Voidwatch Beta Docs
Getting started guide and reference for the Voidwatch Beta client and admin dashboard.
Overview
Voidwatch is a lightweight Windows endpoint monitoring system. It collects process and network telemetry from the host machine, sends it to the Voidwatch backend, and provides a risk-ranked view of all running process activity through the admin dashboard.
The system uses a combination of rule-based detection and a machine learning classifier to assign behavioral risk scores (0–100%) to every observed process. High-scoring processes are surfaced as alerts for admin review.
System Requirements
- OSWindows 10 or Windows 11 (64-bit)
- RAM4 GB minimum (8 GB recommended)
- Storage100 MB free disk space
- NetworkOutbound HTTPS access to api.voidwatch.eranoid.com
- LicenseValid Voidwatch Beta license key (provided on approval)
Installation
1. Download VoidwatchSetup.exe from the download page.
2. Run the installer. Accept the UAC prompt when asked.
3. The installer will place the Voidwatch agent (voidwatch_agent.exe) and dashboard on your machine.
4. A shortcut will be created on your Desktop and in the Start menu.
5. Voidwatch is configured to launch automatically on Windows startup via the registry run key.
To uninstall, use Add or Remove Programs in Windows Settings and search for Voidwatch.
First Launch
On first launch, you will see the Voidwatch activation screen. Paste your beta license key and click Activate License.
The dashboard will then connect to the server, wait for the agent to check in, and begin displaying telemetry. The startup loading screen shows progress through four stages:
- • Connecting to server
- • Waiting for agent
- • Collecting telemetry
- • Analysing threat intelligence
First telemetry usually appears within 60 seconds of launch.
Dashboard Overview
The dashboard has five main sections accessible from the top navigation:
Overview: alerts today, active alerts, average risk score, last check time, and the ML score distribution chart.
Full process list for the current telemetry batch with risk scores, parent process, network connections, and signature status.
Process activity mapped to MITRE ATT&CK tactics and techniques based on rule detections.
All high-risk alerts (ML score ≥ 80%) with timeline, process details, and feedback controls.
Data retention periods, license management, and database statistics.
Risk Scores
Every process is assigned a risk score from 0–100% based on two components:
Scores are computed by two independent layers:
- Rule engine — deterministic pattern matching against MITRE ATT&CK tactics (parent-child chains, path anomalies, unsigned executables, suspicious network destinations). Always explainable.
- ML classifier — a
HistGradientBoostingmodel trained on labeled Windows process telemetry from the OTRF Security Datasets. Calibrated with isotonic regression so the output is a true probability, not a raw model score. Current beta model: AUC-ROC 0.943 · Recall 90% · AUC-PR 0.859.
The two signals are combined and calibrated into the final 0–100% score displayed in the dashboard.
FAQ
No. Voidwatch only collects process metadata (name, path, parent, command line, network destinations, signature). It does not read files, capture screenshots, record keystrokes, or access any personal data.
False positives occur, especially in the beta phase. Common causes: processes with unusual parent-child chains, unsigned executables, or tools that behave similarly to known attack patterns. Use the "Mark as Benign" action in the Alerts tab to label it — this feedback improves future training.
The agent will retry the connection automatically. The dashboard will show "Server: Offline" in the status bar. Telemetry is not cached locally — missed intervals are not recovered.
During beta, updates are distributed via new installer releases. Download the latest setup from the download page and run it — it will replace the existing installation.
The free tier allows you to continue without activating. Detection quality is reduced on the free tier. Beta license keys are provided to approved applicants at no cost.