none
Process Monitor is not working ??!! RRS feed

  • Question

  • using Process Monitor i am trying  to inspect some of the Anti Virus Behaviour but i don't get anything. 

    I am trying to get where they create Reg Key, query Such and so on and so forth. 

    If you could give me an example. 

    I wanna look where NDIS filter driver is being installed in Registry. 

    Thanks 


    Sunday, January 17, 2016 12:10 PM

All replies

  • There is no such thing as "NDIS firewall" in modern Windows. There are NDIS filter drivers - LWF and IM, and WFP callout drivers.

    If other companies advertise their stuff as "NDIS firewall", ask them what they mean by it.

    -- pa


    • Edited by Pavel A Sunday, January 17, 2016 1:21 PM
    Sunday, January 17, 2016 1:19 PM
  • There is no such thing as "NDIS firewall" in modern Windows. There are NDIS filter drivers - LWF and IM, and WFP callout drivers.

    If other companies advertise their stuff as "NDIS firewall", ask them what they mean by it.

    -- pa


    I mean that too. but it slept out. now do you have solution for actual question ?
    Sunday, January 17, 2016 1:24 PM
  • No, sorry, I don't have solution for your issue. There are proven and documented ways to install stuff, that's all I know. If these documented ways do not work for you, let's discuss. Otherwise I don't know.

    -- pa


    • Edited by Pavel A Sunday, January 17, 2016 2:17 PM
    Sunday, January 17, 2016 2:05 PM
  • No, sorry, I don't have solution for your issue. There are proven and documented ways to install stuff, that's all I know. If these documented ways do not work for you, let's discuss. Otherwise I don't know.

    -- pa


    Can you provide me some documentation ad real life example.
    Sunday, January 17, 2016 2:21 PM
  • But we already were at it. Documentation is in MSDN, LWF example is here, WPF example is here (+ more here).  

    --pa

    Sunday, January 17, 2016 3:02 PM
  • But we already were at it. Documentation is in MSDN, LWF example is here, WPF example is here (+ more here).  

    --pa

    look i have already studied the driver samples.my question was to see a driver in real life anti virus in action.

    That's why i passionate with process monitor .

    Sunday, January 17, 2016 3:29 PM
  • Frankly I don't really understand now what you want to find. If this is where goes registry stuff of 3rd party filters (why??) then install one of the samples and put some unique string in the INF. Then search it in the registry.

    If you want to see a filter driver in action fighting live viruses, get a security consultant and ask to show you a demo on a known product.

    -- pa

    Sunday, January 17, 2016 4:27 PM
  • No not Live viruses. live performances of software and i do believe People here are much experience to solve my problem. 
    Monday, January 18, 2016 2:44 AM