Sandbox/HIPS/app for studying application behaviour

[toyo]

I need a application that allows me to run a program and study exactly what it does, what registry entries it writes, network connections, stuff like that, and give easy enough to analyse results. It would be nice to run these in a sandboxed mode. It would also be nice to not have to install this, even worse to let it run at startup and having to let it install new drivers. Should work on Win7x64.

Just let me know what ideas you have, thanks :)

[Bizarre™]

I suggest you do it in a virtual environment (e.g., VirtualBox, VMWare, etc.,).

As for programs, IIRC Total Uninstall records everything that is installed on a computer.

As for HIPS, I only know of COMODO, which IIRC has logs that tells what a program tried to modify.

I disabled COMODO's HIPS since I always run any program inside VirtualBox for safety precautions.

[majithia23]

you can try running --. Malware Defender

its a classic very strong HIPS application ..

this is what the developer puts about it --- " Recommended for a more in-depth understanding of computer system users "

the last time i ran the app ,

it was quite extensive in its details .

put the app to train mode and do what ever you would like to do and then it would monitor -

Real-Time File Changes

Processes Involved

Kernels

Hooks

Files

Registry .

you can then check the app main window or the log files to see for all the recent changes or logged items ..

,,, or just enable the balloon pop ups to instantly see , what all is being logged ,,,

dont know if this could help your purpose ...

[cruelsister]

Have you ever tried to upload to Sunbelt's sandbox? Don't know exactly how much info you need, but they will email you back with various changes made by the malware that you submit.

Sunbelt Sandbox

[toyo]

Thanks all; I'll take a look at Comodo and Malware Defender. I'm not (only) trying to see what malware does, normal programs interest me as well. It's mostly curiosity, but was prompted by Alcohol 120%, one of the variants kept escaping the firewall block I applied from Kaspersky and phoned home somehow, resulting in a deactivation. I want to see what the little bugger really does when I run it :P even if now I managed to make it work somehow.

Detailed logs/reports should be very nice :)

Comodo HIPS is not available as a single product? Only in Internet Security ?

[majithia23]

@Toyo

i insist you try out the Malware Defender .

i guess and think so ,

it should and will be able to solve your purpose ...

as i said before also ,

it is quite extensive in its reports and monitors all the stuff an app is doing in a system .

see the logs and the instant balloon pop ups in Malware Defender ..

even Comodo does that ,

but IMO , Malware Defender has a better GUI and simple clear monitoring reports ..

and yes it is available along with FW or the complete IS setup .

not as standalone ...

good luck ...

[tipo]

install sandboxie and buster sandbox analyzer. it will generate a log with every move of the malware ;) good luck!

[toyo]

@majithia23&tipo: no real Win 7 x64 compatibility for Malware Defender, nor Sandboxie...

Comodo is also out, I'm not installing a whole suite, I just want an (as light as possible) app that logs each move of a executed program, that's all.

I don't have much time now, but I'll try installing these anyway in a "Try&Decide" from Acronis True Image.

Malware Defender installs, but does not run and gives a error message bla bla. Sandboxie, no fixes for x64.