How do Antiviruses such as AVG detect files accessed by specific programs such as explorer.exe?
How can this monitoring of which process accessing which files be done in VB.NET?
Asked
Active
Viewed 412 times
0
-
My bet is on file system drivers, and I doubt that VB.Net would be fast enough to implement them (even if possible at all). – SJuan76 Jun 24 '13 at 10:44
-
common this was pure programming question !! it shouldn't be on hold !!!!! – Ali Jun 27 '13 at 05:27
1 Answers
2
Yes, FileSystemWatcher springs to mind.
With further API calls, you could theoretically write your own AV tool and hook into all file access. But this probably only deasible with C/C++.
You could turn on File System Auditing and use VB.Net to parse the torrent of events in the Audit Event Log.
-
Doesn't file system watcher only monitor files created/renamed, not files accessed by a specific process. – user2514562 Jun 24 '13 at 10:53
-
@user2514562, that is true. If you need to know what changed the file FSW is not enough. – Jodrell Jun 24 '13 at 11:05