While VirusTotal.com is an excellent tool for checking a single file, it can’t be used to scan all files on your computer. Wouldn’t it be great if there was a service that could efficiently scan all files on your computer using multiple anti-malware engines?

herdProtect from Reason Software is a free anti-malware service that does exactly that. It can scan all the files on your computer using 68 different anti-malware engines. The big ones are represented; Avast!, AVG, BitDefender, eSet, McAfee, Microsoft, Panda, Sophos, Trend, etc. All 68 are listed at the herdProtect web site.

I wondered how it would be possible to scan all your files using multiple anti-malware engines in a reasonable time-frame. The typical means of scanning files is to download an anti-malware engine to your computer and run it against all your files. I couldn’t imagine doing this 68 times.

herdProtect takes a hash of all the executable files on your computer and send the hashes to the herdProtect server where they are compared to the hashes of known files – good and bad. If no match is made, the file in question is examined in more depth to find out how it behaves. If required, the actual file will then be sent to the herdProtect server to be checked against all 68 anti-malware engines.

Once the scan finishes, which on my computer took about an hour, you are presented with a list of files that were identified as bad. You can click any line to get information about which anti-malware engines found the file to be infected. There are buttons to delete the file or to get additional details. (Fig.2 – a PUP)

I am happy to say that although the program flagged a few files on my computer, there was nothing I was overly worried about. I had two flagged as “Adware/PUPs” – PUP being “Potentially Unwanted Program”. True enough for my copy of Remote Administrator – if I had not installed it, a remote control program would certainly be of concern. The other was a DLL associated with PopCap Games. I play games at Pogo.com and some of them are PopCap Games. If I want to play them, I will have the DLL on my computer. The lesson here is to not rush and assume everything identified by herdProtect should be wiped from your computer!

I also had 9 files on my computer flagged as Inconclusive”. In each case only a single anti-malware engine identified the file as a problem. This, and given that the files all came from trustworthy sources and had been on my computer for some time, were pretty certain signs that they were false positives. While herdProtect has some built-in smarts for detecting many false positives, it seems to have missed on these 9.

You will almost certainly run into cases where the scan reports “xx more currently scanning in the cloud”. At this point the client software has uploaded copies of the files to the herdProtect servers where they will be analysed by all 68 anti-malware engines. The next time you run a scan, hopefully the files will have been checked and you will then know if the files are okay or not. I say hopefully because after weeks of use, there were always some files still “scanning in the cloud”.

I did run into a strange thing. As I mentioned, herdProtect identified 9 of my files as Inconclusive, an assessment that can result from very few of the anti-malware engines identifying a problem. Eight were part of the program DxO OpticsPro 10, a well-known program for editing digital photos. The 9th was the Camera Window program distributed with just about every Canon camera on the market. For all 9, only a single anti-malware engine identified the file as problematic. Yet for all 9, when I uploaded them to VirusTotal.com, they were given a clean bill-of-health – including by the exact same engines that had declared them as bad in herdProtect.

I have no idea what to make of this.

For the Remote Administrator program (identified by 24 engines in herdProtect as Adware/PUP) and the PopCap DLL (identified by 15 engines in herdProtect as Adware/PUP), the results were more reassuring. There was only a single instance where an anti-malware engine in herdProtect identified the file as bad and the corresponding engine in VirsuTotal.com disagreed.

The idea of your executable files being uploaded to herdProtect’s servers might raise some hairs on the back of your neck. As well, the very fact that the folks who run herdProtect now know all the programs you run on your computer may concern some. You might want to read the privacy policy on the herdProtect web site and decide if you want to trust them or not.

herdProtect’s web site mentions Protection Platform which is “coming soon” and will “Scan and remove malware with real-time protection.” To me, that is when things could get very interesting. If you could do away with your single-vendor anti-malware program and have every new program that arrives at your computer checked in real time against 68 anti-malware engines, before they get a chance to infect your computer … wow!

I can think of at least one instance where Protection Platform might be problematic. herdProtect depends on an active connection to the herdProtect servers. What if they are down or unreachable for any reason? Is all your anti-malware protection gone? Only time – and the release of Protection Platform – will tell.

Fig.2 – A PUP

herdProtect is developed by Andrew Newman, who was the co-founder and chief software architect for GIANT Company Software, makers of one of the most respected anti-spyware programs on the market in its time. In fact, Microsoft bought the company and used it as the basis for Windows Defender (which became Microsoft Security Essentials, and with Windows 8, Windows Defender again.) Newman plans on keeping all versions of herdProtect free. The program itself is ad-free. The web site has a few ads and they accept donations via PayPal.

I think herdProtect is very valuable as a second line of anti-malware defence on top of your currently installed anti-malware. It is available as a regular installable program as well as a portable app not requiring installation.

Bottom Line:

herdProtect v1.0.3.0 (Freeware)
Reason Software
http://www.herdProtect.com