OESIS Framework


The OESIS Framework features a modular software architecture. It can easily be integrated into an endpoint solution without any performance impact or excessive resource consumption. The modular architecture also enables customers to license any, some, or all of these modules. OESIS is optimized for performance and size. Below is an overview of the modules available in the OESIS Framework

Detection & Classification

Determine what applications are installed on a given endpoint. The ability to detect applications very quickly makes it easy to embed this functionality in all types of applications, including compliance checks for NAC or other access control. Detected applications are automatically classified into the proper category.


Modify the settings of applications on a given endpoint. This module supports common and application specific operations for thousands of applications. Example uses include enabling real time protection or updating malware definitions for antivirus software, or enabling antiphishing detection on the browser, or even changing the default browser.

Vulnerability Assessment

Rapidly assess the vulnerability of any system or collection of endpoint devices. This module provides the ability to monitor software applications that are considered to be the most common vectors for attack and determine whether they are out of date. This module also provides the ability to initiate updates of applications that are found to be out of date. The Vulnerability Assessment Module has been optimized for speed and designed to focus on the applications that are most frequently targeted by malicious activities.


Quickly, silently, and efficiently remove applications from an endpoint. Applications like browser toolbars can be classified, in bulk or on granular level, as Potentially Unwanted Applications (PUA) and removed from endpoints. The Removal Module also offers the capability to remove antivirus programs that conflict with the organizations’ preferred choice even if the antivirus password is not known. The Removal Module supports many of the functionalities of OPSWAT’s AppRemover product.

Please download the OESIS Framework brochure for additional information.

The Detection Module of OESIS is used to identify applications installed on an endpoint. OESIS supports the detection of thousands of applications from 15 categories, and APIs are provided to gather application details such as vendor, version, running state, installation directory, authenticity of the product, components and more.

Feature Overview

  • Supported Applications
    Thousands of commonly used applications can be detected and classified into many categories, across dozens of operating systems, both current and legacy. Application categories include the ones shown below. Support to detect different attributes, some specific to the application types, is provided. For more details check out the API documentation.
  • Streamlined Automatic Updates to add new application support
    OESIS provides the ability for automatic updates to be seamlessly delivered to end users so that firmware updates are not needed to incorporate the latest third-party application support. As support for new third-party applications is added by OPSWAT, customer solutions can pull data from the OPSWAT database to seamlessly bring the updated support to end users. Other update modes giving more control over the process are also available.
  • Performance
    The Detection Module has been optimized for performance so that invoking this API that won’t slow down your application or consume excessive resources.

Foundation for other Operations

The Detection Module is the foundation for the other modules. Once an application is detected, you can modify its settings using the Manageability Module, check for potential threat vectors using the Vulnerability Module, or even uninstall it using the Removal Module.

OESIS V4 Detection

After the Detection Module detects installed applications on endpoint devices, the Manageability Module enables governance of these applications. APIs provided by the Manageability Module check and remediate application specific settings. Solutions developed using these APIs allow a fine-grained control over applications.

APIs for managing different types of applications are categorized into common and advanced methods. Common functions like start and terminate application are supported for all application types. Advanced functions supported depend on the type of application.

Below are some of the features supported for several of the application types. A full set of APIs supported for different application types are detailed in the API documentation.


The APIs supported for antivirus applications include updating malware definitions, launching a full system scan, turning real time protection on or off and more. These APIs can be used to maintain an antivirus solution at an optimal state to reduce threat to an endpoint. Retrieving the threat detection log from the antivirus application is another API that can be used to gather data for analysis or to uncover potential issues, like a persistent threat that the antivirus application is not able to permanently remove. The threat detection logs can also help identify widespread threats that are spreading in your network. Having this type of information from endpoints is critical when responding to a serious security breach.


The Browser APIs allow checks for whether the antiphishing setting is enabled on all browsers or a specific browser. Phishing sites remain a very common vector for serious infections, especially with Trojans that have the potential to compromise your entire network. APIs to delete bookmarks, check validity of certificates and delete the cache are supported as well.


The APIs for firewalls enable a check for whether the firewall is enabled as well as whether any custom rules that may be mandated by your organization’s policies are being followed, such as disallowing P2P or network gaming ports and protocols. Files downloaded from P2P networks are very often infected with Trojans or viruses.

OESIS V4 Manageability

The Vulnerability Assessment Module of OESIS provides a very quick vulnerability assessment of the most commonly targeted applications by comparing the installed version against the latest available version of an application. For out-of-date applications, OESIS also provides the ability to initiate an update to the latest version. Customer solutions can utilize the information provided by the Vulnerability Assessment Module to make endpoint devices more secure.

Extensive Support for Highly Targeted Applications

The Vulnerability Assessment Module concentrates on applications like Browsers, Java, Operating Systems, document applications, and Adobe software that are top targets for attacks. According to recent studies, attacks on these applications contribute to the majority of attacks. Beyond these applications, common third party applications on Windows and many Antivirus applications are supported. OESIS can detect the installed versions and report whether all critical applications are running at the latest version.

Fast Response for Low Latency Applications

Solutions like NAC and VPN need to make quick decisions on whether an endpoint can be allowed into the network. Many vulnerability assessment solutions in the market take tens of minutes to scan an endpoint to determine vulnerability. OESIS Framework makes quick vulnerability assessments by comparing the installed and the latest available versions of applications on an endpoint.


Common Vulnerability and Exposures (CVE) Support

Recent studies have shown that keeping applications up to date on all machines across the entire organizational network can dramatically reduce exposure to security threats. OESIS gathers information about the latest available versions for endpoint applications by connecting to external feeds. Any mismatch between the installed and latest available versions is reported. Solutions using the Vulnerability Assessment Module can strengthen the security of endpoints by confirming all critical components are running at the latest version.

Additional Features

OESIS Framework implements several other vulnerability assessment mechanisms. OESIS enables customer solutions to configure, manage and remove Potentially Unwanted Applications. There are many types of applications that can be classified as potentially unwanted, and some of these may make an endpoint device vulnerable. The ability to classify, detect, and remove (supported by the Removal module of OESIS) these unwanted applications can make an end device more secure. OESIS can also be used to update Antivirus products to the latest malware definition, thus reducing the vulnerability.

For a list of supported applications, click here.

The Removal Module of OESIS, formerly known as AppRemover, provides the ability to uninstall applications from endpoints. It may be necessary to remove applications to ensure the safety and security of the endpoints and the network. Removing applications can be a difficult process due to password protection, incomplete removal by the application’s own uninstaller leaving lingering files and folders on the system, and forced end user interaction. OESIS brings simplicity into removing unwanted applications.

The Removal Module supports uninstallation of applications like toolbars, public file sharing applications, cloud storage, anti-malware applications and other security applications.

Use Case - PUA

Removal of Potentially Unwanted Applications

Software like Browser toolbars, Public File Sharing programs, Botware, Adware and backup or cloud sync applications may be considered unwanted applications and need to be removed from endpoints. OESIS Framework provides APIs to detect, classify, and remove these applications.

Antivirus Application Removal

Incompatible or non-standard antivirus applications may need to be removed prior to installing Antivirus applications approved for corporate wide use. OESIS provides that ability to easily perform these uninstallations without input from the end user.

Silent Removal

The Removal Module removes Antivirus or other applications silently, without needing any protection passwords or user interaction.

Removal of Previously Failed Uninstallations

The Removal Module can also remove applications that previously failed to uninstall or left traces in the system.