6
processes like Notepad or browser have legit reasons for accessing clipboard in short bursts, typically associated with keyboard and mouse activity. The vast majority of processes have no business accessing clipboard whatsoever. Is there a way to monitor the "process reads clipboard" events in order to identify potential spyware?
EndangeringSpecies
Posted 2012-04-13T13:30:10.670
Reputation: 593
1
Try Debugviewer, from Microsoft Sysinternals Suite:
DebugView is an application that lets you monitor debug output on your local system, or any computer on the network that you can reach via TCP/IP. It is capable of displaying both kernel-mode and Win32 debug output, so you don't need a debugger to catch the debug output your applications or device drivers generate, nor do you need to modify your applications or drivers to use non-standard debug output APIs.
Diogo
Posted 2012-04-13T13:30:10.670
Reputation: 28 202
I'm not seeing clipboard events. Is there a particular setting and filter for that? That would make this an answer. – Vimes – 2014-10-22T17:14:19.657
1What version of Windows are we talking about? In Vista an Windows 7 you must give permission to an application to access the contents of the system clipboard. – Ramhound – 2012-04-13T13:34:59.230
1@Ramhound, I don't believe this to be the case. My own apps access clipboard on Windows 7 without any permissions setting popup. Similarly, when I install other people's apps like Notepad++ they access clipboard (to do paste) again without any permissions. – EndangeringSpecies – 2012-04-14T10:35:35.817