A forum for reverse engineering, OS internals and malware analysis
The Windows agent does the following tasks:What the practical usefulness of user mode based agent? Or I miss something?
-Monitors the Windows event log on real time.
-Monitors IIS logs (Web, FTP, SMTP) and any other logs present on your
system (including Symantec Anti-Virus, MySQL, Apache, etc) on real time.
-Periodically checks the Windows Registry for changes.
-Periodically checks your Windows folders for changes.
-Periodically does policy verifications to make sure your system is
configured properly.
