Results 1 to 4 of 4

Thread: What to do about false positives?

  1. #1
    phoenixgtr Guest

    Default What to do about false positives?

    I had my first false positive today: the file nvappbar.exe was identified as the virus Email-wWorm.Win32.Small.f.
    In fact this is a legitimate nVidia file (the nView Toolbar) and has already been identified as a false positive on the Kaspersky forum, which says something will be done about it soon.My question is, what do I do about it in the meantime?
    If I put it on the list of exceptions ZASS lists it not by file name and path,
    but by the name of the virus which it is not--this means if I add it to exceptions that virus--the real one--can get in, doesn't it?
    So how to I get ZASS to leave nvappbar.exe alone while still detecting real viruses?

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: What to do about false positives?


    <BLOCKQUOTE><HR>PhoenixGTR wrote:
    So how to I get ZASS to leave nvappbar.exe alone while still detecting real viruses?

    <HR></BLOCKQUOTE>Yep, its not possible to exclude "on access" only "on demand" (scan targets)Usually false positives are fixed in a matter of hours.... so you should not leave excluded that malware longer than 6/7 hours.The probability of getting infected by that virus within hundreds of viruses around I beleive is very limited, but still it would be nice to have exclusion by file name!Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    phoenixgtr Guest

    Default Re: What to do about false positives?

    Thanks for the speedy reply, fax.
    I'll delete it from the list of exceptions when I log off today and then try again tomorrow.
    Which do you think is the best setting for my Virus Management treatment options in the meantime:1) leave it on the recommended setting and remove
    the nVidia file
    from quarantine if it gets &quot;caught&quot; again, or2) change the setting to &quot;try to repair, and alert me if repair fails&quot; or &quot;alert me--do not treat automatically&quot;?


  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: What to do about false positives?

    Hi!I would keep it as default, if this have been reported to KAV the false positive should have been fixed by now.Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •