Linux Edition — now in beta

AI threat protection
for Linux, done right.

HYVE Ai for Linux runs as a lightweight systemd service using inotify-driven real-time monitoring. Ransomware, droppers, and persistence implants are detected in under 2 seconds — with zero GUI overhead.

Start Free 14-Day Trial Installation guide

No credit card required  ·  systemd  ·  x86_64 & ARM64  ·  Kernel 4.18+

root@server ~ — hyveav
$ sudo systemctl status hyveav
hyveav.service - HYVE Ai AntiVirus
     Loaded: loaded (/etc/systemd/system/hyveav.service; enabled)
     Active: active (running) since Mon 2026-03-07 09:14:02 UTC
     Main PID: 1842 (hyveav)
     CGroup: /system.slice/hyveav.service
            └─1842 /usr/local/bin/hyveav
$ hyveav scan /home/user/downloads/
[INFO] Scanning /home/user/downloads/ ...
[INFO] 1,284 files scanned in 0.8s
[WARN] Suspicious: setup.sh — score 78/100 (dropper pattern, high entropy)
[THREAT] Quarantined: setup.sh → /var/lib/hyveav/quarantine/a3f9c1
$ hyveav list-quarantine
ID        FILE                 SCORE   DETECTED
a3f9c1   setup.sh              78      2 min ago
_
inotify kernel-driven events
systemd Type=notify integration
< 2% CPU at idle
Works alongside AppArmor & SELinux
Linux Features

Built for the Linux security stack.

Not a port. Not an afterthought. The same AI core — rebuilt for how Linux actually works.

inotify Real-Time Monitoring

File events from the kernel — no polling, no constant CPU burn. HYVE Ai watches your home directory, /tmp, /var/tmp, and /opt at near-zero idle cost.

Ransomware Burst Detection

Rapid mass-encryption patterns trigger an immediate alert and quarantine. Canary files in monitored directories provide an independent early-warning tripwire.

Full CLI Interface

Everything scriptable. hyveav scan <path> for on-demand scans, hyveav list-quarantine to review detections, and hyveav restore <id> for false-positive recovery.

15+ Signal Risk Scorer

ELF binaries, shell droppers, cron/systemd persistence, high-entropy payloads, base64 stagers, and network downloaders — all scored in a single pass with tunable thresholds.

Threat DNA Fingerprinting

A 16-char hex fingerprint clusters malware family variants even when byte signatures differ. Recurrence boosts the score on known family re-encounters — persistent threats don't get a second chance.

systemd Native Integration

Type=notify, journald-structured logging, restart-on-failure, and hardening flags (ProtectSystem=strict, NoNewPrivileges=true). Fits cleanly into any server or workstation environment.

Platform comparison

Linux vs Windows edition.

Same AI core. Platform-native everywhere.

Feature Windows Linux
Interface Desktop GUI + system tray Headless daemon + CLI
Real-time monitoring FileSystemWatcher (Windows) inotify via kernel
Service integration Windows Service systemd Type=notify
Monitored paths Desktop, Documents, Downloads ~/, /tmp, /var/tmp, /opt
Threat types .exe, .dll, .ps1, .vbs, .bat… .sh, .elf, .bin, .py, cron, .service…
Works alongside Windows Defender AppArmor, SELinux, ClamAV, Falco
Log output App event log journald (structured)
Architecture x64 · ARM64 x86_64 · ARM64
Price $8.99 / device / month $8.99 / device / month
Installation

Up and running in 4 steps.

A single self-contained binary. No runtime dependencies required.

1

Download the installer script

bash 
curl -fsSL https://hyveav.com/install.sh -o install.sh
chmod +x install.sh
2

Run the installer (requires sudo)

bash 
sudo ./install.sh install

Installs the binary to /usr/local/bin/hyveav, writes the systemd unit, creates config at /etc/hyveav/hyve.config.json, and starts the service.

3

Activate your license

bash 
hyveav activate XXXX-XXXX-XXXX-XXXX

Your license key is emailed after purchase. For the free trial, run hyveav trial instead — no key required.

4

Verify protection is active

bash 
systemctl status hyveav
journalctl -u hyveav -f

Useful commands

hyveav scan /path On-demand scan of a file or directory
hyveav list-quarantine Show all quarantined items
hyveav restore <id> Restore a quarantined file
systemctl stop hyveav Stop the protection service
journalctl -u hyveav -f Stream live detection logs
sudo ./install.sh uninstall Completely remove HYVE Ai

System requirements

OS
Any systemd-based Linux distro
Ubuntu 20.04+, Debian 11+, RHEL 8+, Fedora 36+, Arch
Kernel
4.18 or later (inotify support required)
Architecture
x86_64  ·  ARM64 (including Raspberry Pi 4+)
Runtime
None — self-contained binary (includes .NET 8 runtime)
Privileges
sudo for install only · runs as dedicated hyveav service user
Disk
~80 MB for binary · ~200 MB for quarantine store (configurable)
Pricing

Same price. Full protection.

One subscription covers the Linux edition. Mix Windows and Linux devices under one plan.

Free Trial
$0
for 14 days
  • Full protection from install
  • inotify real-time monitoring
  • CLI scan, quarantine, restore
  • Ransomware burst detection
  • Threat DNA fingerprinting
  • No credit card required
Start Free Trial
Most Popular
HYVE Personal
$8.99
per device / month
  • Everything in Free Trial
  • Self-learning AI policy updates
  • Monthly posture report
  • 7-day grace period on billing issues
  • Use on Windows or Linux
  • Email support
Get Protected — $8.99 / mo

Billed monthly · Cancel anytime

14-day money-back guarantee  ·  Cancel anytime  ·  Your files never leave your device

Protect your Linux machines today.

14-day free trial · Self-contained binary · systemd native

Start Free Trial