Exe Watch alerts you when new executable files are discovered - gHacks Tech News

Exe Watch alerts you when new executable files are discovered

One of the things that you can do to improve security on your system is to keep an eye on files that could be malicious.

While it is certainly possible to keep track of all new files and file modifications on a system, it is usually too time consuming of a task to be a viable solution.

Another option is to limit the monitoring to select folders or locations only. While that takes less time it is also not nearly as accurate as monitoring all of a system.

Exe Watch is a lightweight portable application for the Windows operating system that monitors executable files in any folder, and on external devices that get connected to the system.

What it does basically is to monitor storage locations for new executable files. If it finds any it alerts the user so that the newly detected file can be inspected more closely.

exe watch

All you have to do is download the program and run it after it has been downloaded. It sits quietly in the system tray area from then on out monitoring the system in the background.

The program supports four file extensions at the time of writing: exe, jar, bat and com.

The system tray icon flashes when it detects a new executable file, and a double-click on its icon displays the informational prompt that you see on the screenshot above.

Here you are notified about the file location and name on the system.

These can be copied to the clipboard if the need arises. What the program does not offer is to open the folder a file was detected in which means that you need to do that manually.

A right-click on the program's system tray icon displays additional options. You can open a history log file for instance which lists all detections and opens in the default plain text editor on the system when you select that option.

This can be useful if you want to check previous hits, for instance if you have been away from the PC or if too many files were detected in a short period of time.

Here you can also enable the application's autostart feature so that it is started when you boot the PC and a Panic Mode. There is unfortunately no information about what it is for though.

Conclusion

Exe Watch is a lightweight application that can improve the security of Windows systems. While it requires that someone is paying attention to the screen, it can highlight newly added executable files easily.

A manual of sorts containing information about the program's functionality, an option to blacklist folders and an option to modify the monitored file extensions would be very useful and improve it further.

Summary
software image
Author Rating
1star1star1star1stargray
no rating based on 0 votes
Software Name
Exe Watch
Operating System
Windows
Landing Page




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Graham said on September 18, 2014 at 8:39 pm
      Reply

      Does it tell you if an EXE has been replaced by a newer version, or just if a new EXE that didn’t exist before shows up?

      1. Martin Brinkmann said on September 18, 2014 at 8:42 pm
        Reply

        I think it only catches new executable files.

    2. Oxa said on September 18, 2014 at 10:14 pm
      Reply

      You’ve been posting info about a lot of programs that monitor this and that on our computers. While I appreciate the help in keeping my computer secure, I’d like some insight on the burden this imposes on computer resources and speed. Also, how much do such programs duplicate a good HIPS program?

      1. Martin Brinkmann said on September 18, 2014 at 11:14 pm
        Reply

        It depends. This program uses about 2 Megabyte of memory when running which is not a lot. About the HIPS programs, it depends as well on the programs that you compare. Considering that this one is just 2 MB of memory, it is not really something that is getting in the way I guess.

    3. Steven Abeyta said on September 19, 2014 at 5:28 am
      Reply

      Thanks, Martin!

      I wonder if this would have done me some good a while back when torrenting a rar file that upon extracting it installed a handful of programs, browser add-ons and the like. Given I have a bad habit of reformatting and distro-hopping I took the risk. Ha-ha.

      Anyway, the internet would not be the same without Ghacks. Thank you.

      1. Martin Brinkmann said on September 19, 2014 at 8:37 am
        Reply

        Well it would have warned you about the new files but not blocked them from landing on your system. For these cases, it is better to have antivirus software running in the background all the time.

      2. elmore said on September 21, 2014 at 12:00 am
        Reply

        something like EXE Radar Pro from NoVirusThanks is a better option there but its heavier on the system.

      3. Pants said on September 21, 2014 at 11:06 am
        Reply

        Excuse my ignorance, but how can simply unpacking an archive execute code? Was it a self-extracting rar?

    4. Guest said on September 20, 2014 at 12:27 am
      Reply

      It only warns, doesn’t block? Just install Online Armor and be done with it.

    5. conan said on September 21, 2014 at 8:35 am
      Reply

      I’ve used the program before. Panic mode basically renames all newly created .exe files and removes the .exe extension.

      1. Martin Brinkmann said on September 21, 2014 at 8:39 am
        Reply

        Now that is interesting, thanks for letting us know.

    6. Pants said on September 21, 2014 at 11:27 am
      Reply

      I ran this for a couple of days – interesting to see what it discovered. Didn’t do any installs or download any exes, or do any portable updates. These were the only two items that came up

      19-09-2014 14:36 — D:\Portable\Internet\Chrome\Data\profile\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\K9SWTPTQ\macromedia.com
      19-09-2014 16:18 — C:\Users\username\AppData\Local\Temp\$$$$$_epCheck_temp\7za.exe
      21-09-2014 21:19 — C:\Users\username\AppData\Local\Temp\procexp64.exe

      uTorrent portable also downloads an exe update even if you don’t friggin want it – but its not on this list, probably because there wasn’t one to DL in the last few days

      D:\Portable\Internet\uTorrent\App\uTorrent\updates\3.4.1_30740.exe

      I think I’ll keep running it for a few weeks and report back on all the portable stuff :)

      Note: I use several USB sticks several times a day – and every single one is “locked” by ExeWatch (i.e, safely remove hardware fails). Personally, I know nothing else is using the stick, so I just yank it. But with my big externals/archives, this becomes a PITA. Would be nice if it had an option to only check local and/or network/mapped drives

    7. CHEF-KOCH said on September 22, 2014 at 11:32 am
      Reply

      You does not need such software, ProcessHacker already include such future. Right click on the tray icon – notifications – [your choice]. It also can “alert” you if a new driver starts or stops, a process gets terminated and so on.

      Doesn’t make any sense to watch .exe processes in generally, that doesn’t prevent any malware since the executable only loads the more important drivers/.dll files. A .vbs/.bat or whatever can also do such calls which means to watch only executable not preventing anything from been executed.

      All av’s I know also watch (and deep inspecting) all executables. If you use such product you definitely not need that or if you use a sandboxie.

      Conclusion:
      Useless to watch single processes if nothing gets blocked or a newbie user doesn’t know if it really infect your pc, and of course it doesn’t protect you against data leaks.

      1. Tomiusz said on September 22, 2014 at 3:00 pm
        Reply

        You seem to be misunderstanding this. This tool is not watching processes, but executable file creation. I don’t think Process Hacker can do this.

    8. jhappnd said on February 22, 2015 at 4:21 pm
      Reply

      Someone explain what just happened http://imgur.com/LWSREgB ?

      Some of the processes have “sssssssssssss” appended as a command line parameter.

    Leave a Reply