x2y AV Ultimate v8.5.0
x2y AV Ultimate is a lightweight, offline-first endpoint security application for Windows designed to provide advanced malware detection, network visibility, and persistence auditing in a single desktop tool.
Built for both everyday users and security professionals, the application combines multiple detection engines, behavioral analysis, and open threat-intelligence feeds without requiring subscriptions, cloud services, or telemetry.
All analysis runs locally. No files, scan results, or system data are uploaded.
Overview
x2y AV Ultimate delivers layered protection using a combination of signature scanning, heuristic detection, and behavioral pattern analysis. The application integrates trusted open-source security tools such as ClamAV and YARA, while also maintaining a local threat-intelligence database sourced from public feeds including MalwareBazaar, URLhaus, and OpenPhish.
The result is a fully self-contained security environment capable of detecting known malware, identifying suspicious binaries, and monitoring network activity without relying on cloud services.
Key Features
Multi-Layer Threat Detection
Every file scanned by x2y AV Ultimate passes through six independent detection layers designed to identify both known and emerging threats.
Detection methods include:
• Hash Database Matching
Instantly identifies known malware using SHA256 and MD5 hashes against a local SQLite database seeded with verified samples from MalwareBazaar.
• ClamAV Engine Integration
Provides access to millions of antivirus signatures through the ClamAV scanning engine and the standard freshclam update system.
• YARA Rule Scanning
Executes locally stored YARA rules compatible with community rule sets including Yara-Rules and Florian Roth’s signature-base.
• PE Binary Heuristics
Detects executable packers such as UPX, MPRESS, and Themida to identify suspicious packed binaries even without signatures.
• Behavioral Pattern Matching
Scans file contents for high-confidence malicious indicators including PowerShell obfuscation, process injection patterns, living-off-the-land binary abuse, and ransomware command sequences.
• Entropy Analysis
Flags encrypted or heavily packed payloads by measuring byte entropy, identifying files attempting to evade signature detection.
Real-Time Network Monitor
The integrated network monitor provides a live view of all active system connections with process attribution.
Capabilities include:
• Mapping every TCP and UDP connection to its originating process and PID
• Automatic flagging of suspicious ports, command-and-control IPs, and algorithmically generated domains
• Real-time traffic visualization via bandwidth sparkline chart
Interactive actions allow users to:
• Block remote IPs using Windows Firewall
• Terminate the responsible process
• Capture packet traces to .pcap format
• Perform WHOIS lookups and hostname resolution
• Tag activity with MITRE ATT&CK technique identifiers
All monitoring tasks run asynchronously to keep the interface responsive.
Persistence Auditor
The persistence auditor provides a unified view of system mechanisms that survive reboot.
Audited locations include:
• Windows Registry Run keys (HKCU and HKLM)
• Startup folders
• Scheduled Tasks
• WMI startup commands
• Windows services
Each entry is analyzed for suspicious indicators such as temporary-directory execution, encoded command arguments, and misuse of built-in system binaries.
Available actions:
• Disable persistence entries safely
• Permanently remove registry or file entries
• Perform behavioral risk analysis with a 0–100 score
• Export indicators as STIX 2.1 objects
• Generate CSV reports for incident response or compliance documentation
Quarantine Vault
Detected threats are securely isolated in a protected quarantine environment.
Features include:
• Safe storage of removed files in a non-executable directory
• Tracking of original path, detection method, hash, and timestamp
• One-click restoration in the event of false positives
• Permanent deletion or full vault purge
• Optional automatic quarantine during scans
Threat Intelligence Center
The Threat Intelligence Center manages all signature sources and threat lookups.
Functions include:
• Manual or automatic updates from MalwareBazaar, URLhaus, OpenPhish, and ClamAV
• Local hash lookups against the malware database
• Live statistics on total indicators and last update time
• Scheduled background updates
Policy & Configuration
All protection settings can be configured without restarting the application.
Options include:
• Background Shield activation
• Auto-quarantine control
• Notification preferences
• Adjustable heuristic sensitivity
• Scheduled quick and full scans
• File and folder exclusions
• Automatic startup with Windows
• Configurable quarantine storage location
• Detailed logging with multiple verbosity levels
System Requirements
Operating System
Windows 10 (1809) or newer
Processor
1 GHz dual-core minimum
Memory
256 MB RAM minimum
Storage
150 MB installation space
500 MB recommended for full signature database
Internet
Not required for operation
Recommended for signature updates
Administrator privileges may be required for firewall rules and full system scanning.
Privacy
x2y AV Ultimate follows a local-first security model.
The application does not transmit:
• file contents
• scan results
• process names
• network activity
• user behavior data
Signature updates are downloaded from public threat-intelligence feeds. All application data, including configuration, scan history, quarantine storage, and the signature database, remains stored locally on the user's system.
No telemetry, analytics, or license validation services are used.
Support
Questions, bug reports, and feature requests can be sent directly to the development team.
Support Email
support@x2ydevs.xyz
Website
x2ydevs.xyz
x2y AV Ultimate
Developed by x2y Devs Tools
Version 8.5.0
Full Changelog: v7.0.0...v8.5.0