Skip to content

0xresetti/malwareguard

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 

Repository files navigation

malwareguard

A small Windows tool to prevent accidental execution of executable files.

What?

This is a simple real-time executable monitor, written in Python, that watches for suspicious file launches and intercepts them before they run. It pauses execution and asks you: “Did you mean to open this?”

How?

It uses psutil to monitor newly spawned processes in real-time. When a new process starts, it checks if the file has a suspicious extension (like .exe, etc.), isn’t running from a trusted system directory, and wasn’t launched by a known system process (like svchost.exe). If it meets those criteria, the process is immediately suspended, and you’re prompted to allow or block it.

Why?

Sometimes, you double click the wrong thing, then panic and rush to Task Manager to kill the process before it can do anything, sometimes you're successful and prevent any potentially malicious code from running, sometimes you're not and before you know it you're infected with malware. This tool exists to prevent those accidental executions.

Who?

This tool is for security researchers, malware analysts, red teamers, and anyone who regularly pokes at dangerous/suspicious files and wants an extra safety net.

Is it good?

Fuck no, I made this while I was drunk, for when I am drunk in the future.

It's probably easily bypassable, and I don't really care, it's quite literally the most basic and simple prevention for accidentally executing programs.

Example

guard1

Setup

Simply download the latest compiled release, and run it, it will then sit silently in the background processes and monitor for newly executed processes. (Optionally, you can also add it to startup)

If you want to temporarily run it just as a regular Python script, then download Python, then download the "malwareguard.py" script, and install the psutil package with pip by using pip install psutil, and run it with python malwareguard.py

Feel free to also edit the .py script and add your own trusted directories/processes. Then recompile it with PyInstaller

Limitations / Known Issues

NOT (in any way) a replacement for antivirus or EDR — this is a lightweight safety net, not a full security suite.

GUI race conditions — fast-loading apps might briefly show their window before being suspended.

False positives — some legitimate apps outside trusted paths may trigger alerts.

Garbage code — it just is. (but it works, kind of :D)

Contact

Discord: fuckaslr

Twitter: https://x.com/fuckaslr

Blog: https://0xresetti.github.io/

About

A small Windows tool to prevent accidental execution of executable files.

Resources

License

Stars

Watchers

Forks

Packages

 
 
 

Contributors

Languages