OmniDefender - New Antivirus Software 2025

omni-defender.com

It's been 7 months now since we released our demo product and have received a lot of valuable feedback from experts to further enhance our cybersecurity solution and now it's officially released after countless hours of arduous development and testing!

OmniDefender offers a complete security solution against malware, aiming to compete with other top contenders. OmniDefender has WHQL Certification.

Features:

- Real Time Protection: Leverages the kernel to proactively monitor and block potentially malicious files before they have the chance to inflict any damage on the system.
- Custom Scan: Want to analyze a suspicious file and receive a detailed report on what the file is and what it can do? Custom Scan explains whether the file you're unsure of is potentially dangerous or not instead of just the generic malware/benign verdict.
- Smart Scan: Efficiently analyzes the entire system for potentially malicious files
- Intrusion Detection: Analyzes all network activity in real time, which processes on your system are connected to the internet and their total download and uploads, allowing you to monitor and spot suspicious processes effectively.
- Performance: Monitors CPU Usage, Temperature, GPU Usage and Temperature, RAM Usage and Network usage in Real Time. Analyzes the PC for duplicates, large files, cleans up cache, temp folders and trash to gain disk space and
- Password Manager: Storing passwords in the browser is generally unsafe and prone to theft, that's why OmniDefender Password Manager allows you to import and encrypt your passwords with a Master Password so only you have access to them!

Here's a demo of OmniDefender against Malware:



Thanks for all your support during the beta, looking forward to your thoughts!

Hi, this sounds good/interesting my new Lenovo 1 has been totally disabled by a retaliatory system32 srttext block, after MS Copilot
 
  • Like
Reactions: [correlate]
Yes, with pro-active detection, executables tend to open file handles at process creation so attempting to delete them at that stage results in "This process is already open in (filename)" so only deletion and reboot is possible. That's one of the reasons why many antivirus ask to restart the PC when malware is detected as It allows for efficient cleanup without any obstacles. As mentioned earlier, this is a kernel driver logic, that will be updated.
Restart required generally used for starting antivirus more early stage and remove malware.
 
  • Like
Reactions: [correlate]
There is a bug which I noticed. When I update database it become buggy.
 

Attachments

  • 2025-08-03 20-51-27.gif
    2025-08-03 20-51-27.gif
    1.9 MB · Views: 68
In future versions we'll work on detecting malware at an earlier stage so they don't appear in process explorer at all.
@XylentAntivirus -> Even you own me nothing, if you still don"t trust this Modern Tool because the developper has "meaby" no real formation of how to build such tool, you can use System Informer -> is the second generation of process hacker wich it's more stable now (if this guy want to make the things invisible for a pentest) because Sysinternal is just for auditing on the surface not for pentesting in kernel level.

Because his soft mine behind your visibility - > VirusTotal

AV TEST - 2025-08-03 200346.png
AV - TEST 2025-08-03 200525.png


in clear terms -> in version 1.3 -> what his soft do partially even he can block some threads -> is to use your power from your computer :devilish:.

why ? because using an AI AV need resources too & he don't want to pay for electricity for there users -> but he need to say it explicitly too in his payement process.

anyway,

-> here under is in resume the comparison between Process explorer and process hacker :

CriteriaWinner
Killing protected processes✅ Process Hacker
Injection / DLL manipulation✅ Process Hacker
Stability on average user systems✅ Process Explorer
Control over kernel-level / sensitive objects✅ Process Hacker
Acceptance in corporate environments✅ Process Explorer
System-level domination🏆 Process Hacker (clear lead)

Aso don' t miss that technics for VM evasion can happen sometimes.
because you really don't know where you have puted you feet Xylent ^^
 
@XylentAntivirus -> Even you own me nothing, if you still don"t trust this Modern Tool because the developper has "meaby" no real formation of how to build such tool, you can use System Informer -> is the second generation of process hacker wich it's more stable now (if this guy want to make the things invisible for a pentest) because Sysinternal is just for auditing on the surface not for pentesting in kernel level.

