Simple Antivirus

Simple Antivirus

Simple Antivirus (SAV) is an awesome and Simple AntiVirus project made by a small team of students at Swinburne University!
View Demo

DISCLAIMER

Simple Antivirus is a student project and is provided "as is", and therefore is limited in functionality. It does not receive definition updates and does not support behavioural-based detection or heuristics. The authors are not liable for any damage to your computer from incorrect usage of the software. Licensed under the MIT License. See LICENSE.txt for more information.

About The Project

Simple Antivirus (SAV) is a lightweight and simple antivirus solution designed to protect Windows computers from potentially malicious activities, files, and processes. This project aims to deliver a simple yet powerful tool that runs quietly in the background, safeguarding your device through various detection methods including file hash scanning, malicious code checking, terminal monitoring and integrity checking.

Key Features:

• Installation: Easily set up Simple Antivirus on your Windows machine with a straightforward setup package. We chose .msi as it is simple to create the installer from and allows easy deployment for system administrators. Administrators can use Group Policy Editor to assign the program to either specific users or the entire computer. If an assigned user logs onto the computer, the program will be installed for them, and if it is assigned to a computer, the first user to log on will install the program for use by everyone.
• Alerts: Alerts are utilised thoroughly throughout the program. Alerts are displayed via Windows Toast notifications. If the same component sends more than one alert within a short timeframe, the alerts will be aggregated and the alert shown will display “There are 'number' new alerts for 'Component' , with the suggested action to “Review protection history immediately!”
• File Hash Scanning: Reads files from a given directory, computes its SHA1 hash and compares the hash to the SQLite database of hash signatures. If a match is found, the file is quarantined. Using the ‘Mark as Malicious’ page, hashes can be added to the blacklist by the user. Users can browse for files on the computer to be added, of which the file will be automatically quarantined. SHA1 hashes can also be manually added, and input validation is used to ensure a valid hash is entered.
• File Quarantine: When a malicious file is found (either by hash or if it contains malicious code), the file will be sent to quarantine. Using the GUI, the quarantined files can be managed. In the Quarantined Items page, files can be unquarantined, added to a whitelist, or deleted. Files that are unquarantined will be moved back to their original location and permissions will be restored. Add a file to the whitelist to unquarantine it, and mark it as safe. This will ensure the file is ignored by the Quarantine function if it is detected again in a scan. Deleting a quarantined file will permanently delete the file, it will NOT send it to the Recycle Bin. Remove a file from the whitelist using the Whitelist GUI page and selecting Remove from Whitelist.
• Integrity Checking: Ensure the integrity of sensitive files. When a user selects files or folders to be integrity checked, the hash, file size, and existence of the file will be monitored. If any changes are detected, an integrity violation will be detected and an alert will be raised. Integrity scans can be conducted manually, but it also runs in the background and will reactively alert users of any violations.
• Malicious Code Scanning: The malicious code scan runs simultaneously alongside the File Hash scan, and reads files in the directories, and searches for text-based files in either .bat, .txt or .pdf file formats for potentially malicious CMD or PowerShell commands.
• Protection History: View all previously sent alerts here, and by clicking on an alert and then the Details button, the full details of the alert can be read in a neat view, which may prove useful to administrators. The alerts log can be cleared at any time.
• Terminal Scanning: SAV monitors Command Prompt and PowerShell and sends an alert whenever the command line is used to access the Windows Registry. SAV does not block the registry from being accessed, it merely alerts the user that the registry is being accessed. There is also a check to ensure that SAV behaviour is not alerted.

SAV is designed to be a user-friendly yet powerful antivirus solution, providing essential protection without overwhelming users with unnecessary features or complexity.

The Simple Antivirus (SAV) project was initiated on the 27th of Febuary, with the goal of developing a robust yet simple antivirus solution for Windows users. The project was conceptualised, planned, and executed by a dedicated team of developers, including Tim, Zach, Pawan, Chris, Joel, and Johann. Each team member contributed their expertise to various aspects of the project, from coding the core functionalities to planning and implementing the detection mechanisms. This teams collaborative efforts have resulted in a reliable and user-friendly antivirus solution that meets the needs of a wide range of users.

(back to top)

Built With

These are the major frameworks/libraries used to bootstrap our project.

(back to top)

Repository Structure

The repository is organised into two main folders: AntiVirus and Archive. Each folder serves a distinct purpose in the development and organisation of the Simple Antivirus (SAV) project.

