12-10-2025, 12:41 AM
Tested version: GetOverX Shield Server 3.0.2.0
Installer SHA-256 hash: [550e7b347f6011bb9d6a35c59382412b5bde7c3454549c24110a225c3cf4ad46]
1. Multi-AV result (VirusTotal)
- Engines: [update with engine count]
- Result: [1 / 71]
- Isolated detection(s), if any:
- Vendor: ESET – Win64/WinDivert.A Potentially Unsafe
- Reason: Server edition also uses low-level drivers and network inspection modules that some vendors classify as “potentially unsafe applications” by policy, especially on servers.
2. Behaviour summary in sandbox (MITRE ATT&CK)
When the Server installer was executed in a sandbox environment, the following categories were observed:
- Execution: service installation and use of native Windows Server APIs.
- Persistence / Privilege Escalation: creation of Windows services set to start at boot, modification of relevant registry keys.
- Defense Evasion: protected components, code packing and controlled injection into own processes for monitoring.
- Discovery: system, role and process discovery typical for a server protection agent (services, listening ports, installed roles/features).
No malicious server-side behaviours were observed:
- No unauthorised modification of business data.
- No tampering with domain controllers, AD objects or database services.
- No exfiltration of server data to unknown external endpoints.
3. Lab tests (summary)
- Installation and removal on clean Windows Server virtual machines (2016/2019/2022).
- Verified:
- Service stability under load.
- Interaction with typical server roles (file server, web server, domain member).
- Logging and remote management from the console.
Conclusion:
The tested Server build behaves as expected for an endpoint protection agent on Windows Server:
- External AV engines do not report classic malware; any isolated detection is related to the presence of powerful administration/security components.
- Behavioural analysis shows service deployment, monitoring and hardening activities, without backdoor or ransomware-like patterns.
Link Test:
https://www.virustotal.com/gui/file/550e...5c3cf4ad46
Installer SHA-256 hash: [550e7b347f6011bb9d6a35c59382412b5bde7c3454549c24110a225c3cf4ad46]
1. Multi-AV result (VirusTotal)
- Engines: [update with engine count]
- Result: [1 / 71]
- Isolated detection(s), if any:
- Vendor: ESET – Win64/WinDivert.A Potentially Unsafe
- Reason: Server edition also uses low-level drivers and network inspection modules that some vendors classify as “potentially unsafe applications” by policy, especially on servers.
2. Behaviour summary in sandbox (MITRE ATT&CK)
When the Server installer was executed in a sandbox environment, the following categories were observed:
- Execution: service installation and use of native Windows Server APIs.
- Persistence / Privilege Escalation: creation of Windows services set to start at boot, modification of relevant registry keys.
- Defense Evasion: protected components, code packing and controlled injection into own processes for monitoring.
- Discovery: system, role and process discovery typical for a server protection agent (services, listening ports, installed roles/features).
No malicious server-side behaviours were observed:
- No unauthorised modification of business data.
- No tampering with domain controllers, AD objects or database services.
- No exfiltration of server data to unknown external endpoints.
3. Lab tests (summary)
- Installation and removal on clean Windows Server virtual machines (2016/2019/2022).
- Verified:
- Service stability under load.
- Interaction with typical server roles (file server, web server, domain member).
- Logging and remote management from the console.
Conclusion:
The tested Server build behaves as expected for an endpoint protection agent on Windows Server:
- External AV engines do not report classic malware; any isolated detection is related to the presence of powerful administration/security components.
- Behavioural analysis shows service deployment, monitoring and hardening activities, without backdoor or ransomware-like patterns.
Link Test:
https://www.virustotal.com/gui/file/550e...5c3cf4ad46