VirusTotal announced today a new paid service called "VirusTotal Monitor" that will alert subscribers when their program have been detected by antivirus vendors as malware. This allows developers and the antivirus vendor to be immediately notified in order to quickly clean up the incorrect detection, or false positive, in the program.
For a software developer, one of the most aggravating problems is when antivirus vendors detect your program as a malware when it is actually harmless. These false positives tarnish a developer's reputation, gets you added to other antivirus vendor's definitions, and could ultimately cause a major loss of revenue as browsers and search engines block your visitors from downloading your program.
I know the aggravation of FPs first hand as my program RKill is constantly hit with false positives from antivirus vendors every time I make an update. This causes me to delay publishing of new versions as I know will ultimately have to spend hours trying to track down the right contact to quickly clear up mistaken false positives. Tracking down the right person to talk to is not always the easiest, especially for some of the smaller vendors on VirusTotal whose sites are down, contact forms don't work properly, or just take forever to get back to you.
This is why VirusTotal Monitor could be helpful to many developers as it makes it easier to keep their software detected properly without having to do much work on their own.
Subscribers of VirusTotal Monitor will get access to a dashboard that displays a summary of all of their uploaded files, current detections, and a timeline showing when vendors detected uploaded files.
When uploading files to Monitor, users will use a Google Drive like interface that allows you to store your monitored files in a private storage bucket. VirusTotal has told BleepingComputer that the files uploaded to "VT Monitor are not accessible via VirusTotal Intelligence unless the file has been uploaded through the traditional VT services (public interface or API)". This means that files uploaded through Monitor are private and not available to any other VirusTotal users, including Intelligence users.
While the files remain in this bucket, VirusTotal will perform a daily scan of each one and check if any detections have changed. If a change in detections is detected, notifications will be immediately sent out to begin the process of clearing the false positives.
The best part of this service is that VirusTotal will automatically send a notification to a subscriber and any vendors that begin to detect a monitored file. As one of the biggest head aches of dealing with false positives is tracking down the right way to submit a file to have them analyzed, having VirusTotal deal with it is one less thing to do.
For many developers, this is enough reason to pay for this service.
At this time it is not known how much this service will cost. Based on some of the information requested when you sign up, it will probably be custom pricing for each client based on factors that include the amount of files monitories and the total size of the private storage bucket.
Thankfully, VirusTotal understands that it's the smaller developers that are hit the hardest by false positives and are going to price the service so it is accessible to everyone.
"This service is focused for both small developers and big companies. In this initial phase we will be targeting only big companies. This will help us calibrate and evaluate the process followed by VT Monitor to help with false positives. After this we will open VT Monitor to small software developers as well and we expect it to have a pricing model which makes it accessible to everyone," VirusTotal told BleepingComputer. "Small developers are really the most affected by false positives and we aim specially at helping them solve this in an efficient and cost effective manner with VT Monitor."
A demonstration of VirusTotal Monitor has been posted to YouTube and can be seen below.