POLAR ANTIVIRUS free

[tiktoshi]

This is not a commercial version; it's my own version that I'm sharing with you. The POLAR ANTIVIRUS program was created using ai and some modifications I made to it.​

Features at a Glance​

• Real-Time Protection: Background monitoring of every process and file creation to stop threats before they act. Without an Ikarus engine
• Web Shield: Advanced URL filtering and safe browsing powered by a custom proxy to block malicious websites.
• Smart Firewall: Monitor and control network traffic with ease, protecting your system from unauthorized access.
• Cloud Intelligence: Integration with VirusTotal API for secondary, high-confidence file analysis.
• Quarantine System: Safely isolate suspicious files without deleting them, giving you full control.
• Detailed Logs: Comprehensive history of scans and detections to keep you informed.

project Release POLAR ANTIVIRUS · tiktoshi40-netizen/polupdate .

Setup file https://github.com/tiktoshi40-netiz...ownload/POLARANTIVIRUS/PolarInstaller_5.7.exe .
VirusTotal

Important Note:
This application is not a replacement for your primary antivirus software!Use it in addition to your main antivirus program (Kaspersky, ESET, Norton, etc.)
for enhanced protection.Designed to work alongside primary antivirus programs such as Kaspersky, ESET, Norton, and others.Why do you need it?Additional Scan: Get a second opinion from 8+ engines via VirusTotalAdvanced Detection: POLAR engine for suspicious files that primary antivirus programs might missAn extra layer of certified protectionSafe to use: Does not conflict with existing antivirus programs

You need to obtain an API key from VirusTotal (free or paid).To avoid conflicts: If you have another antivirus program installed on your computer (such as Kaspersky), you can disable it from the Polar menu to prevent code conflicts.

 

[Harputlu]

Which antivirus engine does Polar Protection use? ikarus ???

 

[tiktoshi]

Which antivirus engine does Polar Protection use? ikarus ???

Signature-based Detection:The engine calculates a digital "fingerprint" (MD5 hash) for each scanned file.This fingerprint is then compared to a database.Pe Section Scanning:The engine doesn't just scan the file as a whole; it also decompiles executable files (EXE/DLL) and scans their internal partitions.This helps detect viruses even if the original file size or a small part of it has been modified.
The ikarus engine is not used

 

[pxxb1]

This is not a commercial version; it's my own version that I'm sharing with you. The POLAR ANTIVIRUS program was created using ai and some modifications I made to it.​

Features at a Glance​

• Real-Time Protection: Background monitoring of every process and file creation to stop threats before they act. Without an Ikarus engine
• Web Shield: Advanced URL filtering and safe browsing powered by a custom proxy to block malicious websites.
• Smart Firewall: Monitor and control network traffic with ease, protecting your system from unauthorized access.
• Cloud Intelligence: Integration with VirusTotal API for secondary, high-confidence file analysis.
• Quarantine System: Safely isolate suspicious files without deleting them, giving you full control.
• Detailed Logs: Comprehensive history of scans and detections to keep you informed.

project Release POLAR ANTIVIRUS · tiktoshi40-netizen/polupdate .

Setup file https://github.com/tiktoshi40-netiz...ownload/POLARANTIVIRUS/PolarInstaller_5.7.exe .
VirusTotal

View attachment 293884

Interesting! If it is legit this time it is a little gem.

About the "local DNS filtering", how does that work?

 

[tiktoshi]

Interesting! If it is legit this time it is a little gem.

About the "local DNS filtering", how does that work?

Local DNS filtering in Polar is a proactive layer of protection that operates at the network level before any data is actually loaded from your browser.

Your device is transformed into a local DNS server. The Polar application creates a small DNS server running on your device's port (Port 53). The software then modifies Windows settings (via WMI) to set the website search address to 127.0.0.1 (your own device).

The Polar server retrieves the domain name and immediately compares it to a local database of blocked sites.

If the site is malicious, the server immediately responds with a fake IP address (0.0.0.0) (isolation). Your browser will display a "Site Not Found" message, and no actual internet connection request will be sent, preventing even a connection attempt.

If the site is legitimate, the server sends the request to a fast and secure external provider (such as Cloudflare 1.1.1.1) to obtain the correct IP address and then forwards it to you. It protects "everything" on the device (applications, games, background processes) because it operates at the operating system level.

