<> **News** [APN] 2014/09/20: V3.2.2 released. See [http://windowstoolset.magicsplat.com] for details, downloads and source. See [http://windowstoolset.magicsplat.com/versionhistory.html] for a detailed list of changes since previous releases. **What is WiTS?** Windows Inspection Tool Set slices a running Windows system multiple ways, providing cross-linked, filtered views of Windows components. * View properties of processes, network connections, users, services and more in customizable tables * Navigate between objects via richly cross-linked views * Filter displayed items with flexible user defined filters * Focus on changing data with enhanced change display modes * Customize displayed information and layouts to focus on areas of interest. * Track and monitor resources and system activity such as process startup, network connections, logins and more with optional recording to disk * Filter and search for Windows events through an integrated view of Windows event logs * Quickly access functions via the taskbar and hotkeys Currently supported object types include: * Operating system and hardware * Processes * Services * Users * Groups * Logon sessions * Drives and volumes * Local and remote shares * Network interfaces * Network connections * Loaded modules * Kernel drivers * Windows event log WiTS is built using (amongst other packages) Tcl/Tk 8.6, [tktreectrl], [TWAPI], [Snit], and [tklib]. **Project links** Home page - http://windowstoolset.sourceforge.net Project page - http://sourceforge.net/projects/windowstoolset Mercurial repository - http://sourceforge.net/p/windowstoolset/code **Screen shot** [http://windowstoolset.sourceforge.net/listview3-detail-labeled.png] **General discussion** <> ''[escargo] 27 Feb 2007'' - I put the wits.exe (along with the directories it came in) in my SanDisk Cruzer Micro 4.GB USB Flash memory device. I double-clicked on wits.exe and it errored out. Then I selected it again, but right clicked on it and picked "Run as Administrator." Then it worked. I haven't tested everything, but what I have tried has worked. It looks just like a native [Windows Aero] application. ---- [HE] 27 Feb 2007 - Why is wits distributed as msi-installer file (1.1.1) or as setup.exe(2.0 beta)? The version 1.1.1 contains an [Starpack]. This can used without any other installation (Works for me on XP, w2000, w2k-server). [APN] Both versions contain a wits.exe that can be used standalone. As to why an installer is used, it's because I want it to be as close to a conventional Windows app as possible - create shortcuts in the Start menu, show up in the Add/Remove programs, leave nothing behind on disk or in the registry when uninstalled etc. In the longer run, I also hope to add other utilities so it will not be a single executable. [HE] Perhaps it is possible additional to provide the [starkit]/[starpack]? [MHo] I see absolutely no reason for using windows installer (msi) technology in this case. To understand the misterious msi, one have to study thousands of documents over three months. In old MSDOS days, '''copy *.*''' was the prefered way, perhaps editing a little clear-text config here and there afterwords. What about an alternative installation archive (.ZIP or so) with .exe and .kit inside? [APN] Sorry I don't plan on doing this. I guess I just don't see it as that big a deal to install. Eventually I want this to be on the standard freeware sites (non-Tcl) so I would like it to follow the standard practice most packages use. Those who want just wits.exe to carry around can just copy it and uninstall. If one of you does take the trouble of creating a zip or whatever, please remember to include the full nuvola.zip image archive as well since it is under LGPL. For a future release, I plan on U3-enabled distribution - that I'll probably make just a simple exe. [LV] It might be useful if HE would discuss why they care about how the code is distributed? I've not tried this tool, because in general, on my xp system, I cannot get permission to run the various normal MSDOS installers. I can, however, make use of starpack applications. So for me, in general, I prefer starpacks. As I said, I've not tried the installers for this app, so I don't know whether or not it would work. I don't care to raise the security alerts. I do note, however, that the Vista report above talks about not being able to run the application except as administrator. That definitely means I won't be able to use it... ---- 2007-12-27 [Ro]: Great work, Ashok. Been using it this morning and enjoy it. Will keep it in my toolbox, especially useful to me is the netstat-like functionality and the process information. Overall a nice use of [twapi]. Another feature I like is the network shares list. I second the request to get rid of MSI; you should distribute it as a single .exe. I know a lot of the freeware guys like that too. Lean and mean and all that jazz. You can copy other utility exe's you want to bundle to a temp folder from the starpack if you wanted a single