Polar Anti-Malware FREE (Updates)

[RoxasDev]

The Kaspersky key is valid for one year. You can access the Kaspersky website and verify.
Total Virus has no history; it has a maximum limit of 500 files.
Total Virus in Polar scans a file for the first time, then saves it in a hash database file. If the file is in the database, it does not connect to Total Virus.

Also, after reading the documentation and looking at the architecture, I still have a few questions because some of the marketing statements appear stronger than the technical implementation being described.

For example, phrases such as:

* "Protects you against all malicious software, including ransomware"
* "Threat Prevention"
* "Real-time multi-engine protection"
* "Stop threats before they act"

suggest capabilities similar to a traditional antivirus or EDR product.

At the same time, the notes explain that Polar should be used alongside Kaspersky, ESET, Norton, etc., and that VirusTotal and Kaspersky Threat Intelligence are mainly used as secondary reputation sources.

Could you clarify a few technical points?

1. Does Polar include any kernel-mode components (minifilter drivers, callbacks, etc.), or is the entire protection stack implemented in user mode?

2. I noticed that PolarProtectionService.exe does not appear to run under NT AUTHORITY\SYSTEM. Is there any self-protection or anti-tamper mechanism preventing malware with administrative privileges from terminating the protection processes?

3. When you refer to "multi-engine protection", is Polar actively using the actual scanning engines of those vendors, or simply consuming VirusTotal reputation reports that aggregate their verdicts?

I think these clarifications would help users better understand the actual security model of Polar and set appropriate expectations.

From my perspective, Polar seems like an interesting companion security tool and second-opinion scanner. I just believe it's important to clearly distinguish between reputation-based assistance and the capabilities typically expected from a full antivirus or EDR solution.

 

[tiktoshi]

Hello,

I have a question regarding the VirusTotal caching mechanism.

From what I understand, when a file is scanned for the first time, Polar queries VirusTotal, stores the result locally based on the file hash, and then does not query VirusTotal again for that same hash.

If this is correct, what happens in the following scenario?

* Day 1: a new malware sample appears and VirusTotal reports 0/70 detections. Polar stores this verdict locally.
* Day 2 or Day 7: the same hash is now detected by multiple vendors (for example 25/70 or higher on VirusTotal).

Will Polar automatically re-check VirusTotal after a certain period of time (TTL), or refresh the reputation cache periodically?

If not, wouldn't this create a situation where an initially unknown 0-day sample could remain trusted indefinitely on systems that have already cached the original "clean" verdict, even though VirusTotal later identifies it as malicious?

Now there is a check on the file; if it exceeds 7 days, the file will be automatically reanalyzed.

 

[RoxasDev]

Now there is a check on the file; if it exceeds 7 days, the file will be automatically reanalyzed.

Thank you for clarifying that. A 7-day cache expiration is definitely much better than a permanent reputation cache and addresses the main concern I had regarding stale VirusTotal verdicts.

That said, have you considered using an adaptive TTL based on the initial reputation score?

For example:

• 0/70 detections -> recheck after 24 hours
• 1–5 detections -> recheck after 6 hours
• 5–15 detections -> recheck after 1 hour
• High detection ratios -> immediate alert or revalidation

The reason I'm asking is that many 0-day samples initially appear as 0/70 and their detection rates often increase significantly within the first 24–72 hours as vendors update their signatures.

A fixed 7-day interval could still leave a window where a previously unknown sample remains trusted even though VirusTotal has already started flagging it.

I think your current implementation is already a big improvement over a permanent cache, but an adaptive reputation refresh strategy could make Polar even stronger while keeping API usage under control.

 

[tiktoshi]

Also, after reading the documentation and looking at the architecture, I still have a few questions because some of the marketing statements appear stronger than the technical implementation being described.

For example, phrases such as:

* "Protects you against all malicious software, including ransomware"
* "Threat Prevention"
* "Real-time multi-engine protection"
* "Stop threats before they act"

suggest capabilities similar to a traditional antivirus or EDR product.

