EXEWatch Can Log and Alert Appearance of New Executable File

Just few days back I wrote about NoVirusThanks EXE Radar that can alert and ask the user to allow or block execution of any executable that tries to run. Today I will write about another useful application called ExeWatch that alerts the user on every appearance executable file on local or external hard drives. So, unlike EXE Radar it alerts on appearance of executable file but not on its execution. An user can become aware of unwanted appearance of executable file which may be due to Drive-by-Download or infection of Trojan Downloader or worm. According to the developer Sven Faw

ExeWatch keeps a careful eye on your hard drives and will instantly alert (beep) you every time a new EXE file appears in any folder, on any fixed drive. Double-click the tray icon to view the details of the latest detections, if any. A solid and lightweight addition for the security-conscious power user.

Features & Specifications

Tiny executable (208 Kb), not digitally signed.
No installation, the software is portable.
On launch it shows a green bands splash in the screen in the Desktop.

Splash Alert upon Launch

It creates a tray icon.

Tray Icon with Menu

On detecting the appearance of any new executable it beeps and shows an orange bands splash in the Desktop. Also the tray icon blinks.

Executive file detection alert

Supports detection of .exe, .scr, .bat at the time of this post.
From Tray icon it shows the current detections list. Keyboard shortcut Win+S also brings it in front. This list gets erased if you exit the application.

Recent detection history

It also saves a log file [exewatch.txt] in the same folder where it is present. This list remains even if you exit the application.
It ran well in both 32 and 64 bit Windows from XP to Windows 7, while nothing is mentioned about the system requirement in the webpage.
The software consumes minimum resources.

Resource Usage

My Verdict

I love this tiny little application from the day it was introduced in Wilders Security. I had personal conversation with the developer via email. I found him helpful and is enthusiastic about feedback I gave to him. he have made some very quick updates to make the program very powerful yet non-intrusive.
I liked the fact that it can detect appearance of executable file, in whatever way you create that: it can be via extracting from an archive, downloading from internet, compiling & running a program and even if you change the extension of a file from .txt to.exe. Surprisingly if you give a folder name like folder.exe or folder.scr, you will get alerts. This is unusual because folders with such name is still a folder and not an executive file. (Update: Sven is kind enough to fix it already)

Some Wishlists:

Support more executable types. (I know he will make this change soon)
Make the alert look better. a tray pop-up would be great.
Ask before exit.
Option to auto-start.
A panic switch to block saving of new executable. This would be very useful when a trojan downloader or malware worm application download or create a large number of payloads.

Download

Currently the software is free but the developer appreciates donations. ExeWatch can be downloaded from the following link.

http://dre.tx0.org/exewatch.exe [latest version is 1.21]