Windows File Watcher

A ready to install second opinion on access scanner for Microsoft Windows.
Summary

Designed to run on Microsoft Windows and scan file activity in configurable locations.

The tool is open source so you can modify as you wish.

About

What is the Windows File Watcher Plugin Type?

A Secplugs Plugin Type you can configure to watch file locations on the windows systems and report suspicous activity

What are the features?

  • Lazy On Access Scanning - Monitor file access and automatically submit files for analysis
  • Out of Box Defaults - Comes with default API keys and configuation so it works out of the box
  • Configurable Watch Directories - Configure which directories to watch for activity
  • Infected File Deletion - Delete infected files
  • Secplugs Portal - With a registered API key you can access all the core Secplugs features via the portal.

How does it work?

Once installed, the Plugin Type is notified by Windows when a file is created in or moved to the configured directories. The file is sent to Secplugs for a score based scan. If this scan detects this file to be malicious, the file is removed from the filesystem. This tools uses a very minimal configuration that is just enough. The list of directories to monitor is the only mandatory configuration.

How do I get started?

Download the tool from the link below, unzip to a temporary location and follow the instructions in the Install-HowTo.txt file.

secplugs-windows-filewatcher.zip