+- GETOVERX FORUM Community Support (https://forum.getoverx.com)
+-- Forum: Testing & Validation Center (https://forum.getoverx.com/forumdisplay.php?fid=29)
+--- Forum: GetOverX Shield Security Lab (https://forum.getoverx.com/forumdisplay.php?fid=30)
+--- Thread: Per-version report - Getoverx Shield CORE 3.0.2.0 (/showthread.php?tid=133)
Per-version report - Getoverx Shield CORE 3.0.2.0 - mrwebfeeder - 12-10-2025
Tested version: GetOverX Shield CORE 3.0.2.0
Installer SHA-256 hash: 9aa57de47ece5c48bec81d689f365e86283edf6c289af15dba8695596bc92050
1. Multi-AV result (VirusTotal)
- Engines: 71
- Result: 1 / 71
- Engines with no detection: 70
- Isolated detection:
- ESET-NOD32: Win64/WinDivert.A Potentially Unsafe Application
- Reason: ESET classifies the use of WinDivert as a potentially unsafe tool because of its low-level network filtering capabilities. This is not a classic “virus” detection, but a strict policy on advanced network tools.
2. Behaviour summary in sandbox (MITRE ATT&CK)
When the installer was executed in a sandbox environment, the following categories were observed:
- Execution: scheduled tasks, use of native Windows APIs, loading of shared modules.
- Persistence / Privilege Escalation: creation of startup tasks and services, modification of boot-related registry keys.
- Defense Evasion: use of packing/protection techniques, controlled process injection for monitoring.
- Discovery: collection of system, user and running process information.
No typical destructive malware behaviours were observed:
- No mass encryption of user files.
- No deletion of system backup copies.
- No exfiltration of documents to external servers.
3. Lab tests (summary)
- Clean install and uninstall on fresh Windows 10/11 virtual machines.
- Verified:
- Activation of the hardened firewall.
- Basic operation of the real-time protection module.
- Logging and reading of security events.
Conclusion:
Build 3.0.2.0 CORE behaves as expected for a security product:
- 70 out of 71 external AV engines do not report any malware.
- The only detection comes from ESET’s policy on advanced network tools (WinDivert), not from a real infection.
- Sandbox behaviour analysis shows installation and protection-related activities (services, tasks, monitoring), without ransomware patterns or data theft.
Users who run ESET alongside GetOverX Shield CORE can add it (and its installation folder) to ESET’s trusted applications / exclusions list if they wish to use both on the same system.
Link test Virus-Total:
https://www.virustotal.com/gui/file/9aa57de47ece5c48bec81d689f365e86283edf6c289af15dba8695596bc92050
RE: Per-version report - Getoverx Shield CORE 3.0.2.0 - MateoCollins - 12-10-2025
(12-10-2025, 12:33 AM)mrwebfeeder Wrote: Tested version: GetOverX Shield CORE 3.0.2.0
Installer SHA-256 hash: 9aa57de47ece5c48bec81d689f365e86283edf6c289af15dba8695596bc92050
1. Multi-AV result (VirusTotal)
- Engines: 71
- Result: 1 / 71
- Engines with no detection: 70
- Isolated detection:
- ESET-NOD32: Win64/WinDivert.A Potentially Unsafe Application
- Reason: ESET classifies the use of WinDivert as a potentially unsafe tool because of its low-level network filtering capabilities. This is not a classic “virus” detection, but a strict policy on advanced network tools.
2. Behaviour summary in sandbox (MITRE ATT&CK)
When the installer was executed in a sandbox environment, the following categories were observed:
- Execution: scheduled tasks, use of native Windows APIs, loading of shared modules.
- Persistence / Privilege Escalation: creation of startup tasks and services, modification of boot-related registry keys.
- Defense Evasion: use of packing/protection techniques, controlled process injection for monitoring.
- Discovery: collection of system, user and running process information.
No typical destructive malware behaviours were observed:
- No mass encryption of user files.
- No deletion of system backup copies.
- No exfiltration of documents to external servers.
3. Lab tests (summary)
- Clean install and uninstall on fresh Windows 10/11 virtual machines.
- Verified:
- Activation of the hardened firewall.
- Basic operation of the real-time protection module.
- Logging and reading of security events.
Conclusion:
Build 3.0.2.0 CORE behaves as expected for a security product:
- 70 out of 71 external AV engines do not report any malware.
- The only detection comes from ESET’s policy on advanced network tools (WinDivert), not from a real infection.
- Sandbox behaviour analysis shows installation and protection-related activities (services, tasks, monitoring), without ransomware patterns or data theft.
Users who run ESET alongside GetOverX Shield CORE can add it (and its installation folder) to ESET’s trusted applications / exclusions list if they wish to use both on the same system.
Link test Virus-Total:
https://www.virustotal.com/gui/file/9aa57de47ece5c48bec81d689f365e86283edf6c289af15dba8695596bc92050
I love your answers not only answer for the sake of answering, they also give proof thank you very much!