A small Windows tool to prevent accidental execution of executable files.
This is a simple real-time executable monitor, written in Python, that watches for suspicious file launches and intercepts them before they run. It pauses execution and asks you: “Did you mean to open this?”
It uses psutil to monitor newly spawned processes in real-time. When a new process starts, it checks if the file has a suspicious extension (like .exe, etc.), isn’t running from a trusted system directory, and wasn’t launched by a known system process (like svchost.exe). If it meets those criteria, the process is immediately suspended, and you’re prompted to allow or block it.
Sometimes, you double click the wrong thing, then panic and rush to Task Manager to kill the process before it can do anything, sometimes you're successful and prevent any potentially malicious code from running, sometimes you're not and before you know it you're infected with malware. This tool exists to prevent those accidental executions.
This tool is for security researchers, malware analysts, red teamers, and anyone who regularly pokes at dangerous/suspicious files and wants an extra safety net.
Fuck no, I made this while I was drunk, for when I am drunk in the future.
It's probably easily bypassable, and I don't really care, it's quite literally the most basic and simple prevention for accidentally executing programs.
Simply download the latest compiled release, and run it, it will then sit silently in the background processes and monitor for newly executed processes. (Optionally, you can also add it to startup)
If you want to temporarily run it just as a regular Python script, then download Python, then download the "malwareguard.py" script, and install the psutil package with pip by using pip install psutil, and run it with python malwareguard.py
Feel free to also edit the .py script and add your own trusted directories/processes. Then recompile it with PyInstaller
NOT (in any way) a replacement for antivirus or EDR — this is a lightweight safety net, not a full security suite.
GUI race conditions — fast-loading apps might briefly show their window before being suspended.
False positives — some legitimate apps outside trusted paths may trigger alerts.
Garbage code — it just is. (but it works, kind of :D)
Discord: fuckaslr
Twitter: https://x.com/fuckaslr
