How do you debunk a false positive?

Discussion in 'other anti-malware software' started by NonGeek, Aug 17, 2016.

  1. NonGeek

    NonGeek Registered Member

    Joined:
    Dec 28, 2015
    Posts:
    40
    Say that you fell off your chair after your daily AV scan turns the UI to blood red. Then you think that can't possibly be the case. What do you do before you let the file out of quarantine?
     
  2. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,250
    I have my antivirus configured to prompt me to let me choose what action to take whenever a threat is found. Because of this nothing ever gets quarantined automatically. I've been cleaning malware from PCs for 26 years and (usually) I can quite easily tell if something detected is an actual threat or a false positive.

    If you're ever unsure about a file then it's worth checking it at VirusTotal to see if it's safe or not.
     
  3. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    333
    Sandbox and manual analysis also work.
     
  4. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    That's what I do, even with large programs/games. I did this with the MOD "Goldeneye Source" before installing it for real.
     
Loading...