12-10-2025, 12:30 AM
(This post was last modified: 12-10-2025, 12:59 AM by mrwebfeeder.)
How we test GetOverX Shield before each release
In this section you will find real-world test results for GetOverX Shield (CORE, PRO and Enterprise).
Our goal is to be transparent about how we verify that each build behaves like a security product – not like malware.
1. Isolated lab (virtual machines)
- We use VirtualBox virtual machines with different Windows versions (including Windows Server).
- We test:
- Installation and uninstallation.
- Resource usage.
- Basic operation of firewall, HIPS, antivirus, containment and network modules.
- We verify that there is no unexpected behaviour (data deletion, mass encryption, etc.).
2. Behaviour tests based on MITRE ATT&CK
- We run scenarios that simulate common attack techniques (examples: T1059 – PowerShell, T1204 – user execution, T1547 – persistence, T1486 – ransomware-like behaviour).
- We observe how GetOverX Shield responds:
- Block / contain.
- EDR alerts.
- Logs and traces for forensic analysis.
3. Multi-AV verification (VirusTotal and others)
- We upload the final installer to platforms such as VirusTotal so it can be scanned by 70+ independent AV engines.
- We record:
- Number of engines that detect the build.
- Detection type (real malware vs. “potentially unsafe application”).
- If there are isolated detections, we evaluate whether they are false positives related to the techniques used by our product (drivers, deep network inspection, etc.).
4. Publishing the results
In this section we will publish:
- Per-version reports (hash, test summary, multi-AV result).
- Notes about relevant false positives (for example, ESET flagging WinDivert as “Potentially Unsafe Application”).
- Technical comments for users who want to review the system’s behaviour in more detail.
If you have questions about any report or want to suggest new tests, feel free to reply in each thread or open a new topic in this forum.
In this section you will find real-world test results for GetOverX Shield (CORE, PRO and Enterprise).
Our goal is to be transparent about how we verify that each build behaves like a security product – not like malware.
1. Isolated lab (virtual machines)
- We use VirtualBox virtual machines with different Windows versions (including Windows Server).
- We test:
- Installation and uninstallation.
- Resource usage.
- Basic operation of firewall, HIPS, antivirus, containment and network modules.
- We verify that there is no unexpected behaviour (data deletion, mass encryption, etc.).
2. Behaviour tests based on MITRE ATT&CK
- We run scenarios that simulate common attack techniques (examples: T1059 – PowerShell, T1204 – user execution, T1547 – persistence, T1486 – ransomware-like behaviour).
- We observe how GetOverX Shield responds:
- Block / contain.
- EDR alerts.
- Logs and traces for forensic analysis.
3. Multi-AV verification (VirusTotal and others)
- We upload the final installer to platforms such as VirusTotal so it can be scanned by 70+ independent AV engines.
- We record:
- Number of engines that detect the build.
- Detection type (real malware vs. “potentially unsafe application”).
- If there are isolated detections, we evaluate whether they are false positives related to the techniques used by our product (drivers, deep network inspection, etc.).
4. Publishing the results
In this section we will publish:
- Per-version reports (hash, test summary, multi-AV result).
- Notes about relevant false positives (for example, ESET flagging WinDivert as “Potentially Unsafe Application”).
- Technical comments for users who want to review the system’s behaviour in more detail.
If you have questions about any report or want to suggest new tests, feel free to reply in each thread or open a new topic in this forum.