App Review SiriusGPT Anti-Malware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra
Shadowra

Shadowra

Level 40
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
High Reputation
Forum Veteran
Sep 2, 2021
2,973
37,952
3,880
29
France
Content source
https://odysee.com/@Shadowra:f/SiriusGPT-Anti-Malware:4
SiriusGPT is a new anti-malware program developed by the VoodooShield/CyberLock ( @danb ) team using LLM technology.
LLM (Large Language Model) technology is used in malware research to analyze code semantics, detect anomalous patterns, and enhance threat classification beyond traditional signature-based methods.

Let's take a look at this technology and how it reacts to malware and four programs that are commonly used in cases of false positives.



Malware Test : Only one piece of malware passed the test (reported as Safe). The malware attempts to perform actions but then closes. The analysis tools did not detect anything.
False Positive : 1 false positive found. This is a tool to remove/disable Microsoft Defender.
Ransomware Test : All ransomware has been detected and quarantined.

SirusGPT is an excellent, well-developed product.
It just needs some fine-tuning to address a few false positives it may generate.
However, the number of tokens allocated at present may be low for protection purposes, but sufficient when combined with an existing antivirus program.
Recommended.
 
  • Like
  • +Reputation
  • Thanks
Reactions: simmerskool, Jack, Khushal and 24 others
Shadowra said:
SiriusGPT is a new anti-malware program developed by the VoodooShield/CyberLock ( @danb ) team using LLM technology.
LLM (Large Language Model) technology is used in malware research to analyze code semantics, detect anomalous patterns, and enhance threat classification beyond traditional signature-based methods.

Let's take a look at this technology and how it reacts to malware and four programs that are commonly used in cases of false positives.



Malware Test : Only one piece of malware passed the test (reported as Safe). The malware attempts to perform actions but then closes. The analysis tools did not detect anything.
False Positive : 1 false positive found. This is a tool to remove/disable Microsoft Defender.
Ransomware Test : All ransomware has been detected and quarantined.

SirusGPT is an excellent, well-developed product.
It just needs some fine-tuning to address a few false positives it may generate.
However, the number of tokens allocated at present may be low for protection purposes, but sufficient when combined with an existing antivirus program.
Recommended.
Click to expand...

Very cool, thank you @Shadowra! I have already added one new instruction to fix the miss / false negative... that is an important instruction that I somehow forgot / did not include in the initial set of prompt instructions.

If you think we should increase the tokens we certainly can, but I think it would be uncommon for users to have 12-14 blocks in a day, unless they were testing. Also, the results are stored in the database, and when a file has already been analyzed, tokens are not deducted. How many do you think we should go with? Thanks again!
 
  • Like
  • +Reputation
  • Thanks
Reactions: simmerskool, Khushal, Behold Eck and 9 others
danb said:
Very cool, thank you @Shadowra! I have already added one new instruction to fix the miss / false negative... that is an important instruction that I somehow forgot / did not include in the initial set of prompt instructions.

If you think we should increase the tokens we certainly can, but I think it would be uncommon for users to have 12-14 blocks in a day, unless they were testing. Also, the results are stored in the database, and when a file has already been analyzed, tokens are not deducted. How many do you think we should go with? Thanks again!
Click to expand...

On my system, SiriusGPT runs continuously and I see the tokens disappearing quite quickly :/
As for the number, I think it depends on the user.

Why not set a good number and then if the user wants more, they pay? You also have to think about your servers :D
 
  • Like
  • Applause
  • +Reputation
Reactions: simmerskool, Khushal, Behold Eck and 5 others
Shadowra said:
On my system, SiriusGPT runs continuously and I see the tokens disappearing quite quickly :/
As for the number, I think it depends on the user.

Why not set a good number and then if the user wants more, they pay? You also have to think about your servers :D
Click to expand...
That is interesting that they are disappearing quite quickly... I just now realized that command line analysis uses tokens as well... like even when they are Safe and automatically allowed without the user even knowing about it. I bet that is what is happening. The reason I say that is because I have not had a single unexpected / unwanted file block since I have been running SiriusGPT on my system, except for 1 or 2 command line blocks. I will reduce my tokens to 50,000 and monitor it closely... thank you for discovering this!

