MAX AI Based Korean AV

What's your opinion about AI based AVs

  • Just a gimmick

    Votes: 24 27.0%
  • Better than Signatures

    Votes: 12 13.5%
  • The one to solve all our problems

    Votes: 2 2.2%
  • On the fence

    Votes: 9 10.1%
  • Waiting for more data

    Votes: 42 47.2%

  • Total voters
    89

mekelek

Level 28
Thread author
Verified
Well-known
Feb 24, 2017
1,661
AbG2j0.png

I just stumbled upon this while looking through Virustotal results.
It has an open beta that everyone can download and use once registered on malwares.com.
Been playing with it, it's AI based and did pretty well during testing.
Took me a good 10-15 minutes to figure out which tab/function does what, but eventually got it, it's pretty simple.

Detected samples:
yHGqA0.png


All currently running processes with their AI scores, shows which ones are blocked by MAX, you can also kill the process
vIKqOQ.png


You can open their VT like site on each program/sample from the UI and it shows some details about
2asGyJ.png


Anyone played with it or heard about it?

just to note, I installed it on top of GData since this VM instance had that installed, and It obliterated GData's files, marked them as unsafe and blocked them. It also somehow managed to make GData open a stone aged UI instead of the new one somehow(inside the VM, not on my Host PC) :D
 
Last edited:
D

Deleted member 65228

I do not believe we have even scratched the surface yet with Ai. Artificial Intelligence can be really beneficial, but it can be flawed at the same time. It'll get better over time in the industry as more start to frequently use it and do even more with neural networks/deep learning and other model types for security usage.

I'd personally go for a product using a variety of techniques, including Ai/ML, as opposed to a product focusing on only one.
 
Last edited by a moderator:

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,448
Mekelek, you need more options like, On the fence, Waiting for more data.:)
Is that the English version you posted.
You say your running G-data inside a VM, is this for testing, also are you running a security soft on the outside of the VM. Curious.:confused:
 

DaveInTexas

Level 1
Mar 14, 2018
4
I have to agree with the above posts; I welcome AI, but I would only want it as an additional layer of protection. Doesn’t Cylance use AI (or Machine Learning)? I use VirusTotal at least several times a day and Cylance seems quite prone to false positives. On the other hand Gartner and others tend to rate it high and give it very positive reviews. But would I trust AI alone to protect my computer? Or drive a car?
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
I have to agree with the above posts; I welcome AI, but I would only want it as an additional layer of protection. Doesn’t Cylance use AI (or Machine Learning)? I use VirusTotal at least several times a day and Cylance seems quite prone to false positives. On the other hand Gartner and others tend to rate it high and give it very positive reviews. But would I trust AI alone to protect my computer? Or drive a car?

I've been running cylance for a few months now, I get zero false positives, other than a few files it detected during the initial scan of hdd following installation. The few files it found were "expected" and unneeded. cylance also running very light on my win7x64, the "bad rap" that cylance gets is that user looses some control, which is true, but over time I've found that to be more of a blessing (or relief) than a curse. I have plenty of other stuff to tweak.
And sure, I run files thru VT too. Let me think... cylance did block panda cloud cleaner from running an on demand scan. So you can call that a false positive but I'm guessing that cylance saw it coming and anticipated some sort of conflict and blocked it. I do occasional on-demand scans with HMP and EEK aok.
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
I have to agree with the above posts; I welcome AI, but I would only want it as an additional layer of protection. Doesn’t Cylance use AI (or Machine Learning)? I use VirusTotal at least several times a day and Cylance seems quite prone to false positives. On the other hand Gartner and others tend to rate it high and give it very positive reviews. But would I trust AI alone to protect my computer? Or drive a car?

gee, I have a tech friend who drives a high end tesla testing beta Ai driving software. Last month we drove 40 miles on somewhat congested expressway without any problems. But I read the news, not infallible, but then Ai is doing as well or better than a lot of people on the road. And sure I have other protection on my pc, but I "feel" safer running cylance too. watching this thread with interest.
 

mekelek

Level 28
Thread author
Verified
Well-known
Feb 24, 2017
1,661
Mekelek, you need more options like, On the fence, Waiting for more data.:)
Is that the English version you posted.
You say your running G-data inside a VM, is this for testing, also are you running a security soft on the outside of the VM. Curious.:confused:
there is no English version yet sadly
also i'm running GData on the Host OS atm, and I had GData installed on the VM but had to uninstall it cause they don't seem to like each other.

added more poll options
 
Last edited:

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
I had a quick dance with Max AV this morning and would like to give an overview. But first off, my compliments to Mekelek for bringing this product to out attention!

(Please note that a video review of a Version 1 Beta 1 product would be totally unfair and unseemly)

1). Installation: Although the product is in Korean, it is fairly intuitively obvious how to install correctly. Whenever I initially install an unknown product I dumb down the VM to simulate the biggest POS that a person could possibly use, and I can safely say that MAX is feather light. It is important to note that you will have an active connection to their (malware.com) servers in Korea (118.219.252.2), and if you look up this IP you will find it under various Abuse Lists (Duhhh...); it is safe.

2). Running new and old malware: Every executable malware I ran, whether a few weeks or a few hours old was detected. The older ones were detected immediately; the newer ones after a few seconds of "thinking". But please note that if the connection to the Command Server was interrupted the system would be infected. So it absolutely needs and outbound connection to be effective.

3). Scriptors: As long as a Scriptor (vbs, PowerShell, hta, JScript, etc) results in a payload that is an executable you are protected. But if the entire malicious mechanism does not rely on an exe file you are totally (insert word here that rhymes with Duct).

