Prevx heuristics adjustments vs false positives

[Jeroen1000]

I've been wondering for some time about this now, please enlighten me

Sometimes, Prevx sees a FP because a "definition" has become too heuristic. Fine, this can be fixed quickly. However, is it possible that real virusses that were previously detected are missed since the heuristic detection rule has been altered?

[PrevxHelp]

Quote:

Originally Posted by Jeroen1000

I've been wondering for some time about this now, please enlighten me

Sometimes, Prevx sees a FP because a "definition" has become too heuristic. Fine, this can be fixed quickly. However, is it possible that real virusses that were previously detected are missed since the heuristic detection rule has been altered?

When we fix a FP, it generally could tune down the heuristics slightly for other files as well, but at that point we're able to see exactly what component of the rule caused the FP and because of our database, we're able to see exactly how many files would be affected by it, so we are able to make very fine-tuned adjustments On the other side, however, we have some rules which find 300,000+ infections from a single heuristic and have produced 3-4 FPs. In that case, we just whitelist the individual files

Hope that helps!

[Jeroen1000]

Thanks Joe, I have been educated I was just a tad worried that detection might get worse whenever a rule is adjusted because of an FP. Although you do not exclude that scenario, I feel at ease by the way you go about it.