Question If the site contains malware, should frontline page be blocked

[piquiteco]

They typically deploy different engine versions and features. VT is a valuable second opinion but has limitations.

Yes, it's true, but I tested almost all AV engines here and they detected this page. I'm not going to take a screenshot to prove it because it will be irrelevant to the topic, but you are right in your statements, you can't draw conclusions based on VT. Kaspersky itself blocked the page through the KSN cloud.

 

[Parkinsond]

I think @Parkinsond hasn't woken up yet on how to use NextDNS? Wake up, my friend Lol

I am awake my friend; when NextDNS blocks a website, I get the blue block page directly without the prior grey one of edge, as the option of block warning is enabled in NextDNS settings.

 

[Trident]

McAfee detects pre-execution, as soon as file is downloaded.

Detail	Information
Final Result	Infection Quarantined
Timestamp	11th August 2025, 1:09 PM (BST)
Detected Threat	ti!982E47F604B9
File Name	Ikov.jar
File Hash (SHA-256)	982e47f604b9b5cbb710f9d6bad16a3e44b0122c44dede726729b843ba357414
Source URL	https://ikovrsps.org/Ikov.jar
File Path	C:\Users\user\Downloads\
Initiating Process	Microsoft Edge (msedge.exe)
Detecting Sensor	IOfficeAntivirus
---	---
Detection Engine	Reputation Scores
hti (Heuristic Threat Intelligence)	File Rep: 15, HTI Rep: 15, URL Rep: 65
av (Antivirus)	HTI Rep: 50
neo (ML/AI Engine)	HTI Rep: 50
cache	All scores 0
signature	All scores 0
rp-s	All scores 0

 

[Parkinsond]

Yes that is correct, some of the antivirus engines aggregated by VirusTotal incorporate behavioral analysis in their detection methodologies, while others primarily rely on signature-based detection or heuristics. While some individual antivirus engines do leverage behavioral analysis, the level and type of analysis can vary significantly between vendors and may not always mirror the full capabilities of their end-user products.

So we can say McAfee and other AVs failed to detect the jar file because they did not provide VT with behavioral analysis, while B and K did?

 

[Trident]

So we can say McAfee and other AVs failed to detect the jar file because they did not provide VT with behavioral analysis, while B and K did?

Why don't you read before you write? I just made a post above yours. Not sure how "it fails to detect".

 

[Parkinsond]

McAfee detects pre-execution, as soon as file is downloaded.

Detail	Information
Final Result	Infection Quarantined
Timestamp	11th August 2025, 1:09 PM (BST)
Detected Threat	ti!982E47F604B9
File Name	Ikov.jar
File Hash (SHA-256)	982e47f604b9b5cbb710f9d6bad16a3e44b0122c44dede726729b843ba357414
Source URL	https://ikovrsps.org/Ikov.jar
File Path	C:\Users\user\Downloads\
Initiating Process	Microsoft Edge (msedge.exe)
Detecting Sensor	IOfficeAntivirus
---	---
Detection Engine	Reputation Scores
hti (Heuristic Threat Intelligence)	File Rep: 15, HTI Rep: 15, URL Rep: 65
av (Antivirus)	HTI Rep: 50
neo (ML/AI Engine)	HTI Rep: 50
cache	All scores 0
signature	All scores 0
rp-s	All scores 0

Behavioral or signature?

 

[Trident]

Behavioral or signature?

It's indicated clearly, it is a pre-execution detection as soon as file was downloaded, again, did you read?

 

[Parkinsond]

Why don't you read before you write? I just made a post above yours. Not sure how "it fails to detect".

I speak to others politely and expect others to do so.

It's indicated clearly, it is a pre-execution detection as soon as file was downloaded, again, did you read?

So why not detected by their engine on VT?

 

[Trident]

So why not detected by their engine on VT?

Ask McAfee. I am not in a mood for all that.

 

[Parkinsond]

Ask McAfee. I am not in a mood for all that.

You just cannot allow any thing referring to McAfee, as well other reputable AVs, did not detect the file; Okay, I will tell my prayers for McAfee every morning.

