I’m the manufacturer of a computer software product. We’re doing
business for the last six years with excellent support from people all over the
world to date.
I used ESET’s Smart Security and Antivirus and full scanned my PC.
I was greatly shocked to see the setup program of my product in the list of
infected files. So I asked my colleague to check out things from his PC, he had
the same experience. What could it be? How can I save the image of my product
by reporting the false positive?
In this excerpt from
Answercast #6, I discuss the problems encountered by one software
manufacturer when their product starts showing as malware in security sweeps.
It’s unfortunate, but this can and does happen.
Is it really malware?
False positives happen. It’s really unfortunate. Antivirus, virus, and malware detection is kind of a black art.
There are some pretty advanced calculations or algorithms being used to scan for thousands and thousands (and thousands!) of different viruses without taking forever; pretty advanced algorithms performing this scanning in something ‘approaching’ a reasonable amount of time.
The downside is that occasionally the patterns that appear as malware can appear in other software – that is not actually malware. That’s what you are experiencing. So there are two things you need to do. One, as a product vendor, you need to make sure that it’s easy for your customers and the public to find out information about this problem.
Be transparent about the problem
In other words, have a FAQ; have a customer support page, that says “Yes, our product is currently showing a false positive from this antivirus software. If you got it from a reputable place (I’m assuming you have only reputable places that you could then list), that product is not infected and this is what’s known as a false positive. If you got the product from somewhere else, get it from a reputable place.”
Unfortunately, one of the things that can happen is bad guys can take a product, such as yours, add malware to it and then offer it as a download.
The other thing you need to do, of course, is to contact this antivirus security software vendor and let them know that your product is good; that their product is kicking a false positive on your product, and that they need to address this in their package.
Getting through to them can at times be difficult, but most of them (I think ESET falls into this category) try to be responsible. It is not that uncommon for this to happen and they have to be responsible and take action. Not only do they have to detect all of the malware that they can, but also not falsely accuse valid software of being malware.
So get in touch with ESET as soon as you can and let them know this is going on.
1 thought on “How do I stop false positives in spam and malware reports?”
it can happen to anyone
I have the win3.1 calculator update
which I got from the MSDownload site
and it was flagged, so I sent a copy of it to the vendor and also pointed them to the MSDownload site where I got it,
they verified that it was being flagged falsely