Local IP address rules (blocked_ips) (blocked_sites) work similarly to website rules but with a greater emphasis on the firewall:

IP rules: Known malicious IP addresses are stored in blocked_ips.bin files.
Dynamic blocking: If the system blocks a specific website (such as bad-site.com), it automatically retrieves its IP address and blocks it in the firewall to ensure viruses cannot connect to the server directly via that IP.

 

[Behold Eck]

Many thanks @tiktoshi for this really cool app.

Really light on the system with a great UI.

Can`t wait to see it tested out by our top tester @Shadowra.

Regards Eck

 

[Shadowra]

I played around with it a bit, and yes, it no longer uses Ikarus. It has VirusTotal and its own engine (it downloads its definitions via GitHub).

Here is its interface.

Spoiler: Interface

VirusTotal is clearly indicated with the choice of “engines” used (Kaspersky, Avast, etc.), somewhat like Secureaplus/CatchPulse.
Note that the antivirus does not provide the API key; you will have to enter it yourself (unfortunately, it does not indicate that one is required or how to do so).

Spoiler: VT

The Polar engine (very little configuration and, above all, extremely poor detection rates on a pack dating back a week...)

Spoiler: Engine

Otherwise, its main feature is VirusTotal (still like CatchPulse/Secureaplus).

Spoiler: VirusTotal detection

Surprisingly, when it moves to Quarantine, it only moves. Except that a script can restart the targeted infection because the files are not locked or encrypted.
BIG SECURITY CONCERNS HERE !

Spoiler: Quarantine

The firewall and web protection are useless; there was no reaction to a ConnectWise I installed.
And if Polar DB and VirusTotal don't recognize a sample, the antivirus lets it pass completely because there is no proactive system (tested with a NanoCore RAT that I built for the test—the connection was made between my VM and another VM with a VPN on it).

On a small piece of malware that I quickly made in Batch with a simple Taskkill command, the antivirus shuts down too easily... I don't dare imagine what would happen with a worm...
There's still work to be done!

 

[Jonny Quest]

@Shadowra that was enough of a review for us to make an informed decision right there, without you needing to do a full blown test review. Well done

 

[stonjean633]

As Tiktoshi noted, this is not a replacement but a complementary scanner to your main AV.
Good for second opinion thru VT.

 

[Khushal]

I played around with it a bit, and yes, it no longer uses Ikarus. It has VirusTotal and its own engine (it downloads its definitions via GitHub).

Here is its interface.

Spoiler: Interface

View attachment 293887View attachment 293888View attachment 293889View attachment 293890

VirusTotal is clearly indicated with the choice of “engines” used (Kaspersky, Avast, etc.), somewhat like Secureaplus/CatchPulse.
Note that the antivirus does not provide the API key; you will have to enter it yourself (unfortunately, it does not indicate that one is required or how to do so).

Spoiler: VT

View attachment 293891

The Polar engine (very little configuration and, above all, extremely poor detection rates on a pack dating back a week...)

Spoiler: Engine

View attachment 293892View attachment 293895

Otherwise, its main feature is VirusTotal (still like CatchPulse/Secureaplus).

Spoiler: VirusTotal detection

View attachment 293893View attachment 293894

Surprisingly, when it moves to Quarantine, it only moves. Except that a script can restart the targeted infection because the files are not locked or encrypted.
BIG SECURITY CONCERNS HERE !

Spoiler: Quarantine

View attachment 293896

The firewall and web protection are useless; there was no reaction to a ConnectWise I installed.
And if Polar DB and VirusTotal don't recognize a sample, the antivirus lets it pass completely because there is no proactive system (tested with a NanoCore RAT that I built for the test—the connection was made between my VM and another VM with a VPN on it).

On a small piece of malware that I quickly made in Batch with a simple Taskkill command, the antivirus shuts down too easily... I don't dare imagine what would happen with a worm...
There's still work to be done!

very basic protection that looks good only on surface.

 

[tiktoshi]

I played around with it a bit, and yes, it no longer uses Ikarus. It has VirusTotal and its own engine (it downloads its definitions via GitHub).

Here is its interface.

Spoiler: Interface

View attachment 293887View attachment 293888View attachment 293889View attachment 293890

VirusTotal is clearly indicated with the choice of “engines” used (Kaspersky, Avast, etc.), somewhat like Secureaplus/CatchPulse.
Note that the antivirus does not provide the API key; you will have to enter it yourself (unfortunately, it does not indicate that one is required or how to do so).

