Advanced Windows Honeypot System

Enhanced intrusion and insider threat detection for your network

Download Free Trial

Why use KFSensor?

KFSensor detects unknown threats and improves security, whilst also providing a low maintenance and cost effective solution.

Honeypot technology

Honeypots have low false positives and easily complement other existing forms of security that may be in place.

Built for Windows

Designed for use in a Windows based corporate network, it is easy to both deploy and maintain.

Market leader

KFSensor is fully supported, and has been regularly improved during its 12-years of production use.

What KFSensor does

Monitors all traffic

KFSensor acts as a honeypot, designed to attract and detect hackers and worms by simulating vulnerable system services and trojans.

KFSensor is pre-configured to monitor all TCP and UDP ports, along with ICMP. It is also configured with the emulation of common services.

It starts monitoring right after its installation and can be easily customized to add additional customer services later on.

(Screenshot: Ports change color to indicate recent event)
(Screenshot: Telnet logon attempt decoded to make it human readable)

Interacts with an attacker

By responding with an emulation of a real service KFSensor is able to reveal the nature of an attack whilst maintaining total control and avoiding the risk of compromise.

As well as individual service attacks KFSensor detects and responds to port scans and denial of service DOS attacks and prevents itself from being overloaded.

By responding with the emulation of a real service, KFSensor is able to reveal the nature of an attack, whilst also maintaining total control of the incident and avoiding the risk of compromise.

As well as individual service attacks, KFSensor also detects and responds to port scans and denial of service (DOS) attacks; and prevents itself from being overloaded.


KFSensor can send real time alerts by email or via integration with a SEIM system.

The KFSensor administration console allows events to be filtered and examined in detail, allowing comprehensive analysis of any attack.

KFSensor also makes a full packet dump available for additional analysis, using tools such as Wireshark.

(Screenshot: Multiple probes searching for vulnerable http servers on different ports)
(Screenshot: Graph showing Netis router vulnerability attacks over time)

Statistical Analysis

The KFSensor Reports module provides a range of reports and graphs that can be used to analyse many different aspects of the attacks facing an organization.

The reports are particularly useful in highlighting patterns of attacks that are only identifiable over time.

All reports can be filtered on a time period, attack type and the location of the visitors, allowing for detailed study and analysis of a particular threat.

Want to discover more?

Feature list

honeypots for windows

What do people say about KFSensor?

It's the best Windows honeypot offering, full of features, and easy to set up.

What it does offer is tops in the industry.

Roger A. Grimes
Author, Honeypots for Windows. Apress

Ready to protect your network?

Download Free Trial