Ahnlab V3 Lite - Free South Korean Antivirus

Discussion in 'other anti-virus software' started by sg09, Apr 7, 2019.

  1. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    Ahnlab is a well-known south Korea based Antivirus. It was established in 1995.

    Test results for its Paid Products
    https://www.av-test.org/en/antivirus/home-windows/manufacturer/ahnlab/
    https://www.virusbulletin.com/testing/vendors/view_vendor_details/ahnlab

    It has a Free product AhnLab V3 Lite for long time but it has only recently been made available in English. Still the interface has some translation mistakes.
    https://www.ahnlab.com/kr/site/product/productView.do?prodSeq=8

    Direct Download Link for English Version
    http://prod.ahnlab.com/v3lite/v40/download/V3Lite_Setup.exe

    Screenshot Gallery
    https://imgur.com/a/spInvIb

    I came to know about it from the MWTips thread.

    I installed it on two systems: Windows 7 ultimate 32 bit and Windows 10 Pro 64 bit and experiencing it for the last few days.

    I am impressed because
    1. Clean interface. No advertisement of the pro version, No nags. It shows three features which it says are not available for my OS (PC Doctor, Parental Control & Credential Control).
    2019-04-04_182737.jpg 2. Pretty light on my Windows 10. During scan also it doesn't make my system unusable.
    2019-04-07_130049.jpg
    2019-04-07_143019.jpg
    3. Frequent updates. It gives nearly 10 updates per day.
    4. It uploads unknown files to cloud for checking but does that gradually everyday.
    5. Very much customizable.
    6. On my system with 800 GB of data, it took nearly 8 hours to complete full scan but subsequent full scans take only around 18 minutes to complete!
    7. Scans USB automatically upon insertion.
    8. Doesn't require restart after install but recommends it to improve scan time.
    Still it has issues
    1. There are quite a few inconsistencies in the GUI which will perhaps iron out in future program updates.
    2. The free website is still not in English and no idea to contact developers and get updates.
    3. Ransomware scan is still in beta. It gave me enough pain to update Burnware. It identified the program as new and scanned it for Ransomware and searched for info in its server. When everything came out as inconclusive/unknown it didn't let me install it but didn't gave me enough info. I finally managed to exclude it from Ransomware scan when it first pops up with an alert. Unfortunately the exclusion list for Ransomware didn't list that event although the program didn't alert me on that executable afterwards.

    I am using it in my system with Malwarebytes Premium and MCShield, and will keep it for a while.
     
  2. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Excellent, concise, informative review. Thanks!!!

    2 QUESTIONS:
    1- Are you able to turn off real-time scanning & only use it on-demand?
    2- Does it include a HIPS or a Behavior Blocker, or does it operate solely on signatures?
     
  3. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I just installed this for the first time. I have used the demo of the paid version - V3 365 Clinic, in the past. But this new version has a very different user interface. Up till now the free version of V3 could only be installed on computers with the language set to Korean, unlike their paid products which did have English language support.

    I ran a Smart Scan and CPU use was mostly under 10%. On a second scan, CPU use was higher, just over 25%. I wasn't expecting it to be higher than for the first scan, but it was still low, so it's not an issue.

    The System Optimization function should be used with caution, as it cleans the registry without first showing what it wants to delete, just like some other security software. This is a problem, as just about every registry cleaner there is (even so called safe ones like CCleaner) will sometimes delete needed registry keys. Without being able to being able to review what it wants to delete, there no easy way to tell if it is safe to let it clean the registry.

    However, if you click on the Management and then System Optimiztion, you can uncheck Registry Cleanup. Or you could just not use the System Optimization function. I don't know why security vendors feel the need to add junk/registry cleaning functions to their software. At least the cleaning/speedup modules in 360 Total Security work very well. The junk cleaner is one of the best there is and the registry cleaner is safe to use. The cleanup modules in other security software, in my experience, are very basic and don't work very well, but I guess it must be a selling point, or they woudn't include them.

    I really like the new user interface. It has a very clean look and it appears that Ahnlab have actually put some thought into the design. I doubt that this product is something that I would use, as you can't configure it to ask you what action you want to take when a threat is detected. But I may keep it installed on some test computers, as I do like the design.