Because his soft mine behind your visibility - > VirusTotal

View attachment 289981View attachment 289982

in clear terms -> in version 1.3 -> what his soft do partially even he can block some threads -> is to use your power from your computer :devilish:.

why ? because using an AI AV need resources too & he don't want to pay for electricity for there users -> but he need to say it explicitly too in his payement process.

anyway,

-> here under is in resume the comparison between Process explorer and process hacker :

CriteriaWinner
Killing protected processes✅ Process Hacker
Injection / DLL manipulation✅ Process Hacker
Stability on average user systems✅ Process Explorer
Control over kernel-level / sensitive objects✅ Process Hacker
Acceptance in corporate environments✅ Process Explorer
System-level domination🏆 Process Hacker (clear lead)

Aso don' t miss that technics for VM evasion can happen sometimes.
because you really don't know where you have puted you feet Xylent ^^
Code:
rule CoinMiner_Strings : SCRIPT HIGHVOL {
   meta:
      description = "Detects mining pool protocol string in Executable"
      author = "Florian Roth (Nextron Systems)"
      score = 60
      reference = "https://minergate.com/faq/what-pool-address"
      date = "2018-01-04"
      modified = "2021-10-26"
      nodeepdive = 1
      id = "ac045f83-5f32-57a9-8011-99a2658a0e05"
   strings:
      $sa1 = "stratum+tcp://" ascii
      $sa2 = "stratum+udp://" ascii
      $sb1 = "\"normalHashing\": true,"
   condition:
      filesize < 3000KB and 1 of them
}
 
  • Like
Reactions: [correlate]
Code:
rule CoinMiner_Strings : SCRIPT HIGHVOL {
   meta:
      description = "Detects mining pool protocol string in Executable"
      author = "Florian Roth (Nextron Systems)"
      score = 60
      reference = "https://minergate.com/faq/what-pool-address"
      date = "2018-01-04"
      modified = "2021-10-26"
      nodeepdive = 1
      id = "ac045f83-5f32-57a9-8011-99a2658a0e05"
   strings:
      $sa1 = "stratum+tcp://" ascii
      $sa2 = "stratum+udp://" ascii
      $sb1 = "\"normalHashing\": true,"
   condition:
      filesize < 3000KB and 1 of them
}
@XylentAntivirus hahaha, now he know what to do on his version 1.4 :ROFLMAO::ROFLMAO::ROFLMAO:
 
  • Like
Reactions: [correlate]
@XylentAntivirus -> Even you own me nothing, if you still don"t trust this Modern Tool because the developper has "meaby" no real formation of how to build such tool, you can use System Informer -> is the second generation of process hacker wich it's more stable now (if this guy want to make the things invisible for a pentest) because Sysinternal is just for auditing on the surface not for pentesting in kernel level.

Because his soft mine behind your visibility - > VirusTotal

View attachment 289981View attachment 289982

in clear terms -> in version 1.3 -> what his soft do partially even he can block some threads -> is to use your power from your computer :devilish:.

why ? because using an AI AV need resources too & he don't want to pay for electricity for there users -> but he need to say it explicitly too in his payement process.

anyway,

-> here under is in resume the comparison between Process explorer and process hacker :

CriteriaWinner
Killing protected processes✅ Process Hacker
Injection / DLL manipulation✅ Process Hacker
Stability on average user systems✅ Process Explorer
Control over kernel-level / sensitive objects✅ Process Hacker
Acceptance in corporate environments✅ Process Explorer
System-level domination🏆 Process Hacker (clear lead)

Aso don' t miss that technics for VM evasion can happen sometimes.
because you really don't know where you have puted you feet Xylent ^^
I've seen your recent posts, also that is not the Smart_Scan.dll in any of our versions. The real Smart Scan is over 1.3MBs in size.
1754245208660.png

For your information OmniDefender doesn’t rely on Process Explorer or Process Hacker for malware visibility at all. And yes ML based detection requires compute power like all other antiviruses.

I'm a French Cybersecurity Graduate building applications for years now and have discussed and help from experts like Christian Karam, a previous investor to McAfee. 1 missed malware is bad, our database is still expanding compared to existing 30 year old antiviruses against our 1 week old antivirus.
 
I've seen your recent posts, also that is not the Smart_Scan.dll in any of our versions. The real Smart Scan is over 1.3MBs in size.
View attachment 289984

For your information OmniDefender doesn’t rely on Process Explorer or Process Hacker for malware visibility at all. And yes ML based detection requires compute power like all other antiviruses.

