WinSentinel runs 33 security audit modules against a Windows machine — real Windows APIs and registry reads, not screenshots from a blog post. Every finding maps to a concrete setting, service, or key you can inspect yourself. The full set runs on a single machine for free, with no license gate.
PS> winsentinel --score Scanning 33 modules… ✓ Firewall OK ✓ Encryption OK ✓ Network 1 critical ✓ Identity & Credential 2 warnings ✓ Event Logs OK … Security score: 78 / 100
Who can log in, who is an admin, and how credentials are protected.
Checks local user accounts, admin membership, password policies, and guest account status.
Audits local admin sprawl, stale accounts, password-never-expires flags, LAPS deployment status, and cached credential exposure.
Scans for stored credentials, exposed secrets, and credential storage misconfigurations.
Checks security-relevant Group Policy settings including account lockout, NTLM restrictions, audit policy, credential protection, SMB signing, and application whitelisting configuration.
Core OS posture: the settings attackers rely on you leaving at default.
Checks OS version, Secure Boot, BitLocker, UAC level, and RDP configuration.
Checks registry-based security policies including UAC, Remote Desktop, credential storage, LSASS protection, scripting hosts, and persistence mechanisms.
Checks Windows Defender status, real-time protection, and antivirus definition freshness.
Checks Windows Update status, pending updates, and last install date.
Checks Windows Firewall status, profile states, and rule analysis.
Your exposed attack surface: open ports, shares, and remote entry points.
Checks open ports, listening services, SMB/RDP exposure, IPv6, Wi-Fi security, network profile, LLMNR/NetBIOS, and ARP anomalies.
Checks DNS server configuration, DNS-over-HTTPS status, LLMNR/NetBIOS exposure, hosts file integrity, and cache settings.
Checks SMB protocol versions, signing enforcement, share permissions, null session access, encryption status, and hidden share exposure.
Checks RDP configuration, SSH exposure, third-party remote tools, WinRM, Remote Registry, and remote assistance settings for security risks.
Checks saved WiFi profiles for weak encryption, auto-connect risks, password exposure, MAC randomization, and network privacy settings.
Checks Bluetooth radio state, discoverability, paired device trust, exposed services, authentication settings, and legacy pairing risks.
What is running, what loaded it, and whether any of it is suspicious.
Checks running processes for unsigned executables, suspicious locations, and known risks.
Analyzes parent-child process relationships to detect suspicious execution chains, LOLBin abuse, and living-off-the-land techniques.
Checks Windows services for unquoted paths, excessive privileges, suspicious binaries, disabled security services, and configuration risks.
Checks scheduled tasks for suspicious executables, elevated privileges, persistence mechanisms, encoded commands, and missing binaries.
Checks startup items, scheduled tasks, and registry run keys for persistence mechanisms.
Scans installed programs for unsigned executables, outdated software, suspicious install locations, and potentially unwanted programs.
Detects outdated, end-of-life, and insecure software by scanning installed programs against known-safe minimum versions, flagging EOL products, suspicious installs, and duplicate x86/x64 installations.
Checks installed browsers (Chrome, Edge, Firefox), versions, extensions, saved passwords, auto-update, Safe Browsing, SmartScreen, and security settings.
Checks loaded drivers for unsigned binaries, known vulnerable driver hashes (BYOVD), suspicious load paths, revoked certificates, and driver age risks.
Checks PowerShell execution policy, logging configuration, language mode, AMSI status, and remoting exposure.
Encryption at rest, certificate hygiene, backups, and removable media.
Checks BitLocker status, TPM availability, EFS usage, certificate store health, TLS/SSL configuration, Credential Guard, and DPAPI protection.
Checks Windows certificate stores for expired, weak, or untrusted certificates.
Checks Volume Shadow Copy, System Restore, File History, backup recency, and ransomware resilience posture.
Checks USB device history, autorun/autoplay settings, BitLocker-to-Go coverage, and USB write-protect policies for removable storage.
Checks telemetry level, location tracking, advertising ID, diagnostic data, clipboard sync, and activity history.
Evidence of compromise and the virtualization layers attackers hide in.
Analyzes Windows Event Logs for failed logins, account lockouts, privilege escalation, suspicious activity, audit policy gaps, service installations, and security events.
Checks Hyper-V, WSL, Windows Sandbox, Docker, and virtualization-based security features for misconfigurations and exposure risks.
Checks PATH hijacking risks, secrets in environment variables, proxy configuration, and dangerous PATHEXT/TEMP settings.
There is no “lite” tier. Every module on this page runs on your machine for free, forever — along with the real-time monitor, scheduled scans, one-click fixes, score history, and PDF/HTML/SARIF export. WinSentinel Pro does not add more checks; it takes these same agents and gives an organisation a control plane — run every module across a whole fleet from one place, with drift alerts, compliance rollups, and RBAC.
WinSentinel ships as a .NET global tool. Audit your machine in under a minute.