On 13 Jul 2011 at 14:08, Erik Goldoff wrote: > What I would like to see from the OS is something like a trimmed down > version of UAC *just for the malware load points* !!! A permission / > integrity monitor that prompts and/or logs whever a RUN key is > altered, whenever a scheduled task is created, whenever a link is > added to the STARTUP group, etc ...
WinPatrol does this pretty well. The basic one is free, even for commercial use, but it doesn't monitor the startup locations in real time. http://www.winpatrol.com/morewhyplus.html#plus3 Advanced Examination of HIDDEN Registry Startup Keys (NOW FREE in Version 14) While programs like MSConfig will show you the standard Startup locations in Windows, we know there are other ways to launch programs without your knowledge. WinPatrol PLUS examines many alternate, more technically advanced locations. We've seen undesirable programs use these locations and even some of our friends in the security business now hide their programs there. WinPatrol PLUS will let you know about any changes to the following alternate startup keys. See: WinPatrol Free vs PLUS http://www.winpatrol.com/compare.html and WinPatrol Real-Time Infiltration Detection http://www.winpatrol.com/rid.html RID is NOT in the free version. The non-free Plus version is currently on sale at 50% off, but I bought my licenses last year during his 99-cent sale ;-). He offers discounts for quantity purchases. HTH Angus ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin