1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can i Judge an AV based on results from VirusTotal?

Discussion in 'General Security' started by UsherBhai, Mar 8, 2019.

Thread Status:
Not open for further replies.
  1. UsherBhai

    UsherBhai Thread Starter

    Joined:
    Mar 8, 2019
    Messages:
    1
    Hello everyone,,
    I got an e-mail with an attachment based on an office exploit from 2018 (?) and my up to date F-Secure SAFE didn't detect anything when scanning the file. Based on Virustotal a bunch of others did.

    This is one of many times now I've noticed a considerable delay between my current AV and competitiors. Is this telling me I need to consider other options when my subscription still has more or less a year on it?

    What are some of the steps I can take to harden my outlook 365 configuration and F-Secure SAFE settings? Thanks in advance!
     
  2. dlipman

    dlipman

    Joined:
    Feb 14, 2013
    Messages:
    373
    First Name:
    David
    No. Many vendors on Virus Total have a simplistic Engine and Signature base. They don't detect the full spectrum that the fully installed anti malware product will detect. Thus you can NOT solely "Judge an AV based on results from VirusTotal?". For example Malwarebytes' Anti-Malware ( aka; MBAM ) Engine and Signature base on Virus Total do not match the detections that the MBAM product itself has.

    I don't know whether the attachment was an "exploit". If was a a file using exploit code chances are a detection would have the Common Vulnerability and Exposure number in the vendor's detection name [ Example: CVE-2017-0199 Virus Total Report ]. If you are talking about a detection for an attachment in Today's environment, chances are highly likely that it may have been a MS Word document downloader trojan whose payload was an Emotet trojan. The Exploit there is not the document, it is in the body of the email using a Social Engineering ploy. Social Engineering is the Human Exploit. Most often the ploy is an invoice for payment, taxes or a judicial declaration. Using MBAM as an example, MBAM does not target document files so if the attachment was a document neither Virus Total nor MBAM would detect it. Therefore Virus Total would show no detection on that document. However the anti exploit module in MBAM would block and attachment from any form of MS Office exploitation or in cases like a MS Word document downloader, it would block MS Word from using the VB Macro to perform the download and execute the payload. This "action" basis would not be reflected on Virus Total.

    You are the first line of defense, not the anti malware software. You have to look at that email and use Critical Thought and ask yourself serious questions about the sender and about the subject matter and corroborate the information on a Prima Facie basis. If you do not know the person, delete the email. If you know the person, and you were not expecting an attachment, contact them and ask them if they sent the attachment. Corroborate that email and if it is in question, delete the email.
     
    Last edited: Mar 8, 2019
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1224143

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice