Free forum » Other topics » Virus Removal, Tools for Removing » How To Handle Suspicious False Positive Detection?

1.4.2009 13:28	How To Handle Suspicious False Positive Detection? #395
	Top
umelec Manager Join Date: 30.3.2009 Posts: 52	Steps To Work With Suspicious False Positive (FP): - Update your AVG Free Edition and scan the file once more (right-click on the file, choose "Scan with AVG") to make sure the FP wasn't fixed yet. - If AVG still detects the malware and you suspect a file to be a false positive, test the file at Jotti Virusscan or alternatively at VirusTotal to check for detection ratio between several AntiVirus vendors. If the result points to possible false positive, archive (zip, arc, tar etc) the file using a password and email a copy to virus@avg.com with a brief description as well as the password you used to archive it with. Depending on the load of Virus analysis, you will receive a response to your query soon. Note: To test the file you may have to restore the file from the Virus Vault and you may need to temporarily disable the Resident Shield in order to allow the upload for the test. If the Resident Shield is not disabled and you try to upload it for the test or when emailing, it will be blocked and you will be shown that 0 bytes were uploaded. To disable AVG temporarily, have a look at FAQ 1311. How to create archive password-protected - see FAQ 1341. There are also other types of False Positives, than just files: Website False Positives To report a false positive for a website detection... just send an email to virus@avg.com and include a link to the website in question along with the information of what was being detected. Or you can use this website. Registry False Positives If its a registry key that is a false positive, please export the registry key - Start > Run > regedit - find the key - right click > Export Add it into password protected archive and send to virus@avg.com for further analysis. Please also include what the password you used when you created the archive.

1.4.2009 13:28

How To Handle Suspicious False Positive Detection?

#395

Top

Manager
Join Date: 30.3.2009
Posts: 52

Steps To Work With Suspicious False Positive (FP):

- Update your AVG Free Edition and scan the file once more (right-click on the file, choose "Scan with AVG") to make sure the FP wasn't fixed yet.
- If AVG still detects the malware and you suspect a file to be a false positive, test the file at Jotti Virusscan or alternatively at VirusTotal to check for detection ratio between several AntiVirus vendors. If the result points to possible false positive, archive (zip, arc, tar etc) the file using a password and email a copy to virus@avg.com with a brief description as well as the password you used to archive it with. Depending on the load of Virus analysis, you will receive a response to your query soon.

Note: To test the file you may have to restore the file from the Virus Vault and you may need to temporarily disable the Resident Shield in order to allow the upload for the test. If the Resident Shield is not disabled and you try to upload it for the test or when emailing, it will be blocked and you will be shown that 0 bytes were uploaded.

To disable AVG temporarily, have a look at FAQ 1311.

How to create archive password-protected - see FAQ 1341.

There are also other types of False Positives, than just files:

Website False Positives

To report a false positive for a website detection... just send an email to virus@avg.com and include a link to the website in question along with the information of what was being detected.
Or you can use this website.

Registry False Positives

If its a registry key that is a false positive, please export the registry key
- Start > Run > regedit
- find the key
- right click > Export
Add it into password protected archive and send to virus@avg.com for further analysis. Please also include what the password you used when you created the archive.

Go to

Previous thread |

Up to parent | Next thread