At the same time, the notes explain that Polar should be used alongside Kaspersky, ESET, Norton, etc., and that VirusTotal and Kaspersky Threat Intelligence are mainly used as secondary reputation sources.

Could you clarify a few technical points?

1. Does Polar include any kernel-mode components (minifilter drivers, callbacks, etc.), or is the entire protection stack implemented in user mode?

2. I noticed that PolarProtectionService.exe does not appear to run under NT AUTHORITY\SYSTEM. Is there any self-protection or anti-tamper mechanism preventing malware with administrative privileges from terminating the protection processes?

3. When you refer to "multi-engine protection", is Polar actively using the actual scanning engines of those vendors, or simply consuming VirusTotal reputation reports that aggregate their verdicts?

I think these clarifications would help users better understand the actual security model of Polar and set appropriate expectations.

From my perspective, Polar seems like an interesting companion security tool and second-opinion scanner. I just believe it's important to clearly distinguish between reputation-based assistance and the capabilities typically expected from a full antivirus or EDR solution.

The Polar program is just an assistant, and I pointed that out.

It protects you from all malware because it supports multiple engines from VirusTotal, and this is its strength.

The Polar software can be installed alongside the main software.

In the Polar settings, engine options, disable the engine you are using as the primary engine.

There is no mechanism for self-protection.

 

[tiktoshi]

Thank you for clarifying that. A 7-day cache expiration is definitely much better than a permanent reputation cache and addresses the main concern I had regarding stale VirusTotal verdicts.

That said, have you considered using an adaptive TTL based on the initial reputation score?

For example:

• 0/70 detections -> recheck after 24 hours
• 1–5 detections -> recheck after 6 hours
• 5–15 detections -> recheck after 1 hour
• High detection ratios -> immediate alert or revalidation

The reason I'm asking is that many 0-day samples initially appear as 0/70 and their detection rates often increase significantly within the first 24–72 hours as vendors update their signatures.

A fixed 7-day interval could still leave a window where a previously unknown sample remains trusted even though VirusTotal has already started flagging it.

I think your current implementation is already a big improvement over a permanent cache, but an adaptive reputation refresh strategy could make Polar even stronger while keeping API usage under control.

I have thot about it before.

Better as it is now. It will be re-scanned if it exceeds 7 on VirusTotal from its date.

And not from the saved file.

 

[Shadowra]

The main problem with Polar is that it doesn't detect malware that is completely unknown to VT or the Kaspersky cloud.

For example: I built a simple AsyncRAT payload for testing. Polar didn’t react to the execution, and the machine got infected.
It reacted two minutes later via VT... except that in two minutes, several actions can be carried out....

 

[tiktoshi]

The main problem with Polar is that it doesn't detect malware that is completely unknown to VT or the Kaspersky cloud.

For example: I built a simple AsyncRAT payload for testing. Polar didn’t react to the execution, and the machine got infected.
It reacted two minutes later via VT... except that in two minutes, several actions can be carried out....

Better than not discovering it.

 

[Shadowra]

Better than not discovering it.

Sure, but imagine it's a stealer that steals all the information—one that's completely unknown to antivirus software. Whether it gets detected or not, after two minutes, the infostealer has had plenty of time to steal everything :/

 

[tiktoshi]

Sure, but imagine it's a stealer that steals all the information—one that's completely unknown to antivirus software. Whether it gets detected or not, after two minutes, the infostealer has had plenty of time to steal everything :/

The name should be changed from Polar Antivirus to Polar Anti-Malware because the term "antivirus" refers to a comprehensive program.

What is your opinion?

 

[RoxasDev]

The Polar program is just an assistant, and I pointed that out.

It protects you from all malware because it supports multiple engines from VirusTotal, and this is its strength.

The Polar software can be installed alongside the main software.

