MetaDefender Cloud - New Voting Feature

At OPSWAT, we are constantly updating the threat intelligence we have on files and working to connect different analytics together. We know that security is now a top priority in virtually every organization, with breaches and malware infections having the potential to do considerable damage in terms of reputation and costs.

If you are familiar with multi-scanning, you know  that there are no ironclad guarantees. If a file is flagged as being infected by 20 or more anti-malware engines, there’s a good chance that file is, in fact, infected. But a file with only two engines flagging it as infected might be a false positive, or might be new malware that is just starting to be detected by engines. To make matters even more challenging, a file not detected by any engine does not necessarily mean that it’s a clean or harmless file; it just tells you that no threat has been detected. There’s a chance that this is a zero-day exploit, not yet detected by any anti-malware engine, but detectable by the malware research community or even by regular users who have been infected by this file.

Which leads us to an exciting new feature in MetaDefender Cloud. Designed to make the multi-scanning process more robust, OPSWAT has just released the first in a series of crowdsource features:  voting buttons for files. With this new feature, users can provide first-hand feedback about the health of the files they are using based on real-world experience. These votes act as another level of security data collected by OPSWAT, giving our user community the power to extend our collective knowledge about files by marking them in one of two ways:

  • "Malicious"– Independent of the information displayed on the scan results page, our community marks the file as being malware. By voting, the user consents to sharing knowledge about the behavior of the file leading to the conclusion that the file is unsafe and should be blocked by security systems.
  • "Clean"– Independent of the information displayed on the scan results page, our community marks the file as being safe. This is a legitimate file that does what it is supposed to do, not infected or harmful in any way, not conducting unwanted operations or sharing data without the consent of the user.

The user voting section can be visualized on every scan results page, in the overview section:

Note: In order to ensure a clean process, this feature is only available for registered users. We want to encourage legitimate proportional votes, so each user will be able to vote for one file only once, marking it as "Clean" or "Malicious" once that determination has been made.  

For API users, the results will be available with hash lookup as the “votes” field:

In assessing the safety of files, the votes field can be taken into consideration along with multi-scanning results to decide if a particular file is to be trusted or not. This new feature gives you one more valuable data point to help navigate the shark-infested waters of malware and infected files. Using crowdsourced information broadens and deepens our knowledge base, but file safety will remain a complex area and a moving target. Users should still use their own judgement when determining whether a file is safe using all of the resources at their disposal.

We encourage you to start using this new feature today, and send us your feedback via the contact form. Happy voting!

Sign up for Blog updates

Get information and insight from the leaders in advanced threat prevention.