v2.1 BETA

SystemGuardian Service v2.1.0-beta

Overview

An enhanced Windows service designed to maintain system stability through proactive monitoring, automated recovery, and component isolation. The service now features a self-contained architecture with embedded configurations and automated recovery point management.

Core Improvements from v2.0.0

Dependency and Logging

• Resolves issue for Incorrect Functions
• Resolves python logging dependency issue.
• Updated logging functions

The service now operates as a more robust, self-contained system with improved reliability and reduced external dependencies. It maintains all the core functionality of the previous version while adding enhanced recovery capabilities and automated management features.

Please do note that the production of the service is within a Windows 11 Home - Insider Preview build (22H2), system configuration my differ slightly, and might impact the service performance significantly.

v2 Release

SystemGuardian Service v2.0.0

Overview

An enhanced Windows service designed to maintain system stability through proactive monitoring, automated recovery, and component isolation. The service now features a self-contained architecture with embedded configurations and automated recovery point management.

Core Improvements from v1.1.0-beta.1

Architectural Changes

• Eliminated external configuration dependencies in favor of embedded configuration
• Introduced SQLite database for persistent state management
• Implemented thread pooling for better resource management
• Added structured logging with rotation
• Enhanced WMI-based event monitoring

Data Management

• SQLite database integration for components, recovery points, and events
• Automated cleanup of old recovery points and backups
• Structured data models using dataclasses
• Thread-safe component state management

Recovery System

• Automatic recovery point creation during critical events
• Registry backup and restoration capabilities
• Component isolation with backup creation
• Configurable retention policies for recovery points

Monitoring Capabilities

• Real-time WMI event monitoring
• Enhanced component verification with hash checking
• Dependency tracking and validation
• Resource-aware event queue management

Technical Specifications

System Requirements

• Windows 10/11 or Windows Server 2016+
• Python 3.7+ with win32 extensions
• SYSTEM privileges for service operation

Directory Structure

C:/ProgramData/SystemGuardian/
├── logs/           # Rotating log files
├── backups/        # Component and registry backups
├── recovery_points/# System recovery points
├── quarantine/     # Isolated components
└── guardian.db     # SQLite database

Key Components

Configuration Management

• Embedded configuration class with environment-specific settings
• Configurable monitoring intervals and retention policies
• Predefined critical registry paths monitoring
• Resource limits for queues and threads

Database Schema

• Components table: Tracks system components and their states
• Recovery points table: Stores system restore points
• Events table: Logs system events and responses

Recovery Management

• Automatic recovery point creation on service start/stop
• Critical event-triggered recovery points
• Configurable retention with automatic cleanup
• Registry state preservation

Event Processing

• Thread-pooled event handling
• Prioritized event queue management
• Severity-based response triggering
• Component isolation capabilities

Security Features

• Thread-safe component operations
• Secure registry backup and restoration
• Component hash verification
• Audit logging for all critical operations

Monitoring Capabilities

• Real-time WMI event subscription
• Component integrity verification
• Dependency chain validation
• Resource usage monitoring

Operational Features

Automated Tasks

• Log rotation with 5-backup retention
• Recovery point management (max 5 points)
• 7-day backup retention policy
• Component state verification

Recovery Process

1. Event detection through WMI
2. Severity assessment
3. Automatic recovery point creation for critical events
4. Component isolation with backup
5. User notification via Windows Toast

Error Handling

• Comprehensive exception handling
• Structured logging of errors
• Automatic service recovery
• Component state preservation

Integration Points

• Windows Service Control Manager
• Windows Management Instrumentation (WMI)
• Windows Registry
• Windows Event Log
• Toast Notifications

Best Practices

• Regular monitoring of log files
• Periodic verification of recovery points
• Review of quarantined components
• Monitoring of database size and performance

Limitations

• Maximum of 1000 queued events
• 4 concurrent processing threads
• 5 recovery points retention
• 7-day backup retention

The service now operates as a more robust, self-contained system with improved reliability and reduced external dependencies. It maintains all the core functionality of the previous version while adding enhanced recovery capabilities and automated management features.

Please do note that the production of the service is within a Windows 11 Home - Insider Preview build (22H2), system configuration my differ slightly, and might impact the service performance significantly.

Production Ready

SystemGuardian Production Service Overview

Purpose:
A robust Windows service that proactively prevents system crashes (BSOD/GSOD) by automatically isolating failing drivers, services, and DCOM components through real-time event log analysis and registry health monitoring.

Key Features:

1. Preventive Monitoring

   • Real-time Windows Event Log analysis (System/Application)
   • Registry integrity checks for services/drivers
   • Resource throttling for runaway processes

2. Automated Remediation

   • 3-stage warning recovery (restart > repair > isolate)
   • Dependency-aware cascading failure prevention
   • Driver quarantining with backup restoration

3. Production-Ready Architecture

   • JSON-configured event patterns & dependencies
   • SYSTEM privilege operation with safe privilege escalation
   • Encrypted registry backups & audit logging

Target Environment:

• Critical Windows servers (2016+/2022)
• High-availability workstations (Win10/11 Enterprise)
• Systems requiring >99.9% uptime

Security:

• Automatic ownership reclamation for critical registry keys
• Hardware-enforced virtualization checks
• Audit trail for all isolation actions

Compliance:

• Adheres to Windows Security Baseline standards
• Compatible with common EDR solutions
• Logs format-compatible with SIEM systems

Deployment:

1. Configure JSON files for environment-specific patterns
2. Install via MSI/WinGet with automatic dependency resolution
3. Monitor via integrated WMI performance counters

Maintenance:

• Daily log rotation (7-day retention)
• Weekly dependency map auto-updates
• Monthly quarantine folder audits

Compatibility:

• Windows 10/11 22H2+
• Windows Server 2016/2019/2022
• ARM64/x64 architectures

This service is designed for enterprise environments requiring automated stability enforcement without manual intervention.

Please do note that this service is created within a Windows 11 Home - Insider Preview build (22H2), system configuration my differ slightly, and might impact the service performance significantly.

Service Halt

Please don't use any release and attempt on installing, currently the production is in issue.

Production preview

Added installation media (batch) and extra notes.

Basic initial release

Initial release with non-optimized path/components.