In the Polar settings, engine options, disable the engine you are using as the primary engine.

There is no mechanism for self-protection.

I have thot about it before.

Better as it is now. It will be re-scanned if it exceeds 7 on VirusTotal from its date.

And not from the saved file.

The name should be changed from Polar Antivirus to Polar Anti-Malware because the term "antivirus" refers to a comprehensive program.

What is your opinion?

I really appreciate your honesty and transparency.

Based on your explanations, I personally think that "Polar Anti-Malware" would indeed be a more accurate name.

When people hear the term "Antivirus", they usually expect a comprehensive security solution with features such as self-protection, anti-tamper mechanisms, kernel-level components, and the ability to operate independently.

From what you've described, Polar is better positioned as a companion anti-malware tool that complements a traditional antivirus by providing additional reputation checks through VirusTotal and Kaspersky Threat Intelligence, along with user-mode monitoring.

I don't see that as a weakness at all. In fact, I think being transparent about what Polar does and does not do will increase users' trust in the project.

Thank you for answering all of these technical questions. It's always great to have open discussions about architecture and security assumptions.

 

[Khushal]

The main problem with Polar is that it doesn't detect malware that is completely unknown to VT or the Kaspersky cloud.

For example: I built a simple AsyncRAT payload for testing. Polar didn’t react to the execution, and the machine got infected.
It reacted two minutes later via VT... except that in two minutes, several actions can be carried out....

No dynamic (basic) protection as previously mentioned by me....

 

[Shadowra]

The name should be changed from Polar Antivirus to Polar Anti-Malware because the term "antivirus" refers to a comprehensive program.

What is your opinion?

That's much better, and please make it clear that it should NOT be used as your primary antivirus but rather as a supplement (like Malwarebytes, for example).

Like a free combination such as MS Defender + Polar or Avira + Polar...

 

[tiktoshi]

That's much better, and please make it clear that it should NOT be used as your primary antivirus but rather as a supplement (like Malwarebytes, for example).

Like a free combination such as MS Defender + Polar or Avira + Polar...

A new name for the ( threat scanner )

 

[tiktoshi]

I really appreciate your honesty and transparency.

Based on your explanations, I personally think that "Polar Anti-Malware" would indeed be a more accurate name.

When people hear the term "Antivirus", they usually expect a comprehensive security solution with features such as self-protection, anti-tamper mechanisms, kernel-level components, and the ability to operate independently.

From what you've described, Polar is better positioned as a companion anti-malware tool that complements a traditional antivirus by providing additional reputation checks through VirusTotal and Kaspersky Threat Intelligence, along with user-mode monitoring.

I don't see that as a weakness at all. In fact, I think being transparent about what Polar does and does not do will increase users' trust in the project.

Thank you for answering all of these technical questions. It's always great to have open discussions about architecture and security assumptions.

 

[tiktoshi]

I really appreciate your honesty and transparency.

Based on your explanations, I personally think that "Polar Anti-Malware" would indeed be a more accurate name.

When people hear the term "Antivirus", they usually expect a comprehensive security solution with features such as self-protection, anti-tamper mechanisms, kernel-level components, and the ability to operate independently.

From what you've described, Polar is better positioned as a companion anti-malware tool that complements a traditional antivirus by providing additional reputation checks through VirusTotal and Kaspersky Threat Intelligence, along with user-mode monitoring.

I don't see that as a weakness at all. In fact, I think being transparent about what Polar does and does not do will increase users' trust in the project.

Thank you for answering all of these technical questions. It's always great to have open discussions about architecture and security assumptions.

In this way, it became clearer what is polar.


This is not a commercial version; it's my own version that I'm sharing with you.
The Polar Anti-Malware program was created using ai and some modifications I made to it.

