Joya Systems

Call Us: 1-877-DEV-KERNEL

Security & Malware

We understand the techniques the bad guys use.

Whether your product is based on white listing, black listing, active scan, or passive inspection we not only understand how to protect against malware, but also have the aptitude to efficiently and effectively inter-operate with the rest of the system and third party software.

Understanding security and how other components interact is key in building quality software. Let us handle the infrastructure and allow your team to focus on adding the core IP that separates you from competitors.

At the kernel level, effective security software relies on a set of well-defined interception points: file system minifilter callbacks for file content scanning, process and thread notification routines for process protection and whitelisting, registry callback routines for registry monitoring and tamper prevention, and Windows Filtering Platform (WFP) callout drivers for network-level filtering and inspection. We have developed production-grade components across all of these areas and understand how to write them correctly, including handling re-entrancy, avoiding deadlocks with the kernel's own lock hierarchy, and ensuring compatibility with other security products installed on the same machine.

We also have specific experience with Early Launch Anti-Malware (ELAM) drivers, which load before all other third-party drivers during the Windows boot sequence and allow a security product to classify boot drivers as good, bad, or unknown before they are initialized. ELAM development requires satisfying strict Microsoft certification requirements and working within significant size and capability constraints. On the detection and response side, we have built components that feed telemetry into Endpoint Detection and Response (EDR) platforms, implementing the kernel-mode sensors that capture process creation, file write, and network connection events with the fidelity and performance that EDR pipelines demand. Contact us to discuss your security product requirements, or see our full services overview.

Frequently Asked Questions

Q: What types of security software can Joya Systems develop?
We develop kernel-mode security components including anti-malware file system filter drivers, process protection and whitelisting drivers, registry monitoring and tamper-prevention drivers, network filtering drivers using WFP, and ELAM (Early Launch Anti-Malware) drivers. We also build the kernel-mode sensor layer for EDR platforms.
Q: Do you develop anti-malware drivers for Windows?
Yes. We have developed anti-malware kernel components including real-time file scanning minifilters, boot-time ELAM drivers certified through the Microsoft anti-malware program, and behavior monitoring components that track process, file, and network activity. We understand the Windows Anti-Malware Scan Interface (AMSI) and how to integrate with it correctly.
Q: Can you help with endpoint detection and response (EDR) integration?
Yes. We build the kernel-mode telemetry components that power EDR platforms — process creation and termination callbacks, file system activity monitors, registry change notifications, and network connection sensors. These components are designed for high-throughput, low-latency event delivery with minimal impact on system performance. Get in touch to discuss your EDR architecture.

Technologies

Developer Tools

  • What our customers say about us?

    Read our customer testimonials to find out why our clients keep returning for their projects.

    View Testimonials