Jump to content

Recommended Posts

Posted

You could not just upload the. exe files via ESET to VirusTotal, as with SecureAplus. That would be an absolute feauture

Posted

Reputational scanners and anti-exec's like VoodooShield do this since they don't maintain a resident virus signature database.

I don't know of any major AV products that do likewise.

Posted

SecureAplus ? This does this, but the idea would not be so bad

  • Administrators
Posted

I strongly doubt that integration with VT would be free for AV vendors. Moreover I don't see any reason for it since it gives users just a second opinion on files without telling 100% truth if a file is malicious or not. It happens that innocuous samples are detected by dozens of AVs while malicious samples are undetected by all vendors. Also common users usually can't distinguish between overaggressive and accurate detections. As a result, they tend to ask why an AV failed to detect a particular sample given that another AV reported it at VT as infected. In fact, it could be an aggressive detection, e.g. based merely on cloud data and the AV that reported it would actually have a FP on it.

Posted (edited)

But you also have to say that the idea would be great, you could just upload it to unknown files, I use Secureaplus with ESET and this is super security

Edited by galaxy
Posted

What could be done in this regard is that Eset provide an option in LiveGrid to allow the user to manually initiate a connection to VirusTotal when an unknown file attempts to execute. This is how the processing works in VoodooShield for example.

The problem is this is easier said than done. Anti-exec software like VoodooShield was designed from the beginning to provide this "second opinion" capability. It therefore has incorporated logic to exclude signed processes that are frequently updated such as Win system files, etc. from being detected as unknown.

Eset to date has indicated it has no desire to get into anti-exec processing that requires on going and frequent user interaction.

Posted

OK, but you could also consider other databases in order to detect unwanted applications faster, even if it is not in the ESET database yet

  • Administrators
Posted
35 minutes ago, galaxy said:

OK, but you could also consider other databases in order to detect unwanted applications faster, even if it is not in the ESET database yet 

Using multiple scanning engines is not advantage if an AV already uses advanced technologies. Using multiple engines affects performance, increases the chance of false positives and I'm sure it would also affect the price of the AV since no vendor would allow to use their engine for commercial purposes for free.

Posted

Only as a query, not as another engine

Posted (edited)

Securaplus also uses some databases that works out very well, with ESET together unbeatable

Edited by galaxy
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...