If you discover a security vulnerability in WCT, please report it responsibly:

1. Do not open a public issue
2. Contact the author directly via Telegram: @diver5
3. Provide a clear description and steps to reproduce
4. Allow reasonable time for a fix before public disclosure

• All data stored locally in %LOCALAPPDATA%
• No cloud telemetry or external API calls
• Optional updater only checks GitHub Releases
• Firewall rules prefixed with WCT_ to avoid conflicts
• Quarantine prevents accidental deletion
• System processes whitelisted by default

• Admin rights required for Windows Firewall rule creation
• netsh is used for firewall integration
• WMI queries used for USB detection