If you’re interested to understand what a third party application is doing (or planning to do) when installing on you Windows machine, you might have look here https://github.com/Microsoft/AttackSurfaceAnalyzer. Actually, since the v2 is build with .Net Core and Electron, you can use it on macOS and Linux as well.
Attack Surface Analyzer currently reports on changes to the following operating system components:
- File system (static snapshot and live monitoring available)
- User accounts
- Services
- Network Ports
- Certificates
- Registry (Windows only)
The future plans are also very interesting:
- Code signing info
- Drivers (partially covered presently via file system monitoring)
- Firewall settings
- Redistributable installations
- Network traffic (live monitoring)
- Registry (live monitoring)
Liviu Nastasa 