Core Engine Upcoming Platforms Pricing Roadmap Join Waitlist →
Cortina Shield · Linux Agent Active · v1.0.0

Security you
understand.

Every antivirus on your system is a black box. You don't know what it scans, what it sends, or how it decides. Cortina Shield is different — 100% custom engine, transparent logic, nothing hidden.

// Local-first. Open engine. Reports to nobody but you.

Join Early Access See What's Built ↓
6
Core Modules Built
1
Platform Live (Linux)
2
Platforms Coming
₹0
To Start
Cortina Shield · Lexcore Enterprises · v1.0 SECURITY ENGINE — ACTIVE
PROTECTED — All 6 modules running
THREAT LEVEL
6
Modules
30
Files Watched
Live
Status
DEMO
[init] Shield engine starting...
[file] Integrity baseline loaded
[proc] Process guard active
[net] IP blocker ready
[log] Watching auth.log, syslog...
Linux · Custom Python Engine CS-v1.0.0-2026
01 · Core Engine
What's Built.
What's Running.
These 6 modules are fully written, tested, and running right now on Linux. No third-party engines — 100% custom Python from scratch.
Built & Active
🔍
File Integrity Monitor
SHA256 checksums on critical system files and sensitive paths. Detects any modification, deletion, or unexpected new file — in real time, every 60 seconds.
✓ Active
⚙️
Process Guard
Scans running processes against known malware signatures. Compares /proc entries with ps output to catch hidden processes — a rootkit technique. Flags unusual CPU spikes.
✓ Active
🦠
Rootkit Checker
Checks kernel modules against known rootkit names, detects LD_PRELOAD library hijacks, scans for unexpected SUID binaries, and compares /proc/net/tcp with ss output.
✓ Active
🌐
IP Auto-Blocker
Monitors /var/log/auth.log for SSH brute force. Auto-blocks attacker IPs via iptables after 5 failed attempts in 5 minutes. Manual block/unblock via dashboard.
✓ Active
📋
Log Analyzer
Reads auth.log, syslog, kern.log, ufw.log incrementally — only new lines since last check. Regex patterns for SSH attacks, sudo abuse, OOM kills, segfaults, USB events.
✓ Active
🗄️
Signature Scanner
Byte-pattern scanning of /tmp, /var/tmp, and Downloads. Detects reverse shells, crypto miners, base64 exec tricks, keyloggers, and SSH key theft patterns in file contents.
✓ Active
02 · Upcoming
What's Coming.
Honestly.
These features are planned and in development. We'll ship them in order — no fake timelines, no vaporware. When it's ready, it's ready.
In Development
🔒
Quarantine System
Isolate flagged files into an encrypted vault — prevent execution while preserving them for analysis. One-click restore or permanent delete from the dashboard.
⟳ Building
Scheduled Deep Scans
Full system scans on a user-defined schedule — weekly, daily, or on boot. Configurable scope, low-priority mode to avoid affecting system performance.
⟳ Building
💾
USB / Device Control
Auto-scan USB drives the moment they're mounted. Option to block unauthorized storage devices by default — whitelist specific devices by serial number.
⟳ Building
Planned
💰
Ransomware Behavior Detection
Behavioral analysis — mass file encryption events, shadow copy deletion, rapid extension changes. Not just signature-based; pattern-based behavior watch.
Planned
🔗
DNS-Level Web Protection
Block malicious domains at the DNS resolver level. Phishing, malware-distribution, and known C2 server domains blocked before any connection is made.
Planned
☁️
Cloud Signature Updates
Signature DB pulled from our cloud API — keeps your local scanner updated without manual effort. Community-reported patterns included for Pro and above.
Planned
03 · Platforms
Linux now.
Windows & Android next.
The core engine is written in Python — which means the same logic ports to every platform. We're not starting from scratch for each one.

Linux — Native & Production-Ready

Built for Linux first. Distributed as .deb package. Integrates natively with iptables, systemd, inotify, and /proc. No Wine, no emulation — pure Python on metal. Installs like any standard package.

