Security Monitor for Windows
WinPatrol for Windows helps in protecting the computer from unauthorized changes. It monitors areas in Windows that some antivirus and firewall programs don't bother to monitor. Find out how to use WinPatrol by reading this WinPatrol tutorial to protect against malware infiltrations, spyware and other changes in the next sections of this article.
Spyware and Adware Piggybacking
Several software packages are now bundled with unnecessary third-party software (see piggybacking article). Many end-users are not familiar which application is required to install which is why they end up with new programs that they don't actually need. WinPatrol can help by providing an alert on unnecessary programs.
An example program is FoxIt Reader, a free PDF reader for Windows. The installer of Foxit Reader is bundled with a search toolbar using the Ask.com search engine. The browser will have
and you'll find Foxit PDF Creator toolbar published by Ask.com in the Add or Remove Programs utility:
If the computer is using WinPatrol, several alerts will be displayed on unnecessary changes in Windows:
Note that the alert for IE Helper will keep coming back but the second time WinPatrol received the response, the program will block the next time it tries to add itself. By blocking the above modifications or additions in Windows, the toolbar and search page will fail to install. You can now proceed to use Add or Remove Programs to uninstall the Ask.com toolbar.
Scotty the Watchdog is the notification icon of WinPatrol that monitors not only changes in Windows, but it can also alert you of sneaky items that malware tried to add.
An example below is an alert when I executed a malware file that only a few antivirus programs have detected:
WinPatrol alerts of a new addition in the PC's startup items. If the antivirus failed to detect it, WinPatrol helps protect the computer from such malicious entries in Windows. However, some malware are sneaky because it keeps coming back. This type of infiltration can be removed using WinPatrol because the program will automatically block it since it keeps coming back.
If any file keeps coming back you block it using WinPatrol with the following steps:
- Open WinPatrol and click Active Tasks tab.
- Locate the file in question or other suspicious process e.g. niece.exe (from the above screenshot)
- Highlight the suspicious processes in Active Tasks tab and then the Kill Task button.
- Proceed by clicking the Startup Programs tab to remove the offending item.
- If removing the startup item will not help (this can happen if the malware will add itself again because malicious process is still running), right-click on the startup item and then click Delete File on Reboot.
- Restart the computer and then run an online scan using Eset Online Scanner or Housecall. You can also scan the computer using anti-malware scanner e.g. Malwarebytes, Hitman Pro, Norton Power Eraser or SUPERAntiSpyware.
Changes to Windows Update Settings
In this WinPatrol tutorial, you will learn that any changes to Windows Update settings are also monitored by WinPatrol. The changes on Windows Update can occur if there's malware on the computer, if the user change the settings or if a legitimate program or service by Microsoft modified the setting. Below is an example of an alert by WinPatrol on such changes:
WinPatrol Plus Feature: ActiveX Installation
The free edition of WinPatrol will only display the installed ActiveX in Windows but there's no option to manage existing ActiveX. Also, the real-time monitoring for ActiveX is not available in the free edition. WinPatrol PLUS edition, the licensed version of the program, allows the user to review and remove ActiveX.
ActiveX control is a small program that can be legitimate or malicious. If WinPatrol PLUS detects installation of ActiveX, you will see an alert:
There are security incidents where cyber criminals will install malware as ActiveX component or controls.
WinPatrol Plus Feature: Registry Monitoring
Another feature that you should learn how to use in WinPatrol program is the registry monitoring. Local computer policy or software policy and settings are stored in the registry of Windows. WinPatrol PLUS customers can take advantage of this feature by adding a new registry key to monitor or lock. Below are some of the default registry keys that WinPatrol will monitor or lock:
To use the registry monitoring, simply click the Add button and enter the registry key to protect or monitor. Example:
SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore – By adding this entry in WinPatrol PLUS, the System Restore will be monitored by the WinPatrol program. Next, add a name e.g. DisableSR as your description. Enter 0 as registry value and then select REG_DWORD as the value type by clicking from the drop-down menu.
You can choose to automatically lock so no alert will be displayed or unlock to receive an alert from WinPatrol. Another example is by preventing changes on Windows Security Center settings:
- Select HKEY_LOCAL_MACHINE as registry key
- Enter SOFTWARE\Microsoft\Security Center to protect
- Change Value Type to "REG_DWORD"
- Name: AntiVirusDisableNotify Value: 0
Repeat steps 1 to 3 and then use the value below for Firewall setting in Windows Security Center:
- Name: FirewallDisableNotify Value: 0
WinPatrol PLUS Feature: PLUS Database
WinPatrol keeps information about various files and processes, thus allowing paid users to view or learn about an item that WinPatrol has detected. There is also a search and context menu function in WinPatrol where users will simply right-click a file or enter keywords to search the database. The database will not only show the description of the file, but instead provide information whether it is "safe" or "required".
- Image credit: Screenshots taken by the author, courtesy of WinPatrol.
- Product version: WinPatrol v20.0.2011.2