Changelog

5.0.5.0

• Added AI-powered antivirus scanning
• Fixed false positives in built-in rules and enhanced existing rules
• Fixed dark mode background display issue in Exclusions
• Fixed driver loading process recognition issue
• Improved password requirement for tray menu operations (valid for 1 minute)
• Added value name field to registry setting value handling cache

Download Directly Download from Github Download from GoogleDrive

5.0.4.0

• Fixed the issue where Exclusions not showing for Classic Templates

5.0.3.0

• Optimize user experience
• Refine the international version
• Prevent driver misblocking (mouse/keyboard/hid)

5.0.2.0

• Fixed the issue where built-in rules blocked system restoration
• Fixed the issue where built-in rules blocked PIN login
• Added support for detecting the latest attacks of SilverFox

5.0.1.0

• Optimized kernel rule engine performance
• Improved RPC multi-layer tracing support (e.g., using PowerShell through WMI to create scheduled tasks)
• Optimized detection logic for adding Microsoft Antivirus exceptions
• Added monitoring for system restore point deletion
• Added support for both read and write monitoring in low-level disk access
• Added remote control detection
• Rolled back the script replacement process path logic from the previous version (keeping MSI type) (may require adjustments to some rules)
• Added process file description field to pop-up windows
• Added more built-in rules
• Optimized some false positives in built-in rules
• Added rule name field support for full search in interception records
• Fixed issues that might cause UI freezes and database lockups

5.0.0.0

Major version update, Pro version officially launched

• Adjusted Pro version licensing logic, supporting online licensing (Note: old version test licenses will be deprecated)
• Optimized various UI experience issues, added better high DPI scaling support
• Added more built-in rules (increased to 64 built-in rules, including over 500 sub-conditions)
• Removed some incomplete features (Antivirus, Rule Market, Toolbox - will be re-launched after improvements)
• Functional modifications
  • Optimized RPC tracing logic to better trace back to the original process initiating RPC calls
  • Added support for DCOM call tracing
  • Added script detection, identifying script types (such as vbs, js, bat, msi, etc.) as specific scripts for better interception capabilities (Note: may cause failures in rules using cmd, msi, etc. process paths as conditions)
  • Added file hiding events
  • Added BitsDownload events
  • Removed remote process creation (replaced with RPC implementation)
  • Optimized process tampering logic
  • Real-time protection logs now display matching YARA rules after interception
  • HTTP support for Method field
  • Fixed network brute force logic
  • Optimized interception records for better multi-process operation support
  • Improved rule engine matching performance for certain conditions
• Bug fixes
  • Fixed QueueUserApcEx2 monitoring issue
  • Fixed file signature calculation failure due to permission issues
  • Optimized real-time protection priority issues
  • Fixed signature cache not being cleared promptly after expiration in certain scenarios

4.8.6.0

• Fixed an issue where enhanced defense abnormalities prevented the software from starting normally
• Fixed the issue with invalid embedded signature fields in advanced defense templates
• Added value content for registry value settings
• Added UserSID field for processes
• Added support for modifying response actions of all child rules in rule directory right-click menu
• Added support for exporting interception records to CSV files

4.8.5.0

• Phased restructuring (preparation for future versions)

  • Redesigned rule engine
  • Redesigned file cache
  • Optimized driver and rule engine performance
  • Rule engine now supports DR behavior analysis
  • Standardized event field naming

• Added built-in rules (Advanced Threat Defense)

  • File encryption interception (ransomware)
  • Code injection interception (process hollowing)
  • Side-loading attack interception (signed binary abuse)
  • Vulnerability driver exploitation interception (BYOVD)
  • Phishing attack interception

• Organized and improved some built-in rules

  • Added more persistence items
  • Process defense supports more built-in rules

• Redesigned advanced templates

  • Reorganized all events and fields
  • Added more fields
  • Removed some deprecated fields (compatibility issues may cause some advanced template rules to fail)

