Monitors and keeps track of executable files dropped onto the PC.


Excubits MZWriteScannerMonitor and keep track of Windows executable files (MZ files) which are dropped onto the hard disk. MZWriteScanner is a forensic analysis driver that detects when executable files (containing a MZ header) are written to your hard disk. MZWriteScanner literally turns any Windows PC into an active attack detection probe. Automatically analyze MZWriteScanner's log file periodically to detect possible attacks. Take advantage to defend attacks at an early stage and protect your IT systems. We implemented no black-box design, you can fully peek into the logs and process them as you want and regarding your needs.

Installation and configuration

MZWriteScanner can be installed in seconds because it only installs a tiny and fast kernel driver. No additional software is running on the system that costs performance or bothers users with questions, balloon or pesky message boxes.

Use Cases

MZWriteScanner fully runs in the kernel and analyzes your system in the background. There is no user interaction needed by design. This makes our system ideal for use in centrally managed environments, such as kiosk systems, company sites, Point-of-Sale (PoS) systems, libraries, schools, or universities.


  • Runs entirely in the kernel.
  • Catches almost all executable images written to your hdd.
  • Use as an early warning system.
  • Use to build proactive forensic IT probes, to investigate incidents timely.
  • Extremely efficient driver using an extremely small binary footprint.
  • No annual fees.
  • Fully offline capable, no signature updates required.
  • Can easily be packed and deployed as an MSI package.
  • Works with all popular versions of Microsoft Windows, incl. Windows Server.
  • Made in Germany.
  • No Ads and no Spyware.
  • Use instantly without pesky registration.
  • No information or forensics back channel to Excubits.

License Pricing

A license for MZWriteScanner costs only 12.00EUR (final price acc. § 19, Abs. 1 UStG). To display the purchase button, please read the Terms of Service and accept them by clicking on the check-box below:

I have read and agree with the Terms of Service and want to buy a license.

System requirements

Windows Vista, 7, 8, 8.1 and 10 in its 32-bit and 64-bit versions.

Download MZWriteScanner

Binaries last updated on 2020/06/28

Download the free demo version today and secure up your computers. To display and start the download, please read and accept our Terms of Service below. Major AV products constantly mark our software as malware. Our software is 100% clean, these are false-positives. Major AV companies do not answer our requests, nor do the remove the marking. So we decided to put our demos into encrypted 7z files. The password is: excubits

I have read and agree with the Terms of Service.