File - List of Engines

The main search box also allows you to specify a full or partial malware family name ( Backdoor.Win32.PcClient!IK, Sality, Mydoom.R), or any other text you want to find inside the antivirus reports. However, this kind of search will look at all indexed fields for the file, it will not only focus on the antivirus results. In order to focus exclusively on the antivirus results (no matter which particular engine produced the output), you should use the engines prefix. For example:engines:"Trojan.Isbar"or engines:"zbot".

Identifying Antivirus Engines

If you are looking for files detected by some specific antivirus vendor you can make use of vendor prefixes. These prefixes should preceed your keyword in order to restrict the scope of the search to a particular antivirus solution, for example: symantec:infostealer, mcafee:rahack, f-secure:virut.

Identifying Antivirus Symantec

By using vendor prefixes you can also search for all files detected by a given vendor, independently of the malware name. To do this you must write the vendor prefix followed by the special keyword infected, e.g. ESET-NOD32:infected. In this case the word infected does not necessarily have to be present in the antivirus signature, it is just indicating that the file must be detected. Similarly, you can list all files not detected by some antivirus by using the keyword clean. For example:ESET-NOD32:clean.

Identifying Antivirus Clean

This is the full list of allowed vendor prefixes:

acronisad_awareaegislabahnlab
ahnlab_v3alibabaalibabacloudalyac
antivirantivir7antiy_avlapex
arcabitavastavast_mobileavg
aviraavwarebabablebaidu
bitdefenderbitdefenderfalxbitdefenderthetabkav
bkav_procat_quickhealclamavcmc
commtouchcomodocrowdstrikecybereason
cylancecynetcyrendeepinstinct
drwebegambitelasticemsisoft
endgameescaneset_nod32f_prot
f_securefireeyefortinetgdata
googlegridinsoftikarusinvincea
jiangmink7antivirusk7gwkaspersky
kingsoftlionicmalwarebytesmax
maxsecuremcafeemcafee_gw_editionmicrosoft
microworld_escannano_antivirusnod32nprotect
paloaltopandaprevx1qihoo_360
risingsangforsentinelonesophos
sunbeltsuperantispywaresymantecsymantecmobileinsight
tachyontencentthehackertotaldefense
trapminetrendmicrotrendmicro_housecalltrustlook
varistvba32viprevirit
virobotwebrootwhitearmoryandex
zillyazonealarmzoner

The list is subject to changes as new antivirus solutions are integrated in Google Threat Intelligence and existing ones change names so do not forget to visit it every once in a while.

Back to Top