• Fixed various issues:

  • Fixed enhanced defense freezing issue on Windows 7
  • Fixed issues reported in community groups and feedback documents

4.6.5.0

• New features
  • Added interception notification function (can set pop-up notifications after interception)
• Fixed various issues:
  • Fixed some puppet process creation monitoring issues reported on GitHub
  • Fixed the issue where switching defense would override the kernel enhanced defense switch
  • Fixed kernel mode monitoring not detecting thread context modifications
  • Fixed scaling affecting toolbox sub-processes
  • Optimized dark mode button effects
  • Added support for exporting Global Trusted Processes
  • Other bug fixes

4.6.4.0

• Added kernel enhanced defense support (enabled in Pro version configuration)
  • Process hiding support
  • Memory modification detection
  • Asynchronous procedure call detection
  • Thread context modification detection
• Built-in rules
  • Added network connection alerts
  • Added scheduled task creation blocking
  • Added Shellcode injection blocking
  • Added process asynchronous procedure call injection blocking
  • Fixed issues with repeated NTDLL loading interception
  • Optimized some rule parameters
• Templates
  • Added process hiding template (depends on kernel enhanced mode)
• Other
  • Fixed session isolation causing drag-and-drop parameter list failures
  • Optimized slow icon query in trust lists

4.6.3.0

Added dark mode support

4.6.2.0

• New templates

  • Block file access (kernel mode)
  • Block registry access (kernel mode)

• Experience optimizations

  • Added red dot notification in system tray for new events (can be enabled/disabled in settings)
  • Added red dot notification for interception records
  • Highlighted new interception events in interception records
  • Added RLO character disguise process interception to built-in rules
  • Filtered out system modules in AMSI
  • Other optimizations

4.6.1.0

• Feature optimizations

  • Redesigned rule engine: performance optimization
  • Added caller tracing support for some tool processes (sc, net, logoff, etc.)
  • Added support for default "Don't remind again" checkbox in pop-up settings
  • Optimized smart defense logic
  • Added smart defense rules
  • Added right-click copy support in interception record details
  • Optimized some UI displays

• Bug fixes

  • Fixed signature acquisition failure for some processes
  • Fixed template operation exception issues

4.6.0.0

• New features
  • Added frequent operation rules (can be used to detect ransomware, block network brute force attacks)
• Optimized features
  • Global Trusted Processes directly set in kernel, effective for advanced templates (kernel mode)
  • Improved kernel rule engine matching performance
  • Optimized enhanced defense for certain anti-detection scenarios
  • YARA scanning engine
    • Direct termination of matching after global match failure
    • Signature logic migrated to YARA internal implementation as a plugin
    • Real-time alerts for incorrect rules during rule editing
    • Support for scanning drivers and modules
    • Asynchronous scanning support for suspending processes after matching
• Bug fixes
  • Fixed service crash issues caused by incorrect YARA rules
  • Fixed other issues reported in documentation

4.5.0.0

• Added more features
  • Added real-time process creation scanning (using YARA rules)
  • Added PowerShell command execution interception (AMSI)
  • Support for more interception points (advanced templates)
    • Modify file permissions
    • Service stop
    • Microphone access
    • System logout
    • Cross-process message sending
    • Close process window
    • Connect to cross-process communication ports
• Bug fixes
  • Fixed invalid default process termination in pop-ups
  • Fixed abnormal rule directory right-click menu functionality
  • Fixed Notepad not intercepting file modifications
  • Fixed learning mode not working for enhanced defense rules
  • Fixed blue screen issues on some 32-bit Windows 7 systems
  • Fixed various issues reported in feedback documents

4.3.1.0

• Fixed various issues
  • Fixed driver installation failures caused by some security software
  • Fixed compatibility issues caused by some security software
  • Fixed potential freezes when intercepting System process registry modifications
  • Fixed workspace switching not clearing cache
  • Fixed invalid rule status switching in interception records
  • Fixed 360 Desktop Assistant continuously crashing and restarting explorer when File Explorer hardening was enabled
  • Optimized registry interception return values
  • Improved some UI experience

