https://forum.getoverx.com/ Fri, 17 Apr 2026 09:51:19 +0000 MyBB https://forum.getoverx.com/showthread.php?tid=137 Wed, 10 Dec 2025 00:57:05 +0000 mrwebfeeder]]> https://forum.getoverx.com/showthread.php?tid=137 Tested version: GetOverX Shield macOS 1.0.0.1
Installer SHA-256 hash: [84c7062f4a9715f9842cc5f4179ad9cbac58b5cff212bded6c09421fc593989f]

1. Multi-AV result (VirusTotal)
- Engines: 1.0.0.0
- Result:0/71
All Passed

2. Behaviour summary in sandbox (MITRE ATT&CK for macOS)
When the macOS installer was executed in a sandbox environment, the following categories were observed:
- Execution: launch of helper tools and installation routines via standard macOS installer mechanisms.
- Persistence: creation of launch agents / launch daemons and registration of system extensions or network extensions.
- Defense Evasion: use of signed and protected components, plus controlled interception for monitoring.
- Discovery: collection of basic system, user and process information required for endpoint protection.

No typical macOS malware behaviours were observed:
- No unauthorised modification of user home directories beyond configuration and logs.
- No mass encryption or deletion of user files.
- No covert network connections to unknown C2 servers.

3. Lab tests (summary)
- Installation and removal on clean macOS virtual machines or test devices (supported macOS versions).
- Verified:
  - Correct loading of system / network extensions.
  - Real-time monitoring and alerting capabilities.
  - Log generation and integration with the central management console.

Conclusion:
The tested macOS build behaves as expected for an endpoint protection agent:
- External engines do not report classic malware; any isolated detection is related to strict policies on system and network extensions.
- Behavioural analysis shows installation, registration of protection components and monitoring activity, without signs of macOS-specific backdoors, data theft or ransomware behaviour.

Link Test:
https://www.virustotal.com/gui/file/84c7...1fc593989f]]> Tested version: GetOverX Shield macOS 1.0.0.1
Installer SHA-256 hash: [84c7062f4a9715f9842cc5f4179ad9cbac58b5cff212bded6c09421fc593989f]

1. Multi-AV result (VirusTotal)
- Engines: 1.0.0.0
- Result:0/71
All Passed

2. Behaviour summary in sandbox (MITRE ATT&CK for macOS)
When the macOS installer was executed in a sandbox environment, the following categories were observed:
- Execution: launch of helper tools and installation routines via standard macOS installer mechanisms.
- Persistence: creation of launch agents / launch daemons and registration of system extensions or network extensions.
- Defense Evasion: use of signed and protected components, plus controlled interception for monitoring.
- Discovery: collection of basic system, user and process information required for endpoint protection.

No typical macOS malware behaviours were observed:
- No unauthorised modification of user home directories beyond configuration and logs.
- No mass encryption or deletion of user files.
- No covert network connections to unknown C2 servers.

3. Lab tests (summary)
- Installation and removal on clean macOS virtual machines or test devices (supported macOS versions).
- Verified:
  - Correct loading of system / network extensions.
  - Real-time monitoring and alerting capabilities.
  - Log generation and integration with the central management console.

Conclusion:
The tested macOS build behaves as expected for an endpoint protection agent:
- External engines do not report classic malware; any isolated detection is related to strict policies on system and network extensions.
- Behavioural analysis shows installation, registration of protection components and monitoring activity, without signs of macOS-specific backdoors, data theft or ransomware behaviour.

Link Test:
https://www.virustotal.com/gui/file/84c7...1fc593989f]]> https://forum.getoverx.com/showthread.php?tid=136 Wed, 10 Dec 2025 00:54:17 +0000 mrwebfeeder]]> https://forum.getoverx.com/showthread.php?tid=136 Tested version: GetOverX BlackDog Linux 1.0.0.1
Package SHA-256 hash: [f0d1323dc901aa346de644ab3bbd5660c9c5de3a5c3cf91f09b9890c293f0ca2]

1. Multi-AV result (VirusTotal)
- Engines: 1.0.0.1
- Result: 0/71]
- Isolated detection(s), if any:
 All passed

2. Behaviour summary in sandbox (MITRE ATT&CK for Linux)
When the BlackDog Linux package was executed in a sandbox/container environment, the following categories were observed:
- Execution: launching of daemon processes and helper binaries.
- Persistence: creation of systemd service units / init scripts to start at boot.
- Defense Evasion: use of protected binaries and root-level components for monitoring (according to the distribution’s security model).
- Discovery: enumeration of system information, running processes and network configuration to build telemetry.

No destructive Linux malware behaviours were observed:
- No unauthorised modification of `/etc` core configuration beyond its own services.
- No mass deletion or encryption of user data.
- No exfiltration of logs or files to unknown remote hosts.

3. Lab tests (summary)
- Installation and removal on fresh Debian/Ubuntu-based virtual machines.
- Verified:
  - Proper registration of systemd services.
  - Network and filesystem monitoring components.
  - Log generation under `/var/log` or the configured logging path.

Conclusion:
The tested BlackDog Linux build behaves as expected for a Linux security agent:
- Multi-AV scanning does not show classic malware signatures; any isolated flags are due to the presence of powerful system and network tools.
- Behavioural analysis shows service setup and monitoring, with no evidence of data exfiltration, unauthorised privilege escalation paths or ransomware-like activity.

Link test:
https://www.virustotal.com/gui/file/f0d1...0c293f0ca2]]> Tested version: GetOverX BlackDog Linux 1.0.0.1
Package SHA-256 hash: [f0d1323dc901aa346de644ab3bbd5660c9c5de3a5c3cf91f09b9890c293f0ca2]

1. Multi-AV result (VirusTotal)
- Engines: 1.0.0.1
- Result: 0/71]
- Isolated detection(s), if any:
 All passed

2. Behaviour summary in sandbox (MITRE ATT&CK for Linux)
When the BlackDog Linux package was executed in a sandbox/container environment, the following categories were observed:
- Execution: launching of daemon processes and helper binaries.
- Persistence: creation of systemd service units / init scripts to start at boot.
- Defense Evasion: use of protected binaries and root-level components for monitoring (according to the distribution’s security model).
- Discovery: enumeration of system information, running processes and network configuration to build telemetry.

No destructive Linux malware behaviours were observed:
- No unauthorised modification of `/etc` core configuration beyond its own services.
- No mass deletion or encryption of user data.
- No exfiltration of logs or files to unknown remote hosts.

3. Lab tests (summary)
- Installation and removal on fresh Debian/Ubuntu-based virtual machines.
- Verified:
  - Proper registration of systemd services.
  - Network and filesystem monitoring components.
  - Log generation under `/var/log` or the configured logging path.

Conclusion:
The tested BlackDog Linux build behaves as expected for a Linux security agent:
- Multi-AV scanning does not show classic malware signatures; any isolated flags are due to the presence of powerful system and network tools.
- Behavioural analysis shows service setup and monitoring, with no evidence of data exfiltration, unauthorised privilege escalation paths or ransomware-like activity.

Link test:
https://www.virustotal.com/gui/file/f0d1...0c293f0ca2]]> https://forum.getoverx.com/showthread.php?tid=135 Wed, 10 Dec 2025 00:41:50 +0000 mrwebfeeder]]> https://forum.getoverx.com/showthread.php?tid=135 Tested version: GetOverX Shield Server 3.0.2.0
Installer SHA-256 hash: [550e7b347f6011bb9d6a35c59382412b5bde7c3454549c24110a225c3cf4ad46]

1. Multi-AV result (VirusTotal)
- Engines: [update with engine count]
- Result: [1 / 71]
- Isolated detection(s), if any:
  - Vendor: ESET – Win64/WinDivert.A Potentially Unsafe
  - Reason: Server edition also uses low-level drivers and network inspection modules that some vendors classify as “potentially unsafe applications” by policy, especially on servers.

