Root Lock by HeartSuite Documentation

Root Lock by HeartSuite | Zero Day Secure-by-design

Overview: Every attack does three things: run a program, access files, make a network connection. Root Lock by HeartSuite enforces default-deny on all three at the kernel level — per program, not per user. In Lockdown, anything not on the allowlist — including malware running as root — is blocked before it can act. The immutable seal refuses any change to the allowlist while running, including by root. Undoing Lockdown requires a reboot with physical access. See Mode Switching and Lockdown for the mechanism. The Dashboard guides you through a 7-phase setup journey, from system verification to Lockdown activation.

Root Lock by HeartSuite supports two paths: Cloud (pre-installed on AWS, Google Cloud, Azure, DigitalOcean, Linode, and other providers — the Dashboard appears on first login) and Local (manual installation with a guided setup across several reboots). Both paths converge at the Dashboard after Phase 1 (System Verification).

Root Lock by HeartSuite is a strong fit for production servers, regulated workstations, build and CI infrastructure, AI agent sandboxes, and container hosts. Hosts where eBPF-based tooling must run locally require a non-HS kernel.

Introduction and concepts

• Introduction and Overview — Overview, setup process, Dashboard guidance, and requirements.
• Deployment Scenarios — Where Root Lock by HeartSuite fits best, and where it doesn’t.
• How Root Lock by HeartSuite Compares — What Root Lock by HeartSuite replaces (Falco, AppArmor, gVisor, EDR on the enforcement dimension), what it complements (SIEM, NDR, VA), and how it can be circumvented.
• Allowlisting Programs — How to approve programs and their file and network permissions using the review queues.
• Mode Switching and Lockdown — Setup Mode and Lockdown.

Get started

Start with Quick Start — it covers both paths (Cloud and Local) and links each step in order: prerequisites, download, install, verify, and allowlist.

The pages below are the individual steps, linked from Quick Start:

• Obtaining and Installing Root Lock by HeartSuite — Download and setup steps (Local Path).
• Verifying Installation — Confirm Phase 1 is complete in the Dashboard.

Use and manage

• Network and Remote Access — Configure network permissions.
• Script Launchers — Secure interpreted script execution.
• Alert Settings — Set up push notifications for blocks and state changes (Phase 6, required for Lockdown).
• Maintenance — Protecting during maintenance, file backup and versioning, and cache adjustment.

Troubleshoot and reference

• Troubleshooting and Logs — Common issues and solutions.
• FAQs — Answers to frequent questions.
• Kernel Security Transparency — CVE status and Not Affected rationale for the Root Lock by HeartSuite kernel.
• Appendices — List of included tools.

Subscription and support

• Subscription — Activate your subscription for Lockdown.
• For updates or help, visit heartsecsuite.com.

Ready to get started?

Already have a subscription? Follow the Quick Start — the Dashboard guides you from there.

Evaluating? Cloud instances and the Local Path package are available at heartsecsuite.com.

Also in this documentation

• HeartSuite Joint File System (HJFS) — Prototype filesystem-based security layer. Enforces path-level access control on standard kernels where the HS kernel is not available.

About this Documentation: Covers Root Lock by HeartSuite v1.6.4.