Tuesday, 14 February 2017

VirusTotal += Webroot

We welcome the Webroot scanner to VirusTotal. This is a machine learning engine from the US. In the words of the company:


"Webroot SecureAnywhere Business Endpoint Protection is a cloud-driven anti-malware solution and was the first next generation solution to offer a full replacement to conventional AV when launched in 2011.
Rather than rely on static signatures to identify malicious files and process, Webroot uses real-time monitoring and analysis of the events occurring within a device. Then, by using the extensive resources of cloud-based computing, threat and behavioral intelligence, Webroot is able to predict with negligible false positives any signs of malicious behavior. Windows PE files submitted to VirusTotal will be processed by the Webroot PE Scanner, non-PE files will not be scanned.”

Webroot has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates this review by MRG Effitas, an AMTSO-member tester.

Thursday, 9 February 2017

VirusTotal += Endgame

We welcome the Endgame scanner to VirusTotal. This is a machine learning engine from the US. In the words of the company:

"Endgame is a leading endpoint security platform that enables enterprises to close the protection gap against advanced attacks as well as detect and eliminate entrenched adversaries. Endgame's endpoint security platform leverages a series of layered defenses to prevent, detect and respond to threats through a unified endpoint agent. The IOC-independent platform covers the entire kill chain, leveraging machine learning and behavioral techniques to uncover, in real-time, unique attacks that evade traditional defenses and respond precisely without disrupting normal business operations. The malware detection and prevention capability, integrated in VirusTotal today, represents a key element in this layered defense. The machine learning model exposed in VirusTotal detects never-before-seen malware with high efficacy in an extremely lightweight implementation."

Endgame has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates this review by SE Labs, an AMTSO-member tester.

Thursday, 24 November 2016

VirusTotal += WhiteArmor

We welcome WhiteArmor scanner to VirusTotal. This is a machine learning engine from China. In the words of the company:

"WhiteArmor is mobile antivirus engine armed with artificial intelligence and machine learning. WhiteArmor offers enterprise Mobile Threat Defense (MTD) solutions as complementary to EMM for securing enterprise mobility."

WhiteArmor has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates this review by an AMTSO-member tester.

Monday, 21 November 2016

VirusTotal += Trustlook

We welcome Trustlook scanner to VirusTotal. This is a machine learning engine from the USA. In the words of the company:


“Trustlook is a global leader in next-generation mobile device security. Using advanced machine learning and behavioral analysis solutions, Trustlook finds more vulnerabilities sooner than any other to provide the industry's smallest vulnerability window. The innovative Trustlook Mobile Security-as-a-Service (MSaaS) cloud platform and Sentinel on-device platform deliver the performance and scalability needed to provide total threat protection against viruses, spyware, phishing, ID theft, data loss, snooping and other forms of attack. Trustlook's solutions protect users from both known and zero-day threats by examining over 20,000 new and updated applications every day for malware and malicious behavior. Trustlook's technology protects more than 300M users globally through its integration with leading apps and downloadable security offerings.”


Trustlook has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates this review by an AMTSO-member tester.

Friday, 26 August 2016

VirusTotal += Invincea

We welcome Invincea scanner to VirusTotal. This is a machine learning engine from USA. In the words of the company:


"Invincea is a machine learning endpoint security software company dedicated to killing threats without impacting business performance. X by Invincea combines machine learning and behavioral monitoring to eliminate endpoint security blind spots without sacrificing usability.
The deep learning model that powers X by Invincea was built based on years of research in Invincea Labs supported by DARPA funding — the US government agency working on breakthrough technologies for national security. Using this technology, X can determine if a file is malicious, even if that file has never been seen before and does not have a known signature.  First, X by Invincea extracts unique file features about the program and its capabilities. Second, the extracted features are then run through a multi-stage deep learning algorithm to determine how similar the file is to other malware families. X by Invincea then returns whether the file is malicious, along with the malware family that it mostly likely derives from."

Invincea has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates this review by an AMTSO-member tester.

