FPs: everybody’s doing it, doing it…
False positives, that is. As I've made clear here before, ESET does not subscribe to the "Let's crow about another company's false positive problem" model of marketing. That doesn't mean we're not aware of the importance of the issue, or that we don't work pretty hard to minimize its impact on our customers, but we're painfully aware that there's no absolute methodology for preventing them, and no company is immune to them.
So I'm not going to talk directly about a couple of high profile FP incidents in the last week or so with very heavy impact on affected users of the products in question. However, given that impact – one of the incidents involved, apparently, the misdiagnosis of up to 25,000 files – it's not surprising that there's interest in assessing the susceptibility of anti-malware products to the problem through testing.
At the last AMTSO workshop in Munich, a guidelines document on False Positive (FP) testing was approved, and is now available on the AMTSO documents page. More information on the AMTSO blog here: Guidelines for False Positive Testing.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
2 Responses to “FPs: everybody’s doing it, doing it…”
Leave a Reply
- David Harley (743)
- Randy Abrams (431)
- Cameron Camp (111)
- Stephen Cobb (62)
- ESET Research (56)
- Pierre-Marc Bureau (51)
- Aryeh Goretsky (29)
- Andrew Lee (15)
- Jeff Debrosse (12)
- Robert Lipovsky (12)
- Paul Laudanski (11)
- Sebastian Bortnik (8)
- Dan Clark (6)
- Righard Zwienenberg (6)
- Sébastien Duquette (5)
- Peter Stancik (4)
- Alexis Dorais-Joncas (3)
- Tasneem Patanwala (3)
- Aleksandr Matrosov (2)
RSS
December 6th, 2010 at 8:01 am
I run Uniblue Powersuite on my machine to clean registry periodically. ESET has suddenly started identifying it as a false positive and block ing its action so I have to disbel ESET to allow it to run – how can I sort this?
December 6th, 2010 at 6:03 pm
ESET identifies it as a potentially unwanted program due to issues we see with it. You can add an exclusion or use another program. I personally do not believe it is doing anything useful for you. If you think it is, then add the program to the exclusions list.