herdProtect is a promising cloud-based malware scanner for Windows

Martin Brinkmann
Dec 17, 2013
Antivirus, Security

Ever since cloud became a buzzword many security companies started to make use of it in their products. This usually meant doing some of the scanning and verification remotely and not on the user computer.

While that has certain advantages, like an always up to date database and software, it also meant that users had to have an Internet connection at their disposal to make use of the feature. And some users did not like the privacy implications that went along with the move.

The new program herdProtect is a cloud-based scanner, which may keep some users from giving it a try. Unlike most other programs that rely on a single engine to test against malware, herdProtect uses 68 of them.

The engines are not listed as text on the website of the project unfortunately, but you may be able to identify some by looking at company logos placed on it. Among them are many heavyweights such as Kaspersky, Bitdefender, Avg, Eset, or Avira to name a few.

The current installment of herdProtect scans the PC for objects in critical locations, e.g. running processes but also desktop files, and scans those in the cloud.

While there is no confirmation of this on the project website, it appears that it is using a signature-based approach for that. This means that it generates a hash of each file and checks it against the project database hosted in the cloud. A found hash means that an identical file has already be scanned and the result is transferred back to the user PC.

If a file hash is not found, it needs to be uploaded to be scanned remotely.

The scan itself should not take longer than a couple of minutes. In the end, a scan result page is displayed listing all files that at least one of the supported engines marked as malicious or problematic.

scan results cloud scan

The results are sorted into different groups like adware or inconclusive detection. In those groups, the files with the most hits are always displayed from top to bottom.

You can click on any result to display the engines that identified the file as malicious or problematic. The program itself displays a suggestion as to what you should do with the program, for instance to remove it if it is not needed on the PC.

A click on view opens the Windows Explorer folder of the file while details the results page on the heardProtect website. Here you find additional file details, the file's digital signature, its worldwide distribution, known variants, and other related information.

Note that all of the scan results are automatically moved to the cloud and from there to the company website where they are publicly accessible. There is no option to disable that, but the information that are posted there do not contain any identifiable information from what I can tell. The only possibility in this regard is that the file name may contain information.

The program does not offer any removal of its own at this point in time. That's a serious problem, considering that your resident anti-malware program may not even identify the detected files as such.

The company plans to release updates to the program which will improve it significantly. Plans are to integrate the removal of malware in the first quarter of 2014, and to add real-time protection of the system in the second quarter of the same year.

For now, it is an alternative to the popular Virustotal service and programs such as Virustotal Uploader.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. duncan lucas said on April 8, 2014 at 10:09 pm

    I have been using Herd Protect for a few weeks now. When I downloaded it it didnt have any removal facilities for viruses found . I got an email from the company saying that the new version had removal facilities and down loaded it. To me it works just fine as a secondary check for viruses and the company expresses the same comment. It is smooth to operate with no adware etc hidden away. On my Win 7 Prof 3770K chip it only takes a few minutes to go through the process. I have judged that if there are over 4 virus programmes showing it as a virus then it should be checked out. The company dont claim that it should be used in place of your paid for virus programme only used alongside although I hear that it will be providing real -time detection in the future. I did try others particularly trend micro house call. Sadly it contained adware so I removed it.I like this programme it is light on my system doesnt contain nasties and blends in nicely with my system. Some people criticise it -not me. It does what is says on the box.

  2. Chris said on December 18, 2013 at 7:42 am

    some competition for HitmanPro, eh? ;)

  3. Lazyboyz said on December 17, 2013 at 7:15 pm

    Files Scanned – 2116
    Processes Scanned – 86 (844 modules)
    Startups Scanned – 464
    Inclusive Detections found were 11 and all were false positives, took about 1/2hr to scan, yikes!

  4. DrJBHL said on December 17, 2013 at 2:21 pm

    Good news, perhaps. Won’t having 68 scanning engines increase the probability of false positives?
    Will it rank “positive findings” as to probability that it is malware? If so, how will it do that? What standard will a “true positive” have to fulfill to make it a “true positive” (malware) or a “true negative” (safe)?

    Thank you (as usual) for interesting and thought provoking articles, Martin.

    1. Martin Brinkmann said on December 17, 2013 at 2:24 pm

      Yes, the more engines you have, the more likely it is that you will get false positives. It is usually easy enough to spot those, especially if one of the lesser engines reported a hit while all others did not.

  5. John Parlapipas said on December 17, 2013 at 1:00 pm

    Here, it is the complete List of Engines:

  6. ilev said on December 17, 2013 at 10:53 am

    Not portable.

    1. Wuflonard said on December 17, 2013 at 7:02 pm

      It isn’t true. You can extract the program from the installer (with 7zip for example) and use the software herdProtect as portable.

      Thanks Ghacks for the discovery of herdProtect. I only known HitmanPro.

      1. Wuflonard said on December 23, 2013 at 5:22 am

        I had try myself. So, I didn’t understand your reply…

      2. ilev said on December 18, 2013 at 6:30 am

        No you can’t.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.