There are many ways an attacker might try to compromise your PC, and one common option is to download and run an executable without your knowledge. If your antivirus engine doesn’t recognize the threat then that could leave you with a serious problem.
Run ExeWatch and it might be a different story. The program watches your local drives, looking out for new executable files, and raises an alert the moment anything appears -- downloaded, extracted from an archive, written by some other program, whatever it might be. It has no malware-removal abilities, but that early warning may still save you a lot of pain.
Getting started is easy. The download is tiny, and there’s no installation: just launch ExeWatch and it runs in the background, monitoring your PC.
When a new executable is created, ExeWatch plays a beep and displays a visual alert (four boxes, one in each corner of the screen). Double-clicking its system tray icon lists any new detections, while a right-click "Open History" option shows everything the program’s ever noticed.
Normally this is for information only, but enable "Panic Mode" and ExeWatch can also rename executables as soon as they’re detected. Under typical circumstances this is a very bad idea -- you could cause all kinds of problems with legitimate programs -- but if you’re sure something dangerous is happening then this might help bring it to a halt.
If you find ExeWatch raises too many false alarms then you can now also add exclusions, folder trees where new executables won’t raise an alert. All you have to do is add their paths to the exclusions.txt file in the ExeWatch folder (a couple of sample folders are in the file already to show you how it works).
Put it all together and ExeWatch is still a very basic system monitor, but it’s useful enough and really can alert you to dubious behavior. Worth a look.
Aucun commentaire:
Enregistrer un commentaire