Jump to content
Sign in to follow this  
galaxy

Virustotal

Recommended Posts

You could not just upload the. exe files via ESET to VirusTotal, as with SecureAplus. That would be an absolute feauture

Share this post


Link to post
Share on other sites

Reputational scanners and anti-exec's like VoodooShield do this since they don't maintain a resident virus signature database.

I don't know of any major AV products that do likewise.

Share this post


Link to post
Share on other sites

SecureAplus ­čśë┬áThis does this, but the idea would not be so bad

Share this post


Link to post
Share on other sites

I strongly doubt that integration with VT would be free for AV vendors. Moreover I don't see any reason for it since it gives users just a second opinion on files without telling 100% truth if a file is malicious or not. It happens that innocuous samples are detected by dozens of AVs while malicious samples are undetected by all vendors. Also common users usually can't distinguish between overaggressive and accurate detections. As a result, they tend to ask why an AV failed to detect a particular sample given that another AV reported it at VT as infected. In fact, it could be an aggressive detection, e.g. based merely on cloud data and the AV that reported it would actually have a FP on it.

Share this post


Link to post
Share on other sites
Posted (edited)

But you also have to say that the idea would be great, you could just upload it to unknown files, I use Secureaplus with ESET and this is super security

Edited by galaxy

Share this post


Link to post
Share on other sites

What could be done in this regard is that Eset provide an option in LiveGrid to allow the user to manually initiate a connection to VirusTotal when an unknown file attempts to execute. This is how the processing works in VoodooShield for example.

The problem is this is easier said than done. Anti-exec software like VoodooShield was designed from the beginning to provide this "second opinion" capability. It therefore has incorporated logic to exclude signed processes that are frequently updated such as Win system files, etc. from being detected as unknown.

Eset to date has indicated it has no desire to get into anti-exec processing that requires on going and frequent user interaction.

Share this post


Link to post
Share on other sites

OK, but you could also consider other databases in order to detect unwanted applications faster, even if it is not in the ESET database yet

Share this post


Link to post
Share on other sites
35 minutes ago, galaxy said:

OK, but you could also consider other databases in order to detect unwanted applications faster, even if it is not in the ESET database yet ´╗┐

Using multiple scanning engines is not advantage if an AV already uses advanced technologies. Using multiple engines affects performance, increases the chance of false positives and I'm sure it would also affect the price of the AV since no vendor would allow to use their engine for commercial purposes for free.

Share this post


Link to post
Share on other sites

Only as a query, not as another engine

Share this post


Link to post
Share on other sites
Posted (edited)

Securaplus also uses some databases that works out very well, with ESET together unbeatable

Edited by galaxy

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×