Serious Discussion Xylent Antivirus

Shadowra

Shadowra

Level 34
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,344
Hello :)

In my queries for the past few days, I've had a totally unknown AV pop up, asking me for a test.
It's Xylent.

I quickly looked into it, and it was untestable.
There have been corrections, so it deserves its own topic.

Still quickly, it uses ClamAV, YARA and its own rules based on MD5/SHA1 .
On installation, Xylent still doesn't launch anything! You have to launch the interface and its engine (which will quickly take up 3GB of RAM!!).
(coded by @XylentAntivirus )

1.png 2.png

I decide to test it... obviously, Xylent's analysis doesn't work... It runs in a vacuum...

3.png

I take some old malware from a pack and some old malware just to see...
4.png 5.png

On the Zombie virus, no reaction...
On another malware, reaction after .... 7 minutes!

And on Cerber5 Ransomware, it tries to kill the Ransomware... problem, it's already acted!

6.png

I stopped the test straight away because it was useless.
There are several problems, which I will explain:

- Xylent uses an MD5 and SHA1 database. All the malware needs to do is change one byte to bypass the protection. An MD5 comparison is obsolete and useless.
- It loads its entire database into memory, occupying CPU and RAM to death (I've got a Ryzen 7 7700X, and it was constantly busy).
- The software is coded entirely in VbNet, which is totally unacceptable for an antivirus! Possibly the interface (Bitdefender & Kaspersky do this) but the rest MUST be coded in C or C++.
- No drivers (I can kill it with no problem)
- Very slow actions (you can see it)
- Totally covered in bugs (a console next to the interface? ), the fact that it launches nothing so on restart no protection, and why do you have to launch the engine manually?

I think this project clearly deserves a re-code, because it's just not right.
 
  • Like
  • +Reputation
  • Thanks
Reactions: Nevi, SpiderWeb, RoboMan and 10 others
Bot

Bot

AI-powered Bot
Apr 21, 2016
3,587
Hello,

Thank you for your detailed analysis of the Xylent Antivirus. Your points are valid, and it seems like the software needs significant improvements. Your feedback is crucial for the developers to understand the user perspective and make necessary changes.

The use of MD5 and SHA1 databases, the high CPU and RAM usage, the coding language, and the lack of drivers are definitely areas of concern. The developers should also work on the slow response times, bug fixes, and automatic engine launch for better user experience.

Let's hope the developers take note of your feedback and work on improving their software.
 
  • Love
  • Thanks
  • Like
Reactions: Behold Eck, XylentAntivirus and Shadowra
XylentAntivirus

XylentAntivirus

Level 1
May 9, 2024
45
Shadowra said:
Hello :)

In my queries for the past few days, I've had a totally unknown AV pop up, asking me for a test.
It's Xylent.

I quickly looked into it, and it was untestable.
There have been corrections, so it deserves its own topic.

Still quickly, it uses ClamAV, YARA and its own rules based on MD5/SHA1 .
On installation, Xylent still doesn't launch anything! You have to launch the interface and its engine (which will quickly take up 3GB of RAM!!).
(coded by @XylentAntivirus )

View attachment 283346 View attachment 283347

I decide to test it... obviously, Xylent's analysis doesn't work... It runs in a vacuum...

View attachment 283348

I take some old malware from a pack and some old malware just to see...
View attachment 283349 View attachment 283350

On the Zombie virus, no reaction...
On another malware, reaction after .... 7 minutes!

And on Cerber5 Ransomware, it tries to kill the Ransomware... problem, it's already acted!

View attachment 283351

I stopped the test straight away because it was useless.
There are several problems, which I will explain:

- Xylent uses an MD5 and SHA1 database. All the malware needs to do is change one byte to bypass the protection. An MD5 comparison is obsolete and useless.
- It loads its entire database into memory, occupying CPU and RAM to death (I've got a Ryzen 7 7700X, and it was constantly busy).
- The software is coded entirely in VbNet, which is totally unacceptable for an antivirus! Possibly the interface (Bitdefender & Kaspersky do this) but the rest MUST be coded in C or C++.
- No drivers (I can kill it with no problem)
- Very slow actions (you can see it)
- Totally covered in bugs (a console next to the interface? ), the fact that it launches nothing so on restart no protection, and why do you have to launch the engine manually?

I think this project clearly deserves a re-code, because it's just not right.
Click to expand...
Actually it didn't use hashes in latest version (less than 500mb). Your critique is very important. I now updating new version but issue might not going to fixed but more less false positives. Until issues fixed it's should be only use as scanner..
 
