Kaspersky Online File Reputation provides the reputation of any file known to Kaspersky, good or bad, in the form of a hash that can be efficiently used for allowlisting, detection, analysis and response. The service’s cloud architecture eliminates the necessity of managing an on-premise client (including AV bases or security feeds distribution) that delays the delivery of new records and has a large client footprint. Moreover, online service provides unlimited data storage as it is hosted in the cloud, making its coverage bigger that any on-premise solution. The online service offers instant detection of malware and zero day threats powered by vast Kaspersky intelligence, the biggest allowlisting database and the best-in-the-industry expertise on legitimate software, as well as the partnership with more than 500 large and globally renowned software developers and distributors. Ultimate ease of integration with any application is ensured by utilizing open REST API.

When compared to previous product versions, we have significantly enriched the service’s detection capabilities by adding hundreds of millions of “malicious” hashes to the cloud database, with special attention being paid to the hashes of the most prevalent malware. All new data is thoroughly filtered to ensure zero false positives rate.

The new service has the following features:

  • Overall number of records: more than 5.3 billion
  • Trusted: 2.6 billion
  • Malicious: 1.1 billion
  • Other: 1.6 billion
  • New records added daily: 2 million
  • Performance: 200,000 requests per hour
  • Hashes: MD5, SHA256, SHA1

Thanks to its versatility, Kaspersky Online File Reputation is perfect for use in the following scenarios:

  • Build Application Control System and perform software categorization
  • Implement both Default Allow and Default Deny scenarios
  • Create additional filtering level
  • Gather security intelligence
  • Respond to incidents
  • Scan files for malware
  • Perform file analysis and classification

A dedicated Dynamic Allowlist database lists the programs that have already been checked and are guaranteed to be legitimate and safe. Kaspersky Allowlist database covers 98%+ of popular legitimate software.

All-around information about the application files is gathered by Kaspersky Security Network: Verdict, Software Category, Product name, Application signature, File popularity, etc.

Based on the files’ metadata as well as expansive knowledge databases – both our own and external – Kaspersky ’s machine learning-based expert systems are able to generate qualified verdicts about the objects in question at a moment’s notice. Moreover, any objects that was previously identified as a threat by any of Kaspersky ’s solutions is immediately blocked without the need for any further analysis.

Machine learning is further augmented by human analysis. Our world-leading anti-malware experts and analysts provide the much-needed human input, directing and helping the software algorithms as needed to help identify threats more reliably, reduce false positives to near-zero, and ultimately achieve a true HuMachine™ Intelligence.

Certificate-based detection

Kaspersky Online File Reputation is able to detect electronically signed files based on the certificate thumbprint, even if the file itself is unknown to us. This is of great help in cases when users receive unknown signed files (for example, installers of Google Chrome or Dropbox belong to this category as well as files automatically generated by Microsoft Windows on every machine).

Every time any such installer is downloaded from the website, it has a unique hash, making regular hash-based detection impossible. However, all of them are signed by the developer – e.g., Google. Kaspersky Online File Reputation service acquires the installer’s signature thumbprint along with the hash of its body. To solve this problem, Kaspersky provides a feature of Kaspersky Online File Reputation service that determines a file’s reputation based on the reputation of its vendor. If the software vendor is trustworthy and their digital signature is valid, the file is also regarded as trusted – even though this is the first time anyone has seen it.

By merging our in-depth knowledge of certificates and malware, we have become able to create a unique service with excellent detection rate.

See also:

Kaspersky Allowlist Program

Kaspersky Threat Intelligence Portal. The service provides up-to-date information on software identified by Kaspersky, including software submitted as part of the Allowlist Program.

Kaspersky Online File Reputation free trial is available. Please click Contact Us below and indicate that you would like to try Kaspersky Online File Reputation, and our representative will get in touch with you shortly.

Contact us