Good idea here. I might have a look myself.
NVT ERP keeps logs that record activity (thumbs). Great thing is it catches all command-line operatiors. If LastActivityView does that too it would be great. ERP stores the logs in the Program Data folder by default. I have them going all the way back to Jan LOL. I should thank you for reminding me to clean out the folder.
At any rate, you could search the logs for dates and times and process names for some bit of forensics. As for real low down forensics I guess there is nothing like having the file that started the malware episode. Still, if you know anything about what the malware is using in Windows that should help. Oh yeah, check autoruns and scheduled tasks to make sure there isn't anything strange there. That might point you to a file someplace on the system.
Really simple default-deny. The caveat of the program is that you can designate vulnerable processes, which will cause an alert every time anything invokes them. Also, like VoodooShield, command-line operations can be whitelisted and are logged.
Because it's only the one deny, it's flimsy on its own. VS has the cloud and aI, but ERP is for me mostly a good look at command lines when they run and then a heads up on vulnerables. Also a good program to use to default block something if part of a program bothers you or something. It's super light and very cleanly written if you ever want to take a look.
Actually, I did think of something else just now. The logging occurs even with protection off, so that might be something someone would like.
