VirusTotal Process Checker?

Discussion in 'other anti-virus software' started by RejZoR, Aug 30, 2015.

  1. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    I was wondering, is there any application that is running in real time and checks the hash of every EXE you run (or even better access) and notifies you if the found hash is detected by AV's?

    Sort of very basic AV that's not really blocking anything, just lets you know if hash of the EXE found on VT is detected or not. Process Explorer does this, but it's too fiddly and can't exactly be used as real-time tool plus it's crashing so that's no use.

    Or if you know any app similar to what I'm looking for so I might check it out and see if it's of any use.
     
  2. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    511
    Location:
    Earth .... occasionally
    Process Explorer is the one that immediately comes to mind , but I see that it is not suiting your needs.
    I clearly remember reading about other apps that automatically refer to VT but I never needed to check them out.

    I'm sure other Wilders members will chime in with suggestions though !
     
  3. http://www.crystalsecurity.eu/ also REAL TIME VT-lookup with three modes (checking PE's being dropped in downloads/temp or checking objects executed or both=default). It remembers hashes checked and offers configurable rating (when hash detected by five or more AV'in VT, classify it as malware).
     
    Last edited by a moderator: Aug 30, 2015
  4. syrog

    syrog Registered Member

    Joined:
    Jul 13, 2013
    Posts:
    30
  5. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    But HerdProtect isn't real-time. It's and on-demand scanner.
     
  6. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,044
    Location:
    Brasil
    Avira does exactly that, though not by default if I remember correctly.

    There's also a Windows command to check the integrity of system's files:

    Code:
    sfc /scannow
     
  7. one111

    one111 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    92
    SecureAplus seems to do just that
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    3,727
    Location:
    U.S.A.
    Emsisoft AM/IS checks both hash and signature using its behavior blocker but that is an AV ....................

    EAM_Hash_08302015.png
     
  9. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,888
  10. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    653
    Location:
    Wembley, London
  11. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    857
    Location:
    UK
  12. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    2,444
    VoodooShield is VT dependent.
     
  13. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,229
    Location:
    Ontario, Canada
    Yes VoodooShield.

    Cheers,

    TH
     
  14. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,301
  15. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,888
    "Does that do it in RT?
    I have process hacker but have not noticed it"

    Their web site says:

    "Get real-time information on disk access."

    Reason I thought this might be a good one is I might have misunderstood rejzor's request. I thought he was looking for something he could change to add the function of VT because it is open source.

    Many of you have probably used Process Explorer in the past. Process Hacker has several advantages:

    • Process Hacker is open source and can be modified or redistributed.
    • Process Hacker is more customizable.
    • Process Hacker shows services, network connections, disk activity, and much more!
    • Process Hacker is better for debugging and reverse engineering.
     
  16. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,839
    Location:
    Toronto, Canada
    I'm not certain whether or not this has been mentioned yet here in the forums, but the very latest Nightly builds (https://wj32.org/processhacker/nightly.php) of Process Hacker now have the option to enable a VirusTotal column within the UI which is quite nice. Therefore the upcoming 3.x series of Process Hacker will have that feature upon release. I've been following their nightly builds for a few months now and following commits on Github as well. I'm not certain when it will reach stable release but it looks like it's coming along nicely.
     
  17. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    1,749
    I installed the latest Nightly Build of Processhacker and the Virustotal-feature is included in the Onlinechecks-plugin.
    After enabling the plugin and the Virustotal-option, the user can rightclick a file and upload it to Virustotal: "Send to: Virustotal"
    And with enabling the Virustotal-Column, for each process the Result is displayed:
    Processhacker_Virustotal.png Processhacker_Virustotal_rightclick.png
     
  18. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    857
    Location:
    UK
    I cant seem to get the virustotal column to display anything (just blank)

    i have sent a process to virustotal with the rright click option but nothing appears in my browser or the column
     
  19. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,839
    Location:
    Toronto, Canada
    @trott3r Under Tools > Online Checks > Do you have a checkmark beside Enable VirusTotal scanning? Sometimes it may take 40-60 seconds or possibly a bit more for the results to show in the column.
     
  20. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    1,749
    After enabling the "Enable VirusTotal scanning"-option i had to restart Process Hacker, and the results finally appeared in the Column.
     
  21. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,888
    are you guys using the pro version?

    I don't see anything in tools either.
     

    Attached Files:

  22. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,888
    I see now nightly builds.
     
  23. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,888
    for some reason when I try to install it my smart screen hangs and have to close windows explorer with task manager.
     
  24. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    1,749
    A nightly build is needed.

    I see that with the latest nightly build (3.0.355) new features were added, but the work is still in progress:
    ProcessHacker_nighty-build_3.0.355.png
     
  25. @mood, well that would be a really cool feature. So M$ is copying idea of Kardo's Crystal Security.
     
Loading...