ArcticMyst Security is a new open source EDR program. The software is presented as Endpoint Detection Response. What is it really? A behaviour blocker? An HIPS? Or an anti-executable? Possibly a SRP policy software? The following are its listed features: 1) Monitoring: Processes executed (file path and command line) 2) Monitoring: SHA256 hash of processes executed 3) Blocking: RunDLL32.exe is not allowed to call Winsock DLLs or the WSAStartup function. These events are blocked and a systray balloon notification appears. Excel not allowed to load XLL files – malware attack vector – balloon notification alert. User can choose to temporarily pause these blocking functions 4) Monitoring: Registry startup changes (Causes systray balloon notification alert) 5) Monitoring: Crashing Processes via Windows Event Log event callback - crashes often occur during an attempted attack. This monitoring function may also help identify problematic software (Causes systray balloon notification alert) 6) Monitoring: Changes to PendingFileRenameOperations registry (monitored because some malware uses this to delete security tools on reboot)
OMG, the GUI looks so ugly, I'm not even going to try this. https://www.softpedia.com/get/Security/Security-Related/ArcticMyst-Security.shtml
