Food Guy ? Oh man, there go the French Again... LOL... Send in the French Foreign Legion...
OmniDefender - New Antivirus Software 2025
- Thread starter OsirisXD
- Start date
Hahaha, well said. Don’t worry, the French Foreign Legion doesn’t need to step in this time — we’ve got enough in the cybersecurity trenches already.
But yeah, seeing a food delivery guy branding himself as the face of ‘French next-gen AV’… that’s not the kind of export we want as a country.
- Oct 25, 2014
- 2,678
- 7,388
- 3,588
- 40
Hi @OsirisXD
Any Infos about my questions from 7 August 2025
7. On which Windows versions did it work as example Windows 8.1
8. Will you post changelogs
9. Must I register before I Download your Software
10. And any Infos about Version 1.4 when will it comes
Mops21
Any Infos about my questions from 7 August 2025
7. On which Windows versions did it work as example Windows 8.1
8. Will you post changelogs
9. Must I register before I Download your Software
10. And any Infos about Version 1.4 when will it comes
Mops21
Last edited:
- Dec 4, 2014
- 3,499
- 1
- 19,051
- 4,479
- 52
You tagged the wrong person. @OsirisXD is the developer.
So I actually tested your “OmniDefender” setup in a VM (a 600 MB MSI 
). Thanks @Shadowra
Here’s what really happens:
So yeah… this isn’t “Next-Gen Antivirus.”
It’s a 600 MB joke built on GitHub copy/paste and ChatGPT prompts.
Name fits better as OmniDefeated
). Thanks @Shadowra Here’s what really happens:
- Doesn’t even auto-launch after install, you have to manually start “real-time protection” from Program Files
- UI is just a laggy React/Electron wrapper, eating 90% CPU on every click
- No kernel service, no memory scanning, no callbacks → RunPE / Process Hollowing = full party in RAM
- Detection “engine” = hash lists + a LightGBM score that basically always says BENIGN
- My test ransomware (non-obfuscated) was flagged BENIGN (AI), while Microsoft’s own VCRUNTIME DLL got flagged as MALWARE
- Everything runs entirely in admin-land user mode, nothing in Ring 0 → no kernel service, no real drivers
So yeah… this isn’t “Next-Gen Antivirus.”
It’s a 600 MB joke built on GitHub copy/paste and ChatGPT prompts.
Name fits better as OmniDefeated
So I actually tested your “OmniDefender” setup in a VM (a 600 MB MSI
Here’s what really happens:
- Doesn’t even auto-launch after install, you have to manually start “real-time protection” from Program Files
- UI is just a laggy React/Electron wrapper, eating 90% CPU on every click
- No kernel service, no memory scanning, no callbacks → RunPE / Process Hollowing = full party in RAM
- Detection “engine” = hash lists + a LightGBM score that basically always says BENIGN
- My test ransomware (non-obfuscated) was flagged BENIGN (AI), while Microsoft’s own VCRUNTIME DLL got flagged as MALWARE
- Everything runs entirely in admin-land user mode, nothing in Ring 0 → no kernel service, no real drivers
So yeah… this isn’t “Next-Gen Antivirus.”
It’s a 600 MB joke built on GitHub copy/paste and ChatGPT prompts.
Name fits better as OmniDefeated
Those were pretty much the same observations I made
Did you manage to update its database? Last time, it didn't work and, worse still, the program crashed xD
Those were pretty much the same observations I made
Did you manage to update its database? Last time, it didn't work and, worse still, the program crashed xD
Yeah I managed to, but honestly it took an insane amount of time for… basically nothing in the end
The “update” is just as useless as the rest of the program, felt more like watching paint dry than updating an AV.
Forgot to mention: if you click ‘Close’ in the main window, the whole thing just crashes
.
Last edited:
An “update” requires someone to actively work on expanding the detection logics.Yeah I managed to, but honestly it took an insane amount of time for… basically nothing in the end
The “update” is just as useless as the rest of the program, felt more like watching paint dry than updating an AV.
When these detection logics are tangled with an ineffective platform (no kernel drivers, no behavioural blocking, no local/cloud emulation and so on), the update doesn’t matter.
