Premium Protection

Top-tier shields - tamper protection, ransomware storm detection, offline fail-closed, per-app time budgets, screen-time report card, disk / SMART early warning, webcam-mic notifier, HKLM hive signing, GUI crash watchdog and silent self-update.

12 features

Mass File Rename Protection

Watches Documents, Desktop, Pictures, Videos, Music and Downloads for bulk-rename storms. Triggers when more than 20 files are renamed within 5 seconds in a single folder - kills the offending process, restores original filenames from a rolling shadow journal, and logs the incident. Honey-file canaries detect ransomware-style scans before user files are touched.

Mass File Extension Change Protection

Detects bulk extension swaps (e.g. .docx → .locked, .jpg → .enc) on user document folders. Same 20-in-5-seconds threshold as mass rename, with extension-class heuristics for the canonical ransomware suffix list (.locked, .enc, .crypt, .crypted, .pay, .ransom, .888, etc.). Process killed, files restored from journal, incident logged.

Ransomware Protection

A layered ransomware shield: decoy files that trip an alarm when encrypted, protection for Windows backup snapshots, detection of known ransomware programs and startup tampering, and detection of dropped ransom notes. It automatically quarantines the offending program and records the incident.

Offline Fail-Closed Enforcement

Per-policy 'after N days offline, drop into the strictest restriction set' safeguard. Prevents an attacker from killing connectivity to escape lockdown. Window is rollback-aware - restoring an old policy version restores the safeguard with it.

Per-Application Time Budgets

Set daily time limits and optional time-of-day windows for individual apps (for example, 30 minutes a day of a game, only between 4-6pm). Tracked per user and kept across reboots.

Local Screen-Time Report Card

End-user-visible daily summary fired as a tray balloon at 18:00 local. Shows top apps + total active minutes for the day so the user sees what was tracked. No cloud round-trip required.

Low-Disk + SMART Early-Warning Probe

SYSTEM-only background probe runs every 5 min. Surfaces low-disk and predictive SMART failure attributes long before Windows itself notices, so a failing drive becomes a heartbeat alert instead of a Monday-morning crash.

Webcam / Microphone In-Use Notifier

User-session GUI polls the Capability Access Manager every 5s and flashes a tray balloon when a new app starts using the webcam or mic. Catches apps that bypass the indicator LED on cheaper laptops.

Config Value Signing

The four guarded configuration values (Server URL, Account Username, Account Password Hash, Launch Password Hash) carry an HMAC-SHA256 sibling signature. Tampering with a value without resigning is detected and reverted on the next agent tick.

Agent GUI Crash Watchdog

Closes the gap where killing the agent + watchdog as a pair (e.g. taskkill /IM by image name) would leave the GUI down. A SYSTEM-side watchdog respawns the GUI on next user logon and flags the kill in the audit trail.

Agent Silent Self-Update

Hourly cloud poll for a newer build. The SYSTEM-elevated copy downloads, verifies, and runs the silent NSIS upgrade in-place. User session resumes against the new EXE on the next login - no operator touch needed.

WTS-Probe 3-Strike Sentinel

Before restarting the desktop to apply restrictions, the agent checks that it can safely do so. If the check fails three times it leaves the desktop running untouched, so tightly locked-down PCs never end up with a blank screen.