If anyone else has any thoughts on how many tokens we should offer, please let me know.
 
  • Like
  • +Reputation
  • Thanks
Reactions: simmerskool, Khushal, Behold Eck and 4 others
n8chavez said:
I was under the impression that was already done, and that 50,000 was the determined number.
Click to expand...
Yes, I set the 50,000 tokens before I implemented the command line analysis, not realizing command line analysis uses up tokens too. Actually, I did not realize any of this until just now ;). There are several ways we can fix this, and if anyone has any ideas, please post them, thank you!
 
  • Like
  • +Reputation
Reactions: simmerskool, Khushal, Behold Eck and 6 others
Sorry haven't tested Sirus, been busy but here is my 2 cents.

No idea on how to fix that issue BUT on tokens you will most users wanting a free product and the last 5/10% paying. In the end it's up to you to decide how many resources and server compute you want to spend. I do see this as a great way to cross advertise other CyberLock products and get more subs that way. And if SirusGPT takes off then you can pivot and dedicate more resources to the project. The saying goes "if you build it they will come", it Sirus turns out to be a winner you and a quality tool you won't have any trouble getting more subs or business. People and enterprises want quality and the best security, if you can offer both at a reasonable price then you will get the 🤑💰
 
  • Like
Reactions: Khushal, danb, Nevi and 4 others
Zero Knowledge said:
Sorry haven't tested Sirus, been busy but here is my 2 cents.

No idea on how to fix that issue BUT on tokens you will most users wanting a free product and the last 5/10% paying. In the end it's up to you to decide how many resources and server compute you want to spend. I do see this as a great way to cross advertise other CyberLock products and get more subs that way. And if SirusGPT takes off then you can pivot and dedicate more resources to the project. The saying goes "if you build it they will come", it Sirus turns out to be a winner you and a quality tool you won't have any trouble getting more subs or business. People and enterprises want quality and the best security, if you can offer both at a reasonable price then you will get the 🤑💰
Click to expand...
Yeah, I would like to have a free product, and only charge for tokens. Hopefully we can figure out a way to do this... I think it will be difficult though because I do not think people are going to stop what they are doing when there is a block (and they are out of tokens), to purchase additional tokens. If anyone has any ideas how to make this work, please post it, thank you!
 
  • Like
  • +Reputation
Reactions: simmerskool, Khushal and Shadowra
Oldie1950 said:
I have a heretical question: Isn't a feature like SiriusGPT already used in AV programs? Perhaps in the cloud with McAfee or TrendMicro?
Click to expand...
I researched the heck out of LLM malware analysis 3 or so months ago. The only thing I found at the time was OmniDefender and Bitdefender utilizing LLM's on their backend, presumably for tie breakers.

About a week ago, @Bot posted Microsoft Project Ire, which is very similar to Sirius... Microsoft made the announcement for Project Ire on August 5th, 2025.

www.microsoft.com

Project Ire autonomously identifies malware at scale

Designed to classify software without context, Project Ire replicates the gold standard in malware analysis through reverse engineering. It streamlines a complex, expert-driven process, making large-scale malware detection faster & more consistent.
www.microsoft.com

Supposedly Crowdstrike and Sophos are working with LLM's as well, but I do not think they are using them for malware analysis... I think they are mainly developing tools for Malware Analysts. I have seen a couple of implementations in videos, and while they are pretty cool tools, I do not think the LLM Malware Analyst tools are transformative tech, they are extremely different from Sirius. They basically help with malware reversing.

The only sure way to tell if an AV or endpoint product is utilizing LLM malware analysis is if you are able to see the response prompt and read the analysis report from the LLM, like you see in Sirius.

