12-10-2025, 12:57 AM
Tested version: GetOverX Shield macOS 1.0.0.1
Installer SHA-256 hash: [84c7062f4a9715f9842cc5f4179ad9cbac58b5cff212bded6c09421fc593989f]
1. Multi-AV result (VirusTotal)
- Engines: 1.0.0.0
- Result:0/71
All Passed
2. Behaviour summary in sandbox (MITRE ATT&CK for macOS)
When the macOS installer was executed in a sandbox environment, the following categories were observed:
- Execution: launch of helper tools and installation routines via standard macOS installer mechanisms.
- Persistence: creation of launch agents / launch daemons and registration of system extensions or network extensions.
- Defense Evasion: use of signed and protected components, plus controlled interception for monitoring.
- Discovery: collection of basic system, user and process information required for endpoint protection.
No typical macOS malware behaviours were observed:
- No unauthorised modification of user home directories beyond configuration and logs.
- No mass encryption or deletion of user files.
- No covert network connections to unknown C2 servers.
3. Lab tests (summary)
- Installation and removal on clean macOS virtual machines or test devices (supported macOS versions).
- Verified:
- Correct loading of system / network extensions.
- Real-time monitoring and alerting capabilities.
- Log generation and integration with the central management console.
Conclusion:
The tested macOS build behaves as expected for an endpoint protection agent:
- External engines do not report classic malware; any isolated detection is related to strict policies on system and network extensions.
- Behavioural analysis shows installation, registration of protection components and monitoring activity, without signs of macOS-specific backdoors, data theft or ransomware behaviour.
Link Test:
https://www.virustotal.com/gui/file/84c7...1fc593989f
Installer SHA-256 hash: [84c7062f4a9715f9842cc5f4179ad9cbac58b5cff212bded6c09421fc593989f]
1. Multi-AV result (VirusTotal)
- Engines: 1.0.0.0
- Result:0/71
All Passed
2. Behaviour summary in sandbox (MITRE ATT&CK for macOS)
When the macOS installer was executed in a sandbox environment, the following categories were observed:
- Execution: launch of helper tools and installation routines via standard macOS installer mechanisms.
- Persistence: creation of launch agents / launch daemons and registration of system extensions or network extensions.
- Defense Evasion: use of signed and protected components, plus controlled interception for monitoring.
- Discovery: collection of basic system, user and process information required for endpoint protection.
No typical macOS malware behaviours were observed:
- No unauthorised modification of user home directories beyond configuration and logs.
- No mass encryption or deletion of user files.
- No covert network connections to unknown C2 servers.
3. Lab tests (summary)
- Installation and removal on clean macOS virtual machines or test devices (supported macOS versions).
- Verified:
- Correct loading of system / network extensions.
- Real-time monitoring and alerting capabilities.
- Log generation and integration with the central management console.
Conclusion:
The tested macOS build behaves as expected for an endpoint protection agent:
- External engines do not report classic malware; any isolated detection is related to strict policies on system and network extensions.
- Behavioural analysis shows installation, registration of protection components and monitoring activity, without signs of macOS-specific backdoors, data theft or ransomware behaviour.
Link Test:
https://www.virustotal.com/gui/file/84c7...1fc593989f