Hi,
If you suspected your anti-virus software was giving you a false positive report of an infection how can you verify that the report is indeed a false positive? So far I have come up with:
• Confirmation from the AV vendor that there is a known problem with the AV software producing false positive reports for the specific executable where the infection has been found.
• A comparison between the alleged infected executable and a known clean version.
• A reverse engineer and detailed analysis of the executable’s Assembly code by a competent person.
Are there any other methods? The obvious one seems to be to scan with a different AV product, however I am not sure this really confirms a false positive in the original product - it could mean that your alternative AV is missing the infection.
Ed Metcalfe.
Please do not feed the trolls.....
If you suspected your anti-virus software was giving you a false positive report of an infection how can you verify that the report is indeed a false positive? So far I have come up with:
• Confirmation from the AV vendor that there is a known problem with the AV software producing false positive reports for the specific executable where the infection has been found.
• A comparison between the alleged infected executable and a known clean version.
• A reverse engineer and detailed analysis of the executable’s Assembly code by a competent person.
Are there any other methods? The obvious one seems to be to scan with a different AV product, however I am not sure this really confirms a false positive in the original product - it could mean that your alternative AV is missing the infection.
Ed Metcalfe.
Please do not feed the trolls.....
