The MS XP Change Analysis Tool creates a list of recent key changes that have been made to a given system. Important things such as new programs, OS updates and drivers.

Scott Fendley notes some false positive to be aware of:

…some software packages appear to make changes in more places then I even knew was occurring. For example, Symantec Antivirus Corporate Edition changes the path to certain driver files with virus definition updates. These will be reported as:

Changed from “\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070326.020\navex15.sys” to “\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070327.019\navex15.sys”

Adobe Acrobat apparently also makes regular modifications to the startup folder for its Speed Launcher program.

It could be useful to troubleshoot your own XP machine, or someone you’re trying to help out. Another tool to add to your security utility belt. It can be downloaded here [via SANS ]

This entry was posted on Tuesday, March 27th, 2007 at 10:16 pm by Anil Polat and is filed under software. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.