Callisto Technology

V-Shield Endpoint-Cloud Virus Protection Platform

An endpoint-cloud integrated malware protection solution designed for GB 44495 and UN R155 compliance. Covering in-vehicle SDKs, offline scanning, cloud hash checking, signature updates, policy operations, event reporting, and audit tracking to help automakers build a continuous malware defense system.

Cloud Central
Hash Checking & Updates
Endpoint SDK
Local Scan & Interception
Security Operations
SOC / SIEM / Compliance

What is Callisto V-Shield Endpoint-Cloud Virus Protection Platform?

V-Shield is an endpoint-cloud integrated malware scanning solution for smart vehicles and automaker cloud platforms.

  • Problem solved: Intercepts malicious apps, trojans, and botnets to meet mandatory compliance.
  • Core capabilities: Local/cloud scanning, APK and USB scan, signature updates, and event reporting.
  • Target audience: Automakers, Tier 1 suppliers, and fleet operators.
  • Relation to S3 Platform: Belongs to the Shield layer, focusing on low-level file and application malware detection.

Regulatory & Compliance Requirements

GB 44495 and UN R155 require automakers to establish mechanisms for the identification, detection, protection, response, recording, and continuous improvement regarding malware (including viruses). V-Shield fully supports OEMs in meeting these mandatory compliance requirements through integrated detection, signature updates, and audit reporting.

Endpoint-Cloud Integrated Architecture

A collaborative system designed for automotive businesses, supporting virus operations and closed-loop governance for large-scale fleets.

Endpoint Defense (Vehicle)

Minimalist in-vehicle integration for Android and Linux. Includes file scanning, APK installation checks, USB scanning, scheduled scans, and offline queues.

Cloud Central (Backend)

Enterprise-controlled hub for signature and policy distribution. Includes API gateway, asset registry, policy center, update center, and cloud checking proxy.

Security Operations (SOC & SIEM)

From detection alerts to visual governance. Includes event, reporting, and audit centers, with seamless integration into TSP and data lakes.

In-Vehicle SDK Capabilities

Lightweight, low-power, tailored for complex vehicle environments

Local File Scanning

APK Installation Check

USB/Peripheral Scan

Scheduled/Idle Scan

Local Signature Management

Local Policy Cache

Cloud Check API

Offline Event Queue

CPU/IO Resource Control

Block/Isolate/Clean Actions

Cloud Platform Capabilities

Security operations hub supporting millions of concurrent vehicles

API Security Gateway

Endpoint Asset Inventory

License Activation

Scan & Action Policies

Signature Canary/Full Updates

Cloud Hash Check Proxy

Event Aggregation

Multi-dimensional Reports

Compliance Audit Center

System Integration Adapters

Virus Detection Data Flow

1. Trigger Scan (USB/Install/Timer)

2. Local Signature Check (ms response)

3. Generate File Hash

4. Cloud Hash Check (if online)

5. Cloud Returns Risk Verdict

6. Endpoint Blocks/Isolates

7. Report to Event Center

8. SOC Correlation & Fleet Alert

Typical Scenarios

Pre-installation APK Check

Real-time interception of malicious code when owners download from app stores or install third-party APKs via ADB.

USB Media Scanning

Automatically triggers a full scan when a USB drive is inserted, preventing USB viruses from infecting the infotainment system.

Nighttime Low-Impact Scanning

Executes deep full-disk scans during vehicle sleep, charging, or idle times to avoid consuming compute resources while driving.

Large File Cloud Hash Checking

For large unknown files, only the Hash is extracted and sent to the cloud for comparison, saving massive bandwidth and memory.

Signature Canary Rollouts & Rollbacks

Supports incremental signature pushes. OEMs can verify in test fleets before full deployment, with one-click rollback if false positives occur.

GB 44495 Compliance Reporting

Automatically generates regulatory-compliant reports on malware detection rates, signature versions, and action logs for certification audits.

Relation to Other Callisto Products

ProductMain ValueRelation to V-Shield
S3-VSOCCloud security operations and closed-loop responseReceives malware detection alerts from V-Shield to correlate with other network logs.
V-SafetyMindCabin full-domain security and privacy protectionV-Shield focuses on low-level malware; V-SafetyMind focuses on permissions and LLM behaviors.
V-GuardLLM input/output and tool call guardrailsV-Guard defends against semantic inputs, while V-Shield defends against malicious files. They complement each other.

Frequently Asked Questions

It is a malware defense system tailored for smart vehicles. Through the synergy of a lightweight in-vehicle SDK and the automaker’s cloud management platform, it creates a closed loop of detection, updates, event reporting, and compliance.

V-Shield is highly optimized for the automotive compute environment, strictly controlling CPU, I/O, and network usage so driving safety processes are never impacted. Moreover, its signature and policy distribution are fully controlled by the automaker, supporting deep integration with OTA, TSP, and SOC.

Regulations mandate vehicles to have malware protection capabilities. V-Shield provides everything from local scanning and cloud checking to event reporting and audit logs, serving directly as technical proof for OEMs to pass mandatory certifications.

For small files or known threats, local lightweight signatures provide millisecond offline detection. For large files, unknown APKs, or rapidly updating threats, the system extracts the Hash and queries the cloud, balancing offline availability with cloud compute power.

The cloud platform manages signature versions. It supports full/incremental pushes and canary releases by vehicle model or region. If a new signature causes false positives, operators can roll back to the previous stable version with one click.

Yes. Without a network, the SDK relies entirely on cached policies and offline signatures to detect and block threats. Security events are stored in a local queue and automatically uploaded when the network recovers.

The SDK provides strict resource control policies, allowing caps on CPU usage, I/O throttling, and pause/resume mechanisms (e.g., automatically pausing scans when the vehicle shifts into Drive or CPU load exceeds 80%).

All data is reported directly to the automaker’s privately deployed V-Shield cloud platform, or pushed to the OEM’s existing SOC/Data Lake via adapters. Callisto does not access sensitive vehicle data.

Ready to build a compliant malware defense system?

Contact us about our automotive cybersecurity services

With the transformation of automobiles into intelligent ones, automobile cybersecurity challenges are becoming increasingly prominent, and automobile companies urgently need to upgrade their cybersecurity protection systems.
Callisto (Beijing) Technology Co., Ltd. is a national high-tech enterprise founded by one of the world's first technical experts focusing on automotive network security, invested by world-renowned institutions, and possessing a number of independent intellectual property rights.
GDPR
Chinese vehicle cybersecurity standard:
General Technical Requirements for Automobile Information Security
Comply with" Guidelines for the Construction of Internet of Vehicles Network Security and Data Security Standard System",meet GB/T 40861-2021 "General Technical Requirements for Automobile Information Security", establish and provide automobile network security services. Any data we process for our customers and any risks we discover are the private assets of our customers and cannot be accessed without authorization.
©2022 Callisto (Beijing) Technology Co., Ltd.ICP No. 2022011284-1
ISO/SAE 21434
Vehicle cybersecurity certification:
ISO/SAE 21434 and UN R155UN R156

Contact us for ISO and WP.29 certification services to meet EU regulations.

Tel: 4001059410

Address: 201, Building 2A, Silicon Valley Liangcheng, Haidian District, Beijing