Difference between revisions of "False positive"

From SpybotWiki
Jump to: navigation, search
(New page: False positives are scan results that flag good files as belonging to malware. ==Reasons== False positives usually happen because of ambiguous SBI Commands, e.g. missing or lax [[Adva...)
 
(Counteraction: fixed link (name) of editor)
 
Line 5: Line 5:
  
 
==Counteraction==
 
==Counteraction==
Scan results inside the GUI do contain IDs (starting with Spybot-S&D) that you can type into the [[IncludeEditorLite|Editor]] to identify the line that has caused the false positive. Once identified, you need to start looking at how you might refine the [[SBI Command|command]] to be stricter. A common cause would be the [[Advanced file parameters|advanced file parameters]], which might not be as unique as you've intended them to be (as a simple example, using only the filesize is not a very unique argument).
+
Scan results inside the GUI do contain IDs (starting with Spybot-S&D) that you can type into the [[IncludeEditorLite|Editor]] to identify the line that has caused the false positive. Once identified, you need to start looking at how you might refine the [[OpenSBI Editor Lite|command]] to be stricter. A common cause would be the [[Advanced file parameters|advanced file parameters]], which might not be as unique as you've intended them to be (as a simple example, using only the filesize is not a very unique argument).

Latest revision as of 10:46, 23 February 2008

False positives are scan results that flag good files as belonging to malware.

Reasons

False positives usually happen because of ambiguous SBI Commands, e.g. missing or lax advanced file parameters.

Counteraction

Scan results inside the GUI do contain IDs (starting with Spybot-S&D) that you can type into the Editor to identify the line that has caused the false positive. Once identified, you need to start looking at how you might refine the command to be stricter. A common cause would be the advanced file parameters, which might not be as unique as you've intended them to be (as a simple example, using only the filesize is not a very unique argument).