Features at a Glance

Cloud Intelligence: Integration with VirusTotal and Kaspersky Threat Intelligence Portal API for secondary, high-confidence file analysis.
Real-Time Protection: Background monitoring of every process and file creation to stop threats
Detailed Logs: Comprehensive history of scans and detections to keep you informed.
Firewall: Monitor and control network traffic with ease, protecting your system from unauthorized access.
Blocking malicious IP: Protection against harmful and untrusted IP addresses
Quarantine System: Safely isolate suspicious files without deleting them, giving you full control.


This is the same thing that the Polar Anti-Malware program does for your computer. Polar Anti-Malware is a second-opinion scanner, designed to rescue your computer from malware (viruses, Trojans, etc.) that has infected your computer despite all the security measures you have taken (such as antivirus programs).

Why the second opinion?

Research shows that computers still have a chance of infection because current antivirus programs do not provide 100% protection. "32% of infected computers, despite having antivirus software."

Relying on just one vendor is not enough to fully protect you. You need a second source to ensure your safety. But in most cases, installing a second antivirus program is not a viable solution. There are two programs that significantly affect the computer's performance, and sometimes they conflict, causing the computer to crash.

Polar Anti-Malware is designed to work alongside existing security programs without any conflicts. It scans the computer quickly and does not slow it down (except for the few minutes it takes to perform the scan).

Polar Anti-Malware offers you a free scan for a second opinion. It is designed to check if your security measures are working. If nothing is found (and we sincerely hope it is).

scan the cloud

Polar Anti-Malware sends a request to virustotal Cloud to confirm whether these files are indeed harmful. virustotal Cloud is a collection of multiple antivirus engines that evaluate online. The scanning cloud will respond to this request with the answer:

Safe
Malicious
Unknown

When the file is unknown, Polar Anti-Malware uploads the file to the VirusTotal cloud where the file is scanned using antivirus programs from different vendors. Each of these antivirus programs analyzes the file and responds with "Safe" or "Malicious." Click here for more details about virustotal Cloud. VirusTotal

Removing malware

When a file is classified as malicious by VirusTotal Cloud, the Polar Anti-Malware quarantines the infection. The various technologies ensure the complete removal of all infections without any false positives.

Thread 'Polar Anti-Malware FREE (Updates)'

Dec 19, 2025

This is not a commercial version; it's my own version that I'm sharing with you.
The Polar Anti-Malware program was created using ai and some modifications I made to it.

Features at a Glance

Cloud Intelligence: Integration with VirusTotal and Kaspersky Threat Intelligence Portal API for secondary, high-confidence file analysis.
Real-Time Protection: engines polar and virustotal Cloud and Kaspersky cloud Background monitoring of every process and file creation to stop threats
Detailed Logs: Comprehensive history of scans and detections to keep you informed.
Firewall...

• tiktoshi

• 
• 
• 

 

[blueblackwow65]

Hi Just curious what does the firewall protection do?
Do I still need a third party firewall anyways?

 

[RoxasDev]

In this way, it became clearer what is polar.


This is not a commercial version; it's my own version that I'm sharing with you.
The Polar Anti-Malware program was created using ai and some modifications I made to it.

Features at a Glance

Cloud Intelligence: Integration with VirusTotal and Kaspersky Threat Intelligence Portal API for secondary, high-confidence file analysis.
Real-Time Protection: Background monitoring of every process and file creation to stop threats
Detailed Logs: Comprehensive history of scans and detections to keep you informed.
Firewall: Monitor and control network traffic with ease, protecting your system from unauthorized access.
Blocking malicious IP: Protection against harmful and untrusted IP addresses
Quarantine System: Safely isolate suspicious files without deleting them, giving you full control.


This is the same thing that the Polar Anti-Malware program does for your computer. Polar Anti-Malware is a second-opinion scanner, designed to rescue your computer from malware (viruses, Trojans, etc.) that has infected your computer despite all the security measures you have taken (such as antivirus programs).

Why the second opinion?

Research shows that computers still have a chance of infection because current antivirus programs do not provide 100% protection. "32% of infected computers, despite having antivirus software."

