Skip to content
/ ProcessBouncerService Public

ProcessBouncerService - a process-based malware protection tool

License

GPL-3.0 license
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Rotrixx/ProcessBouncerService

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
ProcessBouncer
ProcessBouncer
 
 
ProcessBouncerGUI
ProcessBouncerGUI
 
 
ProcessBouncerService
ProcessBouncerService
 
 
Install.ps1
Install.ps1
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

ProcessBouncerService

A process-based malware protection tool.

ProcessBouncerService is based on the Powershellscript ProcessBouncer (https://github.com/hjunker/ProcessBouncer) but implemented as an Windows Service. It uses WMI to get information of newly created processes. If a process is suspicious it will be terminated or the user chooses what to do with the suspicious process.

Setup:

  • Download and extract
  • Run Install.ps1 as admin

Configuration:

Comments start with a # and will be ignored. Please don't add new lines or spaces in the listings.

If you want to add your own signatures, add the MD5-Hashes in a file with each hash on a new line to C:\ProcessBouncer\signatures\. Currently there are 421803 Hashes from ClamAV Virus Database (https://www.clamav.net/downloads) in C:\ProcessBouncer\signatures\sig.

ProcessBouncerService does also support dynamic signatures(Hex-strings). This is in a early testing stage.

Contact:

If you have questions, feedback or suggestions feel free to contact me.

Twitter: @r0trixx

About

ProcessBouncerService - a process-based malware protection tool

Resources

Readme

License

GPL-3.0 license
Activity

Stars

3 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 1

First stable release Latest
May 15, 2020

Packages

 
 
 

Languages