herdProtect: Cloud based multi-engine scanner

NikK
NikK Posts: 903 Forum Champion

It uses 68 different engines and F-Secure is one of them. It's still in beta and is only a scanner, so it won't remove any infections.
It'll scan all "active" files on your PC, which means currently executing + additional files with autostart abilities.
It uses several file hashes to avoid uploading and scanning files that's already been scanned in the cloud. The uploaded files will be stripped of any personally identifiable details and it claims to be 100% anonymous.

 

http://www.herdprotect.com

 

Note 1: Deepguard will alert you of both the setup and scan exe, with the reason not known application(not commonly used)
Note 2: Scanning with 68 engines increases the risk of any false-positives although herdProtect says it can rule out any FP's

Comments

  • Blackcat
    Blackcat Posts: 503 Influencer

    The number of engines used seems a great idea; http://www.herdprotect.com/engines.aspx

     

    But looking more closely at the types of engine paints a different picture . There are a number of top engines such as F-Secure, Kaspersky and Bitdefender, so if herdProtect already uses these two, why does it need sub-par engines from the likes of ClamAV, ByteHero and UnThreat? Are we supposed to think that scanners with sub-50% detection rates will add anything in actually detecting malware?

     

    Downloaded, scanned. It found 11 inconclusive detections!

     

    SnapCrab_NoName_2014-1-1_19-41-51_No-00.png

     

    According to the Vendor, Reason Software, the ability to remove malware will be available in the first quarter of 2014, and then real-time protection of the system will be added in the second quarter. So in the future, it may become an alternative to the popular Virustotal service and programs such as Virustotal Uploader.

     

  • NikK
    NikK Posts: 903 Forum Champion

    I agree, but VirusTotal also has ClamAV, ByteHero and some others questionable: https://www.virustotal.com/en/about/credits/

    Based on your "infections" I'd say that herdProtects claim to identify all false-positives isn't perfect yet.

     

    herdProtect didn't find anything on my PC. But when compared to VirusTotal, herdProtect was actually able to identify and remove a false-positive, based on the fact that both uses the AV from the screenshot below, and that the file should've been scanned by herdProtect as it has autostart abilities.

     

    When you've used VirusTotal for a while you realize that most "infections" are detected by only a few AVs. Most definitely false-positives.

    I use Phrozen VirusTotal Uploader a great tool for multi-scanning all running executables for example. The only bad thing is that only one false-positive from one of these questionable AVs is needed in order to be flagged as Infected.

    adobearm.png

This discussion has been closed.