How to monitor active files?

[LanguidLegend]

Hi everyone!
So I've been wondering, is there any way of monitoring what files (be they DLL, EXE, etc.) are currently being read from/accessed on an installation CD during an install process?

 

[KSoD]

In Windows XP yes. They were displayed at the bottom during the install process. Since Windows Vista, no. They have removed the display and there is no way to have it display.

 

[lasvegascomputer]

Depending on your anti virus (I USE ESET NOD32) I can actually watch it scan in real time the new files.. So in essence I could look at the antivirus program and see what files it has just scanned and their location.. As for real time where it's installing I don't know of anything off the top of my head.

 

[KSoD]

Depending on your anti virus (I USE ESET NOD32) I can actually watch it scan in real time the new files.. So in essence I could look at the antivirus program and see what files it has just scanned and their location.. As for real time where it's installing I don't know of anything off the top of my head.

The poster was asking about during the install process, not just software like an anti-virus. Yes most AV's will give you the files they are scanning, but it isnt the same as knowing which files are being installed during the install process of Windows or that specific application.

 

[LanguidLegend]

Thanks for your responses everyone.

In Windows XP yes. They were displayed at the bottom during the install process. Since Windows Vista, no. They have removed the display and there is no way to have it display.

So there is no third-party program/application that can display the files/activity? I mean just as lasvegas mentioned, virus programs are able to actively monitor files that are introduced into the system for viruses, so then why can it not just be displayed?

 

[KSoD]

The install process is coded in such a way by Microsoft to not display this material anymore. There is no way to force it to be displayed anymore. That is something that Microsoft did and there is no legal way around it.

 

[office politics]

this may help

Process Monitor

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

 

[carnageX]

You can kind of do it with Process Monitor from Sysinternals:
Process Explorer

Go to Filter > Filter.. > under "Display entries matching" pick "Path" > under "these conditions" pick "Begins with" > in the text box, type in: D:\ (or whatever letter your disc drive is) > make sure "Include" is selected > click "Add" > click OK.

Should be showing you only active items from your disc drive now; if you want, you can go to Filter > "Enabled advanced output" to make sure you have everything. Also, make sure autoscroll is enabled (4th button on the toolbar) so things scroll.

After you're done, you can save the log it has generated if you wish.

 

[LanguidLegend]

Oh nice, thanks I'll check it out!

 

[carnageX]

No problem, good luck.