ThreatCheck
AV signature detection verification (legacy)
Overview
ThreatCheck is a legacy verifier that scans compiled binaries against Windows Defender.
Note: ThreatCheck provides binary signals. For graduated rewards, use Elastic Security.
Installation
- Download from ThreatCheck releases
- Place on DEVBOX:
C:\tools\ThreatCheck.exe
Configuration
windows:
threatcheck:
enabled: true
path: "C:\\tools\\ThreatCheck.exe"
timeout: 60
Reward Mapping
| Outcome | Reward |
|---|---|
| No detection | 1.0 |
| Detected | 0.5 |
| Scan error | 0.3 |