AV scanning without submitting sample

[ilcrba]

I am curious if anyone knows how some of these sites are able to scan a file and not submit it to the AV company. Example I am talking about is site like https://kleenscan.com/index or old site nodistribute.com

I am interested in setting something like this up if anyone has any information/engines/code that are used.

 

[boom2c]

https://antiscan.me/ for scantime analysis.

I am creating something similar to what you are requesting but cloud-based detection and heuristic analysis will not be available or accurate without sample sharing on.

 

[ilcrba]

https://antiscan.me/ for scantime analysis.

I am creating something similar to what you are requesting but cloud-based detection and heuristic analysis will not be available or accurate without sample sharing on.

I am guessing you have to submit the executable for cloud-based detection and heuristic analysis? So any site that doesn't submit probably doesn't check those?

 

[boom2c]

Sorry for the late reply, that is correct. Cloud-based detection in Windows Defender are available without sample submission as far as I am aware. However, without internet access and sample sharing for most AV/EDR there will be no way to check against latest and cloud-based threat protections.