Difference between revisions of "False positive"
(New page: False positives are scan results that flag good files as belonging to malware. ==Reasons== False positives usually happen because of ambiguous SBI Commands, e.g. missing or lax [[Adva...) |
(→Counteraction: fixed link (name) of editor) |
||
Line 5: | Line 5: | ||
==Counteraction== | ==Counteraction== | ||
− | Scan results inside the GUI do contain IDs (starting with Spybot-S&D) that you can type into the [[IncludeEditorLite|Editor]] to identify the line that has caused the false positive. Once identified, you need to start looking at how you might refine the [[ | + | Scan results inside the GUI do contain IDs (starting with Spybot-S&D) that you can type into the [[IncludeEditorLite|Editor]] to identify the line that has caused the false positive. Once identified, you need to start looking at how you might refine the [[OpenSBI Editor Lite|command]] to be stricter. A common cause would be the [[Advanced file parameters|advanced file parameters]], which might not be as unique as you've intended them to be (as a simple example, using only the filesize is not a very unique argument). |
Latest revision as of 10:46, 23 February 2008
False positives are scan results that flag good files as belonging to malware.
Reasons
False positives usually happen because of ambiguous SBI Commands, e.g. missing or lax advanced file parameters.
Counteraction
Scan results inside the GUI do contain IDs (starting with Spybot-S&D) that you can type into the Editor to identify the line that has caused the false positive. Once identified, you need to start looking at how you might refine the command to be stricter. A common cause would be the advanced file parameters, which might not be as unique as you've intended them to be (as a simple example, using only the filesize is not a very unique argument).