exe. The Network Connections window could be less cpu intensive. I've got a lot of connections listed there; it could stand to be faster. [APN] In 3.0, displays of large number of objects should be MUCH faster as WiTS now uses [tktreectrl] instead of [tablelist]. Thanks for a useful tool. Also, the look is very native; I can tell you spent a lot of time on that, and it shows. ---- [MHo] 2014-06-20: Unfortunally, the wits installer is blamed by Symantec protection software as containing some trojan horse. I'm not able to download and install it anymore on my win7 pc. Just for your information. Symantec info as follows: ====== Risikoname: Trojan.ADH.SMH Dateiname : setup-wits-3.1.12(64 bit).exe http://www.symantec.com/security_response/writeup.jsp?docid=2013-090515-2042-99 Trojan.ADH.SFC Discovered: September 4, 2013Updated: September 5, 2013 3:39:44 PMType: TrojanSystems Affected: Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP Trojan.ADH.SFC is a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers. Antivirus Protection Dates Initial Rapid Release version September 4, 2013 revision 025 Latest Rapid Release version September 4, 2013 revision 025 Initial Daily Certified version September 5, 2013 revision 002 Latest Daily Certified version September 5, 2013 revision 002 Initial Weekly Certified release date September 11, 2013 Click here for a more detailed description of Rapid Release and Daily Certified virus definitions. Threat Assessment Wild Wild Level: Low Number of Infections: 0 - 49 Number of Sites: 0 - 2 Geographical Distribution: Low Threat Containment: Easy Removal: Easy Damage Damage Level: Low Distribution Distribution Level: Low Discovered: September 4, 2013Updated: September 5, 2013 3:39:44 PMType: TrojanSystems Affected: Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP Symantec¿s antivirus products contain an highly sensitive detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers. If one or more files on your computer have been classified as having a Trojan.ADH.SFC threat, this indicates that the files have suspicious characteristics and therefore might contain a new or unknown threat. However, given the sensitive nature of this detection technology, it may occasionally identify non-malicious, legitimate software programs that also share these behavioral characteristics. Therefore, it is recommended that users manually check all files detected as Trojan.ADH.SFC by Symantec antivirus products for potential misidentification, and submit any suspect files to Symantec Security Response for further analysis. For instructions on how to do this, read Submit Virus Samples. In rare cases where a legitimate file has been misidentified and subsequently quarantined, your computer may behave abnormally or you may find that one or more applications no longer function as expected. In such rare situations, you should open the Quarantine in your Symantec antivirus product. From here, you may review the list of all files detected as Trojan.ADH.SFC and, if you identify a potential misidentification, restore the file from quarantine and allow it to run normally. ====== As I'm always in a hurry and the program is not life-essential for us, I don't know if (and how) I could manage it to send the program for further analyses to Symantec, and I event don't know if I'm allowed to do this... [APN]Thanks for the report. I tried contacting Symantec through https://submit.symantec.com/false_positive/ but they need to know whether the detection occurred during download, installation, using the app or a scan. Could you please let me know ? [MHo]: Symantec says the source is "real time scan" - it happened immediately when trying to save the file from browser to disk, as symantec intercepts the disk IO. [APN]: Surprisingly fast response from Symantec: ======none Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products: 1A9DC667957F1D881C2754AF5850B03A - setup_wits_3.1.1264_bit.exe The updated detection(s) will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at http://securityresponse.symantec.com/avcenter/defs.download.html ====== [MHo] Great! I will test it in a while and report further. [MHo] 2014/09/18: Again, Symantec isolated the 64bit-Installer (latest version)...: ====== S y m a n t e c E n d p o i n t P r o t e c t i o n Auf Ihrem Rechner ist ein Sicherheitsproblem. Bitte wenden Sie sich an Ihren Benutzerservice mit dieser Meldung. ... --------------------------------------------------------------------------------------------- Scan-Typ: Auto-Protect Scan Ereignis: Risiko gefunden! Sicherheitsrisiko erkannt: Trojan.ADH.SMH Datei: D:\home\Hoffmann\Downloads\setup-wits-3.1.17(64 bit).exe Speicherort: .... Computer: .... Benutzer: .... Durchgeführte Aktion: Analyse der Nebeneffekte ausstehend : Zugriff verweigert Gefunden am: Donnerstag, 18. September 2014 15:32:19 ====== [APN] Submitted to Symantec again, and got the same response as above that they have fixed the issue. Hope I don't have to do this every time I release! <> Windows