4.3.0.0

• iMonitorSDK
  • Added ICMP scanning monitoring
  • Added process protection
  • Added shortcut resolution
  • Added MoveFileEx monitoring support (delete file on restart)
  • Added more screenshot support: covering AntiTest
  • Fixed 8.3 short path causing rule matching failures
  • Fixed SYSTEM process bypass issues
    • Shared file operations not monitored
    • Port 445 not intercepted
• Features
  • Added smart defense rules
  • Added learning mode support
  • Added workspace support
• Query pop-ups
  • Refined file operations
  • Multi-line string display for registry
• Templates
  • Added common template directory
  • Added file extension field to rename file
  • Added shortcut interception
• Other
  • Optimized interception record display
  • Added system process spoofing built-in rules
  • Added support for intercepting some sub-windows in pop-up interception
  • Non-blocking normal installation when intercepting registry startup items
  • Fixed installation failures on some server systems
  • Fixed trust list not being cleared when rules are overwritten

4.2.1.0

• Fixed various issues
  • Fixed screen capture rule template not working
  • Fixed conhost.exe false positive
  • Optimized image injection process termination logic (terminates both parent and child processes)
  • Removed some deprecated rules

4.2.0.0

Major optimization of user experience and bug fixes, important version, update recommended!

• iMonitorSDK

  • Added process tampering events (Process Hollowing, Process Doppelganging, Process Ghosting, etc.)
  • Added image tampering events (puppet processes, memory tampering)
  • Added cross-process module loading events
  • Optimized remote injection (supports identifying injected DLL paths)
  • File hiding supports process exclusions
  • Added original filename field to process information
  • Fixed self-protection causing FontCache unable to open protected processes

• Built-in rules

  • Added enhanced defense ignore list
  • Added File Explorer hardening (can intercept APC injection into explorer.exe)
  • Added remote thread injection detection (supports identifying injected DLL paths)
  • Added process file tampering detection
  • Added remote image injection detection
  • Added process memory tampering detection
  • Added parent process spoofing detection
  • Fixed some false positives

• Third-party rules

  • Streamlined optimization, reduced false positives

• Interception records

  • Added today button to calendar
  • Supports remembering last adjusted width
  • Added trust process target combination to interception records

• Query pop-ups

  • Fixed trusted command line incorrectly taking digital signature
  • Optimized pop-up speed and position calculation

• Rule editing

  • Added multi-select copy support for parameters
  • Fixed operation loss after dragging operation targets

• Response actions

  • Added query (default terminate process) option

• Rule templates

  • Added screen capture template
  • Added device operation interception template (advanced rules)

• Rule market

  • Imported rules support incremental updates (merging trust lists)

• Other

  • Added professional version features
  • Optimized startup performance
  • Optimized rule editing performance
  • Password required for exit when password protection is enabled

• Fixes and optimizations

  • Fixed memory leak issues in specific scenarios
  • Fixed password prompt appearing at startup when password protection is enabled
  • Fixed parameter zero-width characters causing matching failures
  • Fixed compatibility issues with 360
  • Fixed database lock preventing normal writing of interception records
  • Added command line to process creation record details
  • Fixed empty service manager list on Server 2008 R2
  • Fixed process events still occurring after process termination
  • Optimized Classes registry key redirection issues
  • Other bug fixes and usage optimizations

4.0.1.0

• Added keylogging interception support

• Added active clearing logic for disposition cache

• Fixed various issues

  • Optimized rule saving performance
  • Optimized query blocking disposition cache logic
  • Fixed ineffective system shutdown interception
  • Fixed trust list termination option not working after matching rules
  • Fixed duplicate registry rules in built-in rules
  • Removed trust list from advanced templates (kernel mode)
  • Removed some deprecated rules

