Advanced Process Identification (The Baseline Engine)

Process Sentinel is fundamentally a "behavioral diffing" engine. It records a clean-boot state and specifically targets anything that runs afterwards.

Cryptographic "Baseline" Snapshots:

Press "Record Baseline" on a perfectly clean PC. From that point on, Sentinel remembers what is supposed to exist natively.

The Contextual Classification System:

Processes are no longer just a list of names. Sentinel dynamically labels every active task:

  • ● NEW — A process that spawned after your clean baseline. (High Suspicion).
  • ◆ ORPHAN — A "zombie" process whose parent was forcefully destroyed, leaving it wandering memory alone.
  • ○ CHILD — A legitimate sub-process spawned explicitly by an approved baseline application.
  • ■ SYSTEM — Critical OS infrastructure locked behind Access Denied tags.
  • ✓ BASELINE — Verified applications operating exactly as expected.

Priority Visual Sorting:

The internal UI data grid explicitly bubbles anomalous processes (NEW, ORPHAN, OUTLIER) to the top of the GUI, forcing threats to be immediately acknowledged over ordinary OS noise.