• 所有社区 - 中文
    • 所有社区 - 中文
    • 论坛
    • 创意
    • 博客
高级

不是您要找的? 咨询专家!

好评0

Why some files appear genuine in some av's but not in others?

Hi all,

 while going through a link in message posted by PRIOR ,I found the results posted by virustotal here , a file tested is flagged as malicious by some AVs but a green tick is given for others. Does it mean that the tested file may be genuine one?

regards, CV | There is no ONE TOUCH KEY to security . Be alert and vigilant. . | Always have a Backup Plan!

回复

好评0

Re: Why some files appear genuine in some av's but not in others?


Nikhil_CV wrote:

Hi all,

 while going through a link in message posted by PRIOR ,I found the results posted by virustotal here , a file tested is flagged as malicious by some AVs but a green tick is given for others. Does it mean that the tested file may be genuine one?


Hi,

I would vote on the side of safety and say that if two or more of the security products that were used didn't green check mark it, it's bad.

No two products do their thing the same way as any other, something about intellectual property, copyrights and other stuff, so there is a good chance that they will never all agree on a file that is less that a total virus. The fact that they don't all agree makes me feel better. I can use one active scanner and one, or more, on demand scanners and know that the on demand scanners are not retracing the steps taken by the active scanner. Improves the chances of catching anything that might be hiding in a dark corner of the system.

Stay well and surf safe

Dick Win 10x64 current current NSBU
好评6 Stats

Re: Why some files appear genuine in some av's but not in others?

Green does not mean "Good", it means that nothing was detected and thats a big difference.

Although a lot of the detections are heuristic or clasified as generic or suspicious, I would never trust a file that had half as many detections.

You also don't know how old the file is.  If it's something new it would be common for it to be missed by a lot of products for a while and it would be interesting to see the statis of a file later to see if it becomes detected by more or less products.

PRIOR is an extreamly knowlegable person who has pointed out problems and well documented them in the past and regardless of if the file is good or bad he is pointing out inconsistant results that really should not be happening.

It seems backwards to me that the same file downloaded from a "trusted" site is "unproven" when the same file downloaded from an untrusted site says "good".

The same file should always have the same results, but if any additional level of trust is given to a new file based on where it came from it should be the other way around.

Dave

This thread is closed from further comment. Please visit the forum to start a new thread.