We’re shipping deauth attack detection.
Windows can’t read the frames off the air — so we detect the symptom, and we’re honest about the rest.
Our eighth detector watches for the setup move behind so many WiFi attacks: deauthentication flood detection. It flags repeated disconnects while your real access point is still beaconing at strong signal — the signature of a deauth attack — on Windows, free.
The network is still right there — but something keeps knocking you off it.
The disconnects aren’t the goal
A deauth flood forges the “you’ve been disconnected” frames WiFi never authenticated, knocking your device off again and again. Denial of service is rarely the real aim — it’s the setup for forcing you onto an evil twin broadcasting the same name.
Knock you off, so you land on the twin
That’s why we ship deauth detection alongside evil-twin detection: the flood is the opening move, and the twin is the trap it sets. Seeing the disconnect storm is your earliest warning that a reconnect is about to be offered — and that you shouldn’t trust it.
The symptom, and the limit
Windows can’t put a consumer WiFi card into monitor mode, so we can’t read the deauth frames off the air directly. Instead we detect the symptom: several connected→disconnected transitions in a short window, while your real AP is still beaconing strong, is raised as a suspected deauth attack — with the disconnects the app causes itself suppressed. And we’re honest about the limit: no software on a normal WiFi card can stop a jammer’s frames. What we can do is name it, and guard the reconnect.
Detection is free
Deauth-attack detection ships in the free version and always will. Knowing why your WiFi “keeps dropping” — and that it might be deliberate — is exactly the kind of awareness that shouldn’t be paywalled.
Read more: how deauth floods work · how to detect one · the evil twin it sets up