Advanced Windows System Monitoring and Security Analysis Tool
InspectorWindo is a powerful, AI-enhanced system monitoring application for Windows that helps you understand what's running on your computer, identify potential threats, and make informed security decisions.
InspectorWindo is a security analysis and monitoring tool, not antivirus or endpoint protection software. It:
- Does not provide real-time protection
- Does not quarantine or remove malware automatically
- Does not prevent malicious activity
- Should be used alongside (not instead of) traditional antivirus software
- AI can make mistakes - The AI analysis is based on heuristics and patterns, not definitive malware detection
- Always verify critical decisions - Before terminating processes or making security decisions, verify with additional sources
- False positives are possible - Legitimate software may occasionally be flagged as suspicious
- Context matters - AI analysis is most accurate when combined with your knowledge of what you've installed
InspectorWindo MUST be run as Administrator for full functionality. Without admin rights, the following features will fail:
- File Hash Calculation (SHA256) - Required for VirusTotal scanning
- Digital Signature Verification - Needed for trust assessment
- Process Details - Full executable paths, command lines, parent processes
- Service Management - Start/stop Windows services
- Driver Information - Access kernel-mode driver details
- Scheduled Tasks - Enable/disable tasks
- System Process Access - Scan protected Windows processes
- VirusTotal scans will fail with "does not have a valid SHA256 hash" errors
- Many system processes will show incomplete information
- Service/driver management buttons will not work
- Deep analysis may be incomplete
To run as Administrator:
- Production: Right-click the InspectorWindo shortcut β "Run as Administrator"
- Development: Use
npm run dev:admin(prompts for elevation) - This tool has significant system access - Only run from trusted sources
- You are responsible for all actions taken based on InspectorWindo's analysis
- Killing critical system processes can cause system instability or data loss
- Disabling essential services may break Windows functionality
- Always create system restore points before making major changes
- The developers are not liable for any damage or data loss
- Local Process Scanning - Deep forensic analysis of running processes (file hash, digital signature, parent process, etc.)
- VirusTotal Integration - Scan file hashes against 70+ antivirus engines
- AI Analysis - GPT-4o-mini powered quick analysis of process legitimacy
- Deep Analysis - Advanced threat assessment using OpenAI's o1 reasoning model with real-time intelligence
- Processes - Monitor CPU, memory, and identify suspicious behavior
- Services - View and manage Windows services
- Startup Apps - Control what runs when Windows starts
- Scheduled Tasks - Monitor and disable automated tasks
- Drivers - Inspect kernel-mode drivers
- Shell Extensions - Identify context menu and Explorer extensions
- Risk Score (0-100) - Measures danger/maliciousness (0=safe, 100=critical threat)
- Vitality Score (1-5) - Measures importance to system (1=critical, 5=unnecessary)
- Safety-to-Kill Score (1-5) - Indicates consequences of terminating (1=dangerous, 5=very safe)
- Persistent storage of process metadata and scan history
- Track first seen, last seen, and scan counts
- Add personal notes and trust ratings
- Historical performance metrics with charts
- Windows 10/11 (64-bit)
- Administrator privileges
- Node.js 18+ (for development)
- API Keys (optional but recommended):
- OpenAI API key for AI analysis
- VirusTotal API key for malware scanning
- Download the latest release from Releases
- Run the installer (.exe)
- Launch InspectorWindo as Administrator
# Clone the repository
git clone https://github.com/yourusername/inspectorwindo.git
cd inspectorwindo
# Install dependencies
npm install
# Run in development mode (RECOMMENDED: as Administrator)
npm run dev:admin # Prompts for elevation, recommended for full functionality
# OR
npm run dev # Standard mode (some features may not work)
# Build for production
npm run build
npm run packageImportant: Use npm run dev:admin for development to access all features (file hashing, system process details, etc.)
- Launch InspectorWindo
- Navigate to Settings
- (Optional) Add your OpenAI API Key for AI analysis
- (Optional) Add your VirusTotal API Key for virus scanning
- Click "Test & Save" to validate keys
See docs/SETUP.md for detailed setup instructions.
- Setup Guide - Detailed installation and configuration
- Architecture Overview - Technical architecture and design
- Contributing Guidelines - How to contribute to the project
- Security Considerations - Security model and disclaimers
- Learn about your system - Understand what processes are running and why
- Identify malware - Spot suspicious processes using AI and VirusTotal
- Optimize performance - Find unnecessary processes consuming resources
- Audit security - Review startup items, services, and scheduled tasks
- Forensic analysis - Deep dive into process metadata and behavior
- Local only - All process knowledge is stored locally in your AppData folder
- No telemetry - InspectorWindo does not send any data to external servers
- API calls - When you use AI or VirusTotal features, data is sent to:
- OpenAI (process metadata for analysis)
- VirusTotal (file hashes for scanning)
- Process executable paths, names, and metadata
- File hashes, digital signatures, and version info
- AI analysis results
- Your personal notes and trust ratings
- Performance metrics history
Navigate to Settings β Data Management to clear:
- All process knowledge
- AI scan results only
- Service/startup/task/driver/shell extension data
- ~500 tokens per process
- ~$0.0001 per process analyzed
- Example: 50 processes = ~$0.005
- ~2000 input + 1500 output tokens
- ~$0.12 per deep analysis
- Includes VirusTotal scan + web search + advanced reasoning
- Free tier: 4 requests/minute, 500/day
- Premium: Higher rate limits available
- Electron - Cross-platform desktop framework
- React - UI framework with TypeScript
- TanStack Query - Data fetching and caching
- Tailwind CSS - Styling
- electron-store - Persistent local storage
- systeminformation - System data collection
- OpenAI API - AI-powered analysis
- VirusTotal API - Malware scanning
Contributions are welcome! Please see CONTRIBUTING.md for guidelines.
npm install # Install dependencies
npm run dev:admin # Start dev server as Administrator (RECOMMENDED)
npm run dev # Start dev server (normal mode, limited functionality)
npm run typecheck # Run TypeScript checks
npm run build # Build for productionImportant for Contributors:
- Always use
npm run dev:adminwhen developing features that require system access - This ensures file hashing, digital signatures, and system process scanning work correctly
- You'll see a UAC prompt each time - this is expected and necessary
This project is licensed under the MIT License - see the LICENSE file for details.
- Built with Electron
- AI analysis powered by OpenAI
- Malware scanning via VirusTotal
- System information from systeminformation
- Issues: GitHub Issues
- Discussions: GitHub Discussions
THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. THE DEVELOPERS ARE NOT RESPONSIBLE FOR ANY DAMAGE, DATA LOSS, OR SYSTEM INSTABILITY THAT MAY RESULT FROM USING THIS SOFTWARE.
Use InspectorWindo responsibly and at your own risk.