Reporting false POSITIVES in CCAV 1.2 onwards (Draft)

If you think you have experienced a false positive verdict you can submit file as below.


If and only if you are really sure the file is safe:

  • On the notification/alert select “Ignore and report as false alert”

If you are NOT really sure, quarantine it, then:

  • In detected threat list, select submit as false positive from the list, then leave it in quarantine pending judgement

When a file is submitted as false positive, the file will be submitted to false positive server and will be (manually I guess) analyzed. After analysis, if proved to be safe, the file will be added to trusted list.

You can see the list of files you have submitted as false positives at any time in Settings ~ File rating ~ False Positives

If you get too many false positives and they are from one or two vendors, consider adding these vendors to the Trusted Vendor List.

Kind regards

Mike

Why you may get false positives from Valkyrie

My view is that there will be a few false positives with Valkyrie because of the way it works. But should be far less than with traditional Heuristics, at least once fully tuned.

It is actually running the files and detecting virus-like behavior. It probably reduces false positives by looking at whether something that could be considered damage is actually caused when the file is run.

But it cannot always tell if something that could be considered damage is in fact an intended action by a utility whose consequences are positive when the utility is used as intended by someone with good intentions.

As an analogy you might say that some software technologies, particularly some utilities, are bit like atomic energy. They can be used for good or evil, depending on intentions. You can’t say a society is bad because it has atomic energy. So you think - well I’ll detect if their use of atomic energy causes damage. Well even that might cause false positives, though far less false positives, as destructive atomic explosion may have beneficial uses in some contexts.

Please note correction to the ‘if you are not’ section in the first post.

Updated 02-07-2016