Every engine, named.

Defendrix is 13+ protection engines stitched together. Each one can be flipped on or off in the Protection Center.

CORE PROTECTION

Real-Time Protection

Every file scanned at open, copy, write, and execute. Signature + heuristic + Yara + Bayesian classifier in series.

Firewall

Default-deny inbound. Adaptive outbound rules. Tags every connection with the requesting process, the binary's hash, and the destination reputation.

Behavior Profiler

Per-process behavior baselining. Flags drift on signature-clean files - the way modern targeted attacks land.

USB Scanner

Auto-scans every USB device at insert. Blocks autorun. Quarantines anything that matches before the file system mounts.

ADVANCED THREAT

Ransomware Honeypot

Decoy file structures planted in known target paths. The first write to a honeypot triggers a fleet-wide ransomware alert in under 200 ms.

Execution Gate

Allowlist-based execution. Unknown binaries are blocked, hashed, and queued for admin approval. Stops zero-days before they run.

Fileless Attack Detector

PowerShell, WMI, COM hijack, reflective injection, LOLBin abuse. The techniques modern attackers use after the initial foothold.

Ransomware Correlator

Joins entropy spikes + honeypot triggers + behavioral drift. When all three fire, the process is killed and its files reverted from the journal.

SYSTEM INTEGRITY

Boot Sector Guard

Watches MBR / VBR / EFI System Partition. Anything writing to them is blocked before the disk hardware sees the request.

Live Patch Guard

Detects in-memory patches to running system DLLs. Catches rootkits, EDR-killers, and inline hooking attacks.

Self-Healing Core

Restores Defendrix files if anything tampers with them. Watchdog, directory guard, startup enforcer. Keeps protection alive.

Self-Defense Shield

Process shield prevents Defendrix from being killed. Directory guard prevents install-folder tampering. Survives ring-3 attackers.

NETWORK & FLEET

LAN Protection

ARP poisoning detection, DNS sinkholing, rogue DHCP detection, suspicious-host quarantine. Watches your switch like Defendrix watches your disk.

Fleet Mesh (UDP/50844)

End-to-end encrypted mesh that shares threat intel between every Defendrix device. A detection on one machine immunizes all the others.

Remote Support (Defendrix ID)

9-digit ID per device. Admin connects from anywhere. Live screen + scan + quarantine + lockdown. Sessions auto-expire after 1 hour.

Try it on one machine first.

Home covers a single device with a 14-day free trial. Upgrade to a Business or Enterprise plan when you're ready to roll it out to the whole office.

See pricing