Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Deep Instinct | Deep Learning AI Cybersecurity Platform
Message
<blockquote data-quote="Trident" data-source="post: 1039692" data-attributes="member: 99014"><p>VirusTotal is very frequently different.</p><p></p><p>Trend Micro for example would frequently detect something there (and on business versions if early warning is deployed) but in home products won’t detect anything yet.</p><p></p><p>Check Point runs with Kaspersky engine there (not sure also what’s the value of adding 10 solutions with the same engine). In reality they’ve got over 60 engines in different places, doing different analysis and none of them is Kaspersky. The version with Kaspersky is not available on the download portal or at least I didn’t see it.</p><p></p><p>Symantec and McAfee have different names with McAfee JTI not being deployed (as well as Real Protect Pre-Execution). Detections are named artemis.something on VT when the real name is JTI/Something.</p><p>Symantec on VT displays ML.Attribute.<Level of Confidence> but in products it is Heur.AdvML.A/B/C</p><p></p><p>Other products also have notable differences.</p><p></p><p>My speculations are the following (only engineers would know what, why and how for sure):</p><p></p><ul> <li data-xf-list-type="ul">VirusTotal is a platform that drives no revenue and is mainly for intelligence, analysis and troubleshooting. As such, not all engines may be deployed and not all of them may work like the ones on production system — false positives are not a problem on VT. It is possible that some experimental engines may first be deployed there too.</li> <li data-xf-list-type="ul">Where static analysis is used (such as DI), it is possible that not all machine learning models are deployed there or that some more aggressive ones are deployed on VT as a testing ground.</li> <li data-xf-list-type="ul">Again where static analysis/NGAV is in question, some machine learning models/classifiers (for example decision trees) may be oriented towards downloaded files and files from emails. In this case, these models on VT will not be ran.</li> <li data-xf-list-type="ul">The VirusTotal platform may also from time to time experience issues with syncing those engines.</li> <li data-xf-list-type="ul">Settings may be configured to be either more gentle or more aggressive at vendor’s discretion. They may be interested in testing different configurations and VT is the perfect place for that.</li> </ul><p></p><p>All the above are few reasons why detections might differ. For more precise information, an official representative will have to be contacted so they can ask system engineers.</p></blockquote><p></p>
[QUOTE="Trident, post: 1039692, member: 99014"] VirusTotal is very frequently different. Trend Micro for example would frequently detect something there (and on business versions if early warning is deployed) but in home products won’t detect anything yet. Check Point runs with Kaspersky engine there (not sure also what’s the value of adding 10 solutions with the same engine). In reality they’ve got over 60 engines in different places, doing different analysis and none of them is Kaspersky. The version with Kaspersky is not available on the download portal or at least I didn’t see it. Symantec and McAfee have different names with McAfee JTI not being deployed (as well as Real Protect Pre-Execution). Detections are named artemis.something on VT when the real name is JTI/Something. Symantec on VT displays ML.Attribute.<Level of Confidence> but in products it is Heur.AdvML.A/B/C Other products also have notable differences. My speculations are the following (only engineers would know what, why and how for sure): [LIST] [*]VirusTotal is a platform that drives no revenue and is mainly for intelligence, analysis and troubleshooting. As such, not all engines may be deployed and not all of them may work like the ones on production system — false positives are not a problem on VT. It is possible that some experimental engines may first be deployed there too. [*]Where static analysis is used (such as DI), it is possible that not all machine learning models are deployed there or that some more aggressive ones are deployed on VT as a testing ground. [*]Again where static analysis/NGAV is in question, some machine learning models/classifiers (for example decision trees) may be oriented towards downloaded files and files from emails. In this case, these models on VT will not be ran. [*]The VirusTotal platform may also from time to time experience issues with syncing those engines. [*]Settings may be configured to be either more gentle or more aggressive at vendor’s discretion. They may be interested in testing different configurations and VT is the perfect place for that. [/LIST] All the above are few reasons why detections might differ. For more precise information, an official representative will have to be contacted so they can ask system engineers. [/QUOTE]
Insert quotes…
Verification
Post reply
Top