Relying on just one vendor is not enough to fully protect you. You need a second source to ensure your safety. But in most cases, installing a second antivirus program is not a viable solution. There are two programs that significantly affect the computer's performance, and sometimes they conflict, causing the computer to crash.

Polar Anti-Malware is designed to work alongside existing security programs without any conflicts. It scans the computer quickly and does not slow it down (except for the few minutes it takes to perform the scan).

Polar Anti-Malware offers you a free scan for a second opinion. It is designed to check if your security measures are working. If nothing is found (and we sincerely hope it is).

scan the cloud

Polar Anti-Malware sends a request to virustotal Cloud to confirm whether these files are indeed harmful. virustotal Cloud is a collection of multiple antivirus engines that evaluate online. The scanning cloud will respond to this request with the answer:

Safe
Malicious
Unknown

When the file is unknown, Polar Anti-Malware uploads the file to the VirusTotal cloud where the file is scanned using antivirus programs from different vendors. Each of these antivirus programs analyzes the file and responds with "Safe" or "Malicious." Click here for more details about virustotal Cloud. VirusTotal

Removing malware

When a file is classified as malicious by VirusTotal Cloud, the Polar Anti-Malware quarantines the infection. The various technologies ensure the complete removal of all infections without any false positives.

Thread 'Polar Anti-Malware FREE (Updates)'

Dec 19, 2025

This is not a commercial version; it's my own version that I'm sharing with you.
The Polar Anti-Malware program was created using ai and some modifications I made to it.

Features at a Glance

Cloud Intelligence: Integration with VirusTotal and Kaspersky Threat Intelligence Portal API for secondary, high-confidence file analysis.
Real-Time Protection: engines polar and virustotal Cloud and Kaspersky cloud Background monitoring of every process and file creation to stop threats
Detailed Logs: Comprehensive history of scans and detections to keep you informed.
Firewall...

• tiktoshi

• 
• 
• 

Thank you for taking the time to clarify everything and update the documentation.

In my opinion, the new description is much clearer and more accurately reflects what Polar actually does.

I also think that changing the name from "Polar Antivirus" to "Polar Anti-Malware" is a good decision. When people hear "antivirus", they often expect a complete security suite with self-protection, anti-tamper features, kernel-level components, and the ability to function as a primary security product.

Based on your explanations, Polar seems better positioned as a companion anti-malware and second-opinion scanner that leverages VirusTotal and Kaspersky Threat Intelligence while providing additional monitoring capabilities.

I don't see that as a weakness. In fact, being transparent about the scope and limitations of the project increases its credibility.

Thank you for answering the technical questions and being open to feedback. It's always nice to see developers discuss architecture and design decisions openly.

 

[tiktoshi]

Thank you for taking the time to clarify everything and update the documentation.

In my opinion, the new description is much clearer and more accurately reflects what Polar actually does.

I also think that changing the name from "Polar Antivirus" to "Polar Anti-Malware" is a good decision. When people hear "antivirus", they often expect a complete security suite with self-protection, anti-tamper features, kernel-level components, and the ability to function as a primary security product.

Based on your explanations, Polar seems better positioned as a companion anti-malware and second-opinion scanner that leverages VirusTotal and Kaspersky Threat Intelligence while providing additional monitoring capabilities.

I don't see that as a weakness. In fact, being transparent about the scope and limitations of the project increases its credibility.

Thank you for answering the technical questions and being open to feedback. It's always nice to see developers discuss architecture and design decisions openly.

 

[Harputlu]

View attachment 298234

In on-demand scans, only the Polar antimalware engine performs the scan. So, are this engine’s virus signatures capable of detecting new viruses? Where do you add the virus signatures?

 

[tiktoshi]

In on-demand scans, only the Polar antimalware engine performs the scan. So, are this engine’s virus signatures capable of detecting new viruses? Where do you add the virus signatures?

I meant hashing, not signatures.