ROMAD. Stop chasing, start eradicating™
ROMAD ENDPOINT DEFENSE
USER MANUAL V. 1.5
[email protected] Page | 1
TABLE OF CONTENTS
ROMAD Endpoint Defense USER MANUAL ................................................................................................... 2
Introduction .............................................................................................................................................. 2
Supported OSes ......................................................................................................................................... 2
Compatibility with legacy AV .................................................................................................................... 3
ROMAD Endpoint Defense Installer .......................................................................................................... 3
ROMAD Endpoint Defense GUI ................................................................................................................. 4
ROMAD Endpoint Defense updating process ........................................................................................... 6
FAQ ............................................................................................................................................................ 7
ROMAD Endpoint Defense license ........................................................................................................ 7
Where do I download the trial ROMAD copy from? ......................................................................... 7
Do I need a license to use ROMAD Endpoint Defense? .................................................................... 7
How can I get the ROMAD license?................................................................................................... 8
What do I do once I have the license? .............................................................................................. 8
How to re-activate my ROMAD license? ........................................................................................... 8
Does ROMAD need the Internet? ..................................................................................................... 8
System requirements ............................................................................................................................ 9
ROMAD Diagnostic Tool ...................................................................................................................... 10
General questions ............................................................................................................................... 10
How do I connect to the Internet via proxy? .................................................................................. 10
Why does ROMAD require a PC reboot? ........................................................................................ 10
Glossary ................................................................................................................................................... 11
[email protected] Page | 2
ROMAD ENDPOINT DEFENSE USER MANUAL
INTRODUCTION
Thank you for choosing ROMAD!
Patented ROMAD Endpoint Defense (hereinafter referred to as ROMAD) is a way of
protecting computers from next-gen malware. It is a cutting edge malware behavioral analysis
tool that works in real time. This approach allows us to get rid of ineffective and resource-
consuming file scans.
Due to our unique Malware Genetic Sequencing ™ technology applied to the unchanged
behavioral characteristics of malware, ROMAD does not require the participation of a human
operator. The human input is reduced to an absolute minimum: deploy ROMAD to computer.
ROMAD protects the user's system in real time without significant load on the processor,
memory or hard disk.
This user manual contains a few sections that you may refer to:
• For the legacy AV compatibility please refer to Compatibility with legacy AV
• On how to install ROMAD on a local PC please refer to ROMAD Endpoint Defense
Installer
• For frequently asked question please refer to FAQ
SUPPORTED OSES
Client OSes:
• Windows 7 x86/x64
• Windows 8.1 x86/x64
• Windows 10 x86/x64
Server OSes:
• Windows Server 2008 r2 x64
• Windows Server 2012 r2 x64
• Windows Server 2016 x64
[email protected] Page | 3
COMPATIBILITY WITH LEGACY AV
ROMAD is fully compatible with:
• Microsoft® Windows Defender
• The following ESET® products:
o ESET® NOD32 Antivirus
o ESET® Endpoint Antivirus
o ESET® File Security
o ESET® Smart Security
ROMAD ENDPOINT DEFENSE INSTALLER
The ROMAD Installer is designed to be installed on a local computer.
ROMAD installer can be launched in a so-called silent mode or in a fully interactive mode. The silent
mode is for internal use only, e.g. it is used for ROMAD Endpoint Defense Deployer (Available in the
Enterprise version of the program). The fully interactive mode is a normal option.
ROMAD installer will check the PC for the compatible OS version, see Supported OSes
If the ROMAD Installer detects working Microsoft Compatibility Telemetry, it will offer to disable
this service due to the large consumption of system resources (see Fig. 1).
FIG. 1 OFFERING TO DISABLE MICROSOFT COMPATIBILITY TELEMETRY
The installer will also check for the incompatible software. The biggest part of it is the third-party
legacy AV software, please see Compatibility with legacy AV (see Fig. 2)
We DO NOT recommend using any other third-party legacy AVs simultaneously with ROMAD!
[email protected] Page | 4
FIG. 2. ROMAD INSTALLER WARNING
Then, the program will ask to enter the license key. The license key has the following format: ХХХХ-
ХХХХ-ХХХХ-ХХХХ.
