Defender Virustotal integration?


  1. Posts : 871
    Windows 10 x64
       #1

    Defender Virustotal integration?


    Normally when I download a file, I have it scanned by Microsoft Defender and on top by Virustotal.
    If possible I run such file within a Windows VM.

    Today I did the same, Defender showed 0 threats and Virustotal reported 14 'issues'. Most of them are by less known AV products, such as Elastic, Fortinet, Trapmine, Zilya, but Eset-NOD32 and McAfee were also in the list.
    It -could- be these are all false positives, I don't know.

    Now, it seems that a product like Emsisoft integrated Virustotal (as well as two other engines).
    (Not sure how they do that though).
    AFAIK this is not the case with Microsoft Defender.

    Wonder why?
    Might very well be that it is beyond the scope of a free product?

    thanks.
      My Computer


  2. Posts : 282
    Windows 10 Pro
       #2

    What's your question?

    How the VirusTotal integration?


    Very, very easy. The use of VirusTotal's API... There's one in the program Autoruns which is now a Microsoft product...

    You need to learn YARA, and how to read the Behaviors and Relations if provided... False positives are bound to occur at VirusTotal, but it depends on what you got. A game hack for example will trip the radar in many ways, but it could also be packed to harvest a crypto wallet or some crap. On the other hand, a seemly benign file may have an encrypted payload and VirusTotal won't detect that... Even images can contain a virus payload...

    It's a massive cat and mouse game and the winners are those that sell products...


    I actually contributed to Wikipedia's page on VirusTotal... Read it one day.
      My Computer


  3. Posts : 1,252
    Windows 10
       #3

    Virus total is ingrained in many Microsoft products i don't think its really viable on Defender though because of the nature of it, you kind of need to know what you are looking at and that goes against the use case of Defender imo.

    As F22 mentioned it will put up false positives often and for this reason alone it would make Defender look contradictory in itself to the average user who would not know how to discern between the two conflicting results.

    We see it in across other areas like several Sysinternals applications use VT because it makes sense there.
      My Computer


  4. Posts : 871
    Windows 10 x64
    Thread Starter
       #4

    Thank you both!
    F22 - as for the API and Autoruns - Yes, I see it in the parameter list. It should be run separately though.
    What I meant is that VT would be available (as an option?) within Defender.

    Malneb, I agree and see your point: there might be a conflict with regards to the results. I have been scanning downloaded files separately for years. My experience is that one if the leading AV companies says the file is okay, then most (if not all) other major AV companies likewise 'tell' me there is nothing.

    Reason for my idea/question is to why not have VT in Defender, at least as an option and with the results of the leading companies.

    Anyway, thanks again.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 12:08.
Find Us




Windows 10 Forums