I'm a French Cybersecurity Graduate building applications for years now and have discussed and help from experts like Christian Karam, a previous investor to McAfee. 1 missed malware is bad, our database is still expanding compared to existing 30 year old antiviruses against our 1 week old antivirus.
yeah yeah XD, do you know that the hash signature i found is not what you say here with your own mouth in this time, but what you say on your last version ?

if your AV is still in beta or alpha testing, please remove the payement process on your website and remove the inscription process, just give the download at free cost, and use a local LLM.

now i have finish to speak with you ^^
 
  • Like
Reactions: [correlate]
@XylentAntivirus -> Even you own me nothing, if you still don"t trust this Modern Tool because the developper has "meaby" no real formation of how to build such tool, you can use System Informer -> is the second generation of process hacker wich it's more stable now (if this guy want to make the things invisible for a pentest) because Sysinternal is just for auditing on the surface not for pentesting in kernel level.

Because his soft mine behind your visibility - > VirusTotal

View attachment 289981View attachment 289982

in clear terms -> in version 1.3 -> what his soft do partially even he can block some threads -> is to use your power from your computer :devilish:.

why ? because using an AI AV need resources too & he don't want to pay for electricity for there users -> but he need to say it explicitly too in his payement process.

anyway,

-> here under is in resume the comparison between Process explorer and process hacker :

CriteriaWinner
Killing protected processes✅ Process Hacker
Injection / DLL manipulation✅ Process Hacker
Stability on average user systems✅ Process Explorer
Control over kernel-level / sensitive objects✅ Process Hacker
Acceptance in corporate environments✅ Process Explorer
System-level domination🏆 Process Hacker (clear lead)

Aso don' t miss that technics for VM evasion can happen sometimes.
because you really don't know where you have puted you feet Xylent ^^
You intentionally went back to the earliest version of Smart_Scan.dll before it was released, which embedded InferMalwareFamily to determine the malware family of the detected file. But it unfortunately had the displeasure of being flagged in virustotal because of the strings which is why I've moved InferMalwareFamily outside the Portable Executable to remove the flags.
 
I'm a French Cybersecurity Graduate building applications for years now and have discussed and help from experts like Christian Karam, a previous investor to McAfee. 1 missed malware is bad, our database is still expanding compared to existing 30 year old antiviruses against our 1 week old antivirus.
That’s gonna be your biggest challenge, new technology against multitude of technologies that were developed for years… it will be best if you look at some third party threat feeds, or SDK until you develop the needed technology that can compete.

Quite rich companies sitting on old money did that — VPN providers, Aura and so on. They usually start with Avira. Look at Check Point — 2 billion dollar a year company with over 100 proprietary engines and modules and they still use Sophos engine.
They now do Yara rules but still don’t throw Sophos away.

That’s just an advise to you.
 
I'm a French Cybersecurity Graduate building applications for years now and have discussed and help from experts like Christian Karam, a previous investor to McAfee. 1 missed malware is bad, our database is still expanding compared to existing 30 year old antiviruses against our 1 week old antivirus.

It always makes me happy to see my country in the world of cyber security :)
 
That’s gonna be your biggest challenge, new technology against multitude of technologies that were developed for years… it will be best if you look at some third party threat feeds, or SDK until you develop the needed technology that can compete.

Quite rich companies sitting on old money did that — VPN providers, Aura and so on. They usually start with Avira. Look at Check Point — 2 billion dollar a year company with over 100 proprietary engines and modules and they still use Sophos engine.
They now do Yara rules but still don’t throw Sophos away.

That’s just an advise to you.
You're right, unfortunately I'm in a "hydrogen bomb vs coughing baby" situation. While I do continue to fix the false positives and restructure the kernel driver logic, I'll continue to expand my team and search for more investors on this company. It may not compete against the large antivirus companies right now (one of the recent antiviruses like TotalAV released in 2016 for example or SurfShark Antivirus in 2021) but in due time we will continue to get better and expand.
 
