Patriot NG is a free host IDS (intrusion detection system) tool which offers you real time monitoring of your Windows operating system and network. It is suitable for users of Windows XP, Vista and 7 in both 32 bit and 64 bit flavours.
Patriot NG offers monitoring of the following:
- changes to registry keys
- new files being added to Startup directories
- new users being added
- newly installed services
- changes to the Hosts file
- new scheduled jobs
- new hidden windows
- installation of new drivers
- new Netbios shares
- new executables, new DLLs
- new hosts in your network
Overall it is a great tool for catching zero day threats as it utilises software behaviour rather than signature files to detect if files and other items are being changed by malware.
Getting started with Patriot NG
Before you can get going with Patriot NG you will need to install WinPcap for Windows which is a quick and simple affair.
After installing that you will need to go to the Patriot NG download page from which you will then decide which version of the tool you will download. Basically, you need to choose between the 32 or 64 bit version for Windows:
After clicking on the appropriate link you will download the zipped setup file. Unzip this and remember where you save it to.
Navigate to where you saved the unzipped setup file and double click on it in order to install Patriot NG.
Once the installation has run you will notice that the program doesn’t create a desktop icon so you will need to find it’s icon, just to the left of where the clock is. Right click on this to open up a little menu which gives you the options of:
- Control Panel
- Update NIDS rules
You can choose the Control Panel at this time to see all of the options that are available to you. Click to put a tick next to everything that you want Patriot NG to monitor for you:
Testing Patriot NG
As I mentioned at the beginning, Patriot NG monitors a large number of things for you. Here I test just one facet: New Users in the System.
So, what I did was I went into Control Panel > User Accounts and Family Safety > Add or remover User Accounts and created a new account called Test as you can see below:
A couple of seconds after doing so Patriot NG flashed up an alert box telling me exactly what had just happened:
I clicked on YES to resolve the problem…
As you can see, returning to the account list shows that Patriot NG has removed the Test account so all is good.
Visit the Patriot NG download page to try it yourself.