This page shows the relative performance of the Antivirus solutions hosted by VirusTotal. We rank antivirus performance in 2 dimensions: The severity of the kind of Malware they are able to detect, and how well they are able to detect any Malware.
Bubbles toward the top right represent the best performers
MetaFlows' network antivirus extracts files in real time from the traffic being transmitted across our customers' networks. We send the hash of dangerous file types to VirusTotal. 55+ antivirus at once will tell us if they have seen malware in that particular file. If the file is unknown (VirusTotal has not seen it before), we send the file to the MetaFlows Sandbox where it is detonated in a controlled environment to find zero-day exploits.
We also show the MetaFlows Sandbox numbers to implicitly also compare antivirus performance with zero-day threat detection. The sandbox, will always have severity of 100 but may detect a variable number of zero-day threats depending on the week. The sandbox detection rate can be interpreted as the relative incidence of zero-day threats vs. known threats.
|Antivirus Vendor||Description||Global True Positives (
||Global Hits (
||Avg Priority (
||Global Priority (
||Relative Detection Rate (
The table below the bubble graph shows the sortable raw data. The first column is the invariant extracted from the events. If you have an account with MetaFlows, you can click on certain invariants to see if your sensors have detected it. The other columns should be self-explanatory. Hovering over a bubble or set of overlapping bubbles shows the raw data represented by the bubble(s) selected. This selection is sticky so that you can go to the table and inspect the data or click on the links within the table. To see all rows in the table, click outside any bubble.