Spoiler: VT

View attachment 293891

The Polar engine (very little configuration and, above all, extremely poor detection rates on a pack dating back a week...)

Spoiler: Engine

View attachment 293892View attachment 293895

Otherwise, its main feature is VirusTotal (still like CatchPulse/Secureaplus).

Spoiler: VirusTotal detection

View attachment 293893View attachment 293894

Surprisingly, when it moves to Quarantine, it only moves. Except that a script can restart the targeted infection because the files are not locked or encrypted.
BIG SECURITY CONCERNS HERE !

Spoiler: Quarantine

View attachment 293896

The firewall and web protection are useless; there was no reaction to a ConnectWise I installed.
And if Polar DB and VirusTotal don't recognize a sample, the antivirus lets it pass completely because there is no proactive system (tested with a NanoCore RAT that I built for the test—the connection was made between my VM and another VM with a VPN on it).

On a small piece of malware that I quickly made in Batch with a simple Taskkill command, the antivirus shuts down too easily... I don't dare imagine what would happen with a worm...
There's still work to be done!

Encryption without locking or extension changes.

Check the hash before and after quarantine. I will add extension changes during isolation. The Polar engine is very simple; over time, the database is fed accurate detections to prevent false positives. Killing the process is very easy to avoid any problems or system crashes. I will add explanatory text on using VirusTotal keys. Thank you, brother, for your efforts.

 

[pxxb1]

Local DNS filtering in Polar is a proactive layer of protection that operates at the network level before any data is actually loaded from your browser.

Your device is transformed into a local DNS server. The Polar application creates a small DNS server running on your device's port (Port 53). The software then modifies Windows settings (via WMI) to set the website search address to 127.0.0.1 (your own device).

The Polar server retrieves the domain name and immediately compares it to a local database of blocked sites.

If the site is malicious, the server immediately responds with a fake IP address (0.0.0.0) (isolation). Your browser will display a "Site Not Found" message, and no actual internet connection request will be sent, preventing even a connection attempt.

If the site is legitimate, the server sends the request to a fast and secure external provider (such as Cloudflare 1.1.1.1) to obtain the correct IP address and then forwards it to you. It protects "everything" on the device (applications, games, background processes) because it operates at the operating system level.

Local IP address rules (blocked_ips) (blocked_sites) work similarly to website rules but with a greater emphasis on the firewall:

IP rules: Known malicious IP addresses are stored in blocked_ips.bin files.
Dynamic blocking: If the system blocks a specific website (such as bad-site.com), it automatically retrieves its IP address and blocks it in the firewall to ensure viruses cannot connect to the server directly via that IP.

Ok.

So which DNS database does it use, Safe DNS?

 

[TuxTalk]

Nice hobby project but without any good engine it wil never be a succes. If you put some money in it and get a license for a good engine, maybe it wil be more up to par.
Just my 2 cents.

 

[tiktoshi]

Your device is being redirected to a local DNS server and no provider is being used.

 

[pxxb1]

Your device is being redirected to a local DNS server and no provider is being used.

This you wrote in post #5: The Polar server retrieves the domain name and immediately compares it to a local database of blocked sites.
Hence my question in post #12.

So, what database is that?

 

[Harputlu]

Nice hobby project but without any good engine it wil never be a succes. If you put some money in it and get a license for a good engine, maybe it wil be more up to par.
Just my 2 cents.

If something like that were available, I would buy it.

 

[Mops21]

Hi @tiktoshi

You are back again nice. I have some questions for you

1. Any plans for the multilanguage Version available when yes then will it comes

2. How can I submit samples to you

3. Will you add the polar engine to virustotal

4. On which Windows Versions did it work

5. What are your plans roadmap for the product

6. Is it legal now

Mops21

 

[tiktoshi]

malicious IP addresses blocked_ips.bin files.

 

[tiktoshi]

Hi @tiktoshi

You are back again nice. I have some questions for you

1. Any plans for the multilanguage Version available when yes then will it comes

2. How can I submit samples to you

3. Will you add the polar engine to virustotal

4. On which Windows Versions did it work

5. What are your plans roadmap for the product

6. Is it legal now

Mops21

There is nothing we are planning

 

[Mops21]

There is nothing we are planning

Hi @tiktoshi

And what are y<our answers of my questions and see my new

Any plans for a Full Custom right click scan

But you will develop this software in the future with updates right

Mops21