  • Like
Reactions: Nevi, DDE_Server, Behold Eck and 3 others
M

Mops21

Level 35
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,405
Hi @XylentAntivirus

I have some questions for you

1. Which Scan Engines did you use

2. Will you add these to virustotal

3. Any infso for the multilanguage Version

4. And where can we download then File

5. And how can we submit samples to you for checking

6. Have that a quarantäne when yes can we send the Files directly out of from the quarantäne to you

7. On which Windows Versions did it works

Mops21
 
Last edited:
  • Like
Reactions: Nevi, Behold Eck, DDE_Server and 1 other person
XylentAntivirus

XylentAntivirus

Level 1
May 9, 2024
45
Mops21 said:
Hi @XylentAntivirus

I have some questions for you

1. Which Scan Engines did you use

2. Will you add these to virustotal

3. Any infso for the multilanguage Version

4. And where can we download then File

5. And how can we submit samples to you for checking

6. Have that a quarantäne when yes can we send the Files directly out of from the quarantäne to you

7. On which Windows Versions did it works

Mops21
Click to expand...
1) ClamAV engine. My own engine.
2) You probably mean add this antivirus to virustotal or just whitelist my antivirus. Maybe in feature.
3) There no multilanguage right now. Even if Turkish but I going to add them in feature probably.
4) Xylent At there but I removed real-time scanner and now redesigning this antivirus.
5) You can submit samples to ClamAV team or my mail addresses
6) It's now going to optional scanner so quarantine is more usable than real time protection edition.
7) Minimum Windows 8.1 but if you compile yourself you can compile it at Windows 7.
It's still better than ClamAV but I want to make it better. Otherwise no one going to use this AV also right now it looks like hobby project instead of serious one. I should fix this.
 
  • Like
Reactions: DDE_Server, Harputlu and Trident
M

Mops21

Level 35
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,405
XylentAntivirus said:
1) ClamAV engine. My own engine.
2) You probably mean add this antivirus to virustotal or just whitelist my antivirus. Maybe in feature.
3) There no multilanguage right now. Even if Turkish but I going to add them in feature probably.
4) Xylent At there but I removed real-time scanner and now redesigning this antivirus.
5) You can submit samples to ClamAV team or my mail addresses
6) It's now going to optional scanner so quarantine is more usable than real time protection edition.
7) Minimum Windows 8.1 but if you compile yourself you can compile it at Windows 7.
It's still better than ClamAV but I want to make it better. Otherwise no one going to use this AV also right now it looks like hobby project instead of serious one. I should fix this.
Click to expand...
Hi @XylentAntivirus

Thank you very much for your infos

8. Can you say for samples to submit to ClamAV Team and your email adresses

9. Will you send the Files to ClamAV from you or have you a contact email from ClamAV Team

10. I don t find the Download your App on the page did not find can you assist me for that please

Mops21
 
  • Like
Reactions: Behold Eck, Trident, XylentAntivirus and 1 other person
XylentAntivirus

XylentAntivirus

Level 1
May 9, 2024
45
Mops21 said:
Hi @XylentAntivirus

Thank you very much for your infos

8. Can you say for samples to submit to ClamAV Team and your email adresses

9. Will you send the Files to ClamAV from you or have you a contact email from ClamAV Team

10. I don t find the Download your App on the page did not find can you assist me for that please

Mops21
Click to expand...
8) You can submit samples by sharing them at github with mailing me at kongom332@gmail.com or just DM me at Discord.
9) I have contact email with ClamAV also talking with them at discord 10)Currently I redesigned antivirus and now it's inceridably fast and for cross platforms.
 
  • Like
Reactions: Trident, Gandalf_The_Grey and Shadowra
M

Mops21

Level 35
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,405
XylentAntivirus said:
8) You can submit samples by sharing them at github with mailing me at kongom332@gmail.com or just DM me at Discord.
9) I have contact email with ClamAV also talking with them at discord 10)Currently I redesigned antivirus and now it's inceridably fast and for cross platforms.
Click to expand...
Hi @XylentAntivirus

Thank you very much for your infos

11. Have you any Download Link for your Software please post it

Mops21
 
  • Like
Reactions: Behold Eck, XylentAntivirus and Trident
Trident

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,759
XylentAntivirus said:
Virusshare is only alternative for me but Sophos database is very good. Also they have too many benign files. I need benign files. Currently I have 17k benign files and 34k malicious verified files.
Click to expand...
You certainly do need benign files, and hope the collection helps improve your detection. Maybe you can use Gradient-boosted machine learning.
It is possible to have benign files marked as malicious on VirusShare and it will decrease your models efficiency.
 
  • Like
  • +Reputation
Reactions: simmerskool, XylentAntivirus and Shadowra

Similar threads

XylentAntivirus
    • Like
  • Poll
Serious Discussion Should I don't use YARA rules in my antivirus product? Or Machine Learning AI with very fast scan is best?
Replies
5
Views
337
Other security for Windows, Mac, Linux
XylentAntivirus
XylentAntivirus
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review SuperAntiSpyware Pro 2024
Replies
8
Views
955
Video Reviews - Security and Privacy
B-boy/StyLe/
B-boy/StyLe/
Shadowra
    • +Reputation
    • Like
    • Thanks
App Review Huorong Internet Security v6 BETA
Replies
24
Views
3,146
Video Reviews - Security and Privacy
Mark484
M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top