I was wondering, is there any application that is running in real time and checks the hash of every EXE you run (or even better access) and notifies you if the found hash is detected by AV's? Sort of very basic AV that's not really blocking anything, just lets you know if hash of the EXE found on VT is detected or not. Process Explorer does this, but it's too fiddly and can't exactly be used as real-time tool plus it's crashing so that's no use. Or if you know any app similar to what I'm looking for so I might check it out and see if it's of any use.
Process Explorer is the one that immediately comes to mind , but I see that it is not suiting your needs. I clearly remember reading about other apps that automatically refer to VT but I never needed to check them out. I'm sure other Wilders members will chime in with suggestions though !
http://www.crystalsecurity.eu/ also REAL TIME VT-lookup with three modes (checking PE's being dropped in downloads/temp or checking objects executed or both=default). It remembers hashes checked and offers configurable rating (when hash detected by five or more AV'in VT, classify it as malware).
Avira does exactly that, though not by default if I remember correctly. There's also a Windows command to check the integrity of system's files: Code: sfc /scannow
Emsisoft AM/IS checks both hash and signature using its behavior blocker but that is an AV ....................
"Does that do it in RT? I have process hacker but have not noticed it" Their web site says: "Get real-time information on disk access." Reason I thought this might be a good one is I might have misunderstood rejzor's request. I thought he was looking for something he could change to add the function of VT because it is open source. Many of you have probably used Process Explorer in the past. Process Hacker has several advantages: Process Hacker is open source and can be modified or redistributed. Process Hacker is more customizable. Process Hacker shows services, network connections, disk activity, and much more! Process Hacker is better for debugging and reverse engineering.
I'm not certain whether or not this has been mentioned yet here in the forums, but the very latest Nightly builds (https://wj32.org/processhacker/nightly.php) of Process Hacker now have the option to enable a VirusTotal column within the UI which is quite nice. Therefore the upcoming 3.x series of Process Hacker will have that feature upon release. I've been following their nightly builds for a few months now and following commits on Github as well. I'm not certain when it will reach stable release but it looks like it's coming along nicely.
I installed the latest Nightly Build of Processhacker and the Virustotal-feature is included in the Onlinechecks-plugin. After enabling the plugin and the Virustotal-option, the user can rightclick a file and upload it to Virustotal: "Send to: Virustotal" And with enabling the Virustotal-Column, for each process the Result is displayed:
I cant seem to get the virustotal column to display anything (just blank) i have sent a process to virustotal with the rright click option but nothing appears in my browser or the column
@trott3r Under Tools > Online Checks > Do you have a checkmark beside Enable VirusTotal scanning? Sometimes it may take 40-60 seconds or possibly a bit more for the results to show in the column.
After enabling the "Enable VirusTotal scanning"-option i had to restart Process Hacker, and the results finally appeared in the Column.
for some reason when I try to install it my smart screen hangs and have to close windows explorer with task manager.
A nightly build is needed. I see that with the latest nightly build (3.0.355) new features were added, but the work is still in progress:
