Every engine, named.
Defendrix is 13+ protection engines stitched together. Each one can be flipped on or off in the Protection Center.
Real-Time Protection
Every file scanned at open, copy, write, and execute. Signature + heuristic + Yara + Bayesian classifier in series.
Firewall
Default-deny inbound. Adaptive outbound rules. Tags every connection with the requesting process, the binary's hash, and the destination reputation.
Behavior Profiler
Per-process behavior baselining. Flags drift on signature-clean files - the way modern targeted attacks land.
USB Scanner
Auto-scans every USB device at insert. Blocks autorun. Quarantines anything that matches before the file system mounts.
Ransomware Honeypot
Decoy file structures planted in known target paths. The first write to a honeypot triggers a fleet-wide ransomware alert in under 200 ms.
Execution Gate
Allowlist-based execution. Unknown binaries are blocked, hashed, and queued for admin approval. Stops zero-days before they run.
Fileless Attack Detector
PowerShell, WMI, COM hijack, reflective injection, LOLBin abuse. The techniques modern attackers use after the initial foothold.
Ransomware Correlator
Joins entropy spikes + honeypot triggers + behavioral drift. When all three fire, the process is killed and its files reverted from the journal.
Boot Sector Guard
Watches MBR / VBR / EFI System Partition. Anything writing to them is blocked before the disk hardware sees the request.
Live Patch Guard
Detects in-memory patches to running system DLLs. Catches rootkits, EDR-killers, and inline hooking attacks.
Self-Healing Core
Restores Defendrix files if anything tampers with them. Watchdog, directory guard, startup enforcer. Keeps protection alive.
Self-Defense Shield
Process shield prevents Defendrix from being killed. Directory guard prevents install-folder tampering. Survives ring-3 attackers.
LAN Protection
ARP poisoning detection, DNS sinkholing, rogue DHCP detection, suspicious-host quarantine. Watches your switch like Defendrix watches your disk.
Fleet Mesh (UDP/50844)
End-to-end encrypted mesh that shares threat intel between every Defendrix device. A detection on one machine immunizes all the others.
Remote Support (Defendrix ID)
9-digit ID per device. Admin connects from anywhere. Live screen + scan + quarantine + lockdown. Sessions auto-expire after 1 hour.
Try it on one machine first.
Home covers a single device with a 14-day free trial. Upgrade to a Business or Enterprise plan when you're ready to roll it out to the whole office.