Once installed you need to reboot your system to be able to run the software, you notice a green icon with an S inside in your system tray once you’ve restarted the system. Double-clicking that icon opens the program in process viewer mode. It displays all running processes on your system and you will have to define some rules here. Right-clicking an entry makes it possible to block, allow or terminate a process as well as to take a look at the processes properties and modules.

Switching to the applications tab displays a list of applications that are allowed and it is easy to add applications that are blocked or allowed. The default list contains few applications and you might want to add the most commonly used ones on your system.

You have some pretty advanced possibilities in this tab, you can take a look at special permissions for those applications that allow you define in detail what the application may do and what it may not do on your system, some interesting ones are:

• allow process suspending and termination
• allow driver installation
• allow shutdown system
• allow global hooks
• allow remote code control
• allow remote data modification

Possible properties depend on the type of file (application, library, system). You could for example add a setting that disallows everyone to terminate your firewall which would include you, the system admin unless you change the setting in system safety monitor. Allowed values are : allow, disallow and ? for asking the user everytime this action should be performed.

On the Modules tab of the main program window you can configure auxiliary modules which track out changes of important operating system settings Every module has a number of configuration settings, where you can select what system settings the module will track and what actions will be performed if these settings are changed. The Registry and INI-Files modules have additional configuration section – Information, where the names and values of the appropriate tracked settings are displayed. In the Information section of the Registry and INI-Files modules you can modify real values in the Registry and INI-files.

Last but not least you have a large options tab which regulates when and how system safety monitor will be started, the logging of events, highlighting colors, hot keys, a master password and many more. It is just to much to write about every setting, everything seems highly configurable.

System Safety monitor 2 is also available as a commercial version, if you want to know about the differences between those versions check out the product page and scroll down to the bottom of that screen.

Read More:

System Safety Monitor

features:

SSM keeps track of the activity of all applications already started or being started and allows you to control:
-which application can be started;
-which child application can be started by a selected one;
-which parent applications are allowed to start a selected one;
-whether a selected application is allowed to start if it was modified;
-whether a selected application is allowed to install a driver;
-whether a selected application is allowed to perform code-injection or DLL-injection;
-create/terminate a process (application);
-suspend a process and resume it afterwards;
-watch the list of DLLs loaded by a selected application.

Tracking and blocking changes in the following important operating system parts:
-Windows registry;
-drivers and services state;
-INI-files;
-”Startup” item of Start menu;
-Microsoft Internet Explorer settings.

Window management:
-watches running applications windows;
-runs “black list” of applications windows, closes “unwanted” applications windows automatically;
-browses the list of applications windows created in the system;
-shows invisible applications windows, hides visible ones, enables user input for “locked down” applications windows.

System Safety Monitor Version 2.3

System Safety Monitor 2 beta version was released in 2005. It originally started as a behavior blocker project for home users in 2002. Syssafety Company purchased the software in April 2005 and released the aforementioned beta series in September. The latest freeware version 2.3 has been released and is similar to the previous version yet features some interesting upgrades. It still offers process filtering along with parent-child control of processes. Specific rules can be applied to mediate the start of a process by another process at a particular instance.

System Safety Monitor (SSM) 2.3 continues to be effective against spyware, adware, rootkits, Trojans, keyloggers, dialers, hijackers, and surveillance software. This is conditional on proper user response to the prompts, so beginners take note.

This is a screenshot of the latest version. From this GUI, you can set specific preferences as needed. SSM is a Host Based Intrusion Prevention System designed to protect operating systems from both known and unknown malware including “zero-day” attacks, something that antivirus software updates will not do. SSM will monitor all programs and prevent malware attacks or any suspicious actions.

The new GUI design features a Learning mode to assist with proper configuration. SSM 2.3 is compatible with most anti-malware security suites, though you may want to check just to be sure. SSM 2.3 works at the Windows Kernel level, monitoring in real-time and includes the following features, all of which have been updated:

• Malware and Rootkit Installation
• Driver Loading
• Program Execution
• NT Services Installation and State Change
• Program State and Memory Modification
• Thread and Process Suspension and Termination
• Direct Physical Memory Access
• Low Level Disk Access
• Low level keyboard access (anti-keylogger protection)
• Global Hooks Installation
• System Registry Modification
• Window Opening
• Startup Menu Modification (a definite plus for improving startup speed)

Now the question is: What is new in version 2.3? As stated, the existing features have been updated and the software is easier for beginners to use with the Learning mode feature. New additions include the following:

• New Log Viewer
• Added protection against DirectInput based logging (a recently developed keylogging method)
• New application setting: “Registry access” on application Registry tab (unrestricted access / Checked access / Read Only access)

DirectInput is part of a Microsoft API and it collects input from the user. This input is collected form input devices such as the mouse, game controllers and the keyboard. All data input through these devices is stored for to provide a system for action mapping. Action mapping enables the user to designate particular actions through a particular sequence of inputs from any given device. This data can be recalled easily. Keyloggers that use DirectInput logging are able to extract this data. This means that anything you do with your mouse or keyboard will be recorded and can be stolen. The protection included in SSM prevents this.

Additional improvements and general debugging have been included as well. This new version of SSM has all of the features of the previous version and boasts added protection against new malware innovations.