VirusTotal Reviews

As I work in an incident response role, my daily task is to mitigate the security alert and perform the analysis part. When any alerts come, I check the IPs from where they originate and the location. If any URLs or domains are involved, I check when those domains were created. I also check what the final URL of a redirected URL is. All these tasks are performed using VirusTotal.

VirusTotal makes our analysis easy. By providing scores and details, we can determine how malicious or genuine a site, IP, or anything else is. This helps streamline the process.

VirusTotal provides 95% to 98% accurate information. The Details feature shows the most valuable information. Compared to others, it provides comprehensive details, such as the first creation, first submission, and last analysis dates.

I would like to see improvements in the score consistency and accuracy. VirusTotal should add more details like those from competitors such as URL Void or Symantec URL Checker, which show the category of websites. The addition of a file selection option to analyze files would also enhance the service.

I have been working with VirusTotal for almost two years.

We have not faced any performance or stability issues with VirusTotal. It is stable and works well.

We have not faced any limitations in scalability. We receive all types of details we need.

We have not contacted technical support, so I cannot comment on their service.

Positive

I have used URL Void and Symantec URL Checker, which are similar solutions.

The onboarding process was easy and straightforward. We did not face any challenges.

I do not know about the pricing or licensing as our organization services VirusTotal for our clients.

I recommend focusing on the Analysis part, which is very good in VirusTotal. I'd also suggest adding a file selection feature for analysis, an area where other tools provide more options.

I'd rate the solution nine out of ten.

My main use cases have been to check whether the files are malicious or appear to be malicious and whether they are recognized based on the signature generated after scanning them. 

Additionally, I use it to determine if a file has been seen before, particularly when detecting leaks of possible proprietary files. The ability to see what sites are related to a certain file or program is also valuable for uncovering previously unknown connections.

The feature I like the most is the ability to see the MD5 or SHA-256 signature of the file, and also the composition of the file according to its segments. This allows me to compare versions of programs and determine if there are any major differences that could indicate a trojan or another threat. 

Additionally, the hash sharing feature is quite useful in understanding if others have encountered a specific file before.

There is room for improvement, particularly in making some of the most useful features more accessible in the non-paid version. A key feature behind the paid version is searching for individual hashes, including file names and SSDeep signatures. A researcher license that is less expensive than the enterprise license would also be helpful.

I have been using it for maybe about seven or eight years, or, most likely, around six years in total.

It's very stable. The system does not fluctuate significantly in terms of signatures and decisions, and it is not easily influenced by public input.

It's not incredibly scalable for the free version due to limitations on the size of the files that can be scanned and the lack of batch-scanning capabilities.

The initial setup is extremely straightforward because it's a web-based app that requires no setup, and it can be used directly from the web.

I have seen return on investment by using it.

It is fairly expensive compared to other tools. However, it is definitely worth the investment for the use cases it enables.

I would highly recommend this product to any security analyst or IT engineer that needs to investigate files.

I'd rate the solution nine out of ten.

We usually use it to explore and monitor malicious campaigns and other such activities. We use the IOCs and YARA rules to implement and monitor attacks, and to detect any suspicious or malicious activities. 

We also analyze files privately with VirusTotal's private scanning feature, without sharing them with anyone. 

We have been using other platforms as well, but we feel that VirusTotal adds more value to our services, especially since I mostly deal with retail and FinTech. 

For retail and FinTech, VirusTotal is mandatory, and we have to be more productive with our website and applications.

So, VirusTotal is a great online service that helps marketers and business people analyze suspicious files, and detect malware and malicious content using antivirus engines and site scanners.

I like the entire functionality, the entire ecosystem and architecture of malware and virus detection is impressive. There are four points:

1. VirusTotal is capable of detecting, blocking, and removing viruses and malware.
2. It can identify threats and block phishing attempts. This is a great area that I have not explored yet, but I am looking forward to it. Perhaps the tools will be updated in the next release to address this. This is one grey area.
3. It can scan the dark web and find if an email ID has been compromised. This is another area that we have not explored yet.
4. It helps businesses collect threat data while keeping privacy in mind.
5. I have worked with VirusTotal because it easily integrates with over 70 antivirus scanners and blacklisting services. In addition to those, I think there is much scope to improve and add other services or integrations.

There are two gray areas I still need to explore. I have worked with VirusTotal because it easily integrates with over seventy antivirus scanners and blacklisting services. In addition to those there is much scope to improve and add other services or integrations.

The areas for improvement are that VirusTotal is not using much AI or generative AI models, while other competitors are starting to build them.

