How to detect false positive

<Content Page>

Content Page » How to detect false positive

[Last updated on 19/05/2009,Wed]

What is a false positive?

Clean file mistakenly labelled as malware. False positives can cause problems, when the file is consider a virus or malware and deletes/quarantined when it is important to the operation of a system, the system may become unstable or even stop working.

How to detect false positive?

Method 1:

You need common sense and do some researching on the net.

If your anti-virus detects a malware, it not advisable to delete it from the "quarantine section" right away without doing any research on it.

Usually higher detection rate anti-virus or cloud based tend to have a higher chance of getting false positives.

Examples are Kaspersky, Bitdefender,Avast,Prevx, AVG, McAfee.

Read more on Cnet.

Method 2:

Download from reputable sites like download.com, filehippo.com etc or "guide" by wot(web of trust) or McAfee's siteadvisor. Install the software and do a full scan after that to see whether got infection and you will know whether is it a false positives.

Note: Usually keygen or patches from torrent always mark as false positives by anti-virus.

Example of false positives:

At first I were surprised to see malware/trojans as I am very strict with my security in my computer.

As we can see in the screenshot above, Avira and Prevx detects trojan and malware.

First look I know that Prevx detects are false positives as I have used that product before.

On second thought, Avira detects it which is 1 of the lowest false positive anti-virus I know.

I scanned my whole computer with Eset Smart Security and Malwarebytes' Anti-Malware with the latest updates. Both detects nothing in my laptop. Although Eset(No false positive in the last 8 years in comparative Anti-Virus Results by Virus Bulletin) detects nothing, I took another steps to confirm it as no anti-virus can detects all the malware.

To play safe, I locate the "infected" files and upload to VirusTotal and got the following results:

Use below antivirus as a reference to determine false positive. If any of this detects, you should be caution as it might really be a malware infection.)

Lowest false positive:

Nod32 (Eset)

Higest dectection rate:

G data

Anti-Vir(Avira)

Avast

BitDefender

Kaspersky

Symantec(Norton)

Conclusion:

Anti-Vir(Avira) and Symantec(Norton) detects as a threat. For extra precaution, I delete those files and they are located at Application data which is "safe" to delete.

P.S. : I have to delete the files manually as I'm using the free version of Hitman Pro.

Reference:

Myself

http://download.cnet.com/8301-2007_4-20003344-12.html?tag=contentMain;contentBody

Back to Homepage

<Back To Content Page>