SilentHelm v1.0.0 — Release Notes
=================================

What’s new
----------
SilentHelm is a lightweight, local-first Windows tray tool that helps you spot
early signs of ransomware-like behavior and other suspicious activity.

Highlights
----------
- Tray app: always-on, quick actions (Status / Run Report / Reload / Open Logs / Exit)
- Local HTML report with:
  - Security Status (last 24 hours)
  - Incident cards (Critical/High/Medium/Low)
  - “Most likely cause” and “Recommended next steps”
- Canary files (high confidence):
  - SilentHelm can create “do not touch” canary files in monitored folders
  - If a canary is changed → high-confidence alert
- File burst detection:
  - Detects mass file changes in a short time window
- Heuristics:
  - Suspicious process behavior patterns
  - Suspicious filename/extension patterns
- Extra directories:
  - extraWatchDirs allows monitoring additional folders from config
  - Live reload supports adding AND removing directories

Local-first
-----------
SilentHelm stores logs, incidents, and the report locally on your machine under:
  %LOCALAPPDATA%\SilentHelm\

Important note
--------------
SilentHelm complements antivirus/EDR. It is not a replacement.
Alerts can be false positives or false negatives.

Quick “What do I do if I see CRITICAL?”
---------------------------------------
1) Disconnect from the internet (Wi-Fi/cable)
2) Close unfamiliar apps
3) Run a full antivirus scan
4) Review recent downloads and email attachments
5) Verify backups (avoid overwriting if ransomware is suspected)

End of release notes.
