v1.1.0

Version 1.1.0 brings enhancements to the stability and performance of the software. As part of this release, we are providing a Windows installer for ransomware detection that was compiled using the command cargo build --locked --release --features malware,service.

After the installation, you should be able to see the Owlyshield service running.

Warning
The service is configured to not report any threats by default, unless you manually change the value of the KILL_POLICY registry key to KILL. For more information on how to configure Owlyshield on Windows, please refer to the documentation available at docs.sitincloud.com.

Changelog

Features

• New MQTT client (feature mqtt) [f5ac2d3]
• Adds time to IOMessage struct in driver_com.rs This field defines the time of execution of the I/O operation. It is also used during record and replay sessions. [7789458]
• Adds the language parameter to the Sitincloud connector [ba4c641]
• JSON-RPC [2960c81, ba4b9ab, 9bb7300]

Refactoring

• Make struct IOMessage independent from Windows [1de9030]
• win-pe-inspection [db937c]
• Code refactor [64d5f72]
• Move notifications.rs in windows, and create a linux-specific notifications.rs [bdc882f]
• Refactor of Cargo.toml Division of main.rs file and run functions into 2 files (run.rs) [c77a010]

Fixes

• Creates the log file if it does not exist [e453dd4]
• Fix #32: Crash when detecting false positive [ec905f8]
• No restart needed after install [bae5446]
• cargo test fails because of bad import [a1b8fd8]
• Linux config broken [c933afc]
• Update file extensions list and documentation links [edd930b]
• Update tests based on file extensions list [8b3f689]
• Unneeded config was required [c933afc]
• Fix: bad path to linux ebpf elf file [58ac4a9]
• Mqtt feature not available for Linux [2be6b62]
• Fix #49: Moving the shared_def module and redesigning driver_com modules [805a205, b8fd338]
• Linux config broken [9719987]
• README.md - bad translations paths [77108c0]

Chore

• Upgrade slc-paths (#34) [8ce9884, 4359297]
• Refactor README [7789458]
• Update and refactor rust_win_toast [e2db54d]
• Deleting unused files and commented code [c1f8b92]
• Cargo clippy [7d3188f, 391e57b]
• Add Cargo.lock for reproducible builds [c1f8b92, 0122759]
• Rename files and dirs [bb44b25]
• Run cargo clippy [c1f8b92, 7d3188f]

v1.0.1

If you already have a version of Owlyshield installed, please uninstall it first.

• fix: #20: high processor usage
• feat: better XGBOOST model

v1.0.0

After two years, Owlyshield is finally stable!

We release the free installer which includes:

1. The minifilted, signed by SitinCloud,
2. The Owlyshield service.

Check the wiki for usage instructions: https://github.com/SitinCloud/Owlyshield/wiki#how-to-install-the-free-edition-

Edit : prefer owlyshield-ransom-community_v1_0_0_sig.exe which has been signed by SitinCloud SAS.

Owlyshield Service Installer v1.0.0rc-1

The installer creates a "Owlyshield Service" service with a dependency on the minifilter.

Please note the minifilter is not signed, which implies you have to disable "Driver Signature Enforcement" in the advanced boot options (hold Shift and click restart, then F8) as explained here.

Please contact us to get the driver signed by Microsoft.

v0.9.0-alpha

The installer creates a "Owlyshield Service" service with a dependency on the minifilter.

Please note the minifilter is not signed, which implies you have to disable "Driver Signature Enforcement" in the advanced boot options (hold Shift and click restart, then F8) as explained here.

Please contact us to get the driver signed by Microsoft.

We advise you to start the "Owlyshield Service" service manually, or use the automatic-delayed mode.