False positive

From SpybotWiki
Revision as of 10:46, 23 February 2008 by CCRDude (talk | contribs) (Counteraction: fixed link (name) of editor)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

False positives are scan results that flag good files as belonging to malware.

Reasons

False positives usually happen because of ambiguous SBI Commands, e.g. missing or lax advanced file parameters.

Counteraction

Scan results inside the GUI do contain IDs (starting with Spybot-S&D) that you can type into the Editor to identify the line that has caused the false positive. Once identified, you need to start looking at how you might refine the command to be stricter. A common cause would be the advanced file parameters, which might not be as unique as you've intended them to be (as a simple example, using only the filesize is not a very unique argument).