Pholus. An incident response tool for protection against malware

What is Pholus?

Pholus is a program that attempts to build a strong defence wall against malware. Its original purpose was to defend against cryptolocker, by blocking the public (encryption) key delivery from the keyserver.

Is Pholus an antivirus?

Pholus is *not* an antivirus. Aligned with the logic of incident responce, Pholus focuses on detecting suspicious network connections to potential C2 endpoints. Since such activity is performed after the malware infection, Pholus attempts to block further communication and prohibit the malware of completing its intended attack.

How does Pholus protect me?

Pholus is a program which protects your system by performing the three following functions:

  1. Protection via Blacklists.
  2. Analysis of the IPs for each executable program via and

Does Pholus interfere with other antivirus programs on my system?

No. Pholus is as an independent program which does not interfere with other software and antiviruses. Pholus is not an antivirus. Pholus is an incident response type of tool.

Pholus Installation and Usage

You can download the Pholus setup file here. When installation is completed an icon is appeared at the taskbar. By right-clicking on the icon you can navigate to the Pholus software. By choosing System Analysis choice you can get the analysis of your system.

For any questions please contact at

Source Files

Pholus python source files

Copyright © 2019 Information Security and Incident Response Research Unit. All Rights Reserved.
No computers were harmed in the 0.430 seconds it took to produce this page.

Designed/Developed by Lloyd Armbrust & hot, fresh, coffee.