Make your video test requests!

XylentAntivirus

Level 3
May 9, 2024
101
I've just tested it quickly, even though you haven't updated it yet and, for the moment, too many things need to be revised...

For the record, Xylent is an antivirus project based on ClamAV. It also uses MD5 and SHA1 rules from MalShare, VirusShare, VirusSign etc., as well as YARA.
The file is 1.4GB in size, installs and... doesn't launch... I launch it directly in admin. (xylent_antivirus.exe & engine.exe )

The product consumes a lot of Ram... Between 2GB and 5GB of RAM! That's huge!!!
View attachment 283320View attachment 283321

Xylent create no registry key at startup. In case of infection, the antivirus will not protect you. Why is this? Because there's no entry at startup... a shame for an AV...

View attachment 283322

Xylent tries to create YARA rules with Powershell. Only errors...

View attachment 283323

Obviously, with so much RAM monopolized by Xylent, the VM crashed. Either the AMD graphics driver crashed, or... BSOD (I had both)
There's definitely a problem with the anti-virus and an optimization problem.
For the moment, I won't test it. To be reworked!
The issue is actually hashes. There too many hashes at there and it's fully localized. If you want I can create lite edition. The lite edition is keep heuristics, is most power come from there. No Virusshare undefinied hashes. No old hashes older than 1 year (securiteinfoold.hdb). With this most of issues should be fixed but if you want I can create more lite edition.
 
Last edited:
F

ForgottenSeer 109138

I want to propose an interesting test, that is valid in concerns.

Hard Configurator and Cyberlock both placed on Pre-Infected systems "as a side by side" to see how they handle installation on systems already infected, possibly unknown to the user.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
The issue is actually hashes. There too many hashes at there and it's fully localized. If you want I can create lite edition. The lite edition is keep heuristics, is most power come from there. No Virusshare undefinied hashes. No old hashes older than 1 year (securiteinfoold.hdb). With this most of issues should be fixed but if you want I can create more lite edition.
Why don’t you try using Amazon AWS, they are not very expensive and will most probably offer you a credit as a startup… you can’t just keep a massive bunch of hashes in memory. Either keep part of them and upon a match, read rest from SSD or find another method such as compression to reduce the size.
 

XylentAntivirus

Level 3
May 9, 2024
101
Why don’t you try using Amazon AWS, they are not very expensive and will most probably offer you a credit as a startup… you can’t just keep a massive bunch of hashes in memory. Either keep part of them and upon a match, read rest from SSD or find another method such as compression to reduce the size.
Actually there undefinied hashes. I should not use it even if in cloud because they didn't show malware name so I deleted them from Lite Edition.
 

lyldz

Level 3
Verified
Well-known
Jun 4, 2016
139
Let’s see Sophos home, I am seeing some interesting, very generic detections, for example they seem to be really aggressive now towards obfuscated scripts… will be an interesting one.

In April, they also removed all customisations from the home software and aligned it completely with the business one, so now more frequent updates will be delivered. Before it was getting 2-3 updates a year.
In May, they added Game Mode finally.
I have been waiting for this for a very long time. With the new update, the application name has changed again. I don't know if there are any changes on the interface yet, but
 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,597

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
It was literally not updated for about a year or even more. I actually wanna see what's new too (y)
You gotta follow the business components now, with which the version is aligned.
Sophos Core Agent:
Actually there undefinied hashes. I should not use it even if in cloud because they didn't show malware name so I deleted them from Lite Edition.
You’ll need to put some effort and see what’s malicious and what’s not. You can create detections like generic, agent, something like that if it’s malicious, even if there is no malware name listed.
But using hashes will be more effective is you use fuzzy hashing.
 

XylentAntivirus

Level 3
May 9, 2024
101
You gotta follow the business components now, with which the version is aligned.
Sophos Core Agent:

You’ll need to put some effort and see what’s malicious and what’s not. You can create detections like generic, agent, something like that if it’s malicious, even if there is no malware name listed.
But using hashes will be more effective is you use fuzzy hashing.
Actually hashes only improve 1% detection of my antivirius. Most power come from YARA, ClamAV and machine learning. I didn't used my IPS (You can see IPS at otherrules) or SIGMA, SUBLIME, CAPA rules.
 

likeastar20

Level 9
Verified
Mar 24, 2016
423
@Shadowra You should be able to create an account for Sophos Interceptx - 30 day trial. All the information I put into the fields was fictitious (except for the email address, which I used from a "temp mail" website. Even though it asks for a real business email and phone number, putting in random things will work (for example, for the phone number I put in 1111111 lol).

screencapture-central-sophos-manage-endpoint-policies-list-create-assign-threat-protection-202...png
 
Last edited:

Shadowra

Level 37
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,630
The issue is actually hashes. There too many hashes at there and it's fully localized. If you want I can create lite edition. The lite edition is keep heuristics, is most power come from there. No Virusshare undefinied hashes. No old hashes older than 1 year (securiteinfoold.hdb). With this most of issues should be fixed but if you want I can create more lite edition.

And why not create a Cloud system :)

@Shadowra You should be able to create an account for Sophos Interceptx - 30 day trial. All the information I put into the fields was fictitious (except for the email address, which I used from a "temp mail" website. Even though it asks for a real business email and phone number, putting in random things will work (for example, for the phone number I put in 1111111 lol).

View attachment 283328

Yep :D
 

Dave Russo

Level 22
Verified
Top Poster
Well-known
May 26, 2014
1,149
I want to propose an interesting test, that is valid in concerns.

Hard Configurator and Cyberlock both placed on Pre-Infected systems "as a side by side" to see how they handle installation on systems already infected, possibly unknown to the user.
I'm not 100 percent sure but, if I remember correctly when Cyberlock take its snapshot, if there already is a infection, its going to consider the system normal, even though it is not, maybe this has changed as I am basing this on my photographic mind which ran out of film a while ago, please correct me if I am wrong
 

Digmor Crusher

Level 25
Verified
Top Poster
Well-known
Jan 27, 2018
1,431
I'm not 100 percent sure but, if I remember correctly when Cyberlock take its snapshot, if there already is a infection, its going to consider the system normal, even though it is not, maybe this has changed as I am basing this on my photographic mind which ran out of film a while ago, please correct me if I am wrong
I think your right.
 
F

ForgottenSeer 109138

I'm not 100 percent sure but, if I remember correctly when Cyberlock take its snapshot, if there already is a infection, its going to consider the system normal, even though it is not, maybe this has changed as I am basing this on my photographic mind which ran out of film a while ago, please correct me if I am wrong
That's the point of the test. Does anyone else see a problem with the possibility of potentially whitelisting malware on a already infected system, especially if the user has no idea its infected and installs the application. Is there disclaimers with the product/s this could happen, open disclaimers that warn the user, that maybe they should thoroughly check their systems before hand because of? Would either product stop an active infection if placed on after the point.

Is this not a valid test and question. Are there any users here that were 100% sure their systems were clean before installing either of these.
 
F

ForgottenSeer 109138

Could you consider testing malware removal tools such as NPE, Kaspersy Virus removal tool, Eset Online Scanner and X-Sec as the underdog on an highly infected VM? Would be interesting. But for now just enjoy your deserved break. :)
That's another realistic test approach. Testing on demand " malware removal tools. Not can they just stop the malware, can they remove all/most traces, when they do, does it corrupt/damage the system/files. Is the system still stable afterwards? Important aspects not necessarily discussed here at MT in tests.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top