4.0.0.0

Major version update, update recommended

• iMonitorSDK updated to 4.0

  • Added kernel rule engine
  • Added file hiding support
  • Added sandbox support
  • Added RPC call process tracing
  • Optimized some performance

• Templates

  • Added built-in rule templates
  • Added advanced templates (kernel mode) support
  • Added file hiding templates
  • Added lightweight sandbox templates
  • Added domain query templates

• Enhanced defense

  • Added simulated mouse and keyboard monitoring
  • Added clipboard access monitoring
  • Added system time modification monitoring
  • Added critical event monitoring
  • Added desktop background modification monitoring
  • Added disk control monitoring

• Query dialog

  • Added signature information display
  • Added event customization
  • Dialog response records support caching (default 1 minute for same events, can be modified in settings)

• Interception records

  • Added pagination support

• Trust list

  • Added parameter group support

• Optimizations

  • Optimized rule parameter settings
  • Deprecated some outdated templates
  • Optimized kernel process list performance
  • Added Image hijacking protection
  • Enhanced self-protection logic
  • Added remote call tracing (service creation, driver loading, scheduled tasks, user creation, DNS queries, etc. can be traced to source)
  • Added kernel-level rule settings
  • Added WMI process creation monitoring
  • Added clipboard import support for rule groups
  • Added drag-and-drop support for parameter position adjustment

• Fixes

  • Added network filter driver compatibility
  • Optimized HKEY_CLASSES_ROOT redirection issues
  • Fixed port firewall dialog trust errors

3.5.1.0

• BUGFIX
  • Fixed BypassIO exception on Windows 11
  • Fixed exception issues caused by 360
  • Fixed network firewall exceptions in certain environments

3.5.0.0

• iMonitorSDK upgraded to the latest version, supporting more monitoring functions

  • Reading other process memory (ReadProcessMemory)
  • Modifying other process thread contexts (SetContextThread)
  • Inserting asynchronous procedure calls into other processes (QueueApcThread)
  • Mapping memory to other processes (MapViewOfSection)
  • Duplicating handles from other processes (DuplicateHandle)

• New features in enhanced templates

  • Block inserting asynchronous procedure calls into other processes
  • Block modifying other process thread contexts
  • Block mapping memory to other processes
  • Block duplicating handles from other processes
  • Block reading other process memory

• New security hardening features

  • Support for monitoring repeated loading of ntdll modules

• New features in enterprise templates

  • Device control (support for controlling mobile storage, portable devices, and various device types)

• Feature optimizations

  • Interception records support switch control, can be set to not record events
  • Password input box is activated by default when opened

3.4.0.0

Enterprise version requirements

3.3.1.0

• BUGFIX
  • Fixed issue where rules with parameter groups and multiple directory levels were not effective when exporting
  • Fixed issue causing certain versions of KMPlayer to not play normally

3.3.0.0

• iMonitorSDK

  • Updated to version 3.3
  • Optimized dynamic module injection

• Home overview

  • Added "Enhanced Defense" feature

• Rule templates

  • Added disk command monitoring events (requires advanced template)
  • Added "Enhanced Templates"
    • Block COM object calls
    • Block remote process creation
    • Block cross-process memory writing
    • Block service creation
    • Process starting services
    • Block setting global hooks
    • Block setting keyboard hooks

• Rule export

  • Support for exporting parameter groups

• Toolbox

  • Added "Software Manager" tool

3.2.1.0

• Scaling settings support selecting different scaling ratios
• Fixed issue where trust conditions of rules in groups could not be modified in the trust list editing interface

3.2.0.0

• Reorganized default rules
• Added settings interface
  • Support for setting computer scaling adaptation
  • Query dialog settings moved to settings interface
• Toolbox
  • Added "Service Management" tool
• Optimized some user experience issues

3.1.0.0

Greatly optimized user experience, update recommended!