• AntiVirus: This folder contains the core of the project, where the final, integrated version of the Simple Antivirus resides. All team members contribute their completed functionalities here, ensuring that the antivirus is cohesive and fully functional. The AntiVirus folder is the central hub where all features, from real-time monitoring to file scanning, come together to form the finished product. Additionally, this is where the test files and projects are location for the testing phase of the project.

• Archive: The Archive folder is a dedicated space for experimentation and development of individual functionalities. Here, team members create drafts, prototypes, and test versions of the components before they are finalised. This allows for iterative development and testing of new ideas without affecting the stability of the main project. Once a feature is polished and fully developed, it is then integrated into the main AntiVirus project. Proof concepts being the first draft of each function, and v2 folder being the polished code that is used and prepared to be integrated into the main project. Additional files in archive include backup and original code that may be useful in future.

(back to top)

Getting Started

To use Simple Antivirus, simply download the installer SimpleAntivirus.msi from the 'Releases' section. See 'Installation' for details on how to install.

Minimum System Requirements

Before installing the antivirus, ensure your system meets the following requirements:

• Operating System: Windows 10/11 64-bit
• Processor: Compatible with the OS
• RAM: 4 GB
• Disk Space: 500 MB free space

Installation

Please follow the below instructions to install Simple Antivirus onto your computer.

1. Go to our GitHub repository
2. Under ‘Releases’ from the right, click on ‘Simple Antivirus Installer’
3. From the ‘Assets’, download ‘SimpleAntivirusSetup.msi’
4. Open the SimpleAntivirusSetup.msi (Windows Installer Package)
5. As this is a student project, Simple Antivirus is unsigned, and as such, Microsoft Defender SmartScreen will activate (assuming you are using Microsoft Defender already) and prevent the installer from starting. Select ‘More Info’ and click ‘Run anyway’ to proceed with the installation
6. A pop-up will occur, which will guide the installation
7. Choose where to install Simple Antivirus (The default path is C:\Program Files (x86)\Bad Security Inc\Simple Antivirus)
8. Choose to install just for User or Everyone
9. Click ‘Next’ to confirm Installation
10. Installation should complete

(back to top)

Usage

Below are examples and short demonstrations of how to use Simple Antivirus

Run a scan

To run a scan, simply select Scan from the left navigation menu. There are three scan types; quick, full or custom. Use the radio button to select a scan then click 'Scan now!'

Demo: Running a quick scan

Demo: Custom scans

Integrity Checking

Integrity Checking works in the background, or you can run manual integrity scans.

Demo: Adding a folder with files in it to be integrity scanned

Demo: Manual Integrity Scan

Demo: Real-time alert for an integrity violation

Protection History

View a list of all past alerts from the Protection History page. You can clear the alerts or select one and view its details by clicking the 'Details' button.

Demo: Viewing an alert's details

Managing Quarantined Items

On the quarantined items page, you can manage the files that are currently in quarantine. You can select files and either unquarantine, whitelist, or delete them.

Demo: Unquarantine a file

Demo: Add a file to the whitelist

Demo: Delete a quarantined file

Mark as Malicious

Notice something malicious that Simple Antivirus was unable to detect? Add a file or hash on this page and Simple Antivirus will promptly take action.

Demo: Marking a file as malicious

Demo: Marking a hash as malicious

Removing Whitelisted Items

You can remove files from the whitelist on the Whitelist page. Simply select the file and click the red 'Remove from Whitelist button'

Demo: Removing a file from the whitelist

Terminal Scanning

Simple Antivirus monitors your computer's terminal. If Command Prompt or PowerShell is being used to access the Windows Registry, you will be alerted. Terminal Scanning runs in the background.

Demo: Simple Antivirus reacts to a registry query on the key HKEY_LOCAL_MACHINE

Switch display theme

To switch display theme, do so by toggling the switch on the bottom of the homepage.

(back to top)

License

Distributed under the MIT License. See LICENSE.txt for more information.

(back to top)

Contact

Timothy Loh - LinkedIn

Zachary Smith - LinkedIn - zachjsmith.zip@gmail.com

Pawanpreet Singh - pawansingh2002.email@gmail.com

Christopher Thompson - 103995646@student.swin.edu.au

Joel Parks - LinkedIn - 103981674@student.swin.edu.au

Johann Banaag - LinkedIn - johannbanaag21@gmail.com

Project Link: https://github.com/A1tered/SimpleAntivirus

(back to top)

Acknowledgements

• Choose an Open Source License
• WPF UI

(back to top)