Introducing SiriusGPT: The First Real-Time GPT / LLM AI based Antimalware Solution

[n8chavez]

I have a legitimate question. If cyberlock and SiriusGPT are both for sale (or they both soon will be), and they cannot exists at the same time on the same system, which do you recommend we use? SiriusGPT cannot be installed on a system with Cyberlock. Which one do we use? If they are integrated then this question is moot, but as of yet they are not. Maybe they will never be, because why sell both independently if that's the case.

 

[danb]

I have a legitimate question. If cyberlock and SiriusGPT are both for sale (or they both soon will be), and they cannot exists at the same time on the same system, which do you recommend we use? SiriusGPT cannot be installed on a system with Cyberlock. Which one do we use? If they are integrated then this question is moot, but as of yet they are not. Maybe they will never be, because why sell both independently if that's the case.

I haven't quite figured all of that out yet, and please feel free to let me know what you guys think we should do, but both are going to have the Sirius engine. They will probably be 2 distinct products, CyberLock geared more toward users / admins that want more options, and Sirius geared more toward users / admins who prefer a simplified solution. I will probably switch between the 2 all the time, and you guys will be able to as well... I will make sure that if you bought a license for one, it will work for the other. Who knows, maybe 3 years from now we might combine both into one product... it is hard to say at this point. But let me know what you guys think we should do, that will help me figure everything out, thank you!

 

[n8chavez]

Ok. No worries. In the meantime, I'm just using the SirusLLM portable version.

 

[Duotone]

@danb is SiriusGPT going to be a part of Cyberlock? The current version of SiriusGPT can't be installed with cyberlock installed. I'm much more confident with how Cyberlock works.

Thanks for your reply!

 

[n8chavez]

@danb is SiriusGPT going to be a part of Cyberlock? The current version of SiriusGPT can't be installed with cyberlock installed. I'm much more confident with how Cyberlock works.

Thanks for your reply!

I mean, are you not reading? This is exactly what we're talking about? He's already answered your question.

 

[danb]

https://gadgetpack.net/dl_380/GadgetPackSetup.msi

Thank you for the link... yes, I remember this now, this is what I was talking about... it was a modded Windows Gadget / Sidebar.

BTW, post #58 was not visible earlier, or at least I did not see it. I was just looking through the initial 1307 Sirius results and happened to notice there were two different sidebar.exe results. Anyway, thank you posting this, I will play around with it a little and see what I find.

 

[danb]

@danb is SiriusGPT going to be a part of Cyberlock? The current version of SiriusGPT can't be installed with cyberlock installed. I'm much more confident with how Cyberlock works.

Thanks for your reply!

Yes, Sirius is almost ready to be integrated into CyberLock, DefenderUI Pro and WDAC Lockdown, but we have a little more tweaking to do since Sirius is so new. For example, we still have to tweak the command line analysis a little, although that will mostly be done on the server side. I just want to make sure everything is just right before we integrate Sirius into the other products because if we do find a bug later, that means I will have to update 5 different products... SiriusLLM, SiriusGPT, CyberLock, DefenderUI Pro and WDAC Lockdown. It is not the end of the world either way though... I am used to updating CyberLock, DefenderUI Pro and WDAC Lockdown whenever we have a new hardcoded rule or optimization. In the meantime, you can run the portable SiriusLLM version if you want, kind of as a second-opinion scanner. I am guessing that Sirius will be integrated into the other products in 1-2 months, thank you!

 

[Duotone]

In the meantime, you can run the portable SiriusLLM version if you want, kind of as a second-opinion scanner. I am guessing that Sirius will be integrated into the other products in 1-2 months, thank you!

Thanks for the response. I now use it in this manner, but when I use it as a scanner exclusively, I feel like I'm losing out on some important features and capabilities.
Will try this on my other PC and see how it performs compared to Cyberlock.

 

[danb]

Thanks for the response. I now use it in this manner, but when I use it as a scanner exclusively, I feel like I'm losing out on some important features and capabilities.
Will try this on my other PC and see how it performs compared to Cyberlock.

I totally understand... but it will not be long before we integrate Sirius into CyberLock. There are several things we need to do first though... as I mentioned, optimized the command line analysis, but also optimize the user prompt, and tons of other small stuff. That is a great idea to try it on your other computer. All I am running now is DefenderUI Free and SiriusGPT.

 

[danb]

BTW, so yeah, it turns out that the sidebar.exe is a modded Windows file... it says it right on their website: GadgetPack - Gadgets for Windows 11 / 10

About GadgetPack​

GadgetPack (formerly 8GadgetPack) makes it possible to use Gadgets on Windows 11 / 10.

• It installs the Gadget Platform that was originally present in Windows 7 with some modifications that make it work on newer Operating Systems.

It might be a safe file, but I personally would use extreme caution, considering what all Sirius said in the Analysis Report. Yet 0 detections on VirusTotal. Go figure . They did mention in their FAQ's that sometimes AVG flags it as a false positive.

