Monitoring your applications and processes are very important measures to check what is running on your computer, which IP processes are trying connecting to and what changes happened while you are just browsing Internet.
Patriot NG is a free application that will help you in detecting any failure or error in your windows operating system.
The program monitors your computer and warns you in case of changes. On the system level utility perform the following:
- Files in “Startup” directories: Windows has some special directories known as “startup” where files are located to be executed during system startup. Many Trojan Horses use these directories to be copied to them and thus ensure their presence in the system at every boot. This protection generates alerts when it detects a new file has been copied into these directories.
- New Users in the system: This protection alerts if new users are created in the system.
- New services installed: A service is special software that normally runs with the highest privileges. Usually employed in a legitimate way to add functionality to Windows. Sometimes malware camouflage themselves as such programs to infect your system. This protection alerts if new services are added to Startup.
- Changes in the hosts file: Windows has a file called “hosts” that stores hosts names and IP addresses for the system to take them into account preferentially. Some Trojans or Spyware alternate maliciously this file to redirect connections to different hosts. This alert warns if there are changes to this file.
- New scheduled jobs: Windows has a system known as the scheduler or planner through which can be programmed to run. There are malware programs that use the planner as a way to preserve their presence in the system. This alert advises if new jobs are added to the scheduler.
- New hidden windows: This windows may be generated when installing a new application or as a result of an attack on our computer. Whenever they occur, Patriot will warn us.
- Files in critical directories: This protection alerts us if new executable files as created in system directories.
- Installation of new Drivers: Some programs like rootkits (hidden files, processes, connections) are installed in the system as drivers, these warning alerts whenever any new driver is installed on your system.
On the Network level application have the following 5 functionalities:
- Netbios connections to the System: This protection alert to connections that are made against our system using the NetBios protocol (shares). It will generate alerts when someone access to the folder or files on our computer.
- New NetBios shares: This protection warning of a new share on the computer.
- TCP/IP Defense: Reports new open ports, new connections, ARP Spoofing.
- ARPWatch: Detects new hosts in your network
- NIDS: (Detect malicious network traffic based on rules)
The tool is simple to use and can protect users against malwares backdoors and detect any suspicious activity.