 

[Trident]

You just cannot allow any thing referring to McAfee, as well other reputable AVs, did not detect the file; Okay, I will tell my prayers for McAfee every morning.

The file was detected. I am not sure why you keep repeating that it wasn't

 

[piquiteco]

I am awake my friend; when NextDNS blocks a website, I get the blue block page directly without the prior grey one of edge, as the option of block warning is enabled in NextDNS settings.

I know, but the error that appears before the blue lock screen on your EDGE browser, saying that the page is not secure, is because the NextDNS certificate is missing. If you use NextDNS's DNS over HTTPS (DoH), you need to install their certificate, understand? I assume you know about this? That's what I was referring to. @Trident mentioned this in post #7.

 

[ForgottenSeer 123960]

So we can say McAfee and other AVs failed to detect the jar file because they did not provide VT with behavioral analysis, while B and K did?

Multiple factors cause differences in how a JAR file is detected on VirusTotal. A major reason is the limited behavioral analysis of the command-line antivirus engines used on the platform as discussed already, which may not have the same capabilities as their full desktop versions.

Additionally, different engines have varied rules and signatures as well as vendor-specific configurations that affect their detection aggressiveness.

Finally, the absence of cloud-based detection in some command-line versions, which is a key feature of many desktop products, can also lead to discrepancies.

 

[Nunzio_77]

The only extension which blocked the website was B trafficlight; missed by the rest.
View attachment 290135

The Bitdefender Traffic Light extension is great!

 

[Trident]

Multiple factors cause differences in how a JAR file is detected on VirusTotal. A major reason is the limited behavioral analysis of the command-line antivirus engines used on the platform as discussed already, which may not have the same capabilities as their full desktop versions.

Additionally, different engines have varied rules and signatures as well as vendor-specific configurations that affect their detection aggressiveness.

Finally, the absence of cloud-based detection in some command-line versions, which is a key feature of many desktop products, can also lead to discrepancies.

This has been discussed times and times again at least since 2010. On VT vendors provide configurations that they wanna provide. This is often not the full engine. There are many cases where files are not detected on VT, yet they are detected by the actual product. There are also cases where files are detected on VT (experimental/aggressive engines) but there is no detection from the actual product. This has been mentioned in hundreds of threads. For people who read.

 

[Parkinsond]

The Bitdefender Traffic Light extension is great!

McAfee webadvisor, Norton safe web, and Symantec browser protection all did not detect.

 

[Studynxx]

Malware is generous when it comes to paying for ADs, thus services and search engines are reluctant to take them down. Users have to protect themselves.

View attachment 290131

Maybe DNS services like Quad9 would help? Just a thought

 

[Parkinsond]

This has been discussed times and times again at least since 2010. On VT vendors provide configurations that they wanna provide. This is often not the full engine. There are many cases where files are not detected on VT, yet they are detected by the actual product. There are also cases where files are detected on VT (experimental/aggressive engines) but there is no detection from the actual product. This has been mentioned in hundreds of threads. For people who read.

Which AV engines on VT you recommend to consider their results, according to your knowledge regarding what each AV exactly is providing VT with?

 

[piquiteco]

The Bitdefender Traffic Light extension is great!

And she was the first to block

 

[Trident]

Which AV engines on VT you recommend to consider their results, according to your knowledge regarding what each AV exactly is providing VT with?

ON VT, you should trust Kaspersky and Eset. But VT is not a platform to help protect yourself, it is just for reference purposes and mostly, for security vendors.
Avast is trusted too.
Looks like McAfee on VT uses only the online reputation system and not the AV. Or there could be a delay. This happens with a lot of vendors.

The file was detected by these engines:

hti (Heuristic Threat Intelligence)	File Rep: 15, HTI Rep: 15, URL Rep: 65
av (Antivirus)	HTI Rep: 50
neo (ML/AI Engine)	HTI Rep: 50

Notice the the URL, even though not blocked, still plays a role in detecting the file.
The file is also detected by Neo and generic detection. If I stop my internet connection, there will still be a detection from the local antivirus module and it will have a different name.