📦
Package format: .deb (Ubuntu/Debian)✓ Ready
🔍
File integrity via SHA256✓ Built
⚙️
Process guard via /proc✓ Built
🌐
IP auto-blocker via iptables✓ Built
🖥
Web dashboard (port 9119)✓ Built
🔄
Cloud signature auto-updateComing — Phase 2
terminal — linux install
$ sudo dpkg -i cortina-shield_1.0.0_amd64.deb Installing Cortina Shield... Files installed: /usr/share/cortina-shield/ Service enabled: cortina-shield.service CLI registered: cortina-shield $ cortina-shield status cortina-shield.service — active (running) 6 modules loaded · Dashboard: localhost:9119 $ cortina-shield dashboard Opening browser...

Windows — Phase 3

The Python codebase will compile to a standalone Windows .exe via PyInstaller. One-click NSIS installer, Windows Task Scheduler for auto-start, and co-existence with Windows Defender (not a replacement — an addition).

📦
Installer: .exe (NSIS)Phase 3
🔧
PyInstaller build pipelinePhase 3
🛡
Defender co-existence (not conflict)Phase 3
Task Scheduler auto-startPhase 3
🖥
System tray appPhase 3
📁
NTFS file monitorPhase 3
planned — windows agent
C:\> cortina-shield-setup.exe Cortina Shield for Windows Installed to: C:\Program Files\Cortina Shield\ Task Scheduler: registered System tray: active Defender: co-existence mode on Dashboard: localhost:9119 Shield running. [ Phase 3 · in development ]

Android — Phase 4

Flutter-based app focused on what Android actually exposes — app permission monitoring, network traffic analysis, and SMS/call spam detection. We won't promise features Android's sandbox doesn't allow.

📱
Flutter Android appPhase 4
🔐
App permission monitorPhase 4
📡
Network traffic monitorPhase 4
💬
SMS/call spam detectionPhase 4
🛒
Google Play StorePhase 4
🔄
Auto-update via Play StorePhase 4
planned — android agent
Cortina Shield Android Framework: Flutter Permission monitor: active [FLAG] com.unknown.app requested CONTACTS + SMS + LOCATION → Review recommended Network monitor: active SMS scan: running [ Phase 4 · in development ]
04 · Pricing
Simple pricing.
Built for India.
Free to start. Paid plans unlock cloud features, multi-device, and upcoming platform support. Payments via Razorpay — coming when the backend is ready.
🇮🇳 INR
🇺🇸 USD
Free
₹0
forever
1 Linux PC
  • All 6 core modules
  • Real-time dashboard
  • File integrity monitor
  • IP auto-blocker
  • Community signature DB
Personal
₹499
per year
3 devices
  • All Free features
  • Quarantine system
  • Scheduled scans
  • Auto signature updates
  • Linux + Windows
MOST POPULAR
Pro
₹1,499
per year
5 devices
  • All Personal features
  • Cloud dashboard
  • USB device control
  • DNS web protection
  • Linux + Windows + Android
Business
₹4,999
per year
25 devices
  • All Pro features
  • Central device dashboard
  • Remote scan trigger
  • Threat reports
  • Team management
  • Priority support
Enterprise
Custom
contact us
Unlimited devices
  • All Business features
  • On-premise deployment
  • Private signature DB
  • SLA guarantee
  • Custom integrations
  • Compliance reports
Payments are not live yet. Joining the waitlist locks your early-access price. We will notify you when billing goes live.
05 · Roadmap
Where we are.
Where we're going.
Phase 1 is done. Everything else is honest about its status — building in public, no fake launch dates.
Phase 1 — Done
Linux Core
✓ Complete
6 custom security modules
.deb package
systemd service
Real-time web dashboard
UFW + fail2ban setup
Phase 2 — Building
Linux Polish + Cloud
In progress
Quarantine system
Scheduled scans
Cloud backend (auth + licenses)
Signature DB API
Razorpay payment
Phase 3 — Planned
Windows Agent
After Phase 2
PyInstaller .exe build
NSIS installer
Task Scheduler auto-start
System tray UI
Phase 4 — Planned
Android App
After Phase 3
Flutter app
Permission monitor
Network traffic monitor
Play Store publish
Phase 5 — Future
SaaS Launch
After Phase 4
Full billing live
Central device dashboard
Threat telemetry network
Affiliate program
06 · Architecture
Local agents.
Cloud backbone.
Lightweight Python agents on each device. One cloud backend for signature updates, license validation, and central dashboard. Agents work offline — cloud is optional.
lexcoreai.com/shield · Cloud Backend

