Latest restricted WACUP beta release is build #18980 (April 24th 2024) (x86 & x64 changelogs) | Latest WACUP public preview is build #18980 (April 24th 2024) (x86 only)

NOTE: Beta testers are added in a limited & subjective manner as I can only support so many people as part of the beta test program to keep it useful for my needs.

Unless I think you're going to be helpful, not all requests will be accepted but might still be later on. Remember that beta testing is to help me & the limitations currently works for my needs for this project.

« previous next »
Pages: [1]   Go Down

Author Topic: VirusTotal info and tools  (Read 2049 times)

Dr.Flay

  • Evil Genius
  • Beta Tester
  • Hero Member
  • *****
  • Posts: 145
  • AMIGA Forever
    • View Profile
    • About Me
VirusTotal info and tools
« on: September 01, 2020, 02:47:17 AM »
When using VirusTotal there are some caveats.
Most tools that check against VT will use a threshold minimum before triggering a warning (the more AV agree on a file, the more you can trust the result.)
The uploaded virus definitions can be up to 1 month behind.
Many of the AV are poor quality and detect anything new without a certificate as a threat. This does not mean it is a threat but means they operate a whitelist method like Microsoft.
May AV will give a free pass to malware if it has a valid cert, because they cannot actually detect bad behaviour only use their cruddy whitelisting.

A common reason for AV thinking a file is malware is due to installers which have also been used to package malware a lot. This can create a false association.
Some files hook or patch a file or location in RAM. This behaviour can seem malicious until investigated.

To upload files to VT via extensions and tools you will need an API key.
You get this for free with a free account.

Official and recommended desktop tools
https://support.virustotal.com/hc/en-us/articles/115002179065-Desktop-Apps

Official and recommended extensions
https://support.virustotal.com/hc/en-us/articles/115002700745-Browser-Extensions

Open source alternatives.
Auto-check downloads
https://add0n.com/virus-checker.html
Selectively check links
https://add0n.com/security-plus.html

Add VT lookups to Windows with Process Explorer an alternative taskmanager from Microsoft.
This will check all running tasks if you enable it.
Several other MS tools can also use VT, such as Autoruns which will check everything that loads automatically when you boot Windows and login.
https://docs.microsoft.com/en-us/sysinternals/downloads/security-utilities

If you want to know which AV ratings to pay attention to and which to ignore, check the AV test sites each month and pay attention to the false positive rates.
https://www.av-comparatives.org/comparison/
https://www.av-test.org/en/antivirus/home-windows/
https://www.virusbulletin.com/testing/vb100/
« Last Edit: September 01, 2020, 02:47:55 AM by Dr.Flay »
Logged
My weekly radio show on Source FM ☛ 15% Extra
Pages: [1]   Go Up
« previous next »