How to easily scan all processes with 50 AVs

Highlighted
Advocate

How to easily scan all processes with 50 AVs

The newest version of Process Explorer from Windows Sysinternals(a Microsoft Company) now has VirusTotal(VT) support. VT is a multi-engine scanner that includes anti-virus(AV) scanners from F-Secure, BitDefender, ESET-NOD32, Kaspersky, Malwarebytes, Microsoft, Norman, Panda, SuperAntiSpyware, Sophos, Symantec and many more.

ProcessExplorerVT.png

 

To get this go to menu Options - VirusTotal.com - Check VirusTotal.com  (if it doesn't work right away just restart Process Explorer)

Getting the results from VT is very fast because it does not send any files to VT, it just sends the file hashes. The downside with this approach is that you get the scan results for when the file was last uploaded and analyzed.

By clicking a value in the VT column the VT page for that file opens in a web browser and you can see more details like what AV detected anything and what it detected. And also the analysis date.

 

Notes

  • If you have files that hasn't been analyzed on VT and you want Process Explorer to automatically upload them to VT:
    menu Options - VirusTotal.com - Submit Unknown Executables
  • If you can't see all details for all processes: menu File - Show Details For All Processes (will restart as Administrator)
  • Scanning with multiple AVs increases the risk for false positives
  • When a new AV is added on VT it can suddenly give different results. For example yesterday "AegisLab" was added and suddenly I had detections for files that were clean last week, and all detections came from this new AV
  • If the analysis date for a file is old you can go directly to https://www.virustotal.com/ and upload and scan that file manually to get an updated result
  • Or go here https://www.virustotal.com/en/faq/ and install one of the VirusTotal Uploader applications

Edit: Found a method to send a file to VT from Process Explorer: Double-click a process. In the Image tab, click the Submit button for VirusTotal. This will re-analyze and(after a few minutes) give you an updated VT score for the file

3 REPLIES 3
Superuser

Re: How to easily scan all processes with 50 AVs

Interesting, thanks!

F-Secure

Re: How to easily scan all processes with 50 AVs

@NikK Thanks. This was also news to me. I use Process Explorer a lot - time to upgrade. Smiley Wink

 

Ville

(F-Secure R&D)

 

Advocate

Re: How to easily scan all processes with 50 AVs

You're welcome guys!

 

@Ville A real nice thanks would be to get a reply in this thread Smiley Wink

(if you can't answer maybe you can forward it to someone who can?)