摘要 |
<p>ABSTRACT OF THE DISCLOSURE A system, method and computer program product for monitoring file integrity that includes intercepting a function call by a user application to change zit timestamp of a file; updating a record of a number of times the timestamp has been changed, wherein the record is maintained in operating system space; in response to a monitoring application requesting the record, providing, to the monitoring application, the record for comparison with information maintained by the monitoring application; and changing behavior of a user application if die record does not correspond to the Information maintained by the monitoring application. This can be peformed for multiple files, and each file can have to corresponding record. The records can be maintained, in a database in operating system space. The monitoring application can maintain a database of a number of times the timestamps of the files have been modified, The record is, e.g., a counter,</p> |