2. Behaviour summary in sandbox (MITRE ATT&CK)
When the Server installer was executed in a sandbox environment, the following categories were observed:
- Execution: service installation and use of native Windows Server APIs.
- Persistence / Privilege Escalation: creation of Windows services set to start at boot, modification of relevant registry keys.
- Defense Evasion: protected components, code packing and controlled injection into own processes for monitoring.
- Discovery: system, role and process discovery typical for a server protection agent (services, listening ports, installed roles/features).

No malicious server-side behaviours were observed:
- No unauthorised modification of business data.
- No tampering with domain controllers, AD objects or database services.
- No exfiltration of server data to unknown external endpoints.

3. Lab tests (summary)
- Installation and removal on clean Windows Server virtual machines (2016/2019/2022).
- Verified:
  - Service stability under load.
  - Interaction with typical server roles (file server, web server, domain member).
  - Logging and remote management from the console.

Conclusion:
The tested Server build behaves as expected for an endpoint protection agent on Windows Server:
- External AV engines do not report classic malware; any isolated detection is related to the presence of powerful administration/security components.
- Behavioural analysis shows service deployment, monitoring and hardening activities, without backdoor or ransomware-like patterns.
Link Test:
https://www.virustotal.com/gui/file/550e...5c3cf4ad46]]> Tested version: GetOverX Shield Server 3.0.2.0
Installer SHA-256 hash: [550e7b347f6011bb9d6a35c59382412b5bde7c3454549c24110a225c3cf4ad46]

1. Multi-AV result (VirusTotal)
- Engines: [update with engine count]
- Result: [1 / 71]
- Isolated detection(s), if any:
  - Vendor: ESET – Win64/WinDivert.A Potentially Unsafe
  - Reason: Server edition also uses low-level drivers and network inspection modules that some vendors classify as “potentially unsafe applications” by policy, especially on servers.

2. Behaviour summary in sandbox (MITRE ATT&CK)
When the Server installer was executed in a sandbox environment, the following categories were observed:
- Execution: service installation and use of native Windows Server APIs.
- Persistence / Privilege Escalation: creation of Windows services set to start at boot, modification of relevant registry keys.
- Defense Evasion: protected components, code packing and controlled injection into own processes for monitoring.
- Discovery: system, role and process discovery typical for a server protection agent (services, listening ports, installed roles/features).

No malicious server-side behaviours were observed:
- No unauthorised modification of business data.
- No tampering with domain controllers, AD objects or database services.
- No exfiltration of server data to unknown external endpoints.

3. Lab tests (summary)
- Installation and removal on clean Windows Server virtual machines (2016/2019/2022).
- Verified:
  - Service stability under load.
  - Interaction with typical server roles (file server, web server, domain member).
  - Logging and remote management from the console.

Conclusion:
The tested Server build behaves as expected for an endpoint protection agent on Windows Server:
- External AV engines do not report classic malware; any isolated detection is related to the presence of powerful administration/security components.
- Behavioural analysis shows service deployment, monitoring and hardening activities, without backdoor or ransomware-like patterns.
Link Test:
https://www.virustotal.com/gui/file/550e...5c3cf4ad46]]> https://forum.getoverx.com/showthread.php?tid=134 Wed, 10 Dec 2025 00:38:23 +0000 mrwebfeeder]]> https://forum.getoverx.com/showthread.php?tid=134 Tested version: GetOverX Shield PRO 3.0.2.0
Installer SHA-256 hash: [d14632549a82bbb471bf3424b2242a18cac4f5498ecd5cdb4be0b687876dca34]

1. Multi-AV result (VirusTotal)
- Engines: 3.0.2.0
- Result: [update, e.g. 1 / 71]
- Isolated detection(s), if any:
  - Vendor: ESET – Win64/WinDivert.A Potentially Unsafe
  - Reason: [Short explanation. For example: vendor classifies advanced network tools or drivers used by GetOverX Shield PRO as “potentially unsafe applications” due to their low-level capabilities. This is a strict policy decision, not evidence of classic malware.]

