Originally published at: http://www.howtogeek.com/school/sysinternals-pro/lesson9/
We’re almost done with our Geek School series on SysInternals tools, and today we’re going to talk about all of the utilities that help you deal with files and folders — whether you are finding hidden data or securely deleting a file.
A lot of great tools in here I haven't gotten around to playing around with yet. Thanks again for doing this series!
Couldn't SigCheck theoretically be used to scan a whole partition with VirusTotal - kind-of an ultimate antivirus scan for your PC?
sigcheck -s -vt -vs C:\
Seems like this would be a little abusive. Does it submit all files to VirusTotal, or just unsigned files? Limiting it to just unsigned files would definitely reduce the impact of a whole-system scan like this, but probably not by much when you start counting in the content of user profile folders. Is there anything stopping you from doing this? If not, has VirusTotal commented on the issue at all to say whether it's an approved usage?
You can definitely use this to submit all your files, although I'm not sure if VirusTotal would rate-limit you or something. Since I'm guessing most files have been submitted to VirusTotal at some point, it will mostly be just sending the hash of the file to see whether it was already reported, and only new executables that VirusTotal hadn't seen would be uploaded.
Where it would be really useful is to create some type of script that runs against your Downloads folder, since that is where most of the problems are going to arrive from.
I'm pretty sure that's not right. In small-scale testing (just against some files on my desktop and a few DLLs in System32) it appears that SigCheck looks at and submits everything unless you specify
-e. That means that all files will be checked against VirusTotal regardless of their type, and any file not recognized (e.g.: probably 90% of My Documents) will be submitted.
Right, I was assuming that you would only check it against executables. Only files that VirusTotal hadn't seen would be actually uploaded, the rest would be sent as a hash.
I have enjoyed reading all of these educational guides for sysinternals, G mail, Office, and others. I just have one question. Why, on some days, the entire article is shown on one web page, while on other days there is a "next" button at the bottom that continues the article on a second, or even third web page?
When I don't have time to read the entire article, I use the Chrome print feature to save it in PDF format. It's a lot more convenient to print or save it when it is not broken up into several sections - there is no need to rename each section.
On some of the days, the lessons are just extremely long, so we break it up into multiple pages. On the days when the lesson isn't quite as long, we let it go on a single page.
This topic was automatically closed after 10 days. New replies are no longer allowed.