Messageware Z-Day Guard for Microsoft Servers

Messageware Z-Day offers next generation threat hunting. Protect Microsoft Windows Servers, Exchange Servers, and Azure Servers against zero day attacks. Z-Day detects changes to the environment that indicate the dropping of Command and Control (C&C) web shells. C&C web shells commonly reach out to the internet, enabling remote access to your network.

Z-Day is a server protection solution focused on detection, alerting, and response (MDR/MDAR) to zero-day attacks and server penetrations. Messageware Z-Day actively protects servers using embedded monitoring technology that cannot be turned off by malicious software.


  • Microsoft Exchange Servers 2019 2016 2013
  • Windows Servers and VMs
  • Azure Servers and VMs

File Integrity Monitoring (FIM)

Z-Day understands the server’s file system and establishes a trusted baseline of the system. When files on the server are unexpectedly changed, added, or removed, Z-Day detects the threats, unlocking a new level of threat hunting.

Virtual Directory (vDir) Integrity Monitoring

Microsoft Servers use virtual directories (vDirs) in Windows IIS to allow access to web applications like Outlook, ActiveSync, and Autodiscover, and to provide service communications between servers.

Z-Day understands vDirs and establishes a trusted state, which forms the basis of monitoring for deviations from the baseline.

Time to React

Security analysts suggest compromised servers are leveraged in under 90 minutes. Z-Day catches changes to your server baseline instantly, and sends you alerts to respond long before this threat window closes.

Maintenance Mode

Z-Day understands your team’s need to update server environments with regular security updates (SUs) and cumulative updates (CUs) published by Microsoft.
Z-Day can be put in maintenance mode enabling fast updating of your servers and quickly re-establishing trusted baselines.

Notifications and Daily Digests

No SIEM? Set up near-real time notifications of threat data and enable daily health summary reports to stay up-to-date with your server status.

SecOps SIEM? Z-Day pushes threat data directly to SIEMs.  Easily add additional near-real time notifications of threat data and enable daily health summary reports to easily inform non-SIEM teams of the health of Windows Servers.

Detailed Threat Data and Visualizations

Easily identify hot spots and trends by displaying historical threat data in bubble chart.

Expand directly into detailed incidents using a tree-view to see system changes over time.

SYSLOG and SIEM Server Integration

Z-Day pushes threat data to existing SYSLOG and SIEM Servers in the network, providing new visibility to and rapid response from the corporate security team.

Z-Day sends standardized RFC 3164 and RFC 5424 data messages enabling the existing solutions to be easily setup with display and threat action rules. Operating as an endpoint, there is no need to implement additional systems or manual processes (eg. Splunk, QRadar, Solarwinds, …).

Certified PPL ELAM Mode

PPL (Protected Process Light) and ELAM (Early Launch Antimalware) technology work together ensuring that Windows Server only loads trusted services and processes. This is done first, before other software and drivers are initialized.

Messageware Z-Day is a certified PPL ELAM driver, ensuring that it is monitoring your system from startup to shutdown.

Video Demo

Detecting Exchange Server Zero Day Attacks