New
#1
VirusTotal getting annoying cause of FPs
I use sigcheck from Sysinternals to once a month or so check all executable images in system32\drivers and system32 on VirusTotal. Usually there's only a few false positives, mostly from AegisLab and sometimes from ByteHero. I don't know these two engines but from what I've seen so far, I'm not impressed. Anyone knows these two?
This time I got A LOT of FPs from these two, mostly from AegisLab. Almost all files belong to the Windows OS. Sigcheck opens a browser window for every detection and I guess there were like 50-100 files detected. Luckily I was watching my PC so I could close the windows, otherwise my PC probably had crashed.
I have a VirusTotal uploader tool(PhrozenSoft's) but I prefer sigcheck as it's usually not that many FPs.
Here's an example of nslookup.exe a file that hasn't been modified in almost 2 years:
https://www.virustotal.com/en/file/4...is/1415019677/
Question: Does anybody know a way to use VirusTotal but to have it ignore detections only by some engines?
If not, I'm thinking of creating a program that can do this because these FPs by AegisLab are getting ridiculous. The program would still use sigcheck but write detections to a log instead of opening a browser, and then use the log to get each report from VT, parse the result and exclude AegisLab, then show the result.
Interesting fact: I compared engines on VirusTotal and HerdProtect and even though HerdProtect has more engines they haven't included AegisLab. I wonder why