FIG. 3. REQUESTING TO ENTER THE LICENSE KEY
ROMAD ENDPOINT DEFENSE GUI
ROMAD Endpoint Defense contains ROMAD Tray Agent, which displays the status of the PC
protection system (see Fig. 4).
Attention! It is strongly recommended NOT to install ROMAD if there is a warning of the incompatible legacy AVs
[email protected] Page | 5
FIG. 4. ROMAD TRAY AGENT IN THE TASK BAR
Right-click for the Tray Agent menu:
1. About - displays the current ROMAD version, the malware database version, and the license's
expiration date (Fig. 5)
2. Journal - displays the event log on the user's PC. (Fig. 6)
FIG. 5. ROMAD ENDPOINT DEFENSE ABOUT WINDOW
FIG.6. THE ROMAD ENDPOINT DEFENSE JOURNAL WINDOW
[email protected] Page | 6
If malware is detected, the user will receive a notification in the system message window (see Fig. 7).
FIG. 7. NOTICE OF MALWARE DETECTION
If an incorrect license key was entered during the ROMAD installation, the ROMAD Endpoint
Defense GUI icon will be displayed in red.
When you call the Tray Agent context menu, the "Set License Key" prompt appears where you can
enter a correct license key (see Fig. 8).
FIG. 8. ENTERING A LICENSE KEY VIA TRAY AGENT
ROMAD ENDPOINT DEFENSE UPDATING PROCESS
The Malware Genome™ database is downloaded automatically and does not require user
intervention.
When the ROMAD Endpoint Defense itself is updated, in the system notification window, the user
is notified of the need to reboot the OS to complete the update procedure (see Fig. 9).
FIG.9. THE UPDATE NOTIFICATION
Attention! Without a valid license key, ROMAD protection does not work!
[email protected] Page | 7
There a two options concerning the PC rebooting (see Fig. 10):
Reboot Now – installing updates and automatically rebooting the system
Update Later - reminding later; ROMAD can remind you about rebooting:
1. in 2 hours
2. in 4 hours
3. at midnight
4. at convenient for you time (Set time)
FIG. 10. SETTING THE TIME FOR REBOOT
If the user selects "Reboot Now", they will receive another window asking them to confirm the
system reboot (see Fig. 11):
FIG. 11. SYSTEM REBOOT CONFIRMATION
FAQ
This is the list of the frequently asked questions.
ROMAD ENDPOINT DEFENSE LICENSE
WHERE DO I DOWNLOAD THE TRIAL ROMAD COPY FROM?
Please fill in the form on https://romad-systems.com and we will contact you very shortly.
DO I NEED A LICENSE TO USE ROMAD ENDPOINT DEFENSE?
Yes, you do need a license to use ROMAD Endpoint Defense. Without the license ROMAD will not
work on your computer.
[email protected] Page | 8
HOW CAN I GET THE ROMAD LICENSE?
You cannot purchase ROMAD from our website https://romad-systems.com. However, you can find
a list of our distributors on our website https://romad-systems.com.
WHAT DO I DO ONCE I HAVE THE LICENSE?
ROMAD requires the license key to work. ROMAD Endpoint Defense Installer will prompt you for it.
If you have made a mistake for any reason while the installation, no worries, ROMAD Endpoint
Defense GUI will give you the second chance to change the license key in case of error.
HOW TO RE-ACTIVATE MY ROMAD LICENSE?
From time to time you need or want to replace some parts of your computer hardware. When
replacing some parts of the hardware (for example, changing the drive or a network card), the
computer’s Hardware ID will be changed. In this case, you need to get a new activation key. This process
is called reactivation. The number of reactivations for one ID is 10. Reactivation is performed
automatically.
To make the reactivation successful, you have to be sure that:
• The license key is in our database (i.e. you have purchased it)
• The license key is not expired (still valid)
• The Hardware ID has not been changed dramatically
If these conditions are not fulfilled, the reactivation will be denied.
We recommend you to change one hardware part at a time following by a reboot.
DOES ROMAD NEED THE INTERNET?
ROMAD does not frequently require the Internet connection. Malware Genome™ database update
happens usually 2-3 times per month (does not require a reboot). The ROMAD itself usually updates
once per month (see ROMAD Endpoint Defense updating process).
However, the Internet is required for the first installation as ROMAD needs to talk to the licensing
and updating server to get the Malware Genome™ database. ROMAD cannot work without the Malware
Genome™ database.