For example, VirusTotal's work is based on the setup done by their engineers. If you want to do scanning or protection activities for a specific site, app, or device, that is the area VirusTotal is currently focused on.

But other competitors are building AI models that can do things like left-side scanning and provide auto-generated reports. VirusTotal has predefined reports, but there is a lot of manual effort involved.

Secondly, the API is very limited if I want to integrate VirusTotal with other applications. They need to build more connectors and provide support for Webhook connectors for the API. If you can't build your own connector, it's always good to have provisions for Webhook setup connectors across platforms.

Thirdly, Kaspersky, a competitor of VirusTotal, is using a methodology called "gatekeeper." A gatekeeper is a security system that protects the inside of a building from outside threats. This is the model Kaspersky is currently using. You have your website set up, but the entire army of VirusTotal or Kaspersky is standing guard, protecting you from the first gate itself. 

Right now, VirusTotal detects threats from your domain, but it is always better to verify inside the domain and protect it from the first level when people or malware are entering. This first level of protection is lacking in VirusTotal right now. The security bridge and protection gate are missing.

I have used it quite a lot.

Stability is quite good.

I would rate the scalability an eight out of ten. There is always areas of improvement. 

There is a support email that you have. VirusTotal's support team is there; you can write an email once you take a subscription. 

Just like how McAfee and Kaspersky have worked. Once you sign up for their packages or plans, they have integrated dedicated lines. They have email addresses like support@virustotal.com and questions@virustotal.com.

The best way to get in touch is through these support emails. Sometimes the support number shown is not updated or not working, so we might have to wait for some hours. We do have a technical support team that is pretty active. We can write your subject, our email ID, our support request, and once we send that report, a copy of it will come to us. Engineers will be assigned to handle the issue.

There are two support lines: one for commercial inquiries and another for technical support. So, you have both a commercial inquiry and a technical support system.

For commercial inquiries, because it's more about licensing and services, it takes more time. So out of ten, I'd give it a seven. For technical support, I would give it nine point five out of ten.

It depends on the contract you have signed. There are different contracts based on the number of applications, like one hundred or two hundred applications. It depends on the requirement. They customize the packages based on performance and your needs. For example, if you have two hundred websites and some apps, you need to scan those sites and have them in the system. They offer customized packages and sometimes have offers, like during Christmas, you can get a discount, like twenty percent off the entire package.

Positive

I evaluated a comprehensive set of VirusTotal competitors, including Kaspersky, Bitdefender, and Intezer. But detection is more spot on with VirusTotal. I have also used Check Point ThreatCloud, which is more specific to certain environments. VirusTotal is both focused on detection and removal, and it's good.

The initial setup depends on whether you want to use VirusTotal's API for your website, app, or entire system. The onboarding process is not difficult, and it can be more integrated if you refer to VirusTotal's user manual. 

VirusTotal also has a dedicated support system that can help you with the initial setup. Later, they will provide you with a dashboard where you can view data on malware detection, including what is bad, good, alarming, and warning.

VirusTotal has its own user interface and cloud systems. They have a cloud API as well as given mappings. It depends on how you are going to use it. The company inspects items over 70 antivirus scanners and domains or URLs. For example, if you send a domain like Kellogg.com, that's a domain. Kellogg.com/products is a URL.

So, based on that, you decide whether you need vendor services for the domain or the URL. From a global security standpoint, they have a well-developed cloud setup. With an API, they provide extensive services. If you don't want to use the API, they have other options like Cisco. That's how we are operating right now.

It depends on your requirements. Compared to market competitors, the pricing is good and it's reasonable. They offer a one-week free trial, so it's better to connect with VirusTotal and discuss your needs. They will set up a time with their engineers to analyze your requirements and offer a five to seven-day trial. After that, they will discuss pricing, and they are often willing to negotiate the cost. It is pocket-friendly.

When setting up, list down all your tools. They have tools for desktops, mobile apps, browser extensions, API scripts, client libraries, and a VirusTotal bot. 

My advice is to use the desktop application, browser extensions, and API scripts. Skip the mobile app for now, as they are still working on enhancing its features and techniques. But the VirusTotal bot, ChatGPT, is very useful. 

You can get a lot of information and spot-on answers through the chatbot. The support is quite intelligent.

So, the only area to be cautious of right now is the mobile app. But the desktop app, browser extensions, API script, and especially the VirusTotal bot are very useful.

Overall, I would rate the solution. a nine out of ten. I would recommend using it. 

I am working in GRC, and sometimes VirusTotal is just a tool. We mostly use VirusTotal for pinging suspicious IP addresses. Whenever there is a suspicious IP, we put it inside VirusTotal for further details. We use it to get details about IP originations or when we need to check IPs, URLs, or hashes for their legitimacy.

