Many readers are very interested in System Safety Monitor (hereinafter referred to as SSM). It is a Russian-made system monitoring software that protects system security by monitoring system-specific files (such as the registry) and applications. In some features, it is more powerful than the Winpatrol we introduced earlier. After installing and starting (you may need to manually run SysSafe.exe in the installation directory) SSM, click the Close this Windows item in the pop-up LOGO window to close the window. At this point the SSM has started and started monitoring, we can see the software icon in the system tray. SSM protects your Windows personally
Since SSM calls itself System Safety Monitor, it is necessary to look at SSM's masterpiece. Tips Let it start with Windows Only let the SSM start up at any time to monitor and defend the security of the system, so set it up to automatically start with Windows. Right-click on the software icon in the system tray, select Preferences, open the System Safety Monitor - Preferences window, and click on the Options tab. Confirm that the left side is selected as General, then modify the right SSM Startup mode item to Start automatically as aservice (see Figure 1). 1. Turn on SSM monitoring Step 1: Open the System Safety Monitor - Preferences window and click on the Plugins tab. Step 2: Confirm that the Enable Plugins item has been checked, then the SSM can be on the Start Menu (Startup Group in the Start menu), Services (Loaded System Services), Registry (Registry Startup) INI Files (system INI files) and IExplore (IE) implement comprehensive monitoring (see Figure 2). 2. Add monitoring items arbitrarily
Compared to Winpatrol, which we strongly recommend before, SSM is better than "custom", for example, let SSM monitor the "default" key in [HKEY_CLASSES_ROOT\\.abs] in a registry. The key value changes can be added manually. The first step: also under the Plugins tab, select Registry→Configuration on the right side of the window. Step 2: Right-click in the right pane, select Add new item, enter HKEY_CLASSES_ROOT\\.abr in the Path of the pop-up window, enter "Default" in Name, and enter "Default" in Value. For the key-value, Photoshop.BrushesFile, select 0 String under Value type. Step 3: After the setting is completed, when the key value is modified, the SSM will pop up a warning window (see Figure 3), press the F2 key to prevent the modification, and press the F3 key to agree to the modification. This has been done for a key-value change, and it is easier to solve for those network viruses. The author used the "security thief" and other viruses to test SSM, it can easily deal with. Powerful program monitoring Another powerful and useful monitoring of SSM is application monitoring, which monitors every step of the program's opening process. And no matter how the program is opened, whether it is a user double-click to open directly, or indirectly opened by other programs, or even an error program (including viruses) that is silently executed due to system vulnerabilities, regardless of the format of the program. (EXE/DLL, etc.), SSM will report the user as soon as it finds that a new program is opened, and finally the user decides whether the program is running. 1. Practical SSM program monitoring Now many software installation programs, while installing software for users, will also "default" to install some things that users do not need (advertising/plugins, etc.). Once you install this software, you can "catch up" the hard drive without knowing it. At this time, SSM can play an interception role. By default, SSM does not enable program monitoring. It needs to be opened by the user. The method is very simple. Just right click on the software icon in the system tray and select Watch App Activity. The author then runs the software containing the ad plugin, such as "QQ Auto Chat". In addition to the original program during installation, SSM prompts that there is a new program to run (see Figure 4). Here, SSM's program monitoring provides five different options for program opening. The corresponding shortcut keys are F1 to F5, each of which has its meaning: F1 is "always allowed", F2 is "always blocked", F3 is "only allows system administrators, does not include other users", F4 It is "Allow only this time" (the default option), and F5 is "only block this time", and here naturally you have to press F2 or F5. After that, the installation continues, but the ad plugin appears again, and naturally it can be intercepted using the same method. If it is a virus, SSM is also unambiguous: I also like to download e-books when I am free. But what if the downloaded e-book is entrained with a virus and the anti-virus software is not detected? It doesn't matter, there is SSM. Some time ago, the author downloaded the e-book in EXE format from the Internet. After opening the e-book, SSM program monitoring naturally requested the user to choose. Because it is to read the book, it is to choose F1, F3 or F4, but it is surprising. The SSM warning pops up again, and the program is running. The book is open. Naturally, there is a problem. Press F2 or F5 to stop the operation. After analysis, I found out that this e-book used a shelling process and was bound with a virus. Although it bypassed the virus, the SSM never let you down. Tips Click the Scan item in the interface shown in Figure 4 to start the anti-virus software to kill the program. But be careful to first set up the anti-virus software directory in SSM, otherwise, Locate will be displayed here. The anti-virus software setting method is as follows: Open the System Safety Monitor - Preferences window, click the Options item, click Misc on the left side of the window, and then set it in Antivirus on the right side of the window (see Figure 5). 2. Adding modified application rules If you want to set different rules for different programs, you can make detailed settings in SSM. Step 1: Open the System Safety Monitor - Preferences window and click on the Application Rules tab. Step 2: Here is a list of all running programs, and then changing the Rule's default Allowed(F3) to Blocked(F2) will prevent the program from running. Step 3: Double-click the program to open the advanced rule settings window for the program. You can further set whether the program can be called by other software or call other software (see Figure 6). Tips
SSM is outside the monitoring ★ "Blacklist" function: If you do not want others to use your MSN Messenger and Outlook Express, you can open the System Safety Monitor - Preferences window, click the Filters item under the Windows tab, add "MSN" Messenger (without quotes) and "Inbox - Outlook Express" (without quotes), right click on the system tray SSM icon and check the Filter Windows captions item. These two programs disappear as soon as they are opened. You can fill in the title bar of other program windows according to your needs. ★ Export configuration file: Click Save current config file as under the Service tab in the System Safety Monitor - Preferences window to back up your configuration file for upgrade or reinstallation.