric B.
JKWiniger
Community Champion

@Baechle A debugger is more at the code level, which is not what I'm looking for, but rather something that just monitors what a program does when it runs. Does it install a service? Does it write to the file system? If so what did it install and what did it write?

 

John-

LiuHuasong
Newcomer I

Cuckoo is different from Sandboxie, Cuckoo's home page says(red texts are marked by me):

 

What is Cuckoo?

Cuckoo Sandbox is the leading open source automated malware analysis system.

 

You can throw any suspicious file at it and in a matter of minutes Cuckoo will provide a detailed report outlining the behavior of the file when executed inside a realistic but isolated environment.

Malware is the swiss-army knife of cybercriminals and any other adversary to your corporation or organization.

In these evolving times, detecting and removing malware artifacts is not enough: it's vitally important to understand how they operate in order to understand the context, the motivations, and the goals of a breach.

Cuckoo Sandbox is free software that automated the task of analyzing any malicious file under Windows, macOS, Linux, and Android.

What can it do?

Cuckoo Sandbox is an advanced, extremely modular, and 100% open source automated malware analysis system with infinite application opportunities. By default it is able to:

  • Analyze many different malicious files (executables, office documents, pdf files, emails, etc) as well as malicious websites under Windows, Linux, macOS, and Android virtualized environments.
  • Trace API calls and general behavior of the file and distill this into high level information and signatures comprehensible by anyone.
  • Dump and analyze network traffic, even when encrypted with SSL/TLS. With native network routing support to drop all traffic or route it through InetSIM, a network interface, or a VPN.
  • Perform advanced memory analysis of the infected virtualized system through Volatility as well as on a process memory granularity using YARA.

Due to Cuckoo's open source nature and extensive modular design one may customize any aspect of the analysis environment, analysis results processing, and reporting stage. Cuckoo provides you all the requirements to easily integrate the sandbox into your existing framework and backend in the way you want, with the format you want, and all of that without licensing requirements.

JKWiniger
Community Champion

@LiuHuasong OH!!! OK! I will admit I did not take a good look because I thought all sandboxes were the same! Thank you for pointing out how this is different. I think a lot of us make the mistake I just did of not looking deeply enough at some things, but let's face it there has just gotten to be so much to look at now a days.

 

Thanks you for this, and if any one else has other ideas I would love to hear them..

 

John-

LiuHuasong
Newcomer I

My pleasure.

 

Definitely, there exists other malware analysis tools.I think every anti-virus software has an analysis module, and anti-virus software company has more advanced tool but only for their own use.

 

I prefer open source, so suggest you give Cuckoo a try first.

 

Regards.