Post

Antivirus Detection Name Dump

About

This project contains the CSV files of malware detection names from some antivirus products, and a PowerShell script for dumping the detection entries.

Getting Started

Each subfolder contains dump CSV files with vendor’s name and date. File name ends with BASE contains names from a vendor’s scan engine, and others may be different depended on the sources of detection (e.g. behavior protection).

Prerequisites

To run the PowerShell script:

  1. Download the Windows Sysinternals and add it to PATH, or install it from Microsoft Store.

  2. Disable the PPL (Protected Processes Light) using PPLKiller, or use Microsoft Windows 7 (it does not serve the PPL).

  3. Disable Self-Protection Module of AV if possible.

Note: You may need to update the PowerShell (v4.0 or later) and .NET Framework (v4.5 or later) in order to run this script in Windows 7.

Usage

powershell -executionpolicy bypass -File .\AV_DUMP.ps1 <Name>

List of Supported Vendors

NamePPLNeed to Disable SPDetection SourceAccuracy
HuorongNoNoBASEHigh
KasperskyYesYesBASE, PDMMedium
MalwarebytesYesNoBASE, DDSHigh

View Project

This post is licensed under CC BY 4.0 by the author.