VirusTotal Monitor: Software That Can’t Run Can’t Eat

Software is Eating the World”
- Marc Andreessen, 2011

Marc Andreessen’s quote is not very controversial in 2018. However, software can’t eat much if it isn’t actually running. And in some cases, software products can’t run because an antivirus system has mistakenly identified an app update as malware. If you are a game developer that relies on in-app purchases for revenue, or a global engineering firm that relies on your own software tools to create your products, or even if you are one of the largest ISVs in the world, having the latest version of your software blocked by your customer’s AV product will cause major heartburn.

VirusTotal — part of Chronicle — is one of the largest malware intelligence services in the world. It’s not only an excellent service; it’s also a platform for new services. The VirusTotal team regularly sees opportunities to help new groups of users deal with the effects of malware, and today we announce the availability of the latest solution: VirusTotal Monitor.

VirusTotal Monitor extends the power of VirusTotal to a new audience: commercial software developers. Specifically, VirusTotal Monitor enables a software publisher to understand — both before its app is released, and also on an ongoing basis after it’s in market — whether any of the commercial AV products will incorrectly identify it as malware. This scenario is actually more common than you might expect: a developer adds new capability to its product, and perhaps adds some new libraries to support that capability. The product is updated in various app stores and download sites, and thousands (or even millions!) of users download the update, only to find that an AV product on their machines mistakenly identifies one of the update files as malware and blocks the app from running. It’s also possible that after the software is in-market, an AV update mistakenly flags the software as malware.

Customers are frustrated, the AV vendor receives bad press, and the software developer is hit with both lost revenue and increased support costs while fixing the glitch. If the developer is a large company, it can resolve this situation with the AV company quickly. If not, resolution can take more time. Think this is a small problem? There are hundreds of thousands of developers across the various app stores.

And the problem is even bigger than that. In addition to the many thousands of independent software vendors, thousands of corporations create their own applications, either for internal employee use or for their own customers to use (I have one for each of the airlines I fly on, one for my bank, etc.). AV products regularly mistake updates to these apps as malware, as well. Overall, it’s a real problem that affects the software community, whether the developer is Microsoft, Rovio, General Electric, or a community bank. We believe that VirusTotal Monitor can make a real difference to software creators and users, as well as the security partners who assess these apps for risk.

Monitor gives software vendors a secure and private file system where they can upload all the files related to a product release. Monitor then scans these files with the 70+ AV products within VirusTotal, and if any files are flagged as malware, VirusTotal Monitor automatically notifies both the developer and the appropriate AV vendor, connects them, and streamlines any updates that the software or AV vendor needs to make to ensure a safe and positive release.

The result for ISVs and corporate engineering teams is a better product release process without the cost and effort created by false positive AV results. For AV vendors, VirusTotal Monitor eliminates negative reputation hits from false positives. Of course, end users get a better experience, fewer headaches, and the simple ability to use the tools they expect to use — everybody wins.

The service has been in pre-release testing and is now accepting its first users. Check it out at, read the whitepaper at, or drop us a line at

Will Robinson, 
Chronicle CTO