Thursday, 25 August 2016

VirusTotal += CrowdStrike

We welcome CrowdStrike Falcon (ML) scanner to VirusTotal. This is a machine learning engine. In the words of the company:


"CrowdStrike Falcon (ML) is a machine learning engine designed to identify previously unknown malware.  This engine is part of CrowdStrike’s Falcon endpoint protection product – the first and only cloud-delivered endpoint security solution that combines Next-Generation Antivirus, Endpoint Detection and Response (EDR) and Managed Threat Hunting in a single lightweight agent. The Machine Learning engine augments CrowdStrike Falcon’s other threat prevention capabilities, which include advanced behavioral protection based on Indicators of Attack (IOAs), exploit mitigation and threat intelligence-driven blocking. Windows PE executables and DLL files submitted to VirusTotal will be processed by CrowdStrike Falcon (ML) and the results will be displayed with a confidence score that indicates the degree of certainty the engine has in a file’s maliciousness. Scoring at this level of detail allows users to make more granular and effective policy decisions."

CrowdStrike has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates this review by an AMTSO-member tester.

Wednesday, 4 May 2016

Maintaining a healthy community

VirusTotal was born 12 years ago as a collaborative service to promote the exchange of information and strengthen security on the internet. The initial idea was very basic: anyone could send a suspicious file and in return receive a report with multiple antivirus scanner results. In exchange, antivirus companies received new malware samples to improve protections for their users. The gears worked thanks to the collaboration of antivirus companies and the support of an amazing community. This is an ecosystem where everyone contributes, everyone benefits, and we work together to improve internet security.

For this ecosystem to work, everyone who benefits from the community also needs to give back to the community, so we are introducing a few new policies to make sure that our community continues to work for years into the future. First, a revised default policy to prevent possible cases of abuse and increase the health of our ecosystem: all scanning companies will now be required to integrate their detection scanner in the public VT interface, in order to be eligible to receive antivirus results as part of their VirusTotal API services. Additionally, new scanners joining the community will need to prove a certification and/or independent reviews from security testers according to best practices of Anti-Malware Testing Standards Organization (AMTSO).

Finally, all VirusTotal users are fully accountable for and need to follow our existing Terms of Services and mandatory Best Practices. Its frustrating to see abuses show up and its damaging for our community. Let's remember some basics:

  • VirusTotal should not be used in any way that could directly or indirectly hinder the antivirus/URL scanner industries.
  • VirusTotal should not be used as a substitute of an antivirus solution.
  • The data generated by VirusTotal should not be used automatically as the primary indicator to blacklist/produce signatures for files. i.e. Antivirus vendors should not copy the signatures generated by other vendors without any other scrutinizing on their side.
  • VirusTotal should not be used to generate comparative metrics between different antivirus products. Antivirus engines can be sophisticated tools that have additional detection features that may not function within the VirusTotal scanning environment. Because of this, VirusTotal scan results aren’t intended to be used for the comparison of the effectiveness of antivirus products.
  • VirusTotal should not be used as deceptive means to discredit or to validate claims for or against a legitimate participant  in the anti-malware industry.
  • VirusTotal renders information generated by third party products (antivirus vendors, URL scanning engines, file characterization tools, etc.), those product names are exclusive property of their respective brands, hence, use of these names in third party products and services will be done at your sole discretion. You should ask the corresponding brands for their permission.
  • In no event shall you use VirusTotal's logo, name or trademark on any customer list, public statement, press release, or in any other manner without our prior written consent in each instance.
There is a new specific email address (abuse@virustotal.com) for users and partners to report potential abuse of this new policy or our long-standing Terms of Services and mandatory Best Practices. When potential abuse is reported, we will investigate and work to adopt specific measures to combat any irregularities, if any uses can’t come into compliance we will terminate their service.

We are looking forward to working with new partners, as it will bring more value to the ecosystem. All collaborative efforts are based on the principles of benefiting the security industry as a whole and enabling the protection of end users. We also want to thank our current partners, and the entire VT community, for working with us as we pursue our mutual goal of a safer and more secure Internet for everyone.