Having VirusTotal helps the organization mitigate risks, maintain control over breaches, and verify suspicious activity more effectively.

VirusTotal is a great tool that provides perfect results. It gives detailed information about suspicious IPs, which is one of its most valuable features. It detects malware and provides details about Trojans or other malicious activities, giving comprehensive explanations to the user.

VirusTotal needs better advertisement and promotion, especially in the Middle East, since it is not yet widely recognized or popular in that region. Additionally, integrating advanced AI features could potentially enhance its effectiveness.

I have more than four to five years of experience with VirusTotal as part of the SOC, total cybersecurity experience of over ten years, and overall experience of sixteen years.

While I did not directly engage with VirusTotal's technical support, my manager, who did, reported it to be very good.

Positive

I have worked with various vendors and competitors of VirusTotal, including IBM, Microsoft, LogRhythm, all of which can be considered competitors.

The initial setup of VirusTotal is simple and not complicated compared to other solutions. The deployment process involves the integration of VirusTotal with endpoints like PCs, servers, and Active Directory.

I was involved in deployment during my previous work at Saudi Telecom company, and we used a cloud deployment strategy.

I'm unsure about the pricing. I focus on the operational aspects of VirusTotal.

I have experience with IBM, Microsoft, and LogRhythm, which are other vendors that provide similar solutions.

I highly recommend VirusTotal because it is less expensive, most effective, easy to use, and easy to deploy compared to other solutions.

I'd rate the solution nine out of ten.

Using VirusTotal is my responsibility in my current job. I have been utilizing it for security intelligence purposes.

It is developed by Google, which means its search algorithm and efficiency are higher than other tools. It is quite simple for anyone if they just want to check some suspicious URLs.

They can improve the telemetry. Whenever we handle a sample, they cannot provide any information about a victim. We need to guess which one is infected. It's also challenging because there's not enough information about the target.

I have been using VirusTotal for about six years, starting from my first job at Fortinet and currently using it at Trend Micro.

I have never had any problems with stability or bugs while using VirusTotal. It has never broken down.

I am not familiar with their support team. I know it's possibly hired by Google.

Positive

The setup can be difficult. It depends on whether someone has a cybersecurity background or not.

The pricing can be quite expensive, and it is dependent on usage.

I recommend VirusTotal for both people without a cybersecurity background and those with one since it provides intelligence from sixty vendors of antivirus engines.

I'd rate the solution nine out of ten.

I primarily use VirusTotal for investigations and final analysis in security operations processes, specifically for file inspection to check hashes before opening files, to ensure they are not malware. I also employ it for URL service checks and analyzing links, particularly in case they are part of a phishing campaign. 

Additionally, I utilize it for obtaining information about product intelligence and other security cases, especially those related to IP addressing.

VirusTotal has been very useful in terms of correlating integrators of compromise with what already exists within the resources. This has helped in improving security incident response time, making the correlation between known threats and existing data more efficient.

The most valuable features for me include file inspection, IP address inspection, and URL analysis. These features align well with my particular use cases and provide comprehensive solutions for security operations. The community feature is also very useful. 

It allows us to see if there have been previous reports on certain indicators of compromise, providing insights from other security professionals. This acts as threat intelligence, helping to discern false positives from actual malicious files.

I would like to see improved correlation with other threat intelligence sources, not just reliant on its own database, to enhance the database of threat intelligence that VirusTotal offers. 

Additionally, false positives can be quite annoying. Improving its automated handling of false positives and making better use of whitelisting would be beneficial.

I've been working with VirusTotal for a little over three years now.

Aside from a few glitches, there have been no significant performance or stability issues.

I have not tried to scale VirusTotal extensively. That said, it should be applicable to larger environments. However, this was not tested on an environment with over 8,000 endpoints.

We usually manage support in-house, and we have not particularly taken advantage of VirusTotal's technical support services.

I have not worked with any other threat intelligence platform or anti-malware tools before using VirusTotal.

The initial setup was straightforward. It took about a week to deploy VirusTotal in our environment. Only two people were directly involved in its implementation, which indicates that the process was not overly complex.

Two people were directly responsible for the implementation of VirusTotal in our environment.

During the evaluation, we considered hybrid analysis and any.run as alternative solutions.

One main thing is to understand your environment and what you're aiming to accomplish, whether it's dynamic or static analysis, to see if this is the right tool for you. If automation is your goal, especially in incident response, VirusTotal is a great choice. Consider the scalability and cost for your environment, whether small or enterprise and ensure that VirusTotal is a feasible solution.