Attention! For the first ROMAD installation, an Internet connection to https://portal.romad-systems.com/ is required.
[email protected] Page | 9
SYSTEM REQUIREMENTS
Right after a PC is turned on and the Microsoft® Windows boots up, ROMAD needs some time to
adjust Dynamic Multi-Tiered Trust Model settings. Usually it takes about 5 minutes. The CPU load will be
high during this initial process.
Normally, the resources consumption is as follows (see Fig. 12):
• CPU consumption is no more than 10-15% (should be even less)
• RAM is 100MB (maximum)
FIG. 12. ROMAD SERVICE CPU AND RAM CONSUMPTION
ROMAD also has the driver. Its CPU consumption should be no more than 5-10% (see Fig. 13):
FIG. 13. ROMAD DRIVER CPU CONSUMPTION
[email protected] Page | 10
ROMAD DIAGNOSTIC TOOL
When contacting the ROMAD support service, you may be asked to provide diagnostic data relating
to the ROMAD. To get this data, you need to run the ROMAD Endpoint Defense Diagnostic Tool from the
folder where ROMAD is installed (usually, it is C:\Program Files\ROMAD Endpoint Defense).
FIG. 14. DISPLAYING ROMAD ENDPOINT DEFENSE DIAGNOSTIC TOOL
When you click on “Send report”, the data is compressed and sent to ROMAD support service.
If, for any reason, the file was not sent, it can be found in the C:\Program Files\ROMAD Endpoint
Defense folder and has to be emailed to [email protected].
GENERAL QUESTIONS
HOW DO I CONNECT TO THE INTERNET VIA PROXY?
ROMAD is using the OS proxy settings. In most cases, these are the same settings as for the
Microsoft® Internet Explorer. If Microsoft® Internet Explorer can access the Internet, ROMAD also can
access the Internet.
WHY DOES ROMAD REQUIRE A PC REBOOT?
We understand the reboot may be troublesome in certain environments. However, there is
currently no any other way for ROMAD to update (except for the Malware Genome™ database update
that does not require a reboot). Therefore, ROMAD will kindly ask for the reboot (see Fig. 15):
[email protected] Page | 11
FIG. 15. ROMAD PROMPT FOR REBOOT
GLOSSARY
Not all the users are cyber security experts. Therefore, some terms may need a more detailed explanation.
MALWARE
Malware or malicious software is the software that is created for the purpose of unauthorized access to the PC data and resources.
MALWARE FAMILY
Malware family is the classification taxon used for splitting the malicious software into different categories. Each malware family has its name, e.g. Sality, Cerber, Kelios, CryptXXX and there is no single standard for these names. ROMAD tries to use the Microsoft classification. Other classifications also exist.
SIGNATURE
Signature or “static signature” is a byte-sequence that legacy AV detects. The static signatures are used for more than 20 years and are considered outdated now.
The static signatures cannot provide the required protection level, as they need to be updated very often. The legacy AV that was not updated within an hour is under the threat of infection by malware.
ANTIVIRUS
Antivirus is the technology that is using the static signatures.
Attention! ROMAD will not be able to protect your system in a sufficient manner without the reboot! Reboot is required to complete the ROMAD update.
[email protected] Page | 12
NGEP
Next-generation protection solutions are using the proprietary algorithms to fight malware. All legacy AVs are using the same technology based on the static signatures. NGEPs are using a pool of different technologies sometimes in combinations. Only time will tell which approach is more effective.
NGEDR
Gartner agency has created a classification for the next generation endpoint protection solutions. ROMAD is within Next Generation Endpoint Detection and Response category.
GENETIC SEQUENCE™
Genetic sequence™ is the element of ROMAD technology. As ROMAD operating principal is radically different from that of a legacy AV, all the malware arsenal is useless against ROMAD engine.
MALWARE GENOME™
Malware genome™ is a set of the Genetic Sequences™ of the different malware families. Physically the Malware Genome™ is a small database on an endpoint. The Malware Genome™ updates are happening 2 or 3 times per month, consume less than 100 kb of disk space and do not require a reboot. If there are no updates for any reason, the general ROMAD protection level decreases very slowly. The legacy AV will become obsolete within 1-2 hours when there are no updates. ROMAD will become partially obsolete within 3-4 months for the similar scenario.