You're right, unfortunately I'm in a "hydrogen bomb vs coughing baby" situation. While I do continue to fix the false positives and restructure the kernel driver logic, I'll continue to expand my team and search for more investors on this company. It may not compete against the large antivirus companies right now (one of the recent antiviruses like TotalAV released in 2016 for example or SurfShark Antivirus in 2021) but in due time we will continue to get better and expand.
You’re kinda right… but have you approached Avira for example?
If you don’t want the SDK they also offer feeds.
And they offer cloud emulation/detonation as well. Maybe you can use just on downloads? Potentially you can parse a few features and see if it’s worth emulating.

You have more benefit from that than the LLM at the moment in my opinion.

Not sure how much it would add to the cost.
But better charge 10 euro more and do the job…

Anyway, you can research further.
 
Last edited:
You’re kinda right… but have you approached Avira for example?
If you don’t want the SDK they also offer feeds.
And they offer cloud emulation/detonation as well. Maybe you can use just on downloads? Potentially you can parse a few features and see if it’s worth emulating.

You have more benefit from that than the LLM at the moment in my opinion.

Not sure how much it would add to the cost.
But better charge 10 euro more and do the job…

Anyway, you can research further.
The LLM isn't what's monitoring the system, it's only implemented on Custom Scan for educational purposes on unknown files. Smart Scan and Real Time Protection implement Signature Analysis, Locality Sensitive Hashing and LightGBM Machine Learning trained on 800k labeled Portable Executable files.

Unfortunately software development kits like Avira's are typically much more than 10 euros, I can't seem to find an exact price online, it's probably provided through email but you're right about cloud analysis which is typically pretty low per file. I'll research on it.
 
The LLM isn't what's monitoring the system, it's only implemented on Custom Scan for educational purposes on unknown files. Smart Scan and Real Time Protection implement Signature Analysis, Locality Sensitive Hashing and LightGBM Machine Learning trained on 800k labeled Portable Executable files.

Unfortunately software development kits like Avira's are typically much more than 10 euros, I can't seem to find an exact price online, it's probably provided through email but you're right about cloud analysis which is typically pretty low per file. I'll research on it.
Yeah, I saw where the LLM model is integrated.

You can try Avira and Sophos, Sophos clearly mentions they apply static and dynamic analysis, whist Avira doesn’t mention on their OEM page, but it is to be expected.
 
@XylentAntivirus was discrediting OmniDefender's detection engine so I decided to take a look at his test video to see where we could improve.



Turns out he's running linux malware (ELF, Bash, sh) and .unknown files and APK malware on windows that he downloaded from MalwareBazaar to test OmniDefender. I don't know why he's trying to run linux's executable linkable format on windows nor why he's including them in his tests. He seems to be running them all manually without providing any information on how many were blocked so it's quite hard to tell which ran successfully. I suppose they were just waiting to see if any false positive slipped by and ignoring the detection rate.

I took a further look at the missed samples, out of all the windows malware he tried to run from MalwareBazaar's 2025-07-23.zip sample, which contains exactly:

.exe: 155
.zip: 14
.js: 24
.sh: 15
.elf: 78
.msi: 5
.lnk: 5
.ps1: 4
.apk: 1
.xlsm: 1
.jar: 2
.vbe: 5
.rar: 4
.vbs: 4
.zipx: 1
.dll: 1
.ace: 1
.pyc: 1
.unknown: 3
.bat: 2
.gz: 1
.url: 1

Starting from 1:08 in the video, Eraser.exe in his malware test ran successfully, which has a hash of 113639d811695718906264e37ef179c1 and is benign in virustotal. They didn't bother to check if it was malware.

22:27, Missed Sample, Fixed.
22:48, Missed Sample, Fixed.
37:17, Missed Sample, Fixed.
40:17, Missed Sample, Fixed

The other missed samples all the way to 55:58 in the video were .ps1 or .pyc which is not currently pro-actively detected so they'll be missed.

False positives included x86 versions of microsoft at 5:46 and around 52:00 and which have been fixed.

I don't know of @XylentAntivirus's qualifications, their misunderstanding on linux and windows and suspended and blocked processes which they assumed were running without simply looking at the CPU Tab showing the suspended and blocked malware led them to believe everything was running despite over 96% of them being blocked, discounting linux files which can't natively run on Windows without something like WSL.