12-10-2025, 12:33 AM
(This post was last modified: 12-10-2025, 12:38 AM by mrwebfeeder.)
Tested version: GetOverX Shield CORE 3.0.2.0
Installer SHA-256 hash: 9aa57de47ece5c48bec81d689f365e86283edf6c289af15dba8695596bc92050
1. Multi-AV result (VirusTotal)
- Engines: 71
- Result: 1 / 71
- Engines with no detection: 70
- Isolated detection:
- ESET-NOD32: Win64/WinDivert.A Potentially Unsafe Application
- Reason: ESET classifies the use of WinDivert as a potentially unsafe tool because of its low-level network filtering capabilities. This is not a classic “virus” detection, but a strict policy on advanced network tools.
2. Behaviour summary in sandbox (MITRE ATT&CK)
When the installer was executed in a sandbox environment, the following categories were observed:
- Execution: scheduled tasks, use of native Windows APIs, loading of shared modules.
- Persistence / Privilege Escalation: creation of startup tasks and services, modification of boot-related registry keys.
- Defense Evasion: use of packing/protection techniques, controlled process injection for monitoring.
- Discovery: collection of system, user and running process information.
No typical destructive malware behaviours were observed:
- No mass encryption of user files.
- No deletion of system backup copies.
- No exfiltration of documents to external servers.
3. Lab tests (summary)
- Clean install and uninstall on fresh Windows 10/11 virtual machines.
- Verified:
- Activation of the hardened firewall.
- Basic operation of the real-time protection module.
- Logging and reading of security events.
Conclusion:
Build 3.0.2.0 CORE behaves as expected for a security product:
- 70 out of 71 external AV engines do not report any malware.
- The only detection comes from ESET’s policy on advanced network tools (WinDivert), not from a real infection.
- Sandbox behaviour analysis shows installation and protection-related activities (services, tasks, monitoring), without ransomware patterns or data theft.
Users who run ESET alongside GetOverX Shield CORE can add it (and its installation folder) to ESET’s trusted applications / exclusions list if they wish to use both on the same system.
Link test Virus-Total:
https://www.virustotal.com/gui/file/9aa5...596bc92050
Installer SHA-256 hash: 9aa57de47ece5c48bec81d689f365e86283edf6c289af15dba8695596bc92050
1. Multi-AV result (VirusTotal)
- Engines: 71
- Result: 1 / 71
- Engines with no detection: 70
- Isolated detection:
- ESET-NOD32: Win64/WinDivert.A Potentially Unsafe Application
- Reason: ESET classifies the use of WinDivert as a potentially unsafe tool because of its low-level network filtering capabilities. This is not a classic “virus” detection, but a strict policy on advanced network tools.
2. Behaviour summary in sandbox (MITRE ATT&CK)
When the installer was executed in a sandbox environment, the following categories were observed:
- Execution: scheduled tasks, use of native Windows APIs, loading of shared modules.
- Persistence / Privilege Escalation: creation of startup tasks and services, modification of boot-related registry keys.
- Defense Evasion: use of packing/protection techniques, controlled process injection for monitoring.
- Discovery: collection of system, user and running process information.
No typical destructive malware behaviours were observed:
- No mass encryption of user files.
- No deletion of system backup copies.
- No exfiltration of documents to external servers.
3. Lab tests (summary)
- Clean install and uninstall on fresh Windows 10/11 virtual machines.
- Verified:
- Activation of the hardened firewall.
- Basic operation of the real-time protection module.
- Logging and reading of security events.
Conclusion:
Build 3.0.2.0 CORE behaves as expected for a security product:
- 70 out of 71 external AV engines do not report any malware.
- The only detection comes from ESET’s policy on advanced network tools (WinDivert), not from a real infection.
- Sandbox behaviour analysis shows installation and protection-related activities (services, tasks, monitoring), without ransomware patterns or data theft.
Users who run ESET alongside GetOverX Shield CORE can add it (and its installation folder) to ESET’s trusted applications / exclusions list if they wish to use both on the same system.
Link test Virus-Total:
https://www.virustotal.com/gui/file/9aa5...596bc92050