That is the problem with the way we have been analyzing malware, and relying too heavily on sandbox analysis, which is constantly wrong. We will be adding new features / metadata to Sirius over the next year, and I bet we discover many more surprises . We could add tons of features / metadata initially, and basically throw everything but the kitchen sink into the analysis, but I strongly believe that is the wrong approach, and the reason why sandbox analysis fail so often. That is why we designed Sirius to start at a baseline, then add the precise features / metadata we need, based on false positives and negatives we see in the results. I know, I know, it is a radical approach, but I think it is going to work extremely well for us.

 

[Duotone]

I totally understand... but it will not be long before we integrate Sirius into CyberLock. There are several things we need to do first though... as I mentioned, optimized the command line analysis, but also optimize the user prompt, and tons of other small stuff. That is a great idea to try it on your other computer. All I am running now is DefenderUI Free and SiriusGPT.

Currently testing it out; not sure what exactly I did that I lost 13,981 tokens already.

Just a suggestion: can you implement a delay before "Allowed(Not safe)" can be clicked, let's say 5-10 sec, and then for the remaining seconds it will auto-block or hide the allow option inside the more info?

 

[danb]

Currently testing it out; not sure what exactly I did that I lost 13,981 tokens already.

Just a suggestion: can you implement a delay before "Allowed(Not safe)" can be clicked, let's say 5-10 sec, and then for the remaining seconds it will auto-block or hide the allow option inside the more info?

Hehehe, sorry about the tokens. Yeah, Snapshot Scans do not use tokens, so if you did not manually scan files to use up tokens, it means that AutoPilot analyzed 3 or so files and auto allowed them. I might remove token deduction from the auto allows from AutoPilot. BTW, if the file has already been scanned and is in the database, then tokens are not deducted at all, no matter which mechanism in Sirius performs the scan (Snapshot scan, manual scan, AutoPilot, etc.). So once the database gets built up a little, then tokens will not be automatically deducted that often.

Thank you for the suggestion on the user prompt. That is kind of what it does when you scan a file that is not in the database... scan a novel file and you will see what I mean. But it might be a great idea to delay it when the file is in the database as well (and the results are quickly returned), thank you!

 

[danb]

BTW, we just got a thumbs down on a Hasleo tray app so I scanned a few Hasleo files (our first thumbs down if memory serves). Hasleo seems to be a standup company, but we oddly keep getting Not Safe verdicts from their scan results. It might be worth looking into. I have read enough Analysis Reports today, otherwise I would do it myself .

 

[Duotone]

I do like the "Prompt Lockdown", is it possible to integrate a parental control in this?

Don't recall having this option in CL.

 

[danb]

I do like the "Prompt Lockdown", is it possible to integrate a parental control in this?

Don't recall having this option in CL.

Thank you! CyberLock will have it soon as well... yeah, it is kind of like parental control. We still have to create a password for the Main / Settings Sirius form though.

CyberLock has several different ways you can stop the user from clicking allow... but these might all be replaced with this one option, we will see how it all works out.

 

[danb]

Wouldn't it be funny / ironic if I inadvertently detected 2-3 malware files running on JT's system?

If you know, you know.

 

[danb]

Hey Guys,

Here is Sirius 0.72. I just added a few small new features, like the user prompt now has Copy and Thumbs buttons at the bottom, and a few other little features.

SiriusGPT should auto update, but SiriusLLM will not auto update since it is a portable app, that way you can choose where it is located.

SiriusLLM is a malware detection engine and portable application that leverages artificial intelligence and ChatGPT-like Large Language Models to assess the potential maliciousness of various digital assets (e.g., executables, scripts, documents).

www.cyberlock.global

 

[simmerskool]

Here is Sirius 0.72. I

Downloaded & running LLM 0.72 aok on win10 hardware with Cyberlock 8.02. Great addition!!!

 

[n8chavez]

Same here. I installed both the LLM version and GPT versions separately, and both are working fine. I'm not seeing any issue here whatsoever.

 

[danb]

I figured out at ridiculously simple but extremely effective method to fix the Command Line false positives. Earlier today I added 9 new LLM instructions, and so far, so good . I initially thought that the command line analysis would be extremely similar to script analysis, and that we could just copy what we did from the script analysis to the command line analysis and we would achieve efficacies approaching 100. It turns out that they are quite different, and now it makes total sense. That is one of the cool things about all of this, you learn new stuff every day.

I understand that with any kind of AI, there is some skepticism. But I promise, Sirius is for real. I am baffled by why anyone would accept the old binary classification algos that all of the other "AI" cybersecurity products use (and the old VoodooAi as well), but do not seem to understand that we are doing basically the same thing with Sirius, but with a much, much, much smarter algo. Sure, it was extremely difficult to get right, but once it was right, I knew it was right.

We have the text / script attacks instructions nailed completely. The portable executable verdicts are almost spot on, and it will be super simple to figure out what metadata to add to detect the misses, as opposed to the shotgun / kitchen sink method that results in false positives (like all of the sandboxes). As mentioned above, the command line analysis is looking great, but there will be a few more instructions we need to add.

Anyway, still waiting on @Shadowra to test SiriusGPT .