Spotlight on security: The problem with false alarms
False Positives (FPs, also known as False Alarms) are harmless and legitimate programs that are incorrectly identified as malicious by an antivirus program. A false positive can have very serious consequences. In some cases, it will not be possible to run a legitimate program if it is blocked by the security software.
Consumer Malware Protection Test March 2018
Advanced Endpoint Protection Test
AV-Comparatives has published the findings of an Advanced Endpoint Protection Test, consisting of the following component tests:
- PowerShell-based file-less attacks and file-based exploits test, including false alarm test
- Proactive Protection Test, including false alarm test
- Real-World Protection Test, including false alarm test
- Ransomware test
The tests were performed between November 2017 and January 2018. The primary goal was to compare the automatic prevention and detection capabilities of different endpoint protection solutions. The test was commissioned by Bitdefender. Products by the following vendors were tested (please note that the results apply only to the specific program versions and settings that are described in the report): Bitdefender, Carbon Black, CrowdStrike, Cylance, Kaspersky Lab, McAfee, SentinelOne, Sophos and Symantec. The full report can be downloaded from here (PDF).
Malware Protection Test September 2017
Malware Protection Test March 2017
We released our newly introduced Malware Protection Test. It assesses a security program’s ability to protect a system against infection by malicious files; what is unique about this test is that in addition to checking detection in scans, it additionally assesses each program’s last line of defence. Any samples that have not been detected e.g. on-access are executed on the test system, with Internet/cloud access available, to allow features such as behavioural protection to come into play. A false alarm test is also included.
You can find additional information in the following two blog posts:
File Detection Test September 2016
File Detection Test March 2016
False Alarm Test Report September 2015
AV-Comparatives releases an appendix report for its False Alarm Test done during the File-Detection Test. The False Alarm Test report contains details about the false alarms encountered by the various products, such a the affected programs, the detection names and the supposed prevalence (according to various telemetry data sources). You can download the appendix False Alarm Test report of September 2015 as PDF here.