Antivirus Detection Name Dump
About
This project contains the CSV files of malware detection names from some antivirus products, and a PowerShell script for dumping the detection entries.
Getting Started
Each subfolder contains dump CSV files with vendor’s name and date. File name ends with BASE contains names from a vendor’s scan engine, and others may be different depended on the sources of detection (e.g. behavior protection).
Prerequisites
To run the PowerShell script:
Download the Windows Sysinternals and add it to
PATH, or install it from Microsoft Store.Disable the PPL (Protected Processes Light) using PPLKiller, or use Microsoft Windows 7 (it does not serve the PPL).
Disable Self-Protection Module of AV if possible.
Note: You may need to update the PowerShell (v4.0 or later) and .NET Framework (v4.5 or later) in order to run this script in Windows 7.
Usage
powershell -executionpolicy bypass -File .\AV_DUMP.ps1 <Name>
List of Supported Vendors
| Name | PPL | Need to Disable SP | Detection Source | Accuracy |
|---|---|---|---|---|
| Huorong | No | No | BASE | High |
| Kaspersky | Yes | Yes | BASE, PDM | Medium |
| Malwarebytes | Yes | No | BASE, DDS | High |