Make your video test requests!

Attachments

  • Screenshot_20260619-195648_(1).png
    Screenshot_20260619-195648_(1).png
    99.5 KB · Views: 23
We need a retest of AVG!
Maybe I got lost in the shuffle, but I thought you guys had decided if you tested Avast, Norton, or Avira, you had in essence tested AVG... I know Ai told me that was the case concerning these four. It said "Same under the hood" just different cosmetic overlay.
 
  • Like
Reactions: Jonny Quest
Not a request to test, but a request to give feedback on the heuritics checks and false positive reduction filter

Hi Shadowra,

Since you have tested so many security programs, I would like to ask help for improving download sentinel.
The latest download.zip is on GitHub - Kees1958/DownloadSentinel: A Chrome extension which warns users when a risky download is initiated (version 1.3) the chromestore is still on 1.2 Download Sentinel - Chrome Web Store

When you have additional heuristics idea's please provide feedback, currently V 1.3 checks

Heuristics Checks
  • Quad9 DNS - checks if the domain is on Quad9's blocklist of confirmed malicious domains
  • RDAP domain age - new domains (< 30 days) get a penalty; very new (< 2 days) get a higher penalty
  • HTTP - flags downloads from insecure HTTP domains
  • Suspicious domain list - checks against an internal list of domains known for hosting malware or risky content (e.g. Discord CDN)
  • Suspicious TLD - flags high-risk top-level domains commonly abused by malware (e.g. .xyz, .top, .tk, .buzz)
  • Risky hosting platform - flags known file sharing / paste sites used to distribute malware
  • File size - flags downloads which exceed 650 MB (often neglected by AV's
  • Mime type - when mime type is filled (not generic), it flags inconsistency with file type
  • Sketchy downloads - see below
URL Pattern Checks (SketchyUrlCheck)
  • IP address as host — flags downloads directly from an IP address instead of a domain
  • Punycode / homograph — detects internationalized domain names (xn--) used to spoof legitimate brands
  • Excessive subdomains — flags URLs with many subdomain levels (e.g. a.b.c.d.evil.com)
  • Brand impersonation — checks if known brand names (Microsoft, PayPal, Google, etc.) appear in the wrong part of the URL, combined with lookalike character substitution (e.g Micros0ft or P@yP@l or Goog1e).

VirusTotal URL Reputation
  • Looks up the download URL against VT's database of 90+ security engines
  • Reports engine counts: not harmful / unknown / suspicious / malicious
  • Applies FP reduction filter (HIGH/MEDIUM/LOW) to remove noisy engines
  • ABC consensus bonus rewards strong clean consensus across many engines
  • Age penalty for URLs submitted less than 7 days ago
  • Longevity bonus for URLs known to VT for 30+ days

File Type the on download trigger fires
  • Blocks executables: .exe, .com, .bat, .cmd, .msi, .dll, .hta, .scr, .vbs, .ps1, etc.
  • Blocks archives: .zip, .rar, .7z, .tar.gz, etc.
  • Also catches executables MIME types
Because you tested many AV's I would like to use your insights in the current False Positive reduction filter (to reduce FP's on VT)
DownloadSentinel/DownloadSentinel_FP_Engines.xlsx at main · Kees1958/DownloadSentinel

1782717718765.png


P.S. @Trident
When your free extension checking URL's is ready which does not need a local windows executable, I would be happy to use a free version API when VT returns an unknown (to limit API-calls). When I add the requirement to request a free TRIDENT-API-KEY at your website for that fallback check, I can help (although just a little) with link building and generating traffic to your website (and feed your AI-model with download links unknown to VT).

:-) It is a win-win, think about it.
 
Last edited:
  • Love
Reactions: Zero Knowledge
This might be a fun test if you ever have time... intentionally infect a machine with 10-20 malware samples, then run the Advanced Security Snapshot in Secure Helper to see what it detects ;). Thank you @Shadowra!
 
  • +Reputation
Reactions: ErzCrz