Difference between revisions of "False positive"

From SpybotWiki
Jump to: navigation, search
(New page: False positives are scan results that flag good files as belonging to malware. ==Reasons== False positives usually happen because of ambiguous SBI Commands, e.g. missing or lax [[Adva...)
(No difference)

Revision as of 15:15, 16 February 2008

False positives are scan results that flag good files as belonging to malware.

Reasons

False positives usually happen because of ambiguous SBI Commands, e.g. missing or lax advanced file parameters.

Counteraction

Scan results inside the GUI do contain IDs (starting with Spybot-S&D) that you can type into the Editor to identify the line that has caused the false positive. Once identified, you need to start looking at how you might refine the command to be stricter. A common cause would be the advanced file parameters, which might not be as unique as you've intended them to be (as a simple example, using only the filesize is not a very unique argument).