🛡 VaultSentry

Backup Integrity Monitor for Windows

Built by Egyan | Red Parrot Accounting Ltd

VaultSentry is a backup integrity monitoring system designed to detect tampering, ransomware encryption, corruption, missing files, stale backups, and abnormal backup size drops.

The system automatically hashes every file in backup storage, stores a trusted baseline, and verifies the integrity of the entire backup set every night.

If anything suspicious occurs, VaultSentry immediately alerts administrators and includes the issue in a daily digest report.

---

🧰 Technology

Python 3 SQLite Database Tkinter Desktop GUI SMTP Email Alerts Windows Task Scheduler

---

✨ Features

Feature	Description
🔐 SHA-256 Integrity Hashing	Cryptographically strong file verification
🧠 Entropy Analysis	Detects ransomware encryption patterns
🛡 Tamper Detection	Identifies modified or corrupted files
🚨 Ransom Note Detection	Flags common ransomware note filenames
📉 Backup Size Monitoring	Alerts if total backup size drops ≥30%
📂 Missing File Detection	Detects deleted or moved backup files
⏳ Stale Backup Alerts	Warns when newest backup exceeds threshold age
📧 Email Alerts	Immediate critical alerts + daily digest
📊 Excel Reports	Multi-sheet colour-coded reports
📸 Baseline Snapshots	Point-in-time baseline versions
♻ Restore Engine	Restore files with folder structure
🖥 Desktop Dashboard	Dark-mode monitoring GUI
🔁 Scheduled Verification	Automatic nightly verification
🧪 Automated Tests	162 unit tests with CI pipeline

---

🚀 Installation

Run the installer as Administrator:

right-click Install_VaultSentry.bat → Run as administrator

The installer will:

• install VaultSentry to C:\SecurityLogs\VaultSentry\

• create a Windows scheduled task

• generate the initial integrity baseline

---

⚡ Usage

Command line interface:

python main.py --gui
python main.py --baseline
python main.py --verify
python main.py --snapshot "Before audit Mar 2026"
python main.py --list-snapshots
python main.py --restore
python main.py --digest
python main.py --report
python main.py --status

---

🖥 GUI Interface

VaultSentry includes a desktop monitoring dashboard.

Tab	Purpose
Dashboard	Live stats, backup size trend, scan controls
Alerts	Alert history with severity filtering
Reports	Generate and browse Excel reports
Restore	Restore files with preview plan
Snapshots	Create, browse, diff, delete snapshots
Settings	Configuration viewer and diagnostics

---

📧 Email Alert System

VaultSentry supports both instant alerts and daily digest reporting.

Immediate alerts

Triggered instantly for critical events such as:

• ransomware suspected
• backup size drop
• missing backup files

Enable in config.py:

EMAIL_ENABLED = True

Daily digest

A single HTML report summarising:

• last verification run
• all alerts in previous 25 hours
• backup system health

DIGEST_ENABLED = True
DIGEST_TIME = 8

Store SMTP credentials securely as an environment variable:

[System.Environment]::SetEnvironmentVariable(
'VAULTSENTRY_EMAIL_PASSWORD',
'your_app_password',
'Machine'
)

---

🏗 Architecture

VaultSentry
│
├── CLI + GUI (main.py)
│
├── Scanner Engine
│   ├ baseline hash creation
│   ├ nightly verification
│   ├ ransomware entropy detection
│   └ backup size analysis
│
├── Database Layer (SQLite)
│   ├ file hashes
│   ├ snapshots
│   ├ alert history
│   └ backup size trend
│
├── Alert System
│   ├ desktop alerts
│   ├ email notifications
│   └ alert deduplication
│
└── Reporting Engine
    ├ Excel reports
    ├ daily digest email
    └ system health summaries

---

🧠 Ransomware Detection

VaultSentry uses Shannon entropy analysis to detect encryption activity.

Normal files typically score:

4.0 – 6.5 entropy

Encrypted files typically score:

7.5 – 8.0 entropy

If a file's hash changes AND entropy exceeds 7.8, VaultSentry triggers:

CRITICAL: RANSOMWARE SUSPECTED

A second detection layer monitors backup size trends.

If total backup size drops ≥30% overnight, VaultSentry generates another CRITICAL alert.

Note on compressed/Office formats: .zip, .pdf, .xlsx, .docx, .gz, .7z, .rar, .xls, .tar files are excluded from entropy-based ransomware escalation because these formats naturally exceed the 7.8 threshold when healthy. Hash changes on these files still raise a WARNING alert, and structural integrity checking provides a second layer.

---

🧪 Testing

VaultSentry includes 162 automated unit tests.

Run tests with:

pip install pytest pytest-cov
pytest tests/ -v

Current test coverage: 73%

---

📂 Project Structure

VaultSentry
│
├ main.py
├ config.py
├ logger.py
├ Install_VaultSentry.bat
├ Uninstall_VaultSentry.bat
│
├ core
│   ├ database.py
│   ├ alerts.py
│   ├ scanner.py
│   ├ restore.py
│   ├ digest.py
│   └ reports.py
│
├ gui
│   ├ app.py
│   ├ theme.py
│   ├ tab_dashboard.py
│   ├ tab_alerts.py
│   ├ tab_reports.py
│   ├ tab_restore.py
│   ├ tab_snapshots.py
│   └ tab_settings.py
│
├ utils
│   └ file_utils.py
│
└ tests

---

🛣 Roadmap

Future improvements planned for VaultSentry:

• Cloud backup monitoring (S3 / Backblaze)
• Ransomware pattern learning
• Web dashboard
• Slack / Teams alerts
• Anomaly detection on backup trends
• Cross-platform support (Linux)

---

📋 Changelog

v1.0.1 (current — security & reliability fixes)

• Fix 1 — Digest date persisted to database: _last_digest_date was a module-level variable lost on every process restart. Now persisted in a settings DB table — the once-per-day guard survives nightly scheduled task restarts correctly.
• Fix 2 — Removed test credential file from repository: Deleted testpassword file accidentally committed. Added *.password, *.secret, *.key, *.pem, *.pfx to .gitignore.
• Fix 3 — Email alert failures now visible in GUI: Failures were logged but invisible. Now persisted to settings.email_failure in the DB. Dashboard shows a red banner when email alerts are failing; clears when email succeeds.
• Fix 4 — Entropy false positives on PDF/ZIP/Office files eliminated: .pdf, .xlsx, .docx, .zip, .gz, .7z, .rar, .xls, .tar files naturally score above 7.8 entropy. These extensions now skip the CRITICAL ransomware escalation. Hash-change WARNING still fires. is_file_openable integrity check still runs.

v1.0 (original release)

• SHA-256 hashing, Shannon entropy ransomware detection, 4-step nightly pipeline
• Backup size trend tracking with drop alert, baseline snapshot versioning + diff viewer
• Restore capability with per-file overwrite prompts, daily HTML email digest
• Dark blue GUI: Dashboard, Alerts, Reports, Restore, Snapshots, Settings
• 162 tests, 73% coverage, CI on Python 3.10/3.11/3.12

---

⚠ Disclaimer

VaultSentry detects backup integrity violations but does not block ransomware or automatically restore data.

Any CRITICAL alert should be treated as an immediate security incident.

---

👨‍💻 Author

Egyan07

Developed for Red Parrot Accounting Ltd

---

🛡 VaultSentry

Backup Integrity Monitoring. Ransomware Detection. Peace of Mind.