Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How do I stop false positives in spam and malware reports?

Question:

I’m the manufacturer of a computer software product. We’re doing
business for the last six years with excellent support from people all over the
world to date.

I used ESET’s Smart Security and Antivirus and full scanned my PC.
I was greatly shocked to see the setup program of my product in the list of
infected files. So I asked my colleague to check out things from his PC, he had
the same experience. What could it be? How can I save the image of my product
by reporting the false positive?

In this excerpt from
Answercast #6
, I discuss the problems encountered by one software
manufacturer when their product starts showing as malware in security sweeps.
It’s unfortunate, but this can and does happen.

]]>

Is it really malware?

False positives happen. It’s really unfortunate. Antivirus, virus, and malware detection is kind of a black art.

There are some pretty advanced calculations or algorithms being used to scan for thousands and thousands (and thousands!) of different viruses without taking forever; pretty advanced algorithms performing this scanning in something ‘approaching’ a reasonable amount of time.

The downside is that occasionally the patterns that appear as malware can appear in other software – that is not actually malware. That’s what you are experiencing. So there are two things you need to do. One, as a product vendor, you need to make sure that it’s easy for your customers and the public to find out information about this problem.

Be transparent about the problem

In other words, have a FAQ; have a customer support page, that says “Yes, our product is currently showing a false positive from this antivirus software. If you got it from a reputable place (I’m assuming you have only reputable places that you could then list), that product is not infected and this is what’s known as a false positive. If you got the product from somewhere else, get it from a reputable place.”

Unfortunately, one of the things that can happen is bad guys can take a product, such as yours, add malware to it and then offer it as a download.

Contact ESET

The other thing you need to do, of course, is to contact this antivirus security software vendor and let them know that your product is good; that their product is kicking a false positive on your product, and that they need to address this in their package.

Getting through to them can at times be difficult, but most of them (I think ESET falls into this category) try to be responsible. It is not that uncommon for this to happen and they have to be responsible and take action. Not only do they have to detect all of the malware that they can, but also not falsely accuse valid software of being malware.

So get in touch with ESET as soon as you can and let them know this is going on.

Next – What processor do I need for a 17 inch laptop?

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

1 thought on “How do I stop false positives in spam and malware reports?”

  1. it can happen to anyone

    including MS,
    I have the win3.1 calculator update
    which I got from the MSDownload site

    and it was flagged, so I sent a copy of it to the vendor and also pointed them to the MSDownload site where I got it,

    they verified that it was being flagged falsely

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.