DisGuard is a lightweight Windows application designed to protect your Discord tokens from being stolen by malicious programs. It watches important Discord folders and running programs in real-time, stopping suspicious activity immediately and blocking their network access. Your tokens stay safe, and you stay worry-free.
Your Discord token is basically the key to your account — anyone who steals it can pretend to be you, send messages, access servers, and more. Malware authors want these tokens badly.
Even though token stealing is fast, it’s not instantaneous. The attacker needs to:
- Notice and open the token file,
- Read the token data,
- And then send it over the internet to themselves.
Depending on your computer and internet speed, this whole process usually takes somewhere between 50 and 200 milliseconds (that’s 0.05 to 0.2 seconds).
DisGuard’s job? To detect any suspicious activity within a few milliseconds and shut it down before the token leaves your PC. 🎯
DisGuard constantly keeps an eye on all Discord folders where token data might be stored:
%APPDATA%\Discord%LOCALAPPDATA%\Discord%LOCALAPPDATA%\DiscordCanary%LOCALAPPDATA%\DiscordPTB
It uses a special Windows feature called ReadDirectoryChangesW that lets it get instant alerts whenever files change in these folders — like when a token file is accessed or modified.
This means DisGuard notices suspicious file activity almost immediately — way faster than human reaction time.
Every quarter of a second (~250 ms), DisGuard scans all running programs to find suspicious ones. It looks for things like:
- Processes with names including “inject”, “grabber”, or “discordstealer” (common in malware),
- And checks if they are digitally signed by trusted companies (like Microsoft). If trusted, it lets them be.
If a program looks fishy and isn’t signed, DisGuard kills it right away — no questions asked.
Killing the process isn’t always enough — the malware might try to restart or communicate with servers.
So DisGuard adds special firewall rules that block all network traffic to and from the suspicious program’s executable file. This cuts off any chance of data sneaking out.
You’ll get a quick popup notification letting you know if something suspicious was detected and blocked. Plus, there’s a tray icon where you can:
- Show or hide the console,
- Exit DisGuard cleanly.
- User-mode only: No complex drivers, easier to install and safer.
- Minimal dependencies: Written with native Windows APIs for reliability and speed.
- Multithreaded: Uses separate threads to watch folders and scan processes without slowing down your computer.
- Trust-based filtering: Avoids bothering legitimate software by verifying digital signatures.
- Layered protection: Combines file watching, process termination, and firewall blocking for maximum security.
- Lightweight UI: Custom popup windows and tray icon for a smooth experience with minimal resource usage.
| Metric | Typical Value |
|---|---|
| File change detection delay | Less than 1 millisecond |
| Process scan interval | ~250 milliseconds |
| Firewall rules application time | Less than 500 milliseconds |
| Token theft total time (read+send) | ~50-200 milliseconds |
| CPU usage during idle | Less than 1% |
| Memory usage | Under 10 MB |
In other words: DisGuard acts way faster than most token stealers can finish their job. 🏃💨
Even in 2025, token grabbers remain a threat — many use JavaScript injection into Discord's files (core.asar, index.js), or read from the LevelDB database to extract sensitive data.
Here’s why DisGuard still works against the latest techniques:
| Threat Type | ✅ Status | How DisGuard Protects |
|---|---|---|
JS injection into core.asar, index.js |
Blocked | Monitors Discord folders and blocks any process accessing these files. |
| LocalStorage / LevelDB token grabbing | Blocked | Detects .ldb, .log, and LevelDB file access instantly. |
Malicious executables (e.g. grabber.exe) |
Blocked | Scans processes for suspicious names or unsigned code and terminates them. |
| Untrusted unsigned processes | Blocked | Only digitally signed/trusted software is allowed; others are killed on detection. |
| Exfiltration via HTTP | Blocked | Adds dynamic Windows Firewall rules to block all network traffic from suspicious apps. |
DisGuard typically reacts within 1–3 milliseconds, while modern token stealers usually need 50–200ms to read and transmit tokens — giving DisGuard the edge to stop them before exfiltration happens.
Q: Why do I need to run DisGuard as Administrator?
A: Admin rights are required to terminate processes and create firewall rules effectively.
Q: Will DisGuard affect legitimate software?
A: DisGuard skips digitally signed and trusted executables to prevent false positives.
Q: What if I want to stop DisGuard?
A: Right-click the tray icon and select “Exit” to safely close the app.
- Windows 10 or later (64-bit recommended)
- Administrative privileges (needed to stop suspicious processes and add firewall rules)
- At least 2 GB RAM and minimal CPU usage (DisGuard is lightweight!)
-
Download the latest release
Head over to the Releases page and download the latestDisGuard.exezip package. -
Extract the zip file
Extract all files to a folder you prefer, e.g.,C:\Program Files\DisGuard. -
Run as Administrator
Right-clickDisGuard.exeand select Run as administrator.
This is essential for the app to monitor system processes and manage firewall rules properly. -
Check the system tray
After launch, DisGuard will minimize to your system tray (near the clock).- Left-click the tray icon to show or hide the console window.
- Right-click for options like Exit.
-
Enjoy peace of mind!
DisGuard will now silently watch your Discord folders and processes for suspicious activity, notifying you instantly of threats.
If you want to compile DisGuard yourself:
-
Clone the repository
Open a terminal and run:git clone https://github.com/PwnTheStack/DisGuard.git cd DisGuard -
Open the solution
Open theDisGuard.slnfile using Visual Studio 2022 or any compatible C++ IDE that supports Windows desktop development. -
Set build configuration
In Visual Studio, select the build configuration to Release and target platform to x64 (recommended for performance and compatibility). -
Build the project
Use the menu option Build > Build Solution or pressCtrl + Shift + Bto compile the project. -
Run as Administrator
After a successful build, navigate to the output folder (usuallyDisGuard\Release\x64\) and run the compiled executable with Administrator privileges. Right-click the.exefile and select Run as administrator.
This is required so DisGuard can monitor processes and add firewall rules.
DisGuard is distributed under the MIT License, which means:
- You are free to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the software.
- You must include the original copyright and license notices in any copies or substantial portions of the software.
- DisGuard is provided "as is", without warranty of any kind.
See the full license text in the LICENSE file.
If you encounter any issues, have questions, or want to contribute, please open an issue or pull request on GitHub. Your feedback and support are appreciated! 🙌