Question about false positive?

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Do you mean by this? ;)

False = incorrect
Positive = affirmative

Therefore a file is affirmative but detect incorrect behavior of virus so better report to AV vendors to fix it.
 

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
That is a very tricky question for sure. :) It could go either way. :eek:
 

Maikuolan

Level 1
Verified
Feb 19, 2015
47
When a detection is considered a "false positive", that in itself isn't necessarily an indication of the safety of the object for which the detection is concerned; Simply put, a "false positive" indicates that the specific string, data, behaviour, detection method or whatever else is being used to trigger the detection is present in the object that has been detected, but that the object was not an intended target for that detection.

As an example.. Imagine that you are in control of a medium of communication and you are wanting to prevent the users of that medium of communication from using it for the purposes of torrenting. You notice, over the course of some time, that most of these users include messages such as "check out this awesome new torrent!" with every torrent file that they upload, and so, as a means of assisting with the prevention of these activities, you decide to write some script, program or policy to execute alongside this medium, to automatically detect and block any communications that contain the string "torrent".

This would mean that every time someone uploads a torrent file and includes the aforementioned message, it is detected and blocked, because of the message containing the word (or string) "torrent" contained therein ("check out this awesome new torrent!"). You'd consider this a successful, positive detection.

Now imagine that one day, someone writes and sends a blog post through this medium of communication that briefly has some mention of torrenting in it, and due to that mention, also happens to contain the word (or string) "torrent"; The specific post doesn't contain an attached torrent file and is not intended by the original author for torrenting, but nonetheless, due to this script, program or policy that you'd have written earlier, their blog post is detected as an attempt to use this medium of communication for the purposes of torrenting. You'd consider this to be a false positive.

If your anti-virus solution, whatever else you're using or wherever else you're reading about false positives is telling you that something is a false positive, what is meant by that, simply, is that the object or thing being detected is not what the specific detection was intended to detect.

In other words.. The object or thing being detected may or may not necessarily still be dangerous.
 

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
If a file has been deemed dangerous by an AV it has risks to a certain extent. Of course a false positive may be due to an oversight by the vendors, or it might be because the vendors found something very similar to a real threat and therefore also classified the software as a threat. In any case if you feel that your software might be a false positive do a scan with virustotal to check which AVs detect it. Generally if more than 1 AV detects it as a threat then I wouldn't consider it as a false positive, however if only 1 AV detects it and it is an old piece of software then I would say that that AV is detecting it as a false positive. But I also consider which AVs detect it, example would be if Lavasoft and Bitdefender both detect it I would consider it as 1 AV because both of the AV uses the same engine (bitdefender engine).

Conclusion is be careful on running software on your computer, especially if it's not very well known or new. Always check on virustotal for more information and if you are still unsure run it in a sandbox or virtual machine.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top