ROMAD. Stop chasing, start eradicating™

ROMAD ENDPOINT DEFENSE

USER MANUAL V. 1.5

support@romad-systems.com Page | 1

TABLE OF CONTENTS

ROMAD Endpoint Defense USER MANUAL ................................................................................................... 2

Introduction .............................................................................................................................................. 2

Supported OSes ......................................................................................................................................... 2

Compatibility with legacy AV .................................................................................................................... 3

ROMAD Endpoint Defense Installer .......................................................................................................... 3

ROMAD Endpoint Defense GUI ................................................................................................................. 4

ROMAD Endpoint Defense updating process ........................................................................................... 6

FAQ ............................................................................................................................................................ 7

ROMAD Endpoint Defense license ........................................................................................................ 7

Where do I download the trial ROMAD copy from? ......................................................................... 7

Do I need a license to use ROMAD Endpoint Defense? .................................................................... 7

How can I get the ROMAD license?................................................................................................... 8

What do I do once I have the license? .............................................................................................. 8

How to re-activate my ROMAD license? ........................................................................................... 8

Does ROMAD need the Internet? ..................................................................................................... 8

System requirements ............................................................................................................................ 9

ROMAD Diagnostic Tool ...................................................................................................................... 10

General questions ............................................................................................................................... 10

How do I connect to the Internet via proxy? .................................................................................. 10

Why does ROMAD require a PC reboot? ........................................................................................ 10

Glossary ................................................................................................................................................... 11

support@romad-systems.com Page | 2

ROMAD ENDPOINT DEFENSE USER MANUAL

INTRODUCTION

Thank you for choosing ROMAD!

Patented ROMAD Endpoint Defense (hereinafter referred to as ROMAD) is a way of

protecting computers from next-gen malware. It is a cutting edge malware behavioral analysis

tool that works in real time. This approach allows us to get rid of ineffective and resource-

consuming file scans.

Due to our unique Malware Genetic Sequencing ™ technology applied to the unchanged

behavioral characteristics of malware, ROMAD does not require the participation of a human

operator. The human input is reduced to an absolute minimum: deploy ROMAD to computer.

ROMAD protects the user's system in real time without significant load on the processor,

memory or hard disk.

This user manual contains a few sections that you may refer to:

• For the legacy AV compatibility please refer to Compatibility with legacy AV

• On how to install ROMAD on a local PC please refer to ROMAD Endpoint Defense

Installer

• For frequently asked question please refer to FAQ

SUPPORTED OSES

Client OSes:

• Windows 7 x86/x64

• Windows 8.1 x86/x64

• Windows 10 x86/x64

Server OSes:

• Windows Server 2008 r2 x64

• Windows Server 2012 r2 x64

• Windows Server 2016 x64

support@romad-systems.com Page | 3

COMPATIBILITY WITH LEGACY AV

ROMAD is fully compatible with:

• Microsoft® Windows Defender

• The following ESET® products:

o ESET® NOD32 Antivirus

o ESET® Endpoint Antivirus

o ESET® File Security

o ESET® Smart Security

ROMAD ENDPOINT DEFENSE INSTALLER

The ROMAD Installer is designed to be installed on a local computer.

ROMAD installer can be launched in a so-called silent mode or in a fully interactive mode. The silent

mode is for internal use only, e.g. it is used for ROMAD Endpoint Defense Deployer (Available in the

Enterprise version of the program). The fully interactive mode is a normal option.

ROMAD installer will check the PC for the compatible OS version, see Supported OSes

If the ROMAD Installer detects working Microsoft Compatibility Telemetry, it will offer to disable

this service due to the large consumption of system resources (see Fig. 1).

FIG. 1 OFFERING TO DISABLE MICROSOFT COMPATIBILITY TELEMETRY

The installer will also check for the incompatible software. The biggest part of it is the third-party

legacy AV software, please see Compatibility with legacy AV (see Fig. 2)

We DO NOT recommend using any other third-party legacy AVs simultaneously with ROMAD!

support@romad-systems.com Page | 4

FIG. 2. ROMAD INSTALLER WARNING

Then, the program will ask to enter the license key. The license key has the following format: ХХХХ-

ХХХХ-ХХХХ-ХХХХ.

