Decreasing false alarms in enterprise security products
For many years, AV-Comparatives’ protection tests have included a false-positives test, to ensure that security products do not provide protection at the expense of plaguing the user with false alarms. From time to time, enterprise users send us false-positives samples that they have encountered themselves. This is very helpful to us in our research, and so we are now making it easier to submit FPs to us.
False positives are particularly disruptive in business/enterprise environments. They may disable legitimate business products, encourage users to disable security measures or ignore warnings, and/or require time and effort on the part of IT staff to remediate the problem. Please see our blogpost “The curse of the false positive” for a more complete discussion of the subject.
From time to time, enterprise users send us false-positives samples that they have encountered themselves. This is very helpful to us in our research, and so we are now making it easier to submit FPs to us. We might use submitted files in our false-positives tests, if certain criteria are met (e.g. high prevalence).
- If your security product still detects the file as malicious, please contact the respective vendor for assistance.
- Please do not submit any files that could be considered confidential for any reason.
- When providing us with a false-positive sample:
- Before submitting the file to us, please query/upload it on VirusTotal and send us the link to the results page.
- Please tell us which security product detected the file as malicious. Please note that we are not interested in PUA (potentially unwanted apps) detections or in files with zero prevalence (therefore, e.g. self-written files will be ignored).
- Please tell us the approximate date when the false positive occurred.
- Please tell us which application this file is a part of.
- If possible, kindly let us know (briefly) what effect the false positive had on your business (e.g. application unavailable, investigation by IT support staff needed).
- We would also be grateful if you could provide us with any other information that you feel is relevant.
- The submission process is anonymous.
Enterprise users can submit confirmed FPs here: https://report-fp.av-comparatives.info
Thanks for your help!