2. Behaviour summary in sandbox (MITRE ATT&CK)
When the PRO installer was executed in a sandbox environment, the following categories were observed:
- Execution: scheduled tasks, use of native Windows APIs, loading of shared modules.
- Persistence / Privilege Escalation: creation of startup tasks and services, modification of boot-related registry keys.
- Defense Evasion: use of packing/protection techniques, controlled process injection for monitoring and EDR telemetry.
- Discovery: collection of system, user and running process information for security analysis.

No typical destructive malware behaviours were observed:
- No mass encryption of user files.
- No deletion of system backup copies.
- No exfiltration of documents to external servers.

3. Lab tests (summary)
- Clean install and uninstall on fresh Windows 10/11 virtual machines.
- Additional tests on systems with existing AV/EDR solutions to verify coexistence.
- Verified:
  - Activation of the hardened firewall and advanced HIPS/EDR components.
  - Real-time protection and behavioural blocking features.
  - Centralised logging and retrieval of security events.

Conclusion:
The tested PRO build behaves as expected for an advanced security product:
- The vast majority of external AV engines report no malware.
- Any isolated detection is related to strict policies on low-level security tools (drivers, deep network inspection), not a real infection.
- Sandbox behaviour analysis shows installation, protection and telemetry activities (services, tasks, monitoring), without ransomware patterns or data theft.

Testing Link:
https://www.virustotal.com/gui/file/d146...87876dca34]]> Tested version: GetOverX Shield PRO 3.0.2.0
Installer SHA-256 hash: [d14632549a82bbb471bf3424b2242a18cac4f5498ecd5cdb4be0b687876dca34]

1. Multi-AV result (VirusTotal)
- Engines: 3.0.2.0
- Result: [update, e.g. 1 / 71]
- Isolated detection(s), if any:
  - Vendor: ESET – Win64/WinDivert.A Potentially Unsafe
  - Reason: [Short explanation. For example: vendor classifies advanced network tools or drivers used by GetOverX Shield PRO as “potentially unsafe applications” due to their low-level capabilities. This is a strict policy decision, not evidence of classic malware.]

2. Behaviour summary in sandbox (MITRE ATT&CK)
When the PRO installer was executed in a sandbox environment, the following categories were observed:
- Execution: scheduled tasks, use of native Windows APIs, loading of shared modules.
- Persistence / Privilege Escalation: creation of startup tasks and services, modification of boot-related registry keys.
- Defense Evasion: use of packing/protection techniques, controlled process injection for monitoring and EDR telemetry.
- Discovery: collection of system, user and running process information for security analysis.

No typical destructive malware behaviours were observed:
- No mass encryption of user files.
- No deletion of system backup copies.
- No exfiltration of documents to external servers.

3. Lab tests (summary)
- Clean install and uninstall on fresh Windows 10/11 virtual machines.
- Additional tests on systems with existing AV/EDR solutions to verify coexistence.
- Verified:
  - Activation of the hardened firewall and advanced HIPS/EDR components.
  - Real-time protection and behavioural blocking features.
  - Centralised logging and retrieval of security events.

Conclusion:
The tested PRO build behaves as expected for an advanced security product:
- The vast majority of external AV engines report no malware.
- Any isolated detection is related to strict policies on low-level security tools (drivers, deep network inspection), not a real infection.
- Sandbox behaviour analysis shows installation, protection and telemetry activities (services, tasks, monitoring), without ransomware patterns or data theft.