    @bellgamin 1. It is not designed to be used alongside other antiviruses. So while you can disable real-time protection, it would not be advisable to have it installed alongside anything else.

    V3 Lite.png

    360 Total Security, Adaware, Avast and Webroot can be used with other antiviruses. Just about anything else does not support it.

    2. It does include a behaviour blocker, which is enabled by default. I have no idea how well it works.
    Settings - AhnLab V3 Lite 8_04_2019 1_09_11 PM.png

    You will also see the Cloud Analysis option in the above screenshot. When V3 encourters a suspicious file, you get an alert, asking you if you want to upload it to Ahnlab so that they can analyze it. The alert window, gives you the option to automatically upload suspicious files, without asking first, so you won't be prompted again..
     

    Attached Files:

  4. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    I agree that Registry and System Tune-up is unnecessary in the basic security tools, and unfortunately V3 lite doesn't show you the details of what it cleans. More unfortunately there is NO Restore option of the changes made by the System Optimization module. I would recommend NOT using this module at all.
    Yes, it does show you alert of existing antimalware in your system, but ONLY in case that one is registered in Windows Action Center. I was using Malwarebytes Premium only before installing this AV and set that to register itself in Windows Action Center. So, when I got this alert from V3 Lite of existing Antimalware in the system, I just deregistered MBAM Premium from Action Center and V3 Lite stopped showing alerts. This IMHO is another soft point of V3 Lite as most antiviruses identify existing antimalware even if that is not registered in the Action Center.
     
  5. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    Were you getting more alerts after installing V3, about having other security software on yout system?
     
  6. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    Thank you so much :)
    You can indeed turn off the real-time scanning and you can set it up in settings when to turn it on again.
    2019-04-08_101936.jpg
    But as @roger_m said it isn't designed to be an on-demand scanner. So, just turning off the real-time scanner will not make it deregister from Action Center and also start working with other antiviruses. We can hope that developers listen to us and make it that way.
    It updates nearly 10 times a day but that doesn't make it a signature-only scanner. Whenever it detects an unknown and potentially dangerous file executing it looks up to the cloud and asks you to wait for ~30 secs for the result to arrive. So, it uses Behavior Watcher & Reputation Analysis to decide on a file whether to look up in the cloud or not. It also has a TrueFind module to detect stealth malware. It has anti-ransomware protection too which also gets triggered via Behavior Watcher & Reputation Analysis, and you can also add folders to protect from ransomware. 2019-04-08_103704.jpg
    2019-04-08_103003.jpg 2019-04-08_103023.jpg 2019-04-08_103059.jpg
     
  7. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    No only during installation.
     
  8. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    That's not so bad then and I like that it lets you install it regardless. I've had issues from time to time when security software refuses to install because it thinks there already is an av installed, when there actually isn't (maybe there were some traces of a previous av which were detected).
     
  9. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I'm giving it a trial. Ave Imperator, morituri te salutant. :cautious:
     
  10. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Update: I killed Panda Dome to switch to AhnLab's V3 Lite. Interestingly, V3 runs a bit lighter than Panda. I'm running V3 real-time for now. I will do so for a while -- just to give it a fair run -- but then will cut it back to on-demand. My security set-up does not require a real-time AV -- just on-demand.

    I checked AhnLab's website to see if they had a comparison chart for the free VERSUS paid versions. I couldn't find 1.
     
  11. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Update #2: I am very happy with this AV so far. It's light & user friendly. My tech guy tested it with some nasty stuff he has collected, & was impressed. Of course, his batch was tiny & statistically insignificant, but even so a "pass" is better than a "fail", wot?

    QUESTION: How can I tell when (or if) V3 updates its sigs?
     
  12. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    There's no way to get it to notify you when it updates. However, in the bottom right of the screen it shows the date of the definitions.
    V3 Update.PNG
    I presume that "05" at the end, indicates that this is the 5th update released today. By keeping any eye on this, you will be able to see that V3 is getting updated. By default V3 will alert you if it is unable to connect to the update server (which is something most antiviruses don't do). So you will be notified if it is unable to update its definitions.
     