• iMonitorSDK

  • Added file redirection functionality

• Rule list

  • Added rule group functionality (greatly optimized user experience)
  • Optimized performance issues with many rules

• Rule editing

  • Added parameter count reminders to easily identify which have parameters
  • Optimized slow rule editing opening

• Query dialog

  • Optimized dialog logic
  • Process and target support for context menus
  • Added "Don't remind again" option
  • Support for modifying default timeout
  • Fixed crashes in extreme cases
  • Fixed termination by other processes sending WM_CLOSE

• Templates

  • Registry templates support key-value combination parameters
  • Fixed frequent pop-ups caused by desktop shortcut protection
  • Added new template: file redirection

• Other

  • Optimized various user experience issues

3.0.0.0

Major version update, update recommended!

• iMonitorSDK
  • Updated SDK to the latest version
  • Added fields to module loading and driver loading: module MD5, module signature certificate, module signature certificate fingerprint
  • Fixed IPv6 network redirection failure
  • Fixed 127.0.0.1 resolving to other domain names
• Query dialog
  • Support for more shortcut operations
  • Added operation panel
    • Support for manually editing trusted (intercepted) parameters
    • Support for adding expiration time (temporary rules)
  • Added support for displaying in bottom right corner
  • Optimized Modal issues, resolving inability to edit rules during pop-ups or click pop-ups while editing rules
• Interception records
  • Support for multi-selecting multiple records
  • Support for recording allowed events after query dialog
  • Fixed confirmation dialog for clearing records having no effect
• Rule list
  • Priority supports dropdown selection
• Rule template selection
  • Optimized template categorization
• Rule editing
  • Adjusted parameters to display as tab pages
  • Added trust list quick edit tab
    • Trust list added option: allow selecting direct termination of matching after trust match, without continuing to match next rule
• Rule parameters
  • Optimized validation for some input parameters (e.g., filenames with wildcards when wildcards aren't supported)
  • Changed rule response "Pop-up" text to "Query"
• Group management
  • Added group management functionality, allowing different rules to reuse the same fields
  • Rule parameters allow inserting groups
  • When exporting rules with groups, groups are expanded directly without exporting the group
• Trust list
  • Added search support
  • Added more types of rule conditions
  • Support for displaying temporary (expiring) rules
• Rule market
  • Optimized rule market download prompts (no longer continuing to add rules after closing)
• Templates
  • Block driver loading template
    • Added more parameters (driver MD5, signature, certificate fingerprint)
  • Advanced template
    • Support for selecting multiple events
    • Support for drag-and-drop (matching conditions can be dragged to other collections)
  • Operation template
    • Removed allow, added ignore and trust
    • Fixed parameter rendering issues in certain scenarios

2.9.3.0

• Fixed false pop-ups when creating existing directories while intercepting file modifications

2.9.2.0

• Updated iMonitorSDK to the latest version
  • Fixed blue screen issues in extreme scenarios
  • Driver compatible with Verifier default option testing

2.9.1.0

• Optimized wildcard < representation: represents any character except backslash , used to represent current directory but not including subdirectories
• Fixed rule priority ineffective in certain scenarios

2.9.0.0

• Updated iMonitorSDK to the latest version

  • Added monitoring extensions, allowing custom monitoring to access the rule engine
    • Added pop-up monitoring support
  • Wildcard support for < (represents current directory, but not including subdirectories)
  • Optimized the issue of continued connect loop causing many interceptions after blocking network connections

• Improved user experience

  • Rule parameters support double-click editing
  • Added usage instructions for rule parameters (in the upper right corner of rule editing: wildcards, environment variables)

• Template updates

  • Added "Pop-up Interception" template
  • Advanced template network port added host order field

• Fixed various issues

  • Fixed memory usage issues from caching large numbers of intercepted events
  • Fixed memory growth issues from software repeatedly attempting to connect to networks after being blocked

