You do not really see what is going on in the background when you install a program on a Windows PC or execute an application on it. The only indication that something is happening is if the RAM or CPU usage spikes in the Task Manager, if the program displays a dialog with files that it writes to the system, or if you hear your hard drive loud and clear.
It is usually not an issue, especially not if you are installing a popular program such as Firefox, 7-Zip or WinSCP on your system. But what about a newly discovered program that does not have a high reputation yet? What if you need to be sure that a program does not sneak in anything maliciously on installation, before you deploy it on a company network or customer PCs?
The only real option in this case is the monitoring of the installation or program execution process. Programs like Process Monitor or the ancient InCtrl5 do so for you, and so does the new Phrozen Windows Files Monitor.
Update: The program is no longer offered on the developer website. We have uploaded the latest version of it to our own server for archiving purposes. Please note that we don't support it in any way. You can download it with a click on the following link: Windows File Monitor
What you need to know right at the beginning is that the program records file changes on the system, but ignores the Windows Registry. If you need to monitor Windows Registry changes as well, try and run a program like Primo in addition to this one.
The program won't monitor anything right on start, and you have to click on the record button to start the recording. The idea here is to only record data when it is necessary and not all the time, as you'd amass a large amount of data in short time.
If you want the program to record at all times, change the preference that lets you do so in the program settings. When done, it will start recording right after it has been started on your system.
Tip: If you use the program for on and off recording, you may want to disable the feature that clears the information when you stop the recording. This can be done in the options too.
Information are displayed in a tree-style view that displays all modified files in the folder structure of the hard drive. This improves the usability quite a bit. Some events are highlighted: deletions are displayed in red for example, while file creations in green.
You can switch to a list view instead, which appears to use a chronological list of all changes on the system.
Recorded information can be saved as text files to the local system, so that they can be accessed again at a later point in time.
The program preferences offer additional features that you may want to go through on first start. Here you can browse the list of events that the software captures by default, and disable events that you are not interested in.
The extensions and folders menu provides you with the means to monitor only select extensions, e.g. executable files and not all file types, and to add paths that you do not want captured to the ignore list so that changes made to them won't appear in the main program window. Here you can also disable the monitoring of connected drives.
Phrozen Windows Files Monitor records file changes on Windows systems. The big thing that is keeping it back is the lack of Registry recording, as it plays a big part in most software installations on Windows. The program could use a couple of extra features, like auto saving logs, a search option, or the option to open a file or the folder containing it right from the program interface.
There is room for improvement, but since this is the first version of the application, it is likely that at least some of the missing changes will be added in future updates.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.