Having just an antivirus installed on your computer does not mean that Windows you use is completely safe. Sometimes, more drastic solutions are required. One of these is to monitor your system with the Windows System State Monitor.
Every time an application is installed on your computer, it will make some changes to your system so it can run perfectly along with the other components or programs that are already there. Some applications can have a huge impact on their functionality and stability, which can lead to a total failure, and this is a scenario that an antivirus has no chance of protecting you.
However, it is possible to take snapshots of your computer configuration at the points where you feel it is stable, and then compare them to newer snapshots to see what changes were made and where.
There is no pre-installed Windows feature to handle this scenario, but there is an additional utility developed by Microsoft. Needless to say, there are some alternatives to third-party applications that we will see below how they can be used.
The Microsoft solution
Microsoft's solution is an application called Windows System State Monitor and is capable of monitoring certain areas of your computer, such as file system, registry, services, and drivers. As soon as tracking begins, all changes are detected and you can prevent any suspicious programs from penetrating your computer.
Windows System State Monitor
The first thing you need to do is download the Windows application according to the architecture of your system. You can find the download links below.
Download WSS Monitor for systems X86 and for X64
Once you've installed the application, look for the Windows System State Monitor executable file and run it. A small window should appear showing the computer and username, the operating system, and the current date / time (the program also runs on Windows 10).
Depending on what you want to watch, you can select multiple areas. As mentioned above, a simple mouse click is enough to select or remove a selection from the list. When ready, press the Start Monitoring button.
All you have to do now is minimize the program and continue to work on your pc with what you did. Any changes to the selected domains will be monitored until you decide to stop tracking. Finally, you can click Create Report, get multiple logs, or even an HTML file to a custom location.
Note that every change in your computer is recorded only for the length of time it is tracked, so it's best to focus on a specific mission if you are looking to catch specific changes to your system.
Windows System State Analyzer
But within the package you previously downloaded except Windows System State Monitor is Windows System State Analyzer, which is used for the same purpose, but this is for snapshots. In other words, the analyzer is used to compare two snapshots taken at different times.
If you do not already have a snapshot of your computer, the first step is to get one. Do not hurry to press the Start button unless you want to analyze your entire system, which may take a long time.
From the Tools menu, scroll to Options. There, remove the table items you do not want to scan, or add the ones you want from the left panel. Press Apply and OK to confirm.
In the main window there is an option to select a snapshot according to its name for easy recognition, and can be pre-install, post-install, pre-config, post-config, post-initial run, uninstall, or even your own.
Press the Start button to take the snapshot. Then perform all the functions you need, and take another snapshot with the same options. When you have the two BIN files, load each one in the two panels in the main System State Analyzer window, and click Compare. Once the application processes your request, it will save the comparison log and automatically open it to your default viewer.
Note: The utility also has the ability to track what's being removed, in case you notice something missing. That is why it is good to have a snapshot of the whole system with the normal state operation of it so you can later compare it to the next ones.
Third-party alternatives
WinPatrol
Designed on a similar concept, this application approaches the situation more professionally. In other words, it can more easily track the areas of your system, while updating changes in real time, and also having the ability to take action on existing data.
Therefore, you can track programs at startup, startup delays, scheduled tasks, services, active tasks, cookies, file types, hidden files, recent, system registry, and more. To download, click on the download link below.
FolderChangesView
If you are interested in tracking only files, this small application is able to detect even the slightest change in your files. It allows you to select a folder for tracking, select the file types you want to exclude, and in the end you can get an event report. You can find the download link below.
Download FolderChangesView. And to see it in Greek download and this
In conclusion
We think it is best for everyone to be equipped with as many tools as possible than having a simple antivirus and / or an active firewall. Of course, these are not the only assurances of your system, there are plenty of goodies and tricks out there, but it is a decent monitoring and comparison solution.