2.8.1.0

• Updated iMonitorSDK to the latest version

  • Added IOCTL_SCSI_PASS_THROUGH_DIRECT interception support
  • Added scheduled task creation interception support
  • Added registry monitoring value content type recognition (can convert to DWORD, STRING based on type)
  • Fixed conflict with certain Siemens software
  • Fixed local loopback network monitoring issues
  • Fixed DNS resolution failures in certain scenarios

• Usage optimizations

  • Rule market double-click opens editing interface directly, only adds rule after confirmation, allows viewing rule content
  • When importing rules, checks for identical rules (same rule ID, rule name), prompts whether to overwrite

• Template updates

  • Added "Block Scheduled Task Creation" template

2.8.0.0

Important version, update recommended

• Updated iMonitorSDK to the latest version

  • Removed undocumented AFD driver monitoring, all network monitoring implemented using WFP framework
  • Added ICMP interception support

• Integrated with iFoundation Ice Tower rapid development framework

  • Support for modular upgrades: minor modifications can be automatically updated through module upgrades without frequent manual updates
  • Enterprise management capabilities (enterprise management backend will be officially launched in version 3.0)
    • Support for unified management
    • Support for policy deployment
    • Support for feature extension, customization, secondary development, system integration

• Added toolbox

  • Ice Mirror Terminal Behavior Analysis System
  • Ice Mirror Software Behavior Analysis System
  • Ice Cloud Security USB Drive
  • Ice Blade Process Force Kill, File Force Delete

• Added WeChat communication group (QR code available on the About Ice Shield page)

• Fixed various issues

  • Fixed case-sensitive quick search issues
  • Fixed trust list import failures in certain scenarios when importing rules
  • Fixed multiple rule matching not working in trust lists

• Optimized other user experiences

2.7.0.0

Added usability and stability, update recommended

• Updated SDK to the latest version

  • Added first-time event notification for file read/write
  • Filtered out named pipe read/write requests
  • Rule engine optimization

• Removed read-only file monitoring switch

  • Privacy protection changed to read file and file mapping events

• Added trust list export/import for rule export, import, and sharing

• Optimized startup logic, added registry startup entries

• Template updates (supporting classic mode: concepts like create, modify, delete, read)

  • Added all-around template
  • Added process behavior template
  • Added file behavior template
  • Added registry behavior template
  • Added network behavior template

• Other

  • Fixed database operation exceptions
  • Fixed issues where process protection and process operation interception could prevent processes from starting
  • Fixed some false positive issues
  • Fixed dialog interface shadow issues in maximized state
  • Added more extension properties to rule engine

2.6.1.0

Fixed various reported issues

• Added active refresh button to interception records (supports F5 refresh)
• Fixed issue where kernel interception events (e.g., driver loading) could only be blocked, not show dialog
• Fixed issue where blocking file modification and blocking process file modification couldn't intercept file overwriting through renaming
• Fixed slow startup on some special Windows 7 systems
• Optimized dialog interface
  • File renaming supports displaying path after renaming
  • Setting and deleting registry values support displaying registry value names

2.6.0.0

Enhanced stability and usability, update recommended (thanks to many enthusiastic users' suggestions)

• Added learning mode
  • In learning mode, only bypass monitoring to learn and observe rule usage and settings, without actually intercepting any events
• Enhanced trust list
  • Support for manual addition and editing
  • Non-dialog interception rules also support adding trust
• Enhanced interception record interaction
  • Support for right-click adding trusted targets
• Performance optimizations
  • Optimized rule settings during system startup
  • Removed all file operations from rule engine execution thread
  • Optimized system brief freezes caused by UI thread blocking
  • Fixed startup hang issues in some scenarios
• Template updates
  • Added quick templates (interception mode)
  • Added quick templates (trust mode)
  • Added block process launching child process template
  • Added rule template for ignoring system initialization process
  • Optimized some built-in templates causing false positive dialogs
• Other
  • Adjusted template update logic
  • Fixed startup to tray briefly showing interface
  • Translated some field names in advanced templates to Chinese
  • Fixed crashes caused by incorrect expert policy settings
  • Fixed process path selection becoming process name
  • Optimized self-protection conflict with Kaspersky
  • Optimized some user experience issues