FIG. 3. REQUESTING TO ENTER THE LICENSE KEY

ROMAD ENDPOINT DEFENSE GUI

ROMAD Endpoint Defense contains ROMAD Tray Agent, which displays the status of the PC

protection system (see Fig. 4).

Attention! It is strongly recommended NOT to install ROMAD if there is a warning of the incompatible legacy AVs

support@romad-systems.com Page | 5

FIG. 4. ROMAD TRAY AGENT IN THE TASK BAR

Right-click for the Tray Agent menu:

1. About - displays the current ROMAD version, the malware database version, and the license's

expiration date (Fig. 5)

2. Journal - displays the event log on the user's PC. (Fig. 6)

FIG. 5. ROMAD ENDPOINT DEFENSE ABOUT WINDOW

FIG.6. THE ROMAD ENDPOINT DEFENSE JOURNAL WINDOW

support@romad-systems.com Page | 6

If malware is detected, the user will receive a notification in the system message window (see Fig. 7).

FIG. 7. NOTICE OF MALWARE DETECTION

If an incorrect license key was entered during the ROMAD installation, the ROMAD Endpoint

Defense GUI icon will be displayed in red.

When you call the Tray Agent context menu, the "Set License Key" prompt appears where you can

enter a correct license key (see Fig. 8).

FIG. 8. ENTERING A LICENSE KEY VIA TRAY AGENT

ROMAD ENDPOINT DEFENSE UPDATING PROCESS

The Malware Genome™ database is downloaded automatically and does not require user

intervention.

When the ROMAD Endpoint Defense itself is updated, in the system notification window, the user

is notified of the need to reboot the OS to complete the update procedure (see Fig. 9).

FIG.9. THE UPDATE NOTIFICATION

Attention! Without a valid license key, ROMAD protection does not work!

support@romad-systems.com Page | 7

There a two options concerning the PC rebooting (see Fig. 10):

Reboot Now – installing updates and automatically rebooting the system

Update Later - reminding later; ROMAD can remind you about rebooting:

1. in 2 hours

2. in 4 hours

3. at midnight

4. at convenient for you time (Set time)

FIG. 10. SETTING THE TIME FOR REBOOT

If the user selects "Reboot Now", they will receive another window asking them to confirm the

system reboot (see Fig. 11):

FIG. 11. SYSTEM REBOOT CONFIRMATION

FAQ

This is the list of the frequently asked questions.

ROMAD ENDPOINT DEFENSE LICENSE

WHERE DO I DOWNLOAD THE TRIAL ROMAD COPY FROM?

Please fill in the form on https://romad-systems.com and we will contact you very shortly.

DO I NEED A LICENSE TO USE ROMAD ENDPOINT DEFENSE?

Yes, you do need a license to use ROMAD Endpoint Defense. Without the license ROMAD will not

work on your computer.

support@romad-systems.com Page | 8

HOW CAN I GET THE ROMAD LICENSE?

You cannot purchase ROMAD from our website https://romad-systems.com. However, you can find

a list of our distributors on our website https://romad-systems.com.

WHAT DO I DO ONCE I HAVE THE LICENSE?

ROMAD requires the license key to work. ROMAD Endpoint Defense Installer will prompt you for it.

If you have made a mistake for any reason while the installation, no worries, ROMAD Endpoint

Defense GUI will give you the second chance to change the license key in case of error.

HOW TO RE-ACTIVATE MY ROMAD LICENSE?

From time to time you need or want to replace some parts of your computer hardware. When

replacing some parts of the hardware (for example, changing the drive or a network card), the

computer’s Hardware ID will be changed. In this case, you need to get a new activation key. This process

is called reactivation. The number of reactivations for one ID is 10. Reactivation is performed

automatically.

To make the reactivation successful, you have to be sure that:

• The license key is in our database (i.e. you have purchased it)

• The license key is not expired (still valid)

• The Hardware ID has not been changed dramatically

If these conditions are not fulfilled, the reactivation will be denied.

We recommend you to change one hardware part at a time following by a reboot.

DOES ROMAD NEED THE INTERNET?

ROMAD does not frequently require the Internet connection. Malware Genome™ database update

happens usually 2-3 times per month (does not require a reboot). The ROMAD itself usually updates

once per month (see ROMAD Endpoint Defense updating process).

However, the Internet is required for the first installation as ROMAD needs to talk to the licensing

and updating server to get the Malware Genome™ database. ROMAD cannot work without the Malware

Genome™ database.

