Steps To Work With Suspicious False Positive (FP):

- Update your AVG Edition and scan the file once more (right-click on the file, choose "Scan with AVG") to make sure the FP wasn't fixed yet.
- If AVG still detects the malware and you suspect a file to be a false positive, test the file at Jotti Virusscan or alternatively at VirusTotal to check for detection ratio between several AntiVirus vendors. If the result points to possible false positive, archive (zip, arc, tar etc) the file using a password and email a copy to virus@avg.com with a brief description as well as the password you used to archive it with. Depending on the load of Virus analysis, you will receive a response to your query soon.

- Alternatively, you may send files (and registry exports) suspected to be falsely detected for analysis using this web page.

Note: To test the file you may have to restore the file from the Virus Vault and you may need to temporarily disable the Resident Shield in order to allow the upload for the test. If the Resident Shield is not disabled and you try to upload it for the test or when emailing, it will be blocked and you will be shown that 0 bytes were uploaded.

To disable AVG temporarily, have a look at How To Temporarily Disable AVG Components.

How to create archive password-protected - see Frequently Asked Question #2159.


There are also other types of False Positives, than just files:

AVG Mobilation False Positives
The email address for mobile app submission is mobilemalware@avg.com
More information can be found in this FAQ article.

Website False Positives (+ AVG Toolbar False Positives)
To report a false positive for a website detection... just send an email to virus@avg.com and include a link to the website in question along with the information of what was being detected.
Or you can use this website.

Registry False Positives
If its a registry key that is a false positive, please export the registry key
- Start > Run > regedit
- find the key
- right click > Export
Add it into password protected archive and send to virus@avg.com for further analysis. Please also include what the password you used when you created the archive.

Identity Protection False Positives
A) Detection during new installation
Please send the installation file to virus@avg.com for closer analysis. You can email also just a link, where the installation file can be downloaded (producer website, online storage, etc.).

B) Detection on already installed application (during its update, common usage, etc.)
To provide virus specialists with the falsely detected file (for analysis and fix), it is needed to let AVG quarantine the detected file. Then localize recent file in folder*:

Windows XP
C:\Documents and Settings\All Users\Application Data\AVG<version_number>\IDS\quarantine\

Windows Vista/Seven
C:\ProgramData\AVG<version_number>\IDS\quarantine\

- and send it to virus@avg.com for closer analysis and fix

Then you can visit AVG Virus Vault (in AVG -> menu History), mark quarantined file and click Restore. In next Identity Protection detection use option "Allow" or add the application into Allowed List in AVG (menu Tools -> Advanced Settings -> Identity Protection).

Anti-Rootkit False Positives
Please be informed that AVG Anti-Rootkit detects all processes (not digitally certified by trusted authority), which are using rootkit technique to hide their actions. The detected rootkit can be a virus, as well as a part of a commercial application (more information).

In case of suspicion about a falsely detected rootkit, please create a new thread on this forum and describe the issue in details. Kindly include this information:
- What is the exact AVG program version (found in lower-left corner of the AVG user interface)?
- Include the Anti-rootkit scan result export in your post.
- Please provide a link where the respective detected application can be downloaded from (if available).
- Do you have any optical drive emulation software installed? (If unsure, please attach an msinfo output to your post.)
- If the rootkit is detected in memory section (detection looks similar to"";"<unknown>";"Corrupted section win32k.sys[.text] +0x287A, size 4 bytes";"Object is hidden") please create complete memory dump, send it to our FTP server using this service utility and tell us the name of uploaded file.

---

* Some folders could be hidden by default Windows settings. To view hidden files and folders please read How To Display Hidden Files And Folders