SafenSoft SysWatch Workstation is a Host-based Intrusion Prevention System (HIPS) designed to protect corporate workstations through proactive, behavior-based security without relying on regular signature updates. The product is built around the proprietary V.I.P.O.® application control technology, which operates across three protection layers: - D.I.C. (Dynamic Integrity Control): Monitors and controls the launch of all executable processes, blocking unauthorized process starts before any damage can occur. - D.S.E. (Dynamic Sandbox Execution): Runs potentially dangerous or unknown applications (e.g., browsers) in an isolated sandbox environment to prevent them from affecting other processes. - D.R.C. (Dynamic Resource Control): Governs application access to the file system, registry keys, external devices, and network resources. Key capabilities include application launch control (with whitelist-based restrictions using digital certificate signatures), DLL module control, registry resource control, and USB/CD/DVD/COM/LPT port access management. Administrators can define time-based rules for access policies and configure maintenance windows. Employee activity controls allow blocking or restricting application launches per user, file/folder access rules per application, and enforce data loss prevention policies. The product includes a centralized administration console for remote installation, configuration, policy management, and incident handling (approving or blocking new application launches remotely). It supports a local update server for distributing client component updates. A self-protection mechanism restricts unauthorized users from stopping, modifying, or removing the client agent. SysWatch Workstation is registered in the Russian software registry and targets businesses and government organizations.