News :

02/26/2012 - Begin Clean Room version

02/26/2012 - Finish 0.01 Clean Room version with IISLogMail module.

02/27/2012 - Finish 0.02 Add Not: (False Positives)

02/28/2012 - Finish 0.03 Encrypt the Output via AESCrypt

02/29/2012 - Finish 0.04 Bug fixes

03/02/2012 - Finish 0.05 File System Scan & Rename tool to OMENS (Object Monitorfor Enhanced Network Security)

03/03/2012 - Created this OMENS help File

03/05/2012 - Finish 0.06 - File Scan too slow - Improved Code

03/06/2012 - Finish 0.07 - Add Alarms

03/09/2012 - Finish 0.20 - Added WGetIni (Centralized signatures) - OMENS is now Beta-2

03/15/2012 - Finish 0.33 - Added File Mapping to check for new or deleted files

03/21/2012 - Finish 0.34 - Added New File signature FCS: scanning

03/24/2012 - Finish 0.35 - Added New Configuration File signing to detect tampering

03/31/2012 - Finish 0.36 - Added FCScan:All|New, Writing files to the current working directory (OMENS.exe only), and Wildcard searching. Also changed the "Logscan" option code so that Resume/Reset is now based on configuration file name - so that Logscan: Resume/Reset will keep it's place differently for each configuration. (It was a busy weekend).

05/06/2012 - Finish 0.39 - Add Syslog Output.

05/06/2012 - Finish 0.41 - Add /Verbose (Command Line) - for debugging, Add more detail to (CHG) Messages.

08/05/2012 - Finish 0.55 - Many Changes! This is a New Fork of OMENS: Uses SQLIte for all data, add Auto-Update, Add /Config and /Alarms to Configure OMENS and Alarms, Add /Passwd to Reset the OMENS Hash/Password, Add FCScan:Auto - This option will auto-add and auto-delete New/Chg/Del files to allow OMENS to maintain itself.

09/15/2012 - Finish 0.62 - Add Descriptions of Signatures - More info is better. Add Xlate routine to enable Binary Comapares (%nn where nn is the hex number, and %% is just a %). Add PBKDF2 Config Parameter (Default is 1000).

11/04/2012 - Finish 0.74 - Save Bad IP Addresses in the table with a bad count, then when complete, write out a new BlockedIP text file for input into a blocker - Like the OMENS Global.asax routine - But any program can be used! Write out a new BlockedHTML text file for input into a blocker - Like the OMENS Global.asax routine - But any program can be used! Experimental Base64 detection - or Base64-ish obfuscation. Sign OMENSExit and Alarm execution files as a countermeasure. Check for the existence of Hostile Registry keys.

11/12/2012 - Finish 0.80 - Improve Base64 detection. Add DeepDive config parameter and /DeepDive command line option - Reports on ALL ACTIVITY by bad IP Addresses.

01/18/2013 - Start 0.81 - Add BadIPLog config parameter for IP address blocking interface (Types are Log, XML(Web.config), and HTA (.htaccess).

01/25/2013 - Finish 0.81 - Add BadHTML config parameter for hostile file Quarantine (Types are Log, Hide(Change the File Attribute to hidden (works with IIS)), and Quarantine..

02/10/2013 - Finish 0.82 - Add SMTPCC To CC the OMENS Report. Also made some bug fixes..

02/15/2013 - Finish 0.83 - Various bug fixes. Increased SMTPCC To 10 email addresses..

03/10/2013 - Finish 0.84 - Add /JIBMerge parameter to import/Merge the CERT JIB into OMENS database. Fixed DST Bug. Add Hostile MD5 check for Malware Signatures from CERT JIB

03/23/2013 - Finish 0.85 - Add /OMNMerge parameter to import/Merge the OMENS JIB into OMENS database. Added MD5: remote Signature.

04/15/2013 - Finish 0.86 - OMENS can now process (load) up to 10 Remote Signature files per scan.

06/30/2013 - Finish 1.00 - Improved /config option. Added new DirCheck configuration Option. Added new OMENShare signature sharing parameter & table.

06/30/2013 - Finish 1.15 - Added Granular Signature Sharing, and Signature Weighting.

10/30/2013 - Finish 1.16 - Added MD5 checking with the VirusTotal service.

11/20/2013 - Finish 1.17 - Added New Evasion Detection Engine.

02/01/2014 - Finish 1.18 - Bug Fix (When ClientIPIndx = 1).

02/28/2014 - Finish 1.19 - IIS Doesn't like duplicated Block IPs. Added Duplicate check to IPS file output.

04/12/2014 - Finish 2.01 - Now Check Logs for any badfile request. Add more VirusTotal Integration. New Field/Column search in Log file Parser.

05/16/2014 - Finish 2.05 - 2.x Bug Fixes and database integrity improvements.

12/31/2014 - Finish 2.10 - Integrate ShadowServer Bin-Check.

02/14/2015 - Finish 2.11 - Improvements in DB code to prevent occasional hangs/abends.

04/04/2015 - Finish 2.12 - Fix Parsing bugs for non Web Logs. Add clientIPIndx = -1.