MAX AI Based Korean AV

[mekelek]

I just stumbled upon this while looking through Virustotal results.
It has an open beta that everyone can download and use once registered on malwares.com.
Been playing with it, it's AI based and did pretty well during testing.
Took me a good 10-15 minutes to figure out which tab/function does what, but eventually got it, it's pretty simple.

Detected samples:

All currently running processes with their AI scores, shows which ones are blocked by MAX, you can also kill the process

You can open their VT like site on each program/sample from the UI and it shows some details about

Anyone played with it or heard about it?

just to note, I installed it on top of GData since this VM instance had that installed, and It obliterated GData's files, marked them as unsafe and blocked them. It also somehow managed to make GData open a stone aged UI instead of the new one somehow(inside the VM, not on my Host PC)

 

[Deleted member 65228]

I do not believe we have even scratched the surface yet with Ai. Artificial Intelligence can be really beneficial, but it can be flawed at the same time. It'll get better over time in the industry as more start to frequently use it and do even more with neural networks/deep learning and other model types for security usage.

I'd personally go for a product using a variety of techniques, including Ai/ML, as opposed to a product focusing on only one.

 

[vtqhtr413]

Mekelek, you need more options like, On the fence, Waiting for more data.
Is that the English version you posted.
You say your running G-data inside a VM, is this for testing, also are you running a security soft on the outside of the VM. Curious.

 

[DaveInTexas]

I have to agree with the above posts; I welcome AI, but I would only want it as an additional layer of protection. Doesn’t Cylance use AI (or Machine Learning)? I use VirusTotal at least several times a day and Cylance seems quite prone to false positives. On the other hand Gartner and others tend to rate it high and give it very positive reviews. But would I trust AI alone to protect my computer? Or drive a car?

 

[DeepWeb]

This looks interesting. Looking forward to an English version.

 

[simmerskool]

I have to agree with the above posts; I welcome AI, but I would only want it as an additional layer of protection. Doesn’t Cylance use AI (or Machine Learning)? I use VirusTotal at least several times a day and Cylance seems quite prone to false positives. On the other hand Gartner and others tend to rate it high and give it very positive reviews. But would I trust AI alone to protect my computer? Or drive a car?

I've been running cylance for a few months now, I get zero false positives, other than a few files it detected during the initial scan of hdd following installation. The few files it found were "expected" and unneeded. cylance also running very light on my win7x64, the "bad rap" that cylance gets is that user looses some control, which is true, but over time I've found that to be more of a blessing (or relief) than a curse. I have plenty of other stuff to tweak.
And sure, I run files thru VT too. Let me think... cylance did block panda cloud cleaner from running an on demand scan. So you can call that a false positive but I'm guessing that cylance saw it coming and anticipated some sort of conflict and blocked it. I do occasional on-demand scans with HMP and EEK aok.

 

[simmerskool]

I have to agree with the above posts; I welcome AI, but I would only want it as an additional layer of protection. Doesn’t Cylance use AI (or Machine Learning)? I use VirusTotal at least several times a day and Cylance seems quite prone to false positives. On the other hand Gartner and others tend to rate it high and give it very positive reviews. But would I trust AI alone to protect my computer? Or drive a car?

gee, I have a tech friend who drives a high end tesla testing beta Ai driving software. Last month we drove 40 miles on somewhat congested expressway without any problems. But I read the news, not infallible, but then Ai is doing as well or better than a lot of people on the road. And sure I have other protection on my pc, but I "feel" safer running cylance too. watching this thread with interest.

 

[mekelek]

Mekelek, you need more options like, On the fence, Waiting for more data.
Is that the English version you posted.
You say your running G-data inside a VM, is this for testing, also are you running a security soft on the outside of the VM. Curious.

there is no English version yet sadly
also i'm running GData on the Host OS atm, and I had GData installed on the VM but had to uninstall it cause they don't seem to like each other.

added more poll options

 

[cruelsister]

I had a quick dance with Max AV this morning and would like to give an overview. But first off, my compliments to Mekelek for bringing this product to out attention!

(Please note that a video review of a Version 1 Beta 1 product would be totally unfair and unseemly)

1). Installation: Although the product is in Korean, it is fairly intuitively obvious how to install correctly. Whenever I initially install an unknown product I dumb down the VM to simulate the biggest POS that a person could possibly use, and I can safely say that MAX is feather light. It is important to note that you will have an active connection to their (malware.com) servers in Korea (118.219.252.2), and if you look up this IP you will find it under various Abuse Lists (Duhhh...); it is safe.

2). Running new and old malware: Every executable malware I ran, whether a few weeks or a few hours old was detected. The older ones were detected immediately; the newer ones after a few seconds of "thinking". But please note that if the connection to the Command Server was interrupted the system would be infected. So it absolutely needs and outbound connection to be effective.

3). Scriptors: As long as a Scriptor (vbs, PowerShell, hta, JScript, etc) results in a payload that is an executable you are protected. But if the entire malicious mechanism does not rely on an exe file you are totally (insert word here that rhymes with Duct).

Conclusion: This is perhaps the best Version 1 beta 1 product that I have had the pleasure to test. But until the developers can increase the IQ of the AI to detect Scriptors I would strongly suggest an Avoid for any actual production systems.

 

[mekelek]

I had a quick dance with Max AV this morning and would like to give an overview. But first off, my compliments to Mekelek for bringing this product to out attention!

(Please note that a video review of a Version 1 Beta 1 product would be totally unfair and unseemly)

1). Installation: Although the product is in Korean, it is fairly intuitively obvious how to install correctly. Whenever I initially install an unknown product I dumb down the VM to simulate the biggest POS that a person could possibly use, and I can safely say that MAX is feather light. It is important to note that you will have an active connection to their (malware.com) servers in Korea (118.219.252.2), and if you look up this IP you will find it under various Abuse Lists (Duhhh...); it is safe.

