ArcticMyst Security 20230612a

Published by

ArcticMyst Security provides an Open Source (EDR) endpoint detection and response option as an additional layer of protection for your machine.
ArcticMyst Security will monitor process events, registry startup changes, registry pending delete operations, and crashing processes. It will also block rundll32.exe from using Winsock or calling WSAStartup, and blocks Excel from loading .XLL files.

You do have the option to pause blocking options temporarily if needed. Systray balloons will promptly alert the user when registry startup entries change, processes crash, rundll32 calls Winsock/WSAStartup, and when Excel loads XLL files.

All events are transmitted to DeepTide's server for threat hunt analysis.

ArcticMyst Security Features:

Process monitoring via NtCreateUserProcess hook and Event Log subscription callback (file path, command line, SHA256)
HKLM/HKCU Run registry startup changes (common malware persistence method)
PendingFileRenameOperations registry changes (can be used to delete security tools or damage files)
Block RunDLL32.exe from calling WSAStartup or loading Winsock libraries (LdrLoadDll, WSAStartup hook) && LdrRegisterDllNotification function
Crashing process/process dump monitoring via event log subscription callback
Excel is not allowed to load .XLL files (LdrLoadDll hook) & LdrRegisterDllNotification function methods

Similar:
What's the Best Antivirus and Is Windows Defender Good Enough?
Windows Device Performance & Health Explained
How to Tell the Difference Between a Virus and a False Positive
Which Anti-Malware App Is Best and Can It Run Alongside My Antivirus


  Download