LLM malware analysis is the next obvious evolution in malware classification, but I think a lot of companies are holding back for several reasons. The first being that the LLM models were simply not good enough to be properly utilized in malware analysis until quite recently. Second, I cannot overstate how difficult it is to get this tech to work correctly, and how frustrating development was. I seriously almost gave up 2-3 times during development because there are so many obstacles to overcome. Third, I personally think that most cybersecurity companies believe classic AI models from the last decade are sufficient and basically "good enough". But if they experienced for themselves how amazing LLM's are able to analyze and detect malware, they would think differently. It will be super interesting to see how LLM malware analysis progresses over the next few years, and to see how other companies overcome the development obstacles. It really is the future of malware analysis... this is the start of the AI vs AI battle, and there is going to be some pretty cool tech we will get to experience.
 
  • Like
  • Thanks
  • Applause
Reactions: simmerskool, Khushal, Zero Knowledge and 5 others
@Shadowra

hi
for transparancy, where do you get your sample malware (ransomware included) please ?
i don't want to copy you,
i just want to know the date of the zipped file where the sample is inside from your testing,
thanks.

PS : if you are not allowed to give it physicaly here,
please show us also the website where you get them for the next release of some video uploading on your youtube channel
not for malvertasing purpose, but for education.
and don't worry your youtube channel will not be flagged by me.

have a nice day.
 
  • Like
Reactions: Zero Knowledge and Shadowra
Fan-of-spyshelter said:
@Shadowra

hi
for transparancy, where do you get your sample malware (ransomware included) please ?
i don't want to copy you,
i just want to know the date of the zipped file where the sample is inside from your testing,
thanks.

PS : if you are not allowed to give it physicaly here,
please show us also the website where you get them for the next release of some video uploading on your youtube channel
not for malvertasing purpose, but for education.
and don't worry your youtube channel will not be flagged by me.

have a nice day.
Click to expand...

Hello,

Various websites (MalShares, Bazaar, samples taken from Triage, etc.)
I'm trying to focus on several websites. We've already seen publishers completely copy websites that list malware for their databases.
 
  • Like
  • +Reputation
Reactions: simmerskool, EASTER, Gandalf_The_Grey and 2 others
danb said:
Very cool, thank you @Shadowra! I have already added one new instruction to fix the miss / false negative... that is an important instruction that I somehow forgot / did not include in the initial set of prompt instructions.

If you think we should increase the tokens we certainly can, but I think it would be uncommon for users to have 12-14 blocks in a day, unless they were testing. Also, the results are stored in the database, and when a file has already been analyzed, tokens are not deducted. How many do you think we should go with? Thanks again!
Click to expand...
Well, I bought a lifetime license from you today. I didn't start the day with that intention.

I had the day off and was thinking about, what I would like to achieve with my clean install, and software protection.

Could I keep it simple, yet effective?

I have a lifetime license from 4 years ago for PCMatic, that I could use. I love the concept of default deny. But they don't have a firewall or strong signature defense. However, I read that PCmatic works will all other security solutions.

Then as I was reading MWT's today, I noticed your post, along with many others about SiriusGPT, that it was light, and very effective at scanning, also that it could be used with any AV.

This led me to think, possibly Sirius could fill the gaps for PCMatic, by providing strong scans, similar to a strong signature AV.

So, I installed both PCMatic and SiriusGPT, and started all my software's, they all ran fine. PC and internet very responsive. For my PC, I would rate the response times to Eset, McAfee, or Avast One.

This was several hours ago, I have tried some gaming, browsing, and even Netflix.... No problems or hiccups whatsoever.

I haven't tried Cyberlock yet, as you made it sound like, at least in my mind, that Cyberlock was default deny, since PCmatic is default deny, that wouldn't be a good idea.

And you also said you can't install SiriusGPT with Cyberlock.

So, unless brighter minds come to the conclusion this is all a futile effort, I seem to be problem free, and everything is running nicely.
 
  • +Reputation
  • Applause
Reactions: Behold Eck and ErzCrz

You may also like...