AI-Powered Endpoint Security

Find compromise
before attackers do

CompromiseLens scans Windows endpoints for indicators of compromise, malware, and misconfigurations — delivering actionable findings in minutes.

Start Free Scan → See how it works
compromiselens.exe — scan output
[09:14:02] STARTING CompromiseLens v2.1 — 9 modules loaded
[09:14:03] Scanning: WORKSTATION-04 (192.168.1.44)
[09:14:06] PASS MOD-01 Startup entries — 12 checked, 0 suspicious
[09:14:09] WARN MOD-04 Scheduled tasks — suspicious task detected
[09:14:11] CRIT MOD-07 Network connections — C2 beacon pattern
[09:14:14] CRIT MOD-09 AV scan — trojan.genericKD found in %TEMP%
[09:14:15] REPORT 15 findings — Risk Score: 87/100 CRITICAL
[09:14:15] UPLOAD Findings posted → api.compromiselens.com ✓
14+
Scan Modules
<5m
Scan Time
MITRE
ATT&CK Mapped
100%
Offline Capable
SIEM
Built-in
Capabilities

Everything you need to
detect endpoint compromise

Nine specialised detection modules work in parallel to surface threats that antivirus misses.

🔍

Startup & Persistence

Scans registry run keys, startup folders, services, and scheduled tasks for unauthorised persistence mechanisms used by malware and APTs.

MOD-01 / MOD-02 / MOD-03
🌐

Network Anomaly Detection

Analyses active connections and listening ports for C2 beacon patterns, unusual outbound traffic, and suspicious process-to-network mappings.

MOD-07
🛡️

AV & Malware Scanning

Runs a deep antivirus scan against all running processes, temp directories, and user folders — surfacing trojans, ransomware, and PUPs.

MOD-09
👤

Account & Privilege Audit

Detects unauthorised admin accounts, disabled security tools, weak configurations, and privilege escalation artifacts.

MOD-05 / MOD-06
📋

MITRE ATT&CK Mapping

Every finding is mapped to a MITRE ATT&CK technique and tactic — giving your SOC team immediate context for triage and response.

Full TTP Coverage
☁️

Cloud Dashboard

All findings post to a centralised dashboard in real-time. Track risk scores, remediation status, and recurring threats across your entire fleet.

dashboard.compromiselens.com
🛰️

SIEM — Real-Time Alerts

Ingest alerts from firewalls, switches, OT protocols (Modbus, DNP3, BACnet) and endpoints into one dashboard. AI triage, playbooks, and compliance mapping included.

NERC CIP · IEC 62443 · NIS2
🔐

AD / SSO Integration

Sign in with Microsoft Azure AD, Google Workspace, or Okta. Auto-enrol devices from Active Directory OUs and target scans by AD group.

Azure AD · Google · Okta
Process

Deploy in minutes.
Results in under five.

No agents to maintain. No complex configuration. Just run, scan, and remediate.

01

Download the agent

Get CompromiseLens.exe from your dashboard. A single portable executable — no installation required.

02

Run on any Windows endpoint

Execute with your licence key. Works offline, on air-gapped networks, and in restricted environments.

03

Nine modules scan in parallel

Startup items, scheduled tasks, network connections, user accounts, AV scan, and more — all checked simultaneously.

04

Findings post to your dashboard

Results are uploaded automatically with severity scores, MITRE mappings, and remediation guidance.

scan_modules.json — active
MOD-01 startup_entriesPASS
MOD-02 scheduled_tasks2 WARN
MOD-03 services_auditPASS
MOD-04 registry_scanPASS
MOD-05 user_accounts1 WARN
MOD-06 security_configPASS
MOD-07 network_connsCRIT
MOD-08 process_auditPASS
MOD-09 av_scanCRIT
Pricing

Simple, transparent pricing

Start free. Scale as you grow. No hidden fees.

Monthly
Annual Save 20%
Personal & Home
Personal
$4.99/mo
For individuals and home users
  • 1 endpoint
  • 11 detection modules
  • LotL & DNS tunnelling detection
  • Cloud dashboard
  • Plain English findings
  • 7-day free trial
Get started
Family
$9.99/mo
For households and home offices
  • Up to 5 endpoints
  • 11 detection modules
  • LotL & DNS tunnelling detection
  • Cloud dashboard
  • AutoFix remediation
  • 7-day free trial
Get started
Business
Small Business
$99/mo
For small teams and SMBs
  • Up to 25 endpoints
  • All 11 detection modules
  • Fleet management dashboard
  • Remote scan & AutoFix
  • MITRE ATT&CK mapping
  • Email alerts
  • 14-day free trial
Get started
Most Popular
Business
$299/mo
For growing organisations
  • Up to 50 endpoints
  • All 11 detection modules
  • Fleet management dashboard
  • Remote scan & AutoFix
  • MITRE ATT&CK mapping
  • Priority support
  • API access
  • 14-day free trial
Get started
Enterprise & Specialist
Enterprise
Custom pricing
For large organisations — pricing based on endpoint count
  • 200+ endpoints
  • All 11 detection modules
  • Fleet management dashboard
  • Remote scan & AutoFix
  • MITRE ATT&CK mapping
  • Dedicated account manager
  • Custom SLA guarantee
  • 14-day free trial
Contact us
MSP Partner
Contact us
For managed service providers
  • Unlimited client organisations
  • Multi-tenant management
  • White-label reports
  • Per-client dashboards
  • All 11 detection modules
  • API access & webhooks
  • Volume discounts
  • Dedicated account manager
Contact us
Critical Infrastructure
Custom pricing
Power, water, utilities, oil & gas, banking, government, defence, healthcare
  • OT/ICS environment support
  • Air-gapped deployment option
  • NERC CIP & IEC 62443 alignment
  • Custom endpoint limits
  • On-premise option available
  • Dedicated security team
  • Custom SLA & compliance reports
  • 24/7 incident response support
Contact us

All self-serve plans include a free trial. No credit card required. Cancel anytime.
Questions? Talk to our team →

FAQ

Common questions

No. CompromiseLens.exe is a single portable executable. Copy it to any Windows machine and run it — no installation, no admin rights required for most modules.
Yes. All nine scan modules run fully offline. Findings are cached locally and uploaded when connectivity is available, or can be exported manually as a JSON report.
Currently Windows 10 and Windows 11 (both 32-bit and 64-bit). Windows Server support is on the roadmap. macOS and Linux are planned for a future release.
Scan findings are transmitted over HTTPS to our secure API and stored in isolated tenant databases. No raw file contents or personal data are collected — only metadata about suspicious artefacts. Data is retained for the period of your plan.
AutoFix is an add-on module that automatically remediates certain finding types — quarantining files, disabling suspicious scheduled tasks, and reverting malicious registry changes — after your approval via the dashboard.
Yes. Our MSP plan supports unlimited endpoints and includes multi-tenant management, white-label reporting, and API access so you can integrate findings into your existing toolchain. Contact us for volume pricing.
Get started today

Your endpoints are either
clean or compromised.
Find out now.

First scan takes less than 5 minutes. No credit card required for the free tier.

Start Free → Talk to us