Event Monitor Service

Product Overview

Event Monitor Svc is a service-only software application that monitors in real-time important system events to help in the detection of malware activity. It monitors for file creations, file deletions, PE files dropped to disk, created processes, loaded modules, loaded drivers and registry changes. Each event is logged to a file saving all important details, such as date/time, process name, parent process, filename and much more. This service version is specifically built for companies that want to install it on thousands of PCs, it has no GUI and it runs as a service in the background, thus supporting Standard User Account, Fast User Switching, Multi-Users etc. You can also create custom exclusion rules (supporting wildcards) to not log specific events.

The service can be configured via a INI file, it can also be passed as a parameter, where you can enable or disable the monitoring of specific events, specify which registry events to monitor, set the logs folder and the exclusions folder. The settings from the INI file are read in real-time, so you can for example, save the INI file in a shared folder with read-only attributes, and manage thousands of PCs from a single INI file. The service works on all versions of Microsoft Windows, from Windows Vista to Windows 10 32/64-bit and is very resource-friendly, it uses only a few MBs of memory.


Event Monitor Svc can be used in many ways to aid in the detection of suspicious or malware activity on a PC and simplify the work of Incident Response analysis. After creating a good list of safe events to exclude you can reduce the logs file size, reducing the work of analysts to detect suspicious activities. The events are saved in a readable way, you can easily integrate them on Splunk or SIEM systems. If you need to hide the log files to regular PC users, you can set the logs folder to +H (hidden) attribute and disable the option to show hidden files & folders or you can use ACL rules.

License Information

-Commercial License applies to all non-personal use of Event Monitor Service. This includes, but is not limited to: small and home businesses, large businesses and enterprises, schools and other educational organizations, churches and other religious organizations, and government institutions. 

-You understand and agree that you are licensing just the right to use Event Monitor Service within your organization. Use of unlicensed copies of Event Monitor Service is only permitted during evaluation by the IT department or a similar function within the organization.

-You should buy one license for every computer or system, on which you will install Event Monitor Service, within your organization. In case you install Event Monitor Service on two virtual machines, then you should buy two licenses. We consider a virtual machine as 1 computer\system.

-The 1 year subscription license means that you can use the software for 1 entire year starting from the datetime of when you made the purchase. After the subscription period is terminated, you should renew your subscription if you want to continue to use Event Monitor Service.

-Discounts are available starting from 5+ licenses. To request a custom quote for 50+ licenses please contact us via email. We can offer special prices for schools and universities.

-The payments and renewals are handled by FastSpring E-Commerce Platform. The price in USD and other currencies may vary according to Euro conversion rate. Please visit the online store to see the actual price. Please note, the price excludes VAT\IVA for European (EU) customers.

Additional Details

File Version
Last Updated 13 July 2017
Category Service-only Application
License Type Commercial
Operating System Windows Vista+ (32-bit / 64-bit)

Recent Changes and Fixes