Patriot is a 'Host IDS' tool which allows real time monitoring of changes in Windows systems or Network attacks.

Patriot monitors:

* Changes in Registry keys: Indicating whether any sensitive key (autorun, internet explorer settings...) is altered.
* New files in 'Startup' directories
* New Users in the System
* New Services installed
* Changes in the hosts file
* New scheduled jobs
* Alteration of the integrity of Internet Explorer: (New BHOs, configuration changes, new toolbars)
* Changes in ARP table (Prevention of MITM attacks)
* Installation of new Drivers
* New Netbios shares
* TCP/IP Defense (New open ports, new connections made by processes, PortScan detection...)
* Files in critical directories (New executables, new DLLs...)
* New hidden windows (cmd.exe / Internet Explorer using OLE objects)
* Netbios connections to the System
* ARP Watch (New hosts in your network)
* NIDS (Detect anomalous network traffic based on editable rules)

http://image.bayimg.com/naeapaada.jpg

It needs winpcap.
You can view the security logs made by Patriot NG through Windows Event viewer in ‘Application’.
Changes are not persistent so when you restart, all apps / ports / hosts blocked are unblocked.

Security Projects - Patriot NG (http://www.security-projects.com/?Patriot_NG)