I really like the integration of VirusTotal into GlassWire.
However, if any of the anti-malware engines at VirusTotal think the file is malicious, the alerts in GlassWire are presented the same as if no anti-malware engines think it is malicious.
A nice change would be to somehow SHOUT the alert if even a single engine at VirusTotal has a problem with it.
I am really not sure how best to display high priority alerts, but something extra to really try to catch the users’ attention would be good.
Thanks for your feedback. Perhaps the alerts should look and act differently depending on the status of the analysis.
I have been using VirusTotal far longer than it has been integrated with GlassWire. It is very common to see a false positive on one or two AV engines for any given program scan, especially with the lesser known AV engines. I try to scan everything I download with VirusTotal. The nice thing I have noticed with GlassWire integration is that it scans program versions that have changed by auto-updates. So now it covers even the stuff I don’t manually download and install. Nice!
To do something like an alert system, you would need to be able to set a custom alert threshold, as everybody would likely have an individual tolerance for acceptable false detection rates. I would prefer not to hear about 1-3 alerts, unless they were for one of the major AV players, then I would probably like to put eyeballs on the potential threat to ensure it was a false positive.
However, if the majority of the AVs were to scream red, an alarm would be nice to have so that I could pull out all of the stops, lock the network down, and figure out what was going on.
Since I started seeing the number of times a single AV engine at VirusTotal has complained about something I am sure is okay, I think having a user-selectable threshold would be good.
I would not want GlassWire to decide for me that ANY number above zero is okay. Leave that decision to me.
I am still not sure what sort of “high alert” I would like. Would colouring it red be enough? Making it bigger? adding sound? (ouch! probably not!)
How about “Danger, Will Robinson!!!”???
It would be cool if we could have an option to disable notifications for Virustotal-Scans with 0 positives