I really like the integration of VirusTotal into GlassWire.
However, if any of the anti-malware engines at VirusTotal think the file is malicious, the alerts in GlassWire are presented the same as if no anti-malware engines think it is malicious.
A nice change would be to somehow SHOUT the alert if even a single engine at VirusTotal has a problem with it.
I am really not sure how best to display high priority alerts, but something extra to really try to catch the users’ attention would be good.
I have been using VirusTotal far longer than it has been integrated with GlassWire. It is very common to see a false positive on one or two AV engines for any given program scan, especially with the lesser known AV engines. I try to scan everything I download with VirusTotal. The nice thing I have noticed with GlassWire integration is that it scans program versions that have changed by auto-updates. So now it covers even the stuff I don’t manually download and install. Nice!
To do something like an alert system, you would need to be able to set a custom alert threshold, as everybody would likely have an individual tolerance for acceptable false detection rates. I would prefer not to hear about 1-3 alerts, unless they were for one of the major AV players, then I would probably like to put eyeballs on the potential threat to ensure it was a false positive.
However, if the majority of the AVs were to scream red, an alarm would be nice to have so that I could pull out all of the stops, lock the network down, and figure out what was going on.
Since I started seeing the number of times a single AV engine at VirusTotal has complained about something I am sure is okay, I think having a user-selectable threshold would be good.
I would not want GlassWire to decide for me that ANY number above zero is okay. Leave that decision to me.
I am still not sure what sort of “high alert” I would like. Would colouring it red be enough? Making it bigger? adding sound? (ouch! probably not!)