An antivirus with no kernel drivers and exceptionally limited user mode visibility will:
-Barely detect any malware, when it does, it will be late and will use user-mode calls like NtTerminateProcess (which malware can easily resist).
-It will be wrecked by malware due to lack of self-protection
-This architecture is a step above command line scanner, the only difference is the addition of GUI.
Such product is not security software, it is a placebo.
It combines bugs (silent crashes, racing conditions), with architecture that is by no means suitable for the job (unfit for the purpose) and creates a false sense of security. The addition of Claude/LLMs is there to evoke a sense of technical sophistication, whilst the underlying code is a joke.
To get to the “Next-Gen” you first have to perfect the “Current-Gen”.
WannaCryptor is adware according to Av...
There is no point even testing an architecture like this… you are wasting your time.
This thing is just a big joke.
It detected Edge as malware LOL
Well, now you're protected
This is why AI is not everything and it’s carefully called on certain files usually. Heuristics that stem from the malware analyst’s experience (like the Orion engine that I am developing for my malware analysis platform) are highly controlled and efficient. With AI, there is this risk, specially when it’s not given a cloud whitelist (which often requires proprietary development) and a large collection of safe files during training.View attachment 290549
It detected Edge as malware LOL
Well, now you're protected
View attachment 290550
I found LLMs as well (Gemini 2.5) extremely aggressive when it comes to behavioural scoring. Example: you open a pdf, Adobe Reader generates 500 actions just being itself. AI sees these actions and concludes this is malware—the pdf is clean. This is what pushed me to reduce reliance on Gemini and develop Orion.
He also got me an Adobe program
@OsirisXD I don't even dare to see your av on a real PC... just on my VM, it killed two of my programs...
Exactly.
AI is just one layer in the stack, useful for obscure patterns or unknown samples, but it’s always controlled by:
- Heuristics from real analysis → the engine applies strict rules from reverse-engineering experience.
- Cloud whitelist → massive collections of trusted files to avoid “Adobe = trojan” type of nonsense.
- Scoring system → AI output is just a coefficient, not the final verdict. The decision is made by combining AI + heuristics + file reputation.
That timestamp could easily be parsed (the JSON necessitates storing in this format), but for the user, it could be presented as a normal date/time.View attachment 290552
He also got me an Adobe program
@OsirisXD I don't even dare to see your av on a real PC... just on my VM, it killed two of my programs...
They could potentially be less strict, as you can add heuristics that verify digital signatures and so on. For example, this Edge elevation helper could easily be left alone if there was a safe program detection regex (with “Edge” being on the list), further verifying with trusted signatures repository (Where Microsoft’s Class 3 signature will be added). And then you invalidate AI verdict or you don’t call it at all.
Yes exactly. Signature verification and safe program regex are evaluated first. AI is just an additional signal, never the final judge. If a file is signed with a trusted cert (like MS Class 3) or matches known safe binaries, it bypasses AI scoring completely. Otherwise you end up with the OmniDefender circus
.
And then you can invert (program drops files and creates folders that look like Edge) but is not signed by Microsoft. Perfect anomaly detection. With a few other indicators (persistence, information gathering, suspicious unsigned drops, LOLBin spawning and so on), this could be your behavioural profile.Yes exactly. Signature verification and safe program regex are evaluated first. AI is just an additional signal, never the final judge. If a file is signed with a trusted cert (like MS Class 3) or matches known safe binaries, it bypasses AI scoring completely. Otherwise you end up with the OmniDefender circus
That’s the good thing about heuristics, they can easily be adapted to detect malicious and safe stuff.
In this case here, there are no heuristics.
It’s all hashes and AI.
You may also like...
-
-
-
McAfee Total Protection 5-Device: 1-Year Subscription
- Started by Brownie2019
- Replies: 2
-
McAfee Total Protection 1 Device 4 Year €14.99
- Started by Brownie2019
- Replies: 0
-
Norton 360 Premium 2025, Antivirus Software for 10 Devices and 15 Month EUR22.96
- Started by Brownie2019
- Replies: 0