VirusTotal

Discussion in 'General Chat' started by CyberKnight, Dec 4, 2018.

  1. CyberKnight

    CyberKnight is a Verified Warez PosterCyberKnight Registered User

    Joined:
    Apr 5, 2017
    Messages:
    1,391
    Likes Received:
    16,045
    Lately, observed members reporting potential virus on program using "VirusTotal" results.
    Some even reported program with detection ratio of <10% (aka >90% clean).
    This make our hardworking moderators work even harder.

    Maybe there should be some guidelines on when to report a suspicious program.

    [1] VirusTotal
    What is a recommended trigger value on the detection ratio ?
    e.g more than 15% of the engines reported potential virus infection

    Anyone has experience on a reasonably safe detection ratio ?

    [2] SandBox Environment

    If [1] (e.g detection ratio > 15%) is met, the member preferably test the program under a SandBox environment.
    From the SandBox environment, changes made can be observed.
    If there are suspicious activities, then it is time to inform Moderators of potential virus threats.

    What do you folks think ? ;)

    SandBox Environment
    When testing an unknown or suspicious program (e.g. keygen, patcher etc), use a sandbox environment.
    Changes are made in this sandbox environment, which is isolated from the rest of your system.
    This keep you safe from unstable & malicious program, part of an adware bundle, or even a virus.
    And all you have to do is ... simply delete the offending article from your system.

    Virtual Environment
    It is more difficult to tell where the changes are made in a virtualized enviroment.
    But it does keep the rest of the system isolated.
    SandBox Environment
    [1] Sandboxie
    https://www.sandboxie.com

    [2] Shadow Defender
    http://www.shadowdefender.com/

    [3] SHADE Sandbox
    http://www.shadesandbox.com/

    Virtual Environment
    [4] VirtualBox
    https://www.virtualbox.org/wiki

    [5] VMWare Workstation
    https://www.vmware.com/products/workstation-player.html
     
    Last edited: Dec 4, 2018
  2. sxzbisid

    sxzbisid is a Trusted Warez Postersxzbisid DEV Guild Member DEV Guild Reverser

    Joined:
    Jul 11, 2017
    Messages:
    245
    Likes Received:
    3,300
    I would suggest prioritize reports of serious AV engines instead of detection ratio, there's a lot of "no-name" AV engines on the list reporting every exe packer ever used for a malware.

    And what is serious AV engine? I vote for Eset, Kaspersky, Avast, BitDefender and AVG.