Attention! For the first ROMAD installation, an Internet connection to https://portal.romad-systems.com/ is required.

support@romad-systems.com Page | 9

SYSTEM REQUIREMENTS

Right after a PC is turned on and the Microsoft® Windows boots up, ROMAD needs some time to

adjust Dynamic Multi-Tiered Trust Model settings. Usually it takes about 5 minutes. The CPU load will be

high during this initial process.

Normally, the resources consumption is as follows (see Fig. 12):

• CPU consumption is no more than 10-15% (should be even less)

• RAM is 100MB (maximum)

FIG. 12. ROMAD SERVICE CPU AND RAM CONSUMPTION

ROMAD also has the driver. Its CPU consumption should be no more than 5-10% (see Fig. 13):

FIG. 13. ROMAD DRIVER CPU CONSUMPTION

support@romad-systems.com Page | 10

ROMAD DIAGNOSTIC TOOL

When contacting the ROMAD support service, you may be asked to provide diagnostic data relating

to the ROMAD. To get this data, you need to run the ROMAD Endpoint Defense Diagnostic Tool from the

folder where ROMAD is installed (usually, it is C:\Program Files\ROMAD Endpoint Defense).

FIG. 14. DISPLAYING ROMAD ENDPOINT DEFENSE DIAGNOSTIC TOOL

When you click on “Send report”, the data is compressed and sent to ROMAD support service.

If, for any reason, the file was not sent, it can be found in the C:\Program Files\ROMAD Endpoint

Defense folder and has to be emailed to support@romad-systems.com.

GENERAL QUESTIONS

HOW DO I CONNECT TO THE INTERNET VIA PROXY?

ROMAD is using the OS proxy settings. In most cases, these are the same settings as for the

Microsoft® Internet Explorer. If Microsoft® Internet Explorer can access the Internet, ROMAD also can

access the Internet.

WHY DOES ROMAD REQUIRE A PC REBOOT?

We understand the reboot may be troublesome in certain environments. However, there is

currently no any other way for ROMAD to update (except for the Malware Genome™ database update

that does not require a reboot). Therefore, ROMAD will kindly ask for the reboot (see Fig. 15):

support@romad-systems.com Page | 11

FIG. 15. ROMAD PROMPT FOR REBOOT

GLOSSARY

Not all the users are cyber security experts. Therefore, some terms may need a more detailed explanation.

MALWARE

Malware or malicious software is the software that is created for the purpose of unauthorized access to the PC data and resources.

MALWARE FAMILY

Malware family is the classification taxon used for splitting the malicious software into different categories. Each malware family has its name, e.g. Sality, Cerber, Kelios, CryptXXX and there is no single standard for these names. ROMAD tries to use the Microsoft classification. Other classifications also exist.

SIGNATURE

Signature or “static signature” is a byte-sequence that legacy AV detects. The static signatures are used for more than 20 years and are considered outdated now.

The static signatures cannot provide the required protection level, as they need to be updated very often. The legacy AV that was not updated within an hour is under the threat of infection by malware.

ANTIVIRUS

Antivirus is the technology that is using the static signatures.

Attention! ROMAD will not be able to protect your system in a sufficient manner without the reboot! Reboot is required to complete the ROMAD update.

support@romad-systems.com Page | 12

NGEP

Next-generation protection solutions are using the proprietary algorithms to fight malware. All legacy AVs are using the same technology based on the static signatures. NGEPs are using a pool of different technologies sometimes in combinations. Only time will tell which approach is more effective.

NGEDR

Gartner agency has created a classification for the next generation endpoint protection solutions. ROMAD is within Next Generation Endpoint Detection and Response category.

GENETIC SEQUENCE™

Genetic sequence™ is the element of ROMAD technology. As ROMAD operating principal is radically different from that of a legacy AV, all the malware arsenal is useless against ROMAD engine.

MALWARE GENOME™

Malware genome™ is a set of the Genetic Sequences™ of the different malware families. Physically the Malware Genome™ is a small database on an endpoint. The Malware Genome™ updates are happening 2 or 3 times per month, consume less than 100 kb of disk space and do not require a reboot. If there are no updates for any reason, the general ROMAD protection level decreases very slowly. The legacy AV will become obsolete within 1-2 hours when there are no updates. ROMAD will become partially obsolete within 3-4 months for the similar scenario.