Windows Configuration Analyzer is a forensics?grade Windows Operating System analyzer. It helps you inspect, understand, and retain evidence about system configuration, security posture, and behavioral signals without needing to script or manually traverse the registry, file system, or policy stores.
- Collects configuration and security data (permissions, policies, traces, rules evaluations) using safe read operations.
- Evaluates data against rules, baselines, and heuristics to highlight potential misconfigurations or anomalies.
- Compares current state to known baselines to spot drift.
- Surfaces Event Tracing for Windows (ETW) manifest information for deeper activity insight.
- Uses AI?assisted and rules?based analysis (where enabled) to summarize findings.
- Fast visibility into permissions and configuration hotspots.
- Read?only collection focus for safety (does not alter settings).
- Extensible probes and rules so functionality grows over time.
- Friendly UI built on WinUI 3 targeting .NET 9 for modern performance.
- Review folder/file access control lists before a security review.
- Capture a point?in?time snapshot of configuration for audit or incident response.
- Detect drift from a security baseline after updates or software installs.
- Investigate unusual behavior by correlating ETW event manifest data.
- Download the latest release package (zip or installer) from the Releases page.
- Unblock the zip (right?click > Properties > Unblock if present) and extract.
- Run the application executable from the
UserInterfacedistribution folder. - Choose a probe (e.g., Permissions) and enter a path like
C:\Windows. - Review results; open the Analysis / Rules view for evaluated insights.
- Home / Dashboard: Launch common probes and view recent results.
- Probes: Start targeted data collection tasks (ACLs, configuration sets, etc.).
- Analysis: View rule engine evaluations, heuristic flags, and baseline comparisons.
- Export / Share: Copy or save structured results for reporting.
- Primarily read?only: Operations are designed not to modify system state.
- No automatic remote transmission of collected data.
- You control exports; redact sensitive paths before sharing.
- Run as Administrator for protected folders or registry hives.
- Start with smaller scopes (specific folders) for quicker results.
- Re?run probes after changes to confirm remediation success.
- Windows 10 or 11 (recommended latest patch level).
- .NET 9 runtime (if a self?contained build is not provided).
- Sufficient privileges for protected resource inspection where required.
- Some deep system areas may require elevated permissions.
- AI analysis modules may be experimental and disabled by default.
- Open issues for bugs, enhancement requests, or usability feedback.
- Include steps, screenshots, and probe types when reporting problems.
Use results as guidance; always validate critical security decisions with additional tools or professional review.
End?user overview. Subject to change as the project evolves.