2.5.3.0

• Added file hardening and registry hardening options to security hardening

  • Support for MBR protection

• Fixed duplicate RuleId issue when importing initialization rules

• Removed sensitive information from logs

2.5.2.0

• Optimized dialog

  • Text adjustment: changed "Trust" to "Allow"
  • Added display of command line parameters for process launches

• Optimized priority matching process

• Optimized default rules

  • Added usage instructions to document protection

• Optimized tray usage

2.5.1.0

• Adjusted dialog timeout (from 20 seconds to 30 seconds)

• Added "Terminate current process" option to dialog more actions, options include:

  • Terminate current process
  • Trust process
  • Trust target
  • Block process
  • Block target

• Updated iMonitorSDK to version 2.5.0

2.5.0.0

Major version, update recommended

• Added basic protection capabilities

  • Smart Protection: Uses intelligent analysis and identification of malicious software behavior to provide real-time protection, ensuring system protection from malicious software
  • System Optimization: Blocks unnecessary software and network behavior, improves system speed and stability, provides better user experience
  • Security Hardening: Blocks vulnerable system components and common intrusion paths, enhances system security, prevents malicious software attacks
  • Vulnerability Defense: Develops specialized defense rules based on known vulnerability intrusion methods, protects system from hacker attacks and malicious software intrusions

• Templates support automatic online updates

• Added right-click menu to rule records

• Added paste support to path parameters (for quick entry of multiple data)

• Added multi-select delete to path parameters

• Added process command line information to dialogs (helps view script files for script processes)

• Added rule filtering

• Optimized some interface user experiences

• Fixed various issues

2.4.1.0

Mainly bug fixes, update recommended

• Fixed rule list "Response Action" dropdown not auto-adjusting width to cover enable button
• Fixed rule market update notification preventing normal startup in extreme cases
• Added file-less attack default rule

2.4.0.0

• Added more response action support (Block, Dialog, Record)
  • Added interception dialog interaction support
  • Added dialog trust list
• Added network port firewall support
  • Can block EternalBlue vulnerability, etc.
• Added import default rules, rule import, rule export functionality
• Optimized rule list interface
  • Support for directly toggling enable/disable with Switch
  • Support for response action dropdown selection
  • Support for multi-select, delete key deletion
• Rule editing interface supports adding rule descriptions
• Added default startup to tray (dialog requires tray process support)
• Added response action column to interception records (helps identify record mode)
• Added red dot notification for rule market updates
• Optimized some interface user experiences
• Fixed various issues

2.3.0.0

• Added IPv6, ICMP interception support
• Added domain name support to network interception rules
• Added internet behavior management (HTTP interception) support
• Added HTTP request custom response result support
• Added rule sharing support
• Added rule market support, can directly download rules shared by others
• Added self-protection functionality
• Added parental control (password protection) functionality
• Optimized some interface user experiences
• Fixed various issues

2.2.0.0

• Added trust mode to response events
• Added default parameter support to rule templates
• Process path parameters support quick acquisition from process list
• Added more rule templates
  • Block driver loading
  • Block dynamic library loading
  • Block process opening
  • Block process file modification
  • Block process registry reading
  • Block process registry key modification
  • Block process registry value modification
  • Registry protection

2.1.0.0

• Added monitoring quick switches
• Added option to enable read-only file monitoring
• Added privacy protection rule templates

2.0.1.0

• Added multi-language support
• Fixed some minor interface issues

2.0.0.0

• Restructured rule engine implementation for more efficient, simple, and easily extensible use
• Added template + parameter based rule editing mode
• Added common built-in templates
• Added online template upgrades
• Added driver signing