Answer the question
In order to leave comments, you need to log in
How to track changes in the system after installing the program?
I want to install a "heavy" program on my computer. How can I find out what changes were made on the computer during installation? I would like to find a program (or several) that could give me a report on the following questions:
- what entries were made in the register;
- what files and directories were created on the disk;
- what files are added to autoload;
- how much disk space the newly installed program files have taken in all possible places.
Or maybe the means of Windows 7 itself can find out this information?
Answer the question
In order to leave comments, you need to log in
I think this is what is needed.
technet.microsoft.com/en-us/sysinternals/bb896645.aspx
en.wikipedia.org/wiki/Process_Monitor
There is a special SysTracer utility specifically designed to track changes in the system by comparing two "system snapshots" - before and after. As a result, we get data presented in a convenient form on changes in the three categories “Registry”, “Files”, “Other settings” (n / a group policies, system utilities trace aka netsh)
(Honestly, I’ll tell you that it doesn’t collect everything, although in most cases it is enough)
And if you are “fighting the defense of evil”, then some tricks are used there that cannot be set on fire with an ordinary trace :)
Otherwise, everything would be very simple, in this case, the most useful tool, in which I support member l0calh0st ,
this is Process Monitorfrom Sysinternals is exactly what you need. (These guys use, apparently, some undocumented features, Mark Russinovich knows a lot :) ) And it is extremely difficult to hide any movements from this utility, if it is configured correctly. (Although it's possible, I know how, but I won't tell you - because it's not her)
PS: The only thing is to carefully read the documentation regarding filtering, since Process Monitor by default logs all events. First of all, you need to target it to the installer process ID, as well as (if it is not used during the installation process, disable the network dump, there is a lot of “garbage” in it that makes it hard to figure it out).
Ashampoo UnInstaller is a special utility for tracking the installation of programs and cleaning up the remaining garbage from them.
The monitor process from Sysinternals is not suitable for this purpose. it only logs the actions of the program and gives a stupidly raw list of actions at the output.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question