12-10-2025, 12:38 AM
(This post was last modified: 12-10-2025, 12:44 AM by mrwebfeeder.)
Tested version: GetOverX Shield PRO 3.0.2.0
Installer SHA-256 hash: [d14632549a82bbb471bf3424b2242a18cac4f5498ecd5cdb4be0b687876dca34]
1. Multi-AV result (VirusTotal)
- Engines: 3.0.2.0
- Result: [update, e.g. 1 / 71]
- Isolated detection(s), if any:
- Vendor: ESET – Win64/WinDivert.A Potentially Unsafe
- Reason: [Short explanation. For example: vendor classifies advanced network tools or drivers used by GetOverX Shield PRO as “potentially unsafe applications” due to their low-level capabilities. This is a strict policy decision, not evidence of classic malware.]
2. Behaviour summary in sandbox (MITRE ATT&CK)
When the PRO installer was executed in a sandbox environment, the following categories were observed:
- Execution: scheduled tasks, use of native Windows APIs, loading of shared modules.
- Persistence / Privilege Escalation: creation of startup tasks and services, modification of boot-related registry keys.
- Defense Evasion: use of packing/protection techniques, controlled process injection for monitoring and EDR telemetry.
- Discovery: collection of system, user and running process information for security analysis.
No typical destructive malware behaviours were observed:
- No mass encryption of user files.
- No deletion of system backup copies.
- No exfiltration of documents to external servers.
3. Lab tests (summary)
- Clean install and uninstall on fresh Windows 10/11 virtual machines.
- Additional tests on systems with existing AV/EDR solutions to verify coexistence.
- Verified:
- Activation of the hardened firewall and advanced HIPS/EDR components.
- Real-time protection and behavioural blocking features.
- Centralised logging and retrieval of security events.
Conclusion:
The tested PRO build behaves as expected for an advanced security product:
- The vast majority of external AV engines report no malware.
- Any isolated detection is related to strict policies on low-level security tools (drivers, deep network inspection), not a real infection.
- Sandbox behaviour analysis shows installation, protection and telemetry activities (services, tasks, monitoring), without ransomware patterns or data theft.
Testing Link:
https://www.virustotal.com/gui/file/d146...87876dca34
Installer SHA-256 hash: [d14632549a82bbb471bf3424b2242a18cac4f5498ecd5cdb4be0b687876dca34]
1. Multi-AV result (VirusTotal)
- Engines: 3.0.2.0
- Result: [update, e.g. 1 / 71]
- Isolated detection(s), if any:
- Vendor: ESET – Win64/WinDivert.A Potentially Unsafe
- Reason: [Short explanation. For example: vendor classifies advanced network tools or drivers used by GetOverX Shield PRO as “potentially unsafe applications” due to their low-level capabilities. This is a strict policy decision, not evidence of classic malware.]
2. Behaviour summary in sandbox (MITRE ATT&CK)
When the PRO installer was executed in a sandbox environment, the following categories were observed:
- Execution: scheduled tasks, use of native Windows APIs, loading of shared modules.
- Persistence / Privilege Escalation: creation of startup tasks and services, modification of boot-related registry keys.
- Defense Evasion: use of packing/protection techniques, controlled process injection for monitoring and EDR telemetry.
- Discovery: collection of system, user and running process information for security analysis.
No typical destructive malware behaviours were observed:
- No mass encryption of user files.
- No deletion of system backup copies.
- No exfiltration of documents to external servers.
3. Lab tests (summary)
- Clean install and uninstall on fresh Windows 10/11 virtual machines.
- Additional tests on systems with existing AV/EDR solutions to verify coexistence.
- Verified:
- Activation of the hardened firewall and advanced HIPS/EDR components.
- Real-time protection and behavioural blocking features.
- Centralised logging and retrieval of security events.
Conclusion:
The tested PRO build behaves as expected for an advanced security product:
- The vast majority of external AV engines report no malware.
- Any isolated detection is related to strict policies on low-level security tools (drivers, deep network inspection), not a real infection.
- Sandbox behaviour analysis shows installation, protection and telemetry activities (services, tasks, monitoring), without ransomware patterns or data theft.
Testing Link:
https://www.virustotal.com/gui/file/d146...87876dca34