ThreatExpert, Generate Software Behavior Reports
There is always risk involved when you execute software on your local system. You can reduce that risk by updating your operating system regularly, running up to date security software or executing suspicious files in a sandboxed or virtual environment.
When you review as much software as I do, you are grateful for every additional tool that you can utilize to make sure a software can be recommended on your site. Nothing's worse for your site's reputation than recommending a program that turns out to be malicious in nature. This fortunately has never happened on Ghacks yet.
Threat Expert is one of those services that helps you analyze files. You can use an online form to submit files directly on the website, or download an applet for your Windows operating system to send files directly from your desktop to the service's server.
You need to add an email address if you use the local application to send a file to Threat Expert, as it may take some time to scan the file. The email contains the link to the report on the website. Scans during tests did not take longer than five minutes to complete. The online submission did not work at all during tests, only the submission applet worked as advertised.
The report displays many useful information, including technical details about files that were created on a system (if the file is an installer), directories that were created, Registry modifications and attempts to connect toremote hosts. Take a look at this sample report for pointers.
A click on a particular file name listed in a report displays additional information about the file. You see the number of cases where the file was analyzed in reports, and the number of incidents when this file was found to be a threat.
You can browse and search all previously generated reports on the site, which may be helpful if you want to quickly look up a file name.
Probably the biggest limitation of the service is the file size limitation. You cannot upload files larger than 5 Megabytes which means that some files cannot be scanned at all.
The ability to display local and remote activities is on the other hand the most valuable feature of the service.