I'd rate the solution eight out of ten.

I use VirusTotal for hash file analysis with sandboxing and mostly for URLs, particularly phishing attempts. I typically use it to check for possible malicious activity that might be associated with URLs and their websites.

The most valuable feature is the ability to analyze uploaded files, especially relatively large files like one hundred MB to two hundred MB. VirusTotal can analyze these files with different sandboxes and malware analysis engines. 

Additionally, it provides detailed insights into possible malicious behavior, dropped files, and TCP connections.

There should be room for improvement, particularly in the API side of things. It could benefit from more detailed explanations of backwards compatibility and integration into various infrastructures. 

Additionally, there are cases of false positives, such as when analyzing Microsoft block addresses, leading to incorrect malware detections. Improvement in clarity and reducing false positives would be beneficial.

I have been using VirusTotal for more than two and a half years.

I have not experienced issues with stability. VirusTotal has been readily available without breakdowns.

In terms of scalability, VirusTotal is satisfactory. It supports integration with other tools and custom APIs, which enhances its scalability.

I have not needed to contact customer support because the platform provides sufficient information and community support to address any queries.

Positive

I use VirusTotal alongside other tools. None of them are perfect, and I have to build custom sandboxes or use additional platforms like JU Sandbox and AnyRun to monitor specific threats.

I have not delved into pricing as my use case has not yet required full integration into my infrastructure. Once necessary, I will consider pricing.

VirusTotal is an easy tool to use and provides detailed information. For newcomers, I suggest leveraging its capabilities for file and URL analysis. However, the pricing for future full integrations may require consideration.

I'd rate the solution nine out of ten.

The API provided by VirusTotal helps us determine the maliciousness of IP addresses.

The most valuable features of the product are the various API systems it provides. Using the API, allows us to check the reputation of IP addresses, hashes, or URIs, enabling us to implement an automation system in our environment.

The platform could improve in the areas of endpoints and networks.

We have been using VirusTotal for two years.

In our company, I work as a cybersecurity manager in our IT department. Approximately 15 executives in our team use VirusTotal.

We were using IP Quality Score previously but switched to VirusTotal because it is more affordable and easier to use via API. Additionally, it provides comprehensive reputation information about IPs and hashes.

VirusTotal provides the functionality as a SaaS service, making the initial setup straightforward.

We are using VirusTotal with free licenses, managing the license limits across three or four accounts, thus incurring no costs.

The product is easy to use with coding, such as Python or Java, via its API. However, it might be challenging for non-coders to utilize it effectively.

It is recommended due to its affordability and functionality. I rate the product an eight out of ten as it provides a variety of APIs.

I use VirusTotal to examine and manually investigate data leaks, compromised information, and malware. If some malware is targeted at our region, I try to find that with the hash in IoC and create alerts. For example, if some attacker creates ransomware and targets Turkey's financial sector, I write a query for that. After that, Google will show me the hash related to my research. After that, I add this hash to create alerts if a customer gets mail attacks related to this cache.

With VirusTotal, you can do a competitive landscape. For example, I use Kaspersky Endpoint solution antivirus. With VirusTotal, I can check for any hash, malware, file, domain, IP URL, or malicious URL, and Kaspersky stays clean. I can see if Kaspersky misses attacks.

VirusTotal is hard to understand because you need to know Google Docs to create queries, and it doesn't have documentation for that. If you write a specific query, you can find data leaks, mail issues, and incident responses. Google has three billion data for IP and domain. It's a huge database. Google doesn't have any understandable documentation for how to create queries.

I have been using VirusTotal for six months.

VirusTotal has amazing stability.

I rate VirusTotal ten out of ten for stability.

Around five people are using the solution in our organization.

I rate VirusTotal ten out of ten for scalability.

I was not 100% happy with VirusTotal's technical support because they don't have a solid structure. Two weeks ago, I needed a use case for the financial sector, and they couldn't share the use case.

Neutral

The solution's initial setup is easy, and I can do API integration with solutions.

VirusTotal is an expensive solution.

Overall, I rate VirusTotal ten out of ten.

Our primary use case is for information regarding malware and analyzing our samples once we are found in a cybersecurity forensic case.

The most valuable feature is the worldwide malware information database.

I would like to see an improved user interface and some automation.

I have been working with VirusTotal for the past two years.

Technical support is good but they could improve the time in handling cases.

Neutral

The initial setup was straightforward and easy. The implementation took about three days.

There is definitely a return on investment.

The pricing is very economical.

Everyone who works with malware, cybersecurity, or related fields should use VirusTotal. On a scale of one to ten, I would rate VirusTotal an eight.