False detections by Kaspersky applications. What to do?
A false detection, or a false positive, is a case of incorrect detection of a clean file or website as infected. Due to a false detection, a file may be deleted, a process may be terminated, and some software actions may be blocked. In a critical infrastructure, this could have serious undesirable consequences.
Why are false detections possible?
At Kaspersky, we continuously improve application testing and strive to decrease the number of false positives. However, it is impossible to completely avoid such cases, as new threats arise every moment.
Kaspersky delivers fast reaction to the new threats by providing the users with hourly database updates (which include the signatures of threats). The alternative to this approach is longer reaction time. However, with the reaction time increased, the users may receive necessary updates when the new malware has already infiltrated their computers and inflicted damage. In this case, the trade-off between the protection reliability and the amount of false detections is necessary and we try to achieve the best compromise.
What to do?
If a Kaspersky application falsely blocks your website or application, follow these instructions.
If you suspect a false positive:
- Check a file or website using Kaspersky Threat Intelligence Portal.
- If you do not agree with the results of a hash, IP address, domain or web address scan, send the object for further analysis to Kaspersky specialists. To do so, click Submit to reanalyze on the page with the scan results.
If you experience any problems uploading the file, use a different browser or open Kaspersky Threat Intelligence Portal in incognito mode.
- Enter your email address so we can contact you and leave a comment if necessary. Click Submit.