☁ Cloud Backend — PHP + MySQL

Planned — Phase 2
User Auth License Keys Signature DB API Device Registration Threat Reports Central Dashboard
▼     ▼     ▼
🐧
Linux Agent
Python 3 · .deb package
systemd service
✓ Live
🪟
Windows Agent
PyInstaller .exe
NSIS installer
Phase 3
🤖
Android Agent
Flutter app
Play Store
Phase 4
07 · Threat Intelligence
50 million threats.
90 days to build it.
Cortina Shield does not rely on a single vendor's database. We are building a multi-source threat intelligence pipeline — free datasets, live feeds, and India-first telemetry. This is how every serious AV works at its core.
50M+
Malware Hashes
SHA256 fingerprints from VirusShare — importable in Week 1
60M+
Known-Good Hashes
NIST NSRL whitelist — eliminates false positives on day one
3.2M
Labeled Samples
EMBER2024 — NSA-collaboration dataset for ML training
<1ms
Lookup Speed
SHA256 indexed MySQL — same architecture as Quick Heal
How the database works
Cortina Shield does not store malware files. It stores only the SHA256 fingerprint of each known threat — a 64-character hash. When your agent scans a file, it computes the hash locally and looks it up in the database in under 1 millisecond. No file content ever leaves your device. 50 million hashes fit in approximately 3.5 GB — one cheap server, instant lookup. This is exactly how Quick Heal, Kaspersky, and every production AV works at their core.
Intelligence sources — 4 tiers
📦
Tier 1 — Research Datasets
FOUNDATION · FREE DOWNLOAD
EMBER2024
3.2M labeled files — PE, ELF, PDF, APK, macOS. NSA collaboration. Evasive malware challenge set included.
BODMAS
134K samples · 581 malware family labels. Tells users exactly what they have — not just "malware detected".
UNB / CIC Datasets
15+ specialized datasets — Android malware, IoT threats, memory forensics, evasive PDFs. Free download.
📡
Tier 2 — Live Feeds
REAL-TIME · FREE API
MalwareBazaar (abuse.ch)
Daily new malware samples with YARA rules and family tags. REST API. The most important live feed.
ThreatFox — C2 Intelligence
Daily C2 server IPs and malware IOCs. Feeds directly into Cortina Shield's iptables auto-blocker.
NSRL (NIST, US Govt)
60M+ known-good hashes. Whitelist layer — eliminates false positives on system files and popular software.
🗄
Tier 3 — Hash Databases
50M+ HASHES · PRODUCTION CORE
VirusShare
50M+ SHA256 malware hashes with family labels. Hash-only — ~3.5 GB total. Sub-millisecond lookup.
YARA Rules (GitHub community)
2,000+ pattern-matching rules maintained by the global security research community. Continuously updated.
Malpedia + Neo23x0 Signature Base
Malware family database with IOCs used by LOKI scanner. Adds named family detection.
🇮🇳
Tier 4 — India Telemetry
YOUR REAL MOAT · SELF-GROWING
When Cortina Shield users run scans, anonymous SHA256 hashes are sent to our cloud — no file content, no personal data. Every scan grows the database. India-specific threats that foreign AV vendors do not collect.
1,000 users~24K India threats / year
10,000 users~240K India threats / year
100,000 users~2.4M India threats / year
500,000 users~12M India threats / year
UPI fraud malware · Aadhaar phishing · regional banking trojans — no foreign AV collects this.
Build timeline
WEEK 1
Foundation
NSRL whitelist (60M) + VirusShare hashes (50M) imported. MalwareBazaar API live.
WEEK 2
ML Training
EMBER2024 + BODMAS imported. Family classification model trained. 581 malware families detectable.
PHASE 2
Cloud Backend
Hash lookup API live. Daily cron pulls from MalwareBazaar + ThreatFox. Telemetry endpoint active.
12 MONTHS
India Intel
10,000+ users contributing. 240K+ India-specific threats. No foreign AV can replicate this dataset.
08 · Early Access
Get notified
when it ships.
Leave your email. We'll reach out when the free download is ready, when paid plans go live, and when Windows/Android launches. No spam.

Early access members lock in the lowest price permanently.

Done!