Testing Link:
https://www.virustotal.com/gui/file/d146...87876dca34]]> https://forum.getoverx.com/showthread.php?tid=133 Wed, 10 Dec 2025 00:33:08 +0000 mrwebfeeder]]> https://forum.getoverx.com/showthread.php?tid=133 Tested version: GetOverX Shield CORE 3.0.2.0
Installer SHA-256 hash: 9aa57de47ece5c48bec81d689f365e86283edf6c289af15dba8695596bc92050

1. Multi-AV result (VirusTotal)
- Engines: 71
- Result: 1 / 71
- Engines with no detection: 70
- Isolated detection:
  - ESET-NOD32: Win64/WinDivert.A Potentially Unsafe Application
  - Reason: ESET classifies the use of WinDivert as a potentially unsafe tool because of its low-level network filtering capabilities. This is not a classic “virus” detection, but a strict policy on advanced network tools.

2. Behaviour summary in sandbox (MITRE ATT&CK)
When the installer was executed in a sandbox environment, the following categories were observed:
- Execution: scheduled tasks, use of native Windows APIs, loading of shared modules.
- Persistence / Privilege Escalation: creation of startup tasks and services, modification of boot-related registry keys.
- Defense Evasion: use of packing/protection techniques, controlled process injection for monitoring.
- Discovery: collection of system, user and running process information.

No typical destructive malware behaviours were observed:
- No mass encryption of user files.
- No deletion of system backup copies.
- No exfiltration of documents to external servers.

3. Lab tests (summary)
- Clean install and uninstall on fresh Windows 10/11 virtual machines.
- Verified:
  - Activation of the hardened firewall.
  - Basic operation of the real-time protection module.
  - Logging and reading of security events.

Conclusion:
Build 3.0.2.0 CORE behaves as expected for a security product:
- 70 out of 71 external AV engines do not report any malware.
- The only detection comes from ESET’s policy on advanced network tools (WinDivert), not from a real infection.
- Sandbox behaviour analysis shows installation and protection-related activities (services, tasks, monitoring), without ransomware patterns or data theft.

Users who run ESET alongside GetOverX Shield CORE can add it (and its installation folder) to ESET’s trusted applications / exclusions list if they wish to use both on the same system.

Link test Virus-Total:
https://www.virustotal.com/gui/file/9aa5...596bc92050]]> Tested version: GetOverX Shield CORE 3.0.2.0
Installer SHA-256 hash: 9aa57de47ece5c48bec81d689f365e86283edf6c289af15dba8695596bc92050

1. Multi-AV result (VirusTotal)
- Engines: 71
- Result: 1 / 71
- Engines with no detection: 70
- Isolated detection:
  - ESET-NOD32: Win64/WinDivert.A Potentially Unsafe Application
  - Reason: ESET classifies the use of WinDivert as a potentially unsafe tool because of its low-level network filtering capabilities. This is not a classic “virus” detection, but a strict policy on advanced network tools.

2. Behaviour summary in sandbox (MITRE ATT&CK)
When the installer was executed in a sandbox environment, the following categories were observed:
- Execution: scheduled tasks, use of native Windows APIs, loading of shared modules.
- Persistence / Privilege Escalation: creation of startup tasks and services, modification of boot-related registry keys.
- Defense Evasion: use of packing/protection techniques, controlled process injection for monitoring.
- Discovery: collection of system, user and running process information.

No typical destructive malware behaviours were observed:
- No mass encryption of user files.
- No deletion of system backup copies.
- No exfiltration of documents to external servers.

3. Lab tests (summary)
- Clean install and uninstall on fresh Windows 10/11 virtual machines.
- Verified:
  - Activation of the hardened firewall.
  - Basic operation of the real-time protection module.
  - Logging and reading of security events.

Conclusion:
Build 3.0.2.0 CORE behaves as expected for a security product:
- 70 out of 71 external AV engines do not report any malware.
- The only detection comes from ESET’s policy on advanced network tools (WinDivert), not from a real infection.
- Sandbox behaviour analysis shows installation and protection-related activities (services, tasks, monitoring), without ransomware patterns or data theft.

