Results 1 to 7 of 7
  1. #1
    Star Lounger
    Join Date
    Dec 2009
    Posts
    51
    Thanks
    1
    Thanked 4 Times in 3 Posts

    Question Have you tried herdProtect?

    What is this community's take on herdProtect? If you haven't seen it yet, here's the description from the website:

    "herdProtect is a second line of defense malware scanning platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.

    As a second line of defense anti-malware solution, herdProtect is designed to run with any existing anti-virus program already installed on a user's PC. herdProtect is a free service to help user's find and remove malicious software."

    Sounds good to me... but it seems like it has to scan my pc and send all of what it considers suspicious into the Cloud to scan it... and that makes me nervous.

    Opinions, please...


  2. #2
    jwoods
    Guest
    I tested it, and although the concept is good (sort of like submitting everything to VirusTotal.com), I was not impressed with the results.

    It came back with 4 false positives on a verified clean system.

    It asked me to run the scan again later because 35 files were being analyzed in the cloud. After 3 scans, it finally completed the cloud analysis.

    I uploaded the fp's to VirusTotal and received almost identical results, with one exception. herdProtect flagged comctl32.dll as suspicious by the Avira scanner, but Avira on VirusTotal said it was clean.

    To their credit, herdProtect did say that there was not enough information to make a detemination, but a user could still remove file.

    I could see a novice getting in trouble with it...JMO.
    Last edited by jwoods; 2015-05-02 at 17:21. Reason: Updated results after further testing.

  3. The Following User Says Thank You to jwoods For This Useful Post:

    Fascist Nation (2015-05-02)

  4. #3
    Star Lounger
    Join Date
    Dec 2009
    Posts
    51
    Thanks
    1
    Thanked 4 Times in 3 Posts

    Which scanners found issues?

    [QUOTE=jwoods;999060 It came back with 4 false positives, but unlike VirusTotal, didn't give an overall score of how many engines thought the fp's were suspicious.]

    I'm testing the currently free beta, which can remove suspicious programs as well as locate them. I like the user interface, although it is a little, well, non-obvious. On the Scan Results screen, you can see which scanners identified something as an issue; just click on either the program name or the icon. Those scanners' names will display, along with the reason why each scanner found an issue. To the right, you'll also see two green buttons labelled Actions and Details.


  5. #4
    jwoods
    Guest
    See my modified post above after further testing...

    You do have to click on each entry to see how many scanners flagged it...I like the Autoruns format that shows the entry and highlighted link with the Virustotal score. The more obvious, the better..

    It also appears that if you quarantine a file, you can't undo it.

    herdProtect appears to still be a beta.
    Last edited by jwoods; 2015-05-02 at 17:34.

  6. #5
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,490
    Thanks
    284
    Thanked 577 Times in 480 Posts
    I too have tested herdProtect, like anything that relies upon heuristics, backed up by any multi analysis, false positives will happen. Heuristics = guesswork; out of the 68 malware engines used (when they're all available), I'd probably only trust ~10 of them.

    They do have other software as well, their Should I Remove it site is quite useful, the software, perhaps less so - especially if you don't have the experience to work through the results shown.

    Their 3rd software is a Windows 'booster', it might be useful to detect some issues, experienced users probably won't need to use any 3rd party software for the same results.

    They also have a secure file shredder and have recently acquired the rights to Unchecky (which they may already have incorporated into one of their other software above).

    Overall, worth looking at, providing you know what you're doing, otherwise, stick to tried and trusted software - or seek out unbiased community help.

    EDIT: Unchecky has been incorporated into a new package, Reason Core Security. Probably still in Beta (it didn't work too well with my setup), again, worth looking at but beware of bugs and false positives, etc.
    Last edited by satrow; 2015-05-02 at 21:23.

  7. #6
    2 Star Lounger 1PW's Avatar
    Join Date
    Feb 2011
    Location
    North of the 38th parallel.
    Posts
    131
    Thanks
    26
    Thanked 46 Times in 28 Posts
    In one known instance, Reason Company Software Inc. has not received legal permissions to use the work product of another's software product distribution. In that case it is Malwarebytes Corporation.

    IMO it would not surprise me if this was the case with most of the engines that Reason Company Software Inc. borrows...
    All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.

  8. The Following User Says Thank You to 1PW For This Useful Post:

    satrow (2015-05-03)

  9. #7
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,490
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Also, the AV engines might be a major version or more lower than the current download versions and those used by VirusTotal, etc. The Avast engine looks like it's around a year older than the current one, that alone can make a significant difference in detection and false positive rates.

    Check which engine your current AV/AM uses and compare them here: http://www.herdprotect.com/knowledge...etections.aspx

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •