@danb Thank you so much! I downloaded a malware sample and purposely left it on my desktop just to see if SiriusLLM would analyze and detect it. And to my surprise it detected it as Not Safe. Excellent tool and a perfect ally to CyberLock.
Thank you, I appreciate that! And yes, I agree, SiriusLLM is the perfect ally to CyberLock, and here is why...@danb Thank you so much! I downloaded a malware sample and purposely left it on my desktop just to see if SiriusLLM would analyze and detect it. And to my surprise it detected it as Not Safe. Excellent tool and a perfect ally to CyberLock.
@piquiteco & @danb but I am confused. You downloaded malware file and left it on your desktop, but did not open / run it, correct?? I thought Sirius snapshot was only scanning running apps, but that you can right-click a file and manually scan it and get an analysis, or does snapshot also scan items on your desktop running or not??Thank you so much! I downloaded a malware sample and purposely left it on my desktop just to see if SiriusLLM would analyze and detect it. And to my surprise it detected it as Not Safe. Excellent tool and a perfect ally to CyberLock.
Running 0.61 here, ok so far...
or not... Is my right-click finger out of whack...?
First, I ran Sirius LLM, the portable version made available by @danb himself here in the thread that I downloaded. I hadn't downloaded the malware sample yet. So, I just ran a scan with Sirius LLM on my computer, and it analyzed all the active processes running, and all of them were considered safe. I believe that here it may have used WhitelistCloud. I assume @danb can correct me if I'm wrong. So, as I'm curious, it's a new tool for me, so I had this idea of looking for some new malware samples on the web, which is quite easy to find today. When you download these samples, they come compressed and password-protected, precisely so they are not deleted by AVs when downloaded. These samples are useful for security experts to analyze, demystify, and reverse engineer, especially when it is malware created and sponsored by the state. Of course, they are also useful for enthusiasts, malware testers, and curious people like me lol. Before extracting the sample from the compressed file, I had to disable my real-time AV protection to extract the sample to my desktop, which I did on my physical machine. I extracted the sample to my desktop and ran a new scan with Sirius LLM, which had already analyzed my computer's execution processes and deemed it safe. With the sample already on my desktop, I ran another scan with Sirius LLM, and it almost instantly flagged this file as unsafe in red. I came to the conclusion that Sirius LLM works similarly to an AV that scans new and tampered files. Since this malware sample was new, I had extracted it to my desktop after running the first scan with Sirius, so on the second scan, Sirius LLM detected this sample without any major problems.
Yes, that's correct. I didn't open or run the malware sample file, I just extracted the compressed file containing the malware sample. It would be almost impossible to run any malware sample or any script or executable even if I disabled the AV on my computer. Because I have SAC enabled on my machine, I have SmartScreen, and I still have WHHL enabled, I would have to go through all these obstacles to run something. So I consider my AV to be the first line of defense. That's why it's important to have CyberLock and Sirius LLM, which act as an extra layer of security protection.
Yes, Sirius analyzes running processes and apps, but it also analyzes them manually. So the answer is both.
Yes, Sirius also performs manual analysis and static analysis via the context menu in the file you want. Just enable Sirius LLM at the top right of your screen to activate it in the Windows context menu so you can manually scan the file you want to analyze.
Yes, it checks whether it is running or not.
Something is wrong with your VM; it uploads the file to the cloud to WhitelistCloud.fwiw on win10_VM I downloaded an unsigned portable exe that is not malware to my \downloads -- tried to do a right-click windows context menu manual scan and nada I get windows popup "you'll need a new app to open this .exe file -- look for an app in the MS store"
@piquiteco yes, thanks for all the info, but @danb needs to clear this up for us, or maybe just for me
(blind not "cool") I've been using Sirius since dan first put it here. So if the file is unopened on your desktop, and NOT running, are you saying that Sirius scanned it with its next snapshot? Or auto-initiated a scan because it was a new file or your desktop? Or that once it was on your desktop, you did a manual right-clock window context scan? No offense, but you posted all that good content, but somehow did not answer my question or I did not stated clearly enough. Please clear this up for me. Thanks. (Dan is trying to discover why (some) of my right-click context scans of portable files fail on this VMware Guest OS).
maybe but Sirius' analysis may look at WLC rating in its analysis, but just a small part of what Sirius does, my WLC on CL 8.02 seems to be working. Sirius is not integrated with CL yet as I understand it.
Thank you for letting me know. Yeah, there are going to be some false positives, but I have seen very, very few overall. Yeah, valid digital signatures help a lot with reducing false positives.
Yes, exactly, the file isn't there on the desktop until I run the scan a second time.
Exactly, I scanned the next snapshot, and that's when Sirius detected a sample of that file that was located on my desktop.
No, I manually initiated a new scan by Sirius scanning the snapshot, precisely to see if Sirius would detect this new sample file that was on the desktop. Before that, there was nothing on my desktop except my program's shortcuts.
No, I didn't manually check the file context menu, I did a manual instant check directly through the Sirius GUI.
Relax, I wasn't offended by your questions. It happens, don't worry, that's what this forum is for, to clarify any doubts you may have. If you didn't understand what I explained in my previous post, I'll explain it again. Just tell me what you didn't understand and I'll explain it again.
I have two questions for Dan.
Yes, a new unique response is generated each time the user submits a new prompt / file. We currently store the final verdict in the database for quick lookups later, we currently do not store the full prompt. So whenever a new file is encountered, or the user clicks reanalyze, SiriusLLM will generate and return a new, unique response. FYI, there is a setting in most of the LLMs called Temperature. The Temperature is a setting that controls the randomness or creativity of the output. It's a bit like adjusting how "bold" or "cautious" the model should be when generating responses.Just checked out this great program paired with Cyber Lock.
1. When analyzing a file, the program, or rather the AI, gives a long verdict. Is it systematized (standard) or does the AI itself "write" its opinion each time with different phrases? This question is important if you are going to translate the program into other languages.
2. Do you plan to merge CyberLock and Sirius LLM into one program? I think, sorry to jump in with my opinion, that all your (three, if I'm not mistaken) programs should be merged into one.
To avoid confusion and workload, you can make a choice of interface and functions on the principle of "Beginner", "Advanced User" and "Expert" and depending on this show the functionality and settings of the interface. Of course, AI and CyberLock analysis should be used in any of the modes.
I understand your point of view. If I posted saying that I had an executable file located on the desktop after a scan with Sirius LLM and it detected it as unsafe, why would I make all that up?
Yes, that's correct, that's Sirius' concept of analyzing active processes and specifically executable files. Did you read my post #66? I was on my physical machine and not on a VM. How would I run malware on my production computer?
I understand, but with me, believe it or not, Sirius flagged the static executable file on my desktop as unsafe, just like that.
@danb has already explained how the Sirius LLM program works. It is still in the development phase, but it is gradually maturing.
Thanks for the reply. see @danb post above #71, a snapshot only scans running apps, so if the malware file you downloaded to your desktop was scanned by a snapshot scan then ithat malware file was running. (or the beta needs more testing
) (unless I'm misunderstanding both Sirius instructions and danb's clarification post)(& since Sirius is all about LLM, this is also how ChatGPT (4o paid) understands Sirius -- fwiw -- sometimes ChatGPT is amazing accurate & helpful and sometimes NOT imo)
@danb IIRC, WhiteListCloud WLC has scan portal URL, when Sirius is finalized will it also have a URL scan portal, I ask as sometimes I am running linux and DL windows files in linux before putting them on my windows computers...
