Real-time Threat Detection
Dio means God in Latin — DioIPS is the God-level IPS for Windows, monitoring everything from kernel callbacks to hypervisor-level syscalls.
Built with Rust and Dioxus for maximum performance.
Multi-Layer Protection
From kernel callbacks to hypervisor hooks, DioIPS provides comprehensive monitoring across all Windows security layers.
- •Process/thread creation and exit monitoring
- •Registry key and value filtering
- •File system minifilter (PE write detection)
- •WFP network filtering (TCP/UDP/DNS/ICMP)
- •Image load and injection detection
- •USB device plug/unplug events
- •Raw Ethernet frame parsing
- •IP/TCP/UDP/ICMP/ARP protocol analysis
- •ARP spoofing detection with IP→MAC table
- •Flow deduplication (1024-bucket hash)
- •Inbound/outbound traffic monitoring
- •Events pushed to main driver via IOCTL
- •Intel VT-x/EPT transparent hooking
- •NtWriteVirtualMemory cross-process detection
- •Syscall-level injection monitoring
- •Events pushed to main driver ring buffer
- •Bare metal only (no nested virtualization)
- •Wildcard pattern matching (*/?)
- •Actions: Log, Alert, Block, Kill
- •Match: process, path, IP, port, DNS, protocol
- •Real-time rule sync to kernel driver
- •Default autorun protection rules
12-Tab Dashboard
Dashboard
Real-time event counts, module status, driver health
Network
TCP/UDP/DNS/ICMP events with NDIS packet inspection
Process
Process creation/exit, thread events, command lines
Injection
Remote thread detection, suspicious handle events
Hypervisor
NtWriteVirtualMemory cross-process write events
Alerts
Events matching IPS rules with action taken
Test Signing Required
DioIPS requires test signing mode to load the kernel drivers. Run bcdedit /set testsigning on and reboot.
- Administrator privileges required
- NDIS driver signing uses clock trick for expired cert
- Hypervisor features require Hyper-V to be disabled
Ready to protect your system? Check out the documentation to get started.
Read the Docs