VirusTotal will track false positive

    The authoritative web resource VirusTotal , which is the most common service for online checking files and URL links by various AV scanners, has introduced an additional notification mechanism for so-called false positive. This concept refers to a clean (not infected) file detected (erroneously) as malware by one or more anti-virus scanners. False positive itself is quite common and detection from a clean file can be removed by the vendor in a few hours, however, this approach misleads the user.



    One of the mechanisms that VirusTotal has long introduced to protect against false positive is voting for the status of the file. A user of the service or a member of the community can vote for a file with the status “Harmful” or “Harmless”. Such a verification mechanism makes it possible to assess the reliability of the verdicts of AV scanners; in addition, it helps to identify potentially malicious files even before they are detected by vendors. In the presence of a very large number of “harmless” votes, we can say that the file is clean, and if the file is detected by antivirus, then we are dealing with false positive.

    The new VirusTotal feature introduces an additional check for false positive, and also displays a special notification to the user. Such a notification is shown below in the screenshot that was taken from the VirusTotal blog mentioned above. This is a standard Windows application “calculator”, which the service itself considered clean, regardless of the verdict of AV scanners .



    The added function of detecting clean files is based on the so-called. collections of clean files or their metadata. As follows from the VirusTotal blog quote below, Microsoft was the first to partner with VirusTotal and provide information about its trusted files, which led to the recognition of 6 thousand clean files.

    We have been working on this for just one week and with just one company, Microsoft, yet results look very promising: over 6000 false positives have been fixed . We would like to extend a big thank you to the Microsoft team for sharing metadata about its software collection and to the antivirus industry as a whole for the false positives remediation.

    Also popular now: