ProcFilter
ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments.
Free397
Free397
ProcFilter
ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments.
Data verified Jun 2026
ADYour product here. Reach security decision-makers.Launch a campaignProcFilter Description
ProcFilter is a process filtering system for Windows with built-in YARA integration. YARA rules can be instrumented with custom meta tags that tailor its response to rule matches. It runs as a Windows service and is integrated with Microsoft's ETW API, making results viewable in the Windows Event Log. Installation, activation, and removal can be done dynamically and does not require a reboot. ProcFilter's intended use is for malware analysts to be able to create YARA signatures that protect their Windows environments against a specific threat. It does not include a large signature set. Think lightweight, precise, and targeted rather than broad or all-encompassing. ProcFilter is also intended for use in controlled analysis environments where custom plugins can perform artifact-specific actions. Designed to be easy to adopt, ProcFilter's integration with Git and Event Log minimize the need for additional tools or infrastructure to deploy rules or gather results. ProcFilter is compatible with Windows 7+ and Windows Server 2008+ systems. Installers ProcFilter x86/x64 Release/Debug Installers Note: Unpatched Windows 7 systems require hotfix 3033929 to load the driver component.
ProcFilter FAQ
Common questions about ProcFilter including features, pricing, alternatives, and user reviews.
ProcFilter is ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments. It is a Security Operations solution designed to help security teams with Windows, YARA.
ProcFilter is a free Security Operations tool. This makes it accessible for organizations of all sizes, from startups to enterprises. Visit https://github.com/godaddy/procfilter/ for download and installation instructions.
Popular alternatives to ProcFilter include:
1.Yara Pattern Scanner - A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures. (Free)
2.Factual Rules Generator - An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations. (Free)
3.yara_rules - A collection of YARA rules for Windows, Linux, and Other threats. (Free)
4.Google Security Operations - Cloud-native SIEM, SOAR, and threat intel platform for SecOps teams (Commercial)
5.aDolus FACT - Malware Detection - FACT detects malware & ransomware in packages using AV scans & YARA rules. (Commercial)
Compare all ProcFilter alternatives at https://cybersectools.com/alternatives/procfilter
ProcFilter is for security teams and organizations that need Windows, YARA. It's particularly suitable for small to medium-sized teams looking for cost-effective solutions. Other Security Operations tools can be found at https://cybersectools.com/categories/security-operations
Have more questions? Browse our categories or search for specific tools.
