How to Easily Check an Entire Windows Folder Using Many Different Antimalware Programs

toggle-button

If you need to do security checks on entire folders with multiple antimalware programs, here’s a tool for you. It’s from Microsoft Sysinternals and is called Sigcheck.

It’s a command line tool but don’t let that deter you. It’s easy to use. It has been around for quite a while and has been employed by experienced Windows users to verify file information such as digital certificates and version numbers. The latest version has added a feature that makes it of more general use. The API of VirusTotal has been integrated with Sigcheck so that you can now check all the files in a folder with the many different online security programs that are available at VirusTotal.

The description and download for Sigcheck is at this Sysinternals link. It has recently been updated and is now in version 2.03. The download is a 149 KB ZIP file containing the command-line executable and a EULA. 

The application has to be run in a command line with elevated privileges. There are a number of switches but the ones that involve VirusTotal are:

  • -u  If VirusTotal check is enabled, show files that are unknown to VirusTotal or have non-zero detection
  • -v[rn]  Query VirusTotal  for malware based on file hash. Add 'r' to open reports for files with non-zero detection. Files reported as not previously scanned will be uploaded to VirusTotal unless the 'n' option is specified. Note scan results may not be available for five of more minutes.
  • -vt  Accepts VirusTotal terms of service. If you haven't accepted the terms and you omit this option, you will be interactively prompted.
  • -s  Recurse sub-directories  

Here are two examples of  commands:

  • sigcheck -u -vt c:\YourFolder\
    Shows files that are unknown to VirusTotal or files that at least one engine at VirusTotal reports as malware.
  • sigcheck -u -v -vt -s c:\YourFolder\
    Checks file hashes on VirusTotal and uploads any file where no hash is found. Displays all files flagged with at least one malware warning or that are unknown to VirusTotal. Check includes all sub-folders.

More information about using Sigcheck can be found in this article. Sigcheck is listed in Gizmo's compilation of the best free security software.

And there you have it – a way to do a malware check on many files at once.

Get your own favorite tip published! Know a neat tech tip or trick? Then why not have it published here and receive full credit? Click here to tell us your tip.


This tips section is maintained by Vic Laurie. Vic runs several websites with Windows how-to's, guides, and tutorials, including a site for learning about Windows and the Internet and another with Windows 7 tips.

Click here for more items like this. Better still, get Tech Tips delivered via your RSS feeder or alternatively, have the RSS feed sent as email direct to your in-box.

Please rate this article: 

Your rating: None
4.64706
Average: 4.6 (17 votes)

Comments

Sigcheck version 2.54 was released on 2016.08.29.

http://skwire.dcmembers.com/fp/?page=sigcheckgui contains a third-party graphical user interface for sigcheck called SigcheckGUI.

Interesting, I had missed that. THANK YOU Vic!

Sort of baffling what and how much shows up on my "production" system; said system seems to be "squeaky clean" by conventional methods (MSE, Malwarebytes, AdwCleaneer a.s.o.).
Files from AMD, unsigned files and one from EaseUs with an "explicitly revoked certificate".
All these files are completely clean according to VirusTotal.
I am ???
Comments welcome, TIA.