Conclusion: This is perhaps the best Version 1 beta 1 product that I have had the pleasure to test. But until the developers can increase the IQ of the AI to detect Scriptors I would strongly suggest an Avoid for any actual production systems.
 

mekelek

Level 28
Thread author
Verified
Well-known
Feb 24, 2017
1,661
I had a quick dance with Max AV this morning and would like to give an overview. But first off, my compliments to Mekelek for bringing this product to out attention!

(Please note that a video review of a Version 1 Beta 1 product would be totally unfair and unseemly)

1). Installation: Although the product is in Korean, it is fairly intuitively obvious how to install correctly. Whenever I initially install an unknown product I dumb down the VM to simulate the biggest POS that a person could possibly use, and I can safely say that MAX is feather light. It is important to note that you will have an active connection to their (malware.com) servers in Korea (118.219.252.2), and if you look up this IP you will find it under various Abuse Lists (Duhhh...); it is safe.

2). Running new and old malware: Every executable malware I ran, whether a few weeks or a few hours old was detected. The older ones were detected immediately; the newer ones after a few seconds of "thinking". But please note that if the connection to the Command Server was interrupted the system would be infected. So it absolutely needs and outbound connection to be effective.

3). Scriptors: As long as a Scriptor (vbs, PowerShell, hta, JScript, etc) results in a payload that is an executable you are protected. But if the entire malicious mechanism does not rely on an exe file you are totally (insert word here that rhymes with Duct).

Conclusion: This is perhaps the best Version 1 beta 1 product that I have had the pleasure to test. But until the developers can increase the IQ of the AI to detect Scriptors I would strongly suggest an Avoid for any actual production systems.
for the 2nd part, you can solve that issue with having this option changed:
vds1xz.png

this way i got 2 additional .doc file detected

the first option only scans executables, the 2nd one scans every file type
thanks for the compliment, i'm playing with it too, pretty impressive with insane performance.
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
No Joy- Although I had been dancing all night, I had one final one with Max AV utilizing the setting that Dear Mekelek suggested. Sadly the Scriptor malware that I had in my Zoo still bypassed it (Worms and a JScript ransomware). Now to be fair my next two videos will be on Worms where a number a highly regarded products also fail.

No more dancing for me today, Sun is up and time to sleep...
 

DaveInTexas

Level 1
Mar 14, 2018
4
I've been running cylance for a few months now, I get zero false positives, other than a few files it detected during the initial scan of hdd following installation. The few files it found were "expected" and unneeded. cylance also running very light on my win7x64, the "bad rap" that cylance gets is that user looses some control, which is true, but over time I've found that to be more of a blessing (or relief) than a curse. I have plenty of other stuff to tweak.
And sure, I run files thru VT too. Let me think... cylance did block panda cloud cleaner from running an on demand scan. So you can call that a false positive but I'm guessing that cylance saw it coming and anticipated some sort of conflict and blocked it. I do occasional on-demand scans with HMP and EEK aok.
Don't get me wrong, I've never used Cylance; my experience is just running files through Virus Total (with whatever settings are employed there), where Cylance has flagged quite a few files (I overstated my case when I said it was "prone to FPs"). I use WinPatrol WAR which seems to flag close to half my new installs as malicious. AI is still developing and its only as good as the underlying code. I've been working on computers (of and on) since the mid-1970s, and I am just not ready to put all my eggs in one basket, preferring layers -- I just don't think any one solution will offer a complete and total solution. I'm also a bit of a skeptic and that was my (poor) attempt to inject some humor. But it looks like a couple of folks here have already started to put this one through its paces. I wish my testing computer was up because I would love to try MAX out; I may have to set up a new one.
 

mekelek

Level 28
Thread author
Verified
Well-known
Feb 24, 2017
1,661
Don't get me wrong, I've never used Cylance; my experience is just running files through Virus Total (with whatever settings are employed there), where Cylance has flagged quite a few files (I overstated my case when I said it was "prone to FPs"). I use WinPatrol WAR which seems to flag close to half my new installs as malicious. AI is still developing and its only as good as the underlying code. I've been working on computers (of and on) since the mid-1970s, and I am just not ready to put all my eggs in one basket, preferring layers -- I just don't think any one solution will offer a complete and total solution. I'm also a bit of a skeptic and that was my (poor) attempt to inject some humor. But it looks like a couple of folks here have already started to put this one through its paces. I wish my testing computer was up because I would love to try MAX out; I may have to set up a new one.
i highly doubt Cyclane is just uploading stuff to VT since their engine is available on VT.
so far i'm impressed with MAX but as @cruelsister said, it has a few weak points.
I'm gonna contact the devs and ask for the English version.
 

Mops21

Level 34
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,351
Hi all

I have send them some questions

1. Any infos for the englisch version

2. Any infos for the Final version release date

3. Any infos for the multilanguage version of it

And here are the answers

1. We have a plan for English version, scheduled on March 29, 2018 at the moment (it is subject to situations, though)

2. On March 29, 2018, we will release English version of updated MAX version. Accordingly, you can go to malwares.com website and download it.

3. There will be Korean and English version only for some time. Other language will be provided when we are capable for it in the future.

With best Regards
Mops21
 

mekelek

Level 28
Thread author
Verified
Well-known
Feb 24, 2017
1,661
Hi all

I have send them some questions

1. Any infos for the englisch version

2. Any infos for the Final version release date

3. Any infos for the multilanguage version of it

And here are the answers

1. We have a plan for English version, scheduled on March 29, 2018 at the moment (it is subject to situations, though)

2. On March 29, 2018, we will release English version of updated MAX version. Accordingly, you can go to malwares.com website and download it.

3. There will be Korean and English version only for some time. Other language will be provided when we are capable for it in the future.

With best Regards
Mops21
I also made an inquiry but you already got my questions answered.
sweet
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top