Users who run ESET alongside GetOverX Shield CORE can add it (and its installation folder) to ESET’s trusted applications / exclusions list if they wish to use both on the same system.

Link test Virus-Total:
https://www.virustotal.com/gui/file/9aa5...596bc92050]]> https://forum.getoverx.com/showthread.php?tid=132 Wed, 10 Dec 2025 00:30:55 +0000 mrwebfeeder]]> https://forum.getoverx.com/showthread.php?tid=132 How we test GetOverX Shield before each release

In this section you will find real-world test results for GetOverX Shield (CORE, PRO and Enterprise).

Our goal is to be transparent about how we verify that each build behaves like a security product – not like malware.

1. Isolated lab (virtual machines)
- We use VirtualBox virtual machines with different Windows versions (including Windows Server).
- We test:
  - Installation and uninstallation.
  - Resource usage.
  - Basic operation of firewall, HIPS, antivirus, containment and network modules.
- We verify that there is no unexpected behaviour (data deletion, mass encryption, etc.).

2. Behaviour tests based on MITRE ATT&CK
- We run scenarios that simulate common attack techniques (examples: T1059 – PowerShell, T1204 – user execution, T1547 – persistence, T1486 – ransomware-like behaviour).
- We observe how GetOverX Shield responds:
  - Block / contain.
  - EDR alerts.
  - Logs and traces for forensic analysis.

3. Multi-AV verification (VirusTotal and others)
- We upload the final installer to platforms such as VirusTotal so it can be scanned by 70+ independent AV engines.
- We record:
  - Number of engines that detect the build.
  - Detection type (real malware vs. “potentially unsafe application”).
- If there are isolated detections, we evaluate whether they are false positives related to the techniques used by our product (drivers, deep network inspection, etc.).

4. Publishing the results
In this section we will publish:
- Per-version reports (hash, test summary, multi-AV result).
- Notes about relevant false positives (for example, ESET flagging WinDivert as “Potentially Unsafe Application”).
- Technical comments for users who want to review the system’s behaviour in more detail.

If you have questions about any report or want to suggest new tests, feel free to reply in each thread or open a new topic in this forum.]]> How we test GetOverX Shield before each release

In this section you will find real-world test results for GetOverX Shield (CORE, PRO and Enterprise).

Our goal is to be transparent about how we verify that each build behaves like a security product – not like malware.

1. Isolated lab (virtual machines)
- We use VirtualBox virtual machines with different Windows versions (including Windows Server).
- We test:
  - Installation and uninstallation.
  - Resource usage.
  - Basic operation of firewall, HIPS, antivirus, containment and network modules.
- We verify that there is no unexpected behaviour (data deletion, mass encryption, etc.).

2. Behaviour tests based on MITRE ATT&CK
- We run scenarios that simulate common attack techniques (examples: T1059 – PowerShell, T1204 – user execution, T1547 – persistence, T1486 – ransomware-like behaviour).
- We observe how GetOverX Shield responds:
  - Block / contain.
  - EDR alerts.
  - Logs and traces for forensic analysis.

3. Multi-AV verification (VirusTotal and others)
- We upload the final installer to platforms such as VirusTotal so it can be scanned by 70+ independent AV engines.
- We record:
  - Number of engines that detect the build.
  - Detection type (real malware vs. “potentially unsafe application”).
- If there are isolated detections, we evaluate whether they are false positives related to the techniques used by our product (drivers, deep network inspection, etc.).

4. Publishing the results
In this section we will publish:
- Per-version reports (hash, test summary, multi-AV result).
- Notes about relevant false positives (for example, ESET flagging WinDivert as “Potentially Unsafe Application”).
- Technical comments for users who want to review the system’s behaviour in more detail.

If you have questions about any report or want to suggest new tests, feel free to reply in each thread or open a new topic in this forum.]]>