https://sourceforge.net/p/hydradragonantivirus/wiki/Installation-Setup/Recent changes to Installation-SetupenSun, 26 Apr 2026 22:58:46 -0000https://sourceforge.net/p/hydradragonantivirus/wiki/Installation-Setup/<div class="markdown_content"><h1 id="h-installation-setup">Installation &amp; Setup</h1> <p>HydraDragonAntivirus is a complex, multi-component security antivirus. It requires careful setup and is currently intended for researchers and advanced users.</p> <h2 id="h-prerequisites">Prerequisites</h2> <ul> <li><strong>Operating System</strong>: Windows 11 (Windows 10 is no longer officially supported).</li> <li><strong>RAM</strong>: Minimum 8 GB (3 GB for ClamAV, 5 GB for other engines).</li> <li><strong>Storage</strong>: Sufficient disk space is needed as the antivirus logs extensive data and handles large signature databases.</li> <li><strong>Development Tools</strong>: <ul> <li>Python 3.x</li> <li>Rust &amp; Cargo (for compiling the firewall and EDR components)</li> <li>Visual Studio Build Tools</li> <li>Windows Driver Kit (WDK) for driver components</li> <li>JDK 21+ for Ghidra</li> </ul> </li> </ul> <h2 id="h-installation-steps">Installation Steps</h2> <ol> <li><strong>Clone the Repository</strong>: <br/> <code>bash git clone https://github.com/HydraDragonAntivirus/HydraDragonAntivirus.git cd HydraDragonAntivirus</code></li> <li><strong>Setup Driver Components</strong>: <ul> <li>Build the <code>Sanctum</code> driver using <code>cargo make</code>.</li> <li>The installed Sanctum user-mode files now live under <code>C:\Program Files\HydraDragonAntivirus\hydradragon\Sanctum</code>.</li> <li>Legacy <code>%AppData%\Sanctum</code> and <code>Desktop\sanctum</code> content is migrated back into that Program Files directory during setup.</li> <li>Install <code>MBRFilter</code> by right-clicking the <code>.inf</code> file and selecting 'install'.</li> <li>Disable Secure Boot if driver installation fails.</li> <li>If the installer disables Hyper-V, VBS, or HVCI, that step is only for Windows driver and testing compatibility in this repo.</li> <li>That installer compatibility step is separate from the wiki's HyperDbg or hypervisor-based protection documentation.</li> </ul> </li> <li><strong>Configure Firewall</strong>: <ul> <li>Ensure <code>WinDivert</code> driver is present.</li> <li>Set <code>late_blocking_mode</code> to <code>true</code> in <code>settings.json</code>.</li> </ul> </li> <li><strong>Initialize ClamAV</strong>: <ul> <li>Ensure the ClamAV database is correctly installed and updated.</li> </ul> </li> <li><strong>Run the Antivirus</strong>: <ul> <li>Build the user-mode components in normal user-context mode and start the stack through <code>HydraDragonAntivirusLauncher</code>.</li> <li>Do not rely on a <code>service</code>-mode Owlyshield build for normal user-path behavior. In service mode, Windows resolves <code>%APPDATA%</code>, <code>%LOCALAPPDATA%</code>, <code>%USERPROFILE%</code>, <code>%TEMP%</code>, and similar env values in the service account context, which can break user-targeted path logic.</li> <li>Wait for the interface to load fully (this may take several minutes).</li> </ul> </li> </ol> <h2 id="h-usage-recommendations">Usage Recommendations</h2> <ul> <li><strong>Virtual Machines</strong>: It is strongly recommended to use a clean Windows 11 VM with snapshots.</li> <li><strong>VM Configuration</strong>: Avoid suspicious VM names (e.g., "John Doe") as some malware may use anti-VM techniques.</li> <li><strong>Windows Firewall</strong>: It is recommended to close the Windows Firewall on the VM to prevent interference with testing.</li> <li><strong>Ransomware Protection</strong>: Create dummy files on your system to help detect ransomware activities.</li> </ul> <h2 id="h-quarantine-directory">Quarantine Directory</h2> <p>The default quarantine directory is located at:<br/> <code>C:\ProgramData\HydraDragonAntivirus\Quarantine</code></p></div>Emirhan UçanSun, 26 Apr 2026 22:58:46 -0000https://sourceforge.neta2d1807ac19ec1155d4b9c8cd696f14d235a39ce