Content

GFI LANguard System Integrity Monitor

GFI LANguard System Integrity Monitor (SIM) detects whether files have been changed on a Windows 2000/XP system. It identifies exactly which files have been changed, making it easy to restore the system to its original state, although it does not provide any utility for automatic recovery - you have to have secured original copies of these files elsewhere.

SIM may be configured to watch any files of your choice, including operating system files. It works by computing an MD5 checksum for each file to be monitored. These checksums are then stored in a database for comparison with checksums generated later. MD5 checksums are computed again at scheduled intervals and compared with the stored values.

If a changed file is detected, an email is sent automatically to the system administrator. Besides scanning individual files, it can also be configured to scan folders, in which case it can scan the folder and all its contents for changes and/or detect added, deleted, or renamed files.

Installation is straightforward and creates a default scan job, which monitors key Windows system files. This default job may be modified in any way to suit your particular requirements, including customising the email alert message, changing the schedule, and selecting more files to be watched. You can also create other (multiple) scan jobs, each with a different schedule. Each scan job can be configured to send email alerts to different administrators, if required.

The alerts give full details of the change detected - it is not necessary to refer to a system log to obtain all the information required to reverse the unauthorised changes made. However, SIM itself is tamperproof because it also logs all changes to an undeletable file called the Windows Security Event Log, which is available for later analysis. For this purpose, integration is provided with GFI LANguard Security Event Log Monitor (SELM), which is an optional extra-cost program for managing multiple installations of SIM centrally. SELM also categorizes the changes detected by how serious they are. It has some additional functionality that detects failed unauthorized access attempts, admin logons outside normal hours and other suspicious activity.

Product title
GFI LANguard System Integrity Monitor
Product info
Name: GFI LANguard System Integrity Monitor (Web Security group test) Description: Price: Freeware
Strength
Freeware.
Weakness
Supports only Windows 2000/XP, and does not actively prevent changes.
Verdict
A good basic tool for monitoring and alerting on unauthorized changes to selected files.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.