HydraDragonAntivirus Wiki
Open Source Antivirus/XDR for Windows operating system
Status: Beta
Brought to you by:
hydradragonedr
Menu
▾
▴
Installation-Setup
Installation & Setup
HydraDragonAntivirus is a complex, multi-component security antivirus. It requires careful setup and is currently intended for researchers and advanced users.
Prerequisites
- Operating System: Windows 11 (Windows 10 is no longer officially supported).
- RAM: Minimum 8 GB (3 GB for ClamAV, 5 GB for other engines).
- Storage: Sufficient disk space is needed as the antivirus logs extensive data and handles large signature databases.
- Development Tools:
- Python 3.x
- Rust & Cargo (for compiling the firewall and EDR components)
- Visual Studio Build Tools
- Windows Driver Kit (WDK) for driver components
- JDK 21+ for Ghidra
Installation Steps
- Clone the Repository:
bash git clone https://github.com/HydraDragonAntivirus/HydraDragonAntivirus.git cd HydraDragonAntivirus - Setup Driver Components:
- Build the
Sanctumdriver usingcargo make. - The installed Sanctum user-mode files now live under
C:\Program Files\HydraDragonAntivirus\hydradragon\Sanctum. - Legacy
%AppData%\SanctumandDesktop\sanctumcontent is migrated back into that Program Files directory during setup. - Install
MBRFilterby right-clicking the.inffile and selecting 'install'. - Disable Secure Boot if driver installation fails.
- If the installer disables Hyper-V, VBS, or HVCI, that step is only for Windows driver and testing compatibility in this repo.
- That installer compatibility step is separate from the wiki's HyperDbg or hypervisor-based protection documentation.
- Build the
- Configure Firewall:
- Ensure
WinDivertdriver is present. - Set
late_blocking_modetotrueinsettings.json.
- Ensure
- Initialize ClamAV:
- Ensure the ClamAV database is correctly installed and updated.
- Run the Antivirus:
- Build the user-mode components in normal user-context mode and start the stack through
HydraDragonAntivirusLauncher. - Do not rely on a
service-mode Owlyshield build for normal user-path behavior. In service mode, Windows resolves%APPDATA%,%LOCALAPPDATA%,%USERPROFILE%,%TEMP%, and similar env values in the service account context, which can break user-targeted path logic. - Wait for the interface to load fully (this may take several minutes).
- Build the user-mode components in normal user-context mode and start the stack through
Usage Recommendations
- Virtual Machines: It is strongly recommended to use a clean Windows 11 VM with snapshots.
- VM Configuration: Avoid suspicious VM names (e.g., "John Doe") as some malware may use anti-VM techniques.
- Windows Firewall: It is recommended to close the Windows Firewall on the VM to prevent interference with testing.
- Ransomware Protection: Create dummy files on your system to help detect ransomware activities.
Quarantine Directory
The default quarantine directory is located at:
C:\ProgramData\HydraDragonAntivirus\Quarantine
