Getting Started
Welcome to DioIPS, a Windows Intrusion Prevention System with kernel-mode monitoring, NDIS packet inspection, and hypervisor-level detection.
System Requirements
Required
- • Windows 10 x64 (tested & working)
- • Administrator privileges
- • Test signing mode enabled
Optional
- • Intel VT-x (for hypervisor)
- • Hyper-V disabled (for hypervisor)
Test Signing Required
DioIPS uses kernel drivers that require test signing mode. Run bcdedit /set testsigning on as Administrator and reboot before first use.
First Launch
- 1Run
dioips.exeas Administrator - 2The kernel driver loads automatically
- 3Check the Dashboard for driver status
- 4Events start appearing in the tabs immediately
Interface Overview
DioIPS features a 12-tab interface for monitoring different event types:
Dashboard
Status & overview
Process
Create/exit events
Network
TCP/UDP/DNS
Registry
Key/value ops
File
PE detection
Injection
Remote threads
See Event Tabs for the full list.
Quick Actions
- • Filter events — Use the filter bar at the top of each tab
- • View details — Click any event row for full information
- • Create rule — Right-click an event to create an IPS rule
- • Export — Export current view to CSV
- • Pause — Pause event streaming for analysis
Creating Your First Rule
- 1Go to the Rules tab
- 2Click + New Rule
- 3Set match type (e.g., Process), pattern (e.g.,
powershell.exe), and action (e.g., Alert) - 4Click Save — rule is immediately active
See Creating Rules for more details.