Екранни снимки:
Описание
ArcticMyst Security is an endpoint detection and response (EDR) tool focused on blocking XLL/RunDLL32 attacks and detecting crashing/faulty software. We have an option for additional fee-based threat hunting & monitoring. ***Elevated permissions are required to install and use this software*** The app monitors process events, registry startup changes, registry pending delete operations, crashing processes, blocks rundll32.exe from using Winsock or calling WSAStartup (disabled by default), and blocks Excel from loading .XLL files. User can enable/disable blocking options. Systray balloons promptly alert user when registry startup entries change, processes crash, rundll32 calls Winsock/WSAStartup, and when Excel loads XLL files. All events are transmitted to our server for threat hunt analysis. We also offer a paid option to join our Microsoft Defender P2 tenant for enhanced threat hunting. The software is free to use, except for businesses. Businesses must purchase licensing. This app allows users to make purchases, but does not use the Microsoft Store commerce system.