Monitor changes to drives, files, and Windows Registry with FRSSystemWatch
FRSSystemWatch is a free program for Microsoft Windows devices to monitor entire drives, directories, files, or Registry keys for changes.
It can sometimes be important to make sure files or values in the Registry are not changed; maybe you want to make sure that web server files are not tampered with or that Windows or programs don't reset certain keys in the Registry.
You can use quite a few programs such as FileActivityWatch, Delete Extension Monitor, or Windows Files Monitor, and even built-in tools like the Windows Resource Monitor for that depending on your needs.
FRSSystemWatch
FRSSystemWatch is another program that you may use for the job. The program can monitor any drive, folder, or individual file on any connected storage device, and Registry keys.
You need to install the program before it can be used; installation is straightforward and should not take long. Compatibility-wise, it is compatible with Windows 7 and newer versions of Windows and is offered as a 32-bit and 64-bit version on the website of the developer.
The program monitors the c: drive automatically when you start it for the first time. Updates happen in real-time and data is displayed in a log-like format within the application interface.
Each entry is listed with date and time, an icon that indicates file, folder or Registry key activity, the path and name, and the action.
You may notice after some searching in the interface that there is no pause button available to stop the monitoring. The missing option to pause the monitoring is one of the shortcomings of FRSSystemWatch. It may not be an issue if you monitor very specific locations or files, but if you monitor an entire drive, new entries get added very frequently to the log which makes it difficult to near-impossible to analyze what is going on.
The only option that you have is to select Watch > Remove Monitor. The second shortcoming is that doing so removes the entire log. If you have not copied the data beforehand it is lost as the program does not save the data automatically.
Speaking of issues; the program lacks proper export options. The only ways to save data are to either select it and use edit > copy to copy it to the Clipboard or to print it.
Now the good things. You can monitor multiple locations and it is easy enough to create new monitoring jobs. Just select Watch and then the desired type of monitoring to start it. The program remembers the locations and loads them on start automatically but it will start the monitoring anew and does not load any old records.
You can modify the interface quite a bit. Select Settings to adjust the font or color scheme used by the application in great detail.
FRSSystemWatch supports quite a few keyboard shortcuts that you may find handy. Use Ctrl-A to select the entire log and then Ctrl-C to copy it to the Clipboard. That's the fastest way to export the log but remember that you need to paste it somewhere unless you use a clipboard monitor such as CopyQ, Remembr, or Clipboard Help+Spell that remember what you copy to the Clipboard.
Closing Words
FRSSystemWatch is a handy but limited system monitor for Windows. While it may already be suitable for some uses, most users probably would like to see options to pause the monitoring, auto-export the log, or at least save log files manually to different formats.
Now You: Do you monitor your system?
+1 for Sysinternals Process Monitor.
Martin, this may be an excellent program, but does it have a future? I am leery of installing applications that have only one developer. Have you ever limited yourself because of this issure?
“I am leery of installing applications that have only one developer.”
Why? I’m honestly curious.
Second post for FRSSystemWatch.
After installation, I received this message:
The code execution cannot proceed because mfc100.dll was not found. Reinstalling the program may fix the problem.
My OS is Win 10 Pro 64-bit OS Build 17134.167 (US release).
Here’s a handy list of things to try to fix that: https://www.lifewire.com/how-to-fix-mfc100-dll-not-found-or-missing-errors-2623609
same here, had to uninstall
Thanks Martin for this freeware and have a good evening!
I’m a big fan of tripwire programs like this. Eliminating the ability to change/create/delete files and their contents without detection eliminates the vast majority of the methods that attackers can use.
process monitor from microsoft is way better than this.
https://docs.microsoft.com/en-us/sysinternals/downloads/procdump
Martin a question to you. You wrought on October 14, 2013 at 10:54 am as a reply
I like Registry Watcher: http://www.jacobsm.com/mjsoft.htm#rgwtchr
Do you still use this program or do you use another right now?
Registry Watcher is a great program.
Hm I took a look at Registry Watcher. It says it’s a hooker but it does not seem to hook the API to detect changes.
So it will run scans every 30s or so which leads to quite a lot of CPU used (3-5% in my case) for several seconds.
Not that impressed.