Free Microsoft tool reports malware infection signals

Spread the love

Microsoft has introduced a free tool that reports changes to the system that could indicate a malware infection. For example, the tool, Sysmon, notices when the executables of processes are modified.

The free-to-download tool is part of Microsoft’s SysInternals suite. Sysmon starts early in the boot process, giving the tool the best chance of detecting malware infections. Unlike antivirus software, Sysmon does not look for specific traces to detect infections, but reports it when, for example, the executable of a process is modified.

Sysmon also reports when the creation date of a file is changed. According to Microsoft, this is a tactic frequently used by malware to cover its tracks. If desired, Sysmon can also track all network connections, but that option is disabled by default. Incidentally, Sysmon can only reveal infections that arise after the software has been installed.

Sysmon runs as a Windows service and reports to the Windows log. Windows Vista and later are supported by the tool. The SysInternals suite also includes other useful tools for sysadmins, such as a tool to capture and analyze all network traffic and tools to track all activity on the file system.

You might also like