StofBot is a Windows security & diagnostics app. It scans your system and network, analyzes findings with AI, and offers clear, actionable recommendations.

Power users, IT admins and privacy-minded people who want quick visibility into processes, ports, firewall rules and suspicious behavior—without complex tooling.

• Windows 11 x64 (primary target)
• Windows 10 x64 (recent builds)
• Server variants work for most features, UI not fully tuned

• Admin rights for firewall & system actions
• Internet for updates and IP reputation
• ~150 MB free disk space

• Install the latest release
• Run System Scan → review findings
• Open AI analysis for prioritized actions
• Enable Real-time monitoring if you want live charts

The installer adds shortcuts and auto-update. The portable ZIP runs from any folder (no auto-update, useful for USB or sandboxing).

Compare the file’s SHA-256 with the value shown on the Download page using a tool like Get-FileHash in PowerShell.

Not to launch the app. Actions that modify firewall rules, services or protected registry keys will trigger UAC elevation.

The installer build supports in-app updates. Portable users manually download new ZIPs.

Use Windows “Apps & features” (installer) or delete the folder (portable). User logs are stored in your profile and can be deleted from Settings → Data.

Yes, but only one instance can hold admin privileges at the same time.

Supported. Online features (IP reputation, updates) are disabled until connectivity returns.

• Running processes & services (with signatures and parent chain)
• Listening ports & active connections
• Startup entries, scheduled tasks, drivers (selected)
• Firewall rules, profile state, and policy conflicts

Heuristics + reputation + policy mismatch. Findings are grouped into Info, Warning, and Critical based on risk and exploitability.

Yes — use Export to save JSON/Markdown summaries. Redact private fields before sharing.

StofBot reads Authenticode signatures when available and highlights unsigned binaries in sensitive paths.

Mark items as “Acknowledged” to hide them from future runs. You can reset acknowledgements in Settings.

Weekly is a good baseline—or after installing new software/network tools.

• Create/enable/disable rules
• Block or allow single IPs/subnets quickly
• Import/Export rule sets (JSON)
• Live view of newly hit rules/log entries

No—it manages Windows Defender Firewall more comfortably. All changes are stored in the native firewall configuration.

Rules can target Domain/Private/Public profiles. The most specific match wins; explicit block rules override allows.

Quick-block creates a time-limited rule. Duration is configurable in Settings → Firewall.

Enable enhanced logging to capture dropped packets and rule hits. This may increase disk usage.

Use Reset to revert to Windows firewall defaults. Your exported backups can be re-imported.

If another firewall is active, StofBot disables rule edits to avoid conflicts. You can force read-only mode in Settings.

It summarizes scan results, correlates indicators (process + port + reputation), and proposes a minimal set of steps to reduce risk.

No. You review and confirm actions. Automated mode can be enabled per action type.

Low-impact items are collapsed to reduce noise. Expand “More suggestions” to review everything.

Click the info icon to see source signals (e.g., unsigned binary, rare parent chain, bad IP reputation).

Yes—Settings → AI lets you choose Strict/Balanced/Relaxed and toggle rules like “unsigned in Windows folders”.

AI works offline with reduced context (no reputation). All inference is local; only reputation lookups call the network.

• CPU, RAM and GPU usage (where available)
• Network throughput per interface
• Top talkers / processes (interval snapshots)

Sampling interval defaults to 1s. In-memory retention is ~10 minutes; export longer traces to NDJSON/CSV.

Below 2–3% CPU in typical scenarios. Heavy charts can be disabled in Settings.

Follows system setting; override under Theme in the header.

Use the “broom” icon to clear retained data without stopping collection.

Resolve A/AAAA/CNAME/TXT records. Use Advanced to select a specific resolver.

Perform a PTR lookup for an IP; useful to sanity-check outbound peers.

ICMP echo with average/variance; packet count and size are configurable.

Hop-by-hop route with round-trip times; may be blocked by some networks.

Throughput check using nearby endpoints. Numbers vary with congestion and ISP shaping.

High-level registration info for a domain or IP block, where available.

To flag risky peers (spam/botnet/abuse lists). Reputation is one signal; context still matters.

No. StofBot queries single IPs on demand (or top offenders) and caches results locally.

Entries older than 24–48h are faded and suggested for refresh.

Add additional providers via Settings → Reputation (JSON endpoint with score schema).

Disabled by default. If you accept analytics in the cookie banner, only pseudonymous usage stats are collected.

In your user profile under AppData. Export location is always your choice.

No. StofBot inspects system metadata (processes, ports, rules), not your documents.

Use Settings → Data → Clear to remove local caches, logs and acknowledgements.

Update server + reputation APIs you enable. Nothing else.

Everything except reputation/updates works offline. Caches sync when you reconnect.

Per-user JSON in %APPDATA%/StofBot/settings.json.

Export/Import from Settings → General.

Set Action safety to “Confirm every time” or disable categories entirely.

Toggle components (drivers/startup/tasks) under Scan options.

Use system proxy or specify HTTP(S) proxy in Settings → Network.

• Ctrl+F Search
• Ctrl+E Export
• Ctrl+L Toggle logs

Enable Theme → High contrast for better readability.

Respected automatically via OS setting; can be forced in Settings → Accessibility.

Use Settings → Appearance to pick a mono or proportional UI font and sizes.

Run StofBot as Administrator; ensure your AV isn’t blocking process inspection.

Windows Defender Firewall service must be running. Restore defaults if it’s disabled by policy.

Check proxy settings and DNS. Some corporate networks block these APIs.

Close all StofBot windows and retry; portable builds don’t auto-update.

Lower sampling rate or turn off GPU charts on systems without recent drivers.

Confirm the UAC prompt. If it doesn’t appear, relaunch as Admin.

Binary was removed or locked during scan. Rescan; check AV quarantine.

Disable heavy charts, reduce scan scope, and close other monitoring tools to avoid double-hooking.

Select the correct adapter; virtual adapters can mask traffic.

Toggle “Use software rendering” in Settings → Appearance as a workaround.

Yes—portable build includes stofbot.exe --scan --export report.json.

0=OK, 1=Warnings, 2=Critical findings, >2=runtime error.

Use Windows Task Scheduler with the CLI to export JSON to a folder.

stofbot.exe --firewall --import rules.json (requires Admin).

Point clients at a shared config via policy or CLI bootstrap URL.

Export NDJSON; ship with your preferred forwarder (e.g., Winlogbeat/Fluent Bit).

Enforce via policy so analysts can review but not modify.

All releases are Authenticode-signed; verify chain with your MDM/Applocker policy.

Personal use is free. Commercial use requires a license (see About → Licensing).

Open-source components and their licenses are listed in About → Notices.

Read the full text in the in-app modal or at /terms_of_service.md.

Explains what we collect (by default: nothing personal) and why.

Use the contact form on the homepage or open an issue with your exported report.

From the app footer → Feedback. Attach a short use-case.

Export with redaction enabled and review before sending.