galaxy 11 Posted August 11, 2018 Posted August 11, 2018 You could not just upload the. exe files via ESET to VirusTotal, as with SecureAplus. That would be an absolute feauture
itman 1,801 Posted August 11, 2018 Posted August 11, 2018 Reputational scanners and anti-exec's like VoodooShield do this since they don't maintain a resident virus signature database. I don't know of any major AV products that do likewise.
galaxy 11 Posted August 14, 2018 Author Posted August 14, 2018 SecureAplus ? This does this, but the idea would not be so bad
Administrators Marcos 5,453 Posted August 14, 2018 Administrators Posted August 14, 2018 I strongly doubt that integration with VT would be free for AV vendors. Moreover I don't see any reason for it since it gives users just a second opinion on files without telling 100% truth if a file is malicious or not. It happens that innocuous samples are detected by dozens of AVs while malicious samples are undetected by all vendors. Also common users usually can't distinguish between overaggressive and accurate detections. As a result, they tend to ask why an AV failed to detect a particular sample given that another AV reported it at VT as infected. In fact, it could be an aggressive detection, e.g. based merely on cloud data and the AV that reported it would actually have a FP on it.
galaxy 11 Posted August 14, 2018 Author Posted August 14, 2018 (edited) But you also have to say that the idea would be great, you could just upload it to unknown files, I use Secureaplus with ESET and this is super security Edited August 14, 2018 by galaxy
itman 1,801 Posted August 14, 2018 Posted August 14, 2018 What could be done in this regard is that Eset provide an option in LiveGrid to allow the user to manually initiate a connection to VirusTotal when an unknown file attempts to execute. This is how the processing works in VoodooShield for example. The problem is this is easier said than done. Anti-exec software like VoodooShield was designed from the beginning to provide this "second opinion" capability. It therefore has incorporated logic to exclude signed processes that are frequently updated such as Win system files, etc. from being detected as unknown. Eset to date has indicated it has no desire to get into anti-exec processing that requires on going and frequent user interaction.
galaxy 11 Posted August 14, 2018 Author Posted August 14, 2018 OK, but you could also consider other databases in order to detect unwanted applications faster, even if it is not in the ESET database yet
Administrators Marcos 5,453 Posted August 14, 2018 Administrators Posted August 14, 2018 35 minutes ago, galaxy said: OK, but you could also consider other databases in order to detect unwanted applications faster, even if it is not in the ESET database yet Using multiple scanning engines is not advantage if an AV already uses advanced technologies. Using multiple engines affects performance, increases the chance of false positives and I'm sure it would also affect the price of the AV since no vendor would allow to use their engine for commercial purposes for free.
galaxy 11 Posted August 14, 2018 Author Posted August 14, 2018 Only as a query, not as another engine
galaxy 11 Posted August 14, 2018 Author Posted August 14, 2018 (edited) Securaplus also uses some databases that works out very well, with ESET together unbeatable Edited August 14, 2018 by galaxy
Recommended Posts