About & Frequently Asked Questions (FAQ)
EdgeSpot.io is a free online web service that provides advanced exploit detections, for both known and unknown (zero-day) exploits. It's powered by our innovative EdgeLogic exploit analysis engine in the backend. It's currently in beta. The most advantage of EdgeSpot.io (and our backend EdgeLogic engine) is the capability of detecting zero-day and unknown exploits, as it does not rely on signatures.
Today's cyber attacks especially advanced threats are largely based on exploits that leverage various security vulnerabilities. However, exploit detection, as one of the biggest challenges in the information security industry, has never been really solved. Our EdgeLogic engine is designed and built to solve this problem, and we believe by offering it as a free service to everyone, we could help make fewer people and organizations get hacked.
What's an exploit?
In the computer world, an exploit is an attack/method that takes advantage of system or network vulnerabilities to gain unauthorized access to computers. It's usually the first step of a cyber attack - after successful exploitation, hackers may execute malware on the victim's system, access sensitive data and take control of the whole system. At EdgeSpot.io, we focus on the client-side exploits, which usually appears as regular files, eg. Office documents or PDF.
What's the EdgeLogic engine and why it's unique?
Unlike other traditional malware detection methods, the EdgeLogic engine is designed, from the ground up, to detect exploits. We detect at the core of the way of how exploits work. We believe different ways of how the exploit and malware (PE) works must be reflected in the system designs. The EdgeLogic engine is empowered by cutting-edge techniques such as "file structure -oriented" static and dynamic analysis, and machine learning.
Web Service & Engine
What file types do you support on EdgeSpot.io?
At present, we only provide detection service on popular client-side files. Currently supported file types are listed as below, more file types may be supported in future if needed.
- Portable Document Format (pdf)
- Microsoft Office Word files (doc,docx,docm, mht, and more)
- Microsoft Office Excel files (xls,xlsx,xlsm,xlam,xlsb and more)
- Microsoft Office PowerPoint files (ppt,pps,pptx,ppsx,pptm,potx, and more)
- Microsoft RTF files (rtf)
- Emails (eml, msg)
- Adobe Flash files (swf)
- "Container" files (zip)
If you want us to support certain file type(s), please send us a feature request here.
Do I need to specify the file type when I upload a sample?
No, you may upload any samples in any file types you want, our system has the capability of recognizing the file type automatically. If your sample is not supported, you will be given an error.Tip: if you believe your file is a valid file type that we need to support, or there’s a mistake in our engine, please contact us.
How long does it take to analyse one sample?
It depends. First of all, it depends on the number of samples on the waiting list in our system. You would be redirected to a "waiting" page when your sample is waiting to be processed. Secondly, when your sample is being processed, it depends on the complexity of the sample (from exploit detection point of view), unlike other exploit detection engines, our engine analyzes the sample in an intelligent way where it can determinate if additional analysis is needed. In situations such as the sample is a "container" (for example, a "zip" file), the processing time is also depended on how many "sub samples" the zip sample contains.
What analysis result will user see?
There are 4 kinds of detection results:
- Malicious, which means the file is detected as an exploit. You should be extremely careful when you see such a result as the False Positive rate of our system is very low. Note: when we detect the sample is a zero-day exploit, you will be given a message containing the word "ZERO-DAY".
- Suspicious, which means our engine spots significant suspicious characteristics in the sample, but it's not necessary to conclude the sample is malicious (you may find additional details under the "Suspicious" label). Please note that users should also be very careful when a sample is detected as suspicious.
- Information, which means that there's no direct threat from the sample, but you should open the sample with cautious.
- No threat found, which means no exploit-related threat is found in the sample.
How do I report a false detection?
We highly appreciate users who report False Positive (a clean sample but it is detected) or False Negative (a malicious sample but it is not detected) results to us! The invaluable feedback enables us to continue improving our system or ML model/logic. You may simply click the "Report" button on the "Analysis" page which will lead you to our "Contact" page. Or, you may email us at firstname.lastname@example.org, or communicate with us on Twitter @EdgeSpot_io.
I mistakenly submitted a file, can I ask for a deletion?
Yes, we have great respect for user's privacy. If you accidentally upload a wrong file, please contact us as soon as possible. Please provide some proof (such as IP address, time, content, etc), once we confirm the sample is indeed uploaded by yourself, it will be deleted permanently from our database. Since this is a manual process, we may need some time to process, but don't worry, we will not share or use the sample before we process all the pending deletion requests.
I have many samples to submit, do you provide API submission?
Yes, please email us at email@example.com for a free API key.
My question is not answered here, how to contact you in general?
Please deliver your question to firstname.lastname@example.org, we welcome any suggestion, inquiry, and ideas.
Last Updated: February 28, 2019