By David Harley

When is a false positive (FP) really a false positive? How much care should security vendors take to avoid or at worst fix them: do they really matter at all?

Continue reading…

We released our Consumer Malware Protection Test. Any samples that have not been detected e.g. on-access are executed on the test system. A false alarm test is also included.

We released our Consumer Malware Protection Test. Any samples that have not been detected e.g. on-access are executed on the test system. A false alarm test is also included.

We released our Consumer Malware Protection Test. Any samples that have not been detected e.g. on-access are executed on the test system. A false alarm test is also included.

False Positives (FPs, also known as False Alarms) are harmless and legitimate programs that are incorrectly identified as malicious by an antivirus program. A false positive can have very serious consequences. In some cases, it will not be possible to run a legitimate program if it is blocked by the security software.

Continue reading…

We released our Consumer Malware Protection Test. Any samples that have not been detected e.g. on-access are executed on the test system. A false alarm test is also included.

AV-Comparatives has published the findings of an Advanced Endpoint Protection Test, consisting of the following component tests:

• PowerShell-based file-less attacks and file-based exploits test, including false alarm test
• Proactive Protection Test, including false alarm test
• Real-World Protection Test, including false alarm test
• Ransomware test

The tests were performed between November 2017 and January 2018. The primary goal was to compare the automatic prevention and detection capabilities of different endpoint protection solutions. The test was commissioned by Bitdefender. Products by the following vendors were tested (please note that the results apply only to the specific program versions and settings that are described in the report): Bitdefender, Carbon Black, CrowdStrike, Cylance, Kaspersky Lab, McAfee, SentinelOne, Sophos and Symantec. The full report can be downloaded from here (PDF).

We released our Malware Protection Test. Any samples that have not been detected e.g. on-access are executed on the test system. A false alarm test is also included.

We released our newly introduced Malware Protection Test. It assesses a security program’s ability to protect a system against infection by malicious files; what is unique about this test is that in addition to checking detection in scans, it additionally assesses each program’s last line of defence. Any samples that have not been detected e.g. on-access are executed on the test system, with Internet/cloud access available, to allow features such as behavioural protection to come into play. A false alarm test is also included.

You can find additional information in the following two blog posts:

Introducing AV-Comparatives’ Malware Protection Test
Sample quality for the Malware Protection Test

The September 2016 file detection test report has been released. As usual, please read carefully the whole test report. You can find it on our website. The False Alarm lists are here.