How to reduce the risk of false detections of the protection solution in a critical infrastructure
Threat Protection efficiency of Kaspersky solutions is confirmed by independent research. To ensure reliable protection, we use a variety of technologies which provide both a high level of threat detection and minimum of false alarms.
In the article, you will learn what a false detection (or a false positive) is, and how to decrease the risks of false alarms and possible damage they may cause. The recommendations are applicable both for companies with and without a critical infrastructure.
What is a false positive?
A false positive is an incorrect detection of a clean file or a website as infected or a behavior as malicious by Kaspersky applications.
In case of a false positive, a file may be deleted, a process can be terminated, and some software actions may be blocked. In a critical infrastructure, this may lead to undesirable consequences.
Why do false positives happen?
Protection against malicious software is a complex task which involves a combination of technologies based on classification and object behavior for determining a malicious code or activity.
Kaspersky constantly improves the methods and technologies of malware detection. Each update of anti-virus databases and protection technologies is tested on vast collections of legitimate (clean) files and activity patterns. Our legitimate software databases contain data on more than 6 billion objects. We apply the technologies of object popularity calculation, file and digital signature reputation, machine learning methods and other.
Our Threat Protection efficiency against false detections is regularly confirmed by independent research. However, the probability of false positives cannot be completely eliminated, that is why we recommend you to follow several rules that will reduce the risks for your company.
How to avoid false positives and connected undesirable consequences
To reduce the risks of false detections by Kaspersky applications in a critical infrastructure:
- Send files to the Allowlist program before using them in your infrastructure. In this case, these files will be added to the legitimate software database. Participation in the program is free.
- Sign proprietary (private) software with digital signature to minimize false positives on new versions.
- Use Kaspersky Security Network or Kaspersky Private Security Network in Kaspersky applications.
- Test the operation of new software and its latest versions first on a limited number of devices that are already used in the infrastructure with Kaspersky applications. Only then deploy the software on the whole infrastructure.
- Use an exception mechanism in Kaspersky applications for incompatible versions of software.
- Perform diagnostics and use these recommendations if Kaspersky Endpoint Security for Windows affects the operation of third-party software.
If you think that the detection is false, follow the instructions.