    Last edited: Apr 12, 2019
  13. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    Good to know that :) I am also using it full time with MABAM Premium.
    You have to look at the Event Log. Since it has many types of entries, you should search for 'update' in the field. My update interval is set at 1 hour.

    2019-04-12_115038.jpg
     
  14. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    I don't know if its the norm, but V3 Lite turns off protection for a moment during database update installation, and Action center notifies in every such instances that both V3 Lite and Windows Defender are turned off. I never got such messages when MBAM premium was registered to the action center. I haven't used other database-based antimalware in a while. Anyone experienced the same with other antimalware?

    Can malware get installed during those moments? Don't know yet!

    However, this is a real annoyance to see such alerts. Although the Windows 10 action center is set to alert me on 'Priority Only' basis, I can see these alert messages accumulated at the action center always.
     
  15. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I turned of real-time protection, as I wanted to install a PUP which V3 was detecting. Even though Windows alerted me that both Windows Defender and V3 had their protection disabled, when I launched the installer again, once again V3 detected it, even though its protction was supposedy disabled. I was able to install the program by getting V3 to quarantine it and then restoring it from quarantine. When you restore files, you are given the option to whitelist them.
     
  16. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    Interesting! Is this a bug you think?
     
  17. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    Yes, as its real-time protection was not really disabled.
     
  18. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    Yes this along with the false information it sends to Windows Action Center.
     
  19. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Thanks Roger & sg09. Is there a way to report a bug to them?
    Uhhhhh... how did you set that interval?
     
  20. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    The email address listed in the online manual (which you can access by clicking on the ? icin in the top right corner is V3 user interface) is e-support@ahnlab.com
    Even though V3 lite is not yet listed on Ahnlab's global site, the online manual is in English.

    Go to Settings, Preferences and then click on the Update tab. You can then change the update cycle from the default of 3 hours.
     
  21. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    It's interesting that ahnlab's "global" website uses TLD (Top-Level Domain) "do" -- that is the Dominican Republic's TLD.

    Thanks again, Roger. I got sloppy checking the settings because I had a ukulele gig in progress at the time. I'm lousy at multi-tasking
     
    Last edited: Apr 12, 2019
  22. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
  23. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    The TLD is an integral part of a website's url. Whether or not the TLD "do" is assigned by a Java app, it is discreet from TLD .com & must be separately paid for & registered.

    Moreover, WHY any security company would ever use anything based on Java is a mystery -- see HERE (especially the paragraph titled "Security" a little more than half-way down the page. By the way, the preceeding paragraphs discuss the several dopey design choices made for Java).
     
  24. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    @bellgamin In this case, the .do has notihng to do with the domain.

    For example: ahnlab.com/kr/site/main.do
    The ".com" is the domain name and ".do" is just an extension they are appending to the web page names. It's like how it used to be quite common to see web pages using PHP which had the ".php" extension.

    It's worth nothing that Java web apps running on a web server work differently to local Java apps run on a computer. As a result, the same security issues don't apply. The article ypu linked to is not talking about web apps. I do not know if there are any security concerns with regards to Java web apps.

    It's also possible that they are using .do extension for something other than Java web apps.
     
  25. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I set V3 to update every 2 hours. It is doing so beautifully. Updating causes no discernible slow-down on my computer while I am busy doing other business thereon. I am increasingly impressed but I wish ahnlabs would disclose a bit more about V3's behavior blocker.
    IMO, the wikipedia article at my link is generic for all applications of Java. Java is an unnecessary, high risk, weak sister (security wise) on any browser or computer. There are dozens of articles on the net that proclaim this fact -- one of many examples is HERE. For many more pages on this topic, just do a search on "is JAVA safe".

    Kaspersky article HERE reads in part:
    Wisely, latest versions of Firefox, as well as Opera, Chrome, Iridium, & Edge, no longer run current Java plugins (NPAPI). There are work arounds that use older, less secure Java plugs -- NOT a good idea IMO.
     
    Last edited: Apr 13, 2019
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.