Modern antivirus applications often do a good job at protecting your machine on its day-to-day operations. However, security applications are not perfect and there are occasional false positive detection. It is typically tricky to determine whether it is a false positive or a legitimate threat.
What Are False Positive Antivirus Detection
False positives are instances when your security application identifies a file or a program to be malicious and you believe it isn’t. It typically happens when you’ve just installed the antivirus program or after a major update. Security programs follow the signature of known threats and it will flag anything that resembles those. However, some trusted programs may resemble those threats.
False positives are one of the primary reasons why security programs quarantine threats.
Security applications, such as MalwareFox, will provide as much information as it can about the identified threat. For instance, detection results will show the file location, associated program, and what type of threat it thinks matches the file. Some antivirus programs may even provide a quick way to research the threat without leaving the security interface.
How False Positive Detection Happens
There are several instances when false detection happens. Knowing them is half the battle.
a faulty Microsoft Essentials update caused it to identify Google Chrome as Trojan and subsequently remove it. This rarely happens, but it is possible. Thus, it is important to check the news and updates sections of your antivirus’ websites before deleting any false positive results.
Also, newly installed security programs may also identify several false positives. Most antivirus software “learn” the behavioral patterns of the programs and files in your machine over time.
However, it will follow known threat signatures during its first scan which may identify legitimate files as malicious. As such, you can identify “exceptions” to teach the program which files applications and files are harmless.
Lastly, some programs may fall under a “gray area”. You may trust a freeware with a bunch of advertisements with it but the security programs don’t know that. Programs that employ file compression and protection techniques will also catch the attention of your security program as they may resemble certain types of malware. Utility programs will also fall under the gray area. Moreover, questionable toolkits such as those for cracking software will fall under threats.
How to Confirm False Positives Detection
It is highly likely that a file or an application is harmful when an updated security program tags it as one. However, there are a couple of steps that you can take when you want to determine if a scan result is a false positive.
Solution 2: A better way is to use VirusTotal to survey the results of most security engines. VirusTotal is online virus scanner which aggregates over 70 antivirus products and online scan engines to show a comprehensive analysis. Locate the file on your quarantine, then upload it to the website. The results are also shared with the contributors which then improve their own products and services.
Assess the validity of the detection according to the results of further scans. It is highly likely that a file or a program is a threat if most security programs report it as one.
Final Thoughts
False positive detection do not happen quite often. Make sure that you consider the results of the steps above before declaring a file or a program as safe. Also, schedule a regular scan of your computer using the latest security programs, like MalwareFox, to allow it to learn your machine. Moreover, keep all your programs in the computer updated including drivers as these can also cause false positives.