Hi there,
I was hoping to find out if there is a feature in windows 10 Pro where you can completely monitor the actions of a program step by step as it executes.
i.e.
Instead of giving an installation program free reign over your system can you put it in a "baby sitting" mode where it tells you which files it is accessing, when/where it connects to the internet and anything else that would be suspicious.
If they don't already have it I think they should.
P.S. I have tried process explorer but I would prefer something easier to understand.
Cheers
@galvinpaul1718 I have wanted this as well as it makes perfect sense but I have not some across something that would do this. I will be keeping an eye out and hopefully someone else will have a suggestion.
John-
If you search "windows malware analysis tool" in startpage , you will find Cuckoo Sandbox .
BTW, if you installed canvasblocker in firefox, you will found that bing, google and duckduckgo all try to get your browser's fingerprint.
While I will thank both of you for your input a sandbox isn't what is being looking for, unless a sandbox can do things I am unaware of. I believe a sandbox just simply isolated a program from the rest of the environment to keep it from cause problems. What is being looked for is a program that can record exactly what a program does what it is run. I am sure these programs have to exist because they would be needed in malware and other analysis. Even for just basic use I would love to see where installs are touching and hiding things. And of course if these is another way of tracking this I'm all ears, or I guess being a forum I'm all eyes...
John-
@Baechle A debugger is more at the code level, which is not what I'm looking for, but rather something that just monitors what a program does when it runs. Does it install a service? Does it write to the file system? If so what did it install and what did it write?
John-
Cuckoo Sandbox is the leading open source automated malware analysis system.
You can throw any suspicious file at it and in a matter of minutes Cuckoo will provide a detailed report outlining the behavior of the file when executed inside a realistic but isolated environment.
Malware is the swiss-army knife of cybercriminals and any other adversary to your corporation or organization.
In these evolving times, detecting and removing malware artifacts is not enough: it's vitally important to understand how they operate in order to understand the context, the motivations, and the goals of a breach.
Cuckoo Sandbox is free software that automated the task of analyzing any malicious file under Windows, macOS, Linux, and Android.
Cuckoo Sandbox is an advanced, extremely modular, and 100% open source automated malware analysis system with infinite application opportunities. By default it is able to:
Due to Cuckoo's open source nature and extensive modular design one may customize any aspect of the analysis environment, analysis results processing, and reporting stage. Cuckoo provides you all the requirements to easily integrate the sandbox into your existing framework and backend in the way you want, with the format you want, and all of that without licensing requirements.
@LiuHuasong OH!!! OK! I will admit I did not take a good look because I thought all sandboxes were the same! Thank you for pointing out how this is different. I think a lot of us make the mistake I just did of not looking deeply enough at some things, but let's face it there has just gotten to be so much to look at now a days.
Thanks you for this, and if any one else has other ideas I would love to hear them..
John-
My pleasure.
Definitely, there exists other malware analysis tools.I think every anti-virus software has an analysis module, and anti-virus software company has more advanced tool but only for their own use.
I prefer open source, so suggest you give Cuckoo a try first.
Regards.