2). Running new and old malware: Every executable malware I ran, whether a few weeks or a few hours old was detected. The older ones were detected immediately; the newer ones after a few seconds of "thinking". But please note that if the connection to the Command Server was interrupted the system would be infected. So it absolutely needs and outbound connection to be effective.

3). Scriptors: As long as a Scriptor (vbs, PowerShell, hta, JScript, etc) results in a payload that is an executable you are protected. But if the entire malicious mechanism does not rely on an exe file you are totally (insert word here that rhymes with Duct).

Conclusion: This is perhaps the best Version 1 beta 1 product that I have had the pleasure to test. But until the developers can increase the IQ of the AI to detect Scriptors I would strongly suggest an Avoid for any actual production systems.

for the 2nd part, you can solve that issue with having this option changed:

this way i got 2 additional .doc file detected

the first option only scans executables, the 2nd one scans every file type
thanks for the compliment, i'm playing with it too, pretty impressive with insane performance.

 

[cruelsister]

Damn- I wish I knew Korean!!! Now for another quick dance (and thank you for the info!!!!!).

 

[mekelek]

Damn- I wish I knew Korean!!! Now for another quick dance (and thank you for the info!!!!!).

google translate on my phone works wonders

 

[Sunshine-boy]

google translate on my phone works wonders

Yandex also has and I used it for Chinese applications.
Translate text from photos from English and other languages – Yandex.Translate

 

[cruelsister]

No Joy- Although I had been dancing all night, I had one final one with Max AV utilizing the setting that Dear Mekelek suggested. Sadly the Scriptor malware that I had in my Zoo still bypassed it (Worms and a JScript ransomware). Now to be fair my next two videos will be on Worms where a number a highly regarded products also fail.

No more dancing for me today, Sun is up and time to sleep...

 

[DaveInTexas]

I've been running cylance for a few months now, I get zero false positives, other than a few files it detected during the initial scan of hdd following installation. The few files it found were "expected" and unneeded. cylance also running very light on my win7x64, the "bad rap" that cylance gets is that user looses some control, which is true, but over time I've found that to be more of a blessing (or relief) than a curse. I have plenty of other stuff to tweak.
And sure, I run files thru VT too. Let me think... cylance did block panda cloud cleaner from running an on demand scan. So you can call that a false positive but I'm guessing that cylance saw it coming and anticipated some sort of conflict and blocked it. I do occasional on-demand scans with HMP and EEK aok.

Don't get me wrong, I've never used Cylance; my experience is just running files through Virus Total (with whatever settings are employed there), where Cylance has flagged quite a few files (I overstated my case when I said it was "prone to FPs"). I use WinPatrol WAR which seems to flag close to half my new installs as malicious. AI is still developing and its only as good as the underlying code. I've been working on computers (of and on) since the mid-1970s, and I am just not ready to put all my eggs in one basket, preferring layers -- I just don't think any one solution will offer a complete and total solution. I'm also a bit of a skeptic and that was my (poor) attempt to inject some humor. But it looks like a couple of folks here have already started to put this one through its paces. I wish my testing computer was up because I would love to try MAX out; I may have to set up a new one.

 

[mekelek]

Don't get me wrong, I've never used Cylance; my experience is just running files through Virus Total (with whatever settings are employed there), where Cylance has flagged quite a few files (I overstated my case when I said it was "prone to FPs"). I use WinPatrol WAR which seems to flag close to half my new installs as malicious. AI is still developing and its only as good as the underlying code. I've been working on computers (of and on) since the mid-1970s, and I am just not ready to put all my eggs in one basket, preferring layers -- I just don't think any one solution will offer a complete and total solution. I'm also a bit of a skeptic and that was my (poor) attempt to inject some humor. But it looks like a couple of folks here have already started to put this one through its paces. I wish my testing computer was up because I would love to try MAX out; I may have to set up a new one.

i highly doubt Cyclane is just uploading stuff to VT since their engine is available on VT.
so far i'm impressed with MAX but as @cruelsister said, it has a few weak points.
I'm gonna contact the devs and ask for the English version.

 

[Mops21]

Hi all

I have send them some questions

1. Any infos for the englisch version

2. Any infos for the Final version release date

3. Any infos for the multilanguage version of it

And here are the answers

1. We have a plan for English version, scheduled on March 29, 2018 at the moment (it is subject to situations, though)

2. On March 29, 2018, we will release English version of updated MAX version. Accordingly, you can go to malwares.com website and download it.

3. There will be Korean and English version only for some time. Other language will be provided when we are capable for it in the future.

With best Regards
Mops21

 

[mekelek]

Hi all

I have send them some questions

1. Any infos for the englisch version

2. Any infos for the Final version release date

3. Any infos for the multilanguage version of it

And here are the answers

1. We have a plan for English version, scheduled on March 29, 2018 at the moment (it is subject to situations, though)

2. On March 29, 2018, we will release English version of updated MAX version. Accordingly, you can go to malwares.com website and download it.

3. There will be Korean and English version only for some time. Other language will be provided when we are capable for it in the future.

With best Regards
Mops21

I also made an inquiry but you already got my questions answered.
sweet

 

[Antimalware18]

does this only work on-execution or does it work like a traditional AV?

Watching this thread btw. Highly interested so far

 

[ForgottenSeer 69673]

I've been running cylance for a few months now, I get zero false positives

I was running Cylance for a few years and if I remember right in your web console, you can submit files to VT as well and flag them as safe if you actually want to run them.
I plan on giving MAX a try once in English.