Your always-on Windows security agent. Real-time monitoring with 4 live watchers, AI-powered threat correlation, autonomous remediation, and 13 audit modules โ all running locally.
A two-process design: a background agent that never sleeps, and a dashboard that connects in real time
Four always-on watchers that detect threats the moment they happen
Watches process creation & termination. Detects suspicious executables, unsigned binaries, temp-path launches.
Monitors file changes in critical directories. Detects hosts file tampering, new executables in startup folders.
Watches Windows Security & System logs. Detects failed logons, privilege escalation, service installations.
Tracks active connections & listening ports. Detects new services, suspicious outbound connections, DNS anomalies.
See your Windows security posture at a glance โ 13 modules, per-module breakdown
More than an auditor โ a living security agent that watches, thinks, and acts
Runs as a Windows Service 24/7. Monitors processes, files, event logs, and network in real time โ even when the dashboard is closed.
Agent Brain correlates individual events into attack chains. Detects multi-stage attacks that single-event analysis misses.
7 autonomous response actions: kill process, quarantine file, block IP, and more. Every action has full undo support.
25+ commands plus natural language. Ask questions, run audits, configure policies โ talk to your agent like a colleague.
Comprehensive coverage: Firewall, Defender, Network, Privacy, Browser, Encryption, Event Log, and more. Real Windows API calls.
Everything runs on your machine. No cloud, no telemetry, no accounts. Your security data never leaves your system.
SQLite-backed audit history with score tracking. See how your security posture changes over days and weeks.
Generate reports in HTML, JSON, Text, and Markdown. Share results, feed into pipelines, keep records.
Risk tolerance, per-category rules, auto-remediation triggers โ tune the agent to match your environment and risk appetite.
Comprehensive coverage of your Windows security configuration
Profile states, rules, port exposure
Pending updates, install history
Real-time protection, definitions
Admin audit, password policies
Open ports, LLMNR, SMB, ARP
Unsigned exes, suspicious paths
Registry keys, scheduled tasks
SecureBoot, BitLocker, UAC, RDP
Telemetry, tracking, permissions
Chrome/Edge settings, extensions
Outdated software, EOL detection
BitLocker, EFS, TPM, certificates
Failed logins, security events
Clone, build, and start your security agent
WinSentinel is free, open source, and runs entirely on your machine.