Handling False Positives More Efficiently?

Hello all,

I have been trying BitDefender Antivirus 2012 Plus for a couple of days now.

I don't like the way it handles false positives, since when it detects a threat, takes action immediately. You cannot confirm nor undo this action. Only can choose which action will it be (delete, quarantine, deny access).

What I currently do is:

1. BD detects threat (on something I know is false positive) and locks the file (I set it to "deny access")

2. I check which file was locked, and add it to the Exceptions list.

3. Then I can use the file again.

Sounds easy, but its a lot of clicking around to do *everytime* it picks something that is clean.

I am even coinsidering changing to another AV for this.

Any suggestions? any features in BD that I am missing?

Thanks

Find more posts tagged with

Comments

columbo

Hi dodsferd

My thought would be to hang in there through this initial "set up" of your files being scanned, as Bitdefender is good as far as False Positives, the best, no, but some of the AVs that are lower as far as detecting False Positives, can also have a higher incidence of missed malware samples (AV-Comparatives.org). Try it for a couple of more days, to get a better idea if it is, or is not for you, and if that concern is truly is a deal breaker for you.

dodsferd

Hi dodsferd

My thought would be to hang in there through this initial "set up" of your files being scanned, as Bitdefender is good as far as False Positives, the best, no, but some of the AVs that are lower as far as detecting False Positives, can also have a higher incidence of missed malware samples (AV-Comparatives.org). Try it for a couple of more days, to get a better idea if it is, or is not for you, and if that concern is truly is a deal breaker for you.

thanks for your reply!

I don't this will do it, because I work doing software development and QA, so I receive poorly-written .exe's and .dll's all the time (and they get flagged as dangerous)

If I only had an undo/exclude button right on the "virus removed" notification, would be great...

columbo

Your welcome

Thanks for that info. as I was wondering how many, and why so many false positives, makes sense now.

Someone else here may have an idea, but not that I know of. Your right, that would be a handy option for taking care of a file like that.

columbo

Just a follow up thought dodsferd, you could create a folder that those files go into, set your On-access scanning during those times of file download/review to Permissive (see if you get less F.P.), and then exclude that folder that you may store them in as an Exclusion to a scan. (re-setting your On access back to normal when done)

rootkit

Hello

We treat False Positives with higher priority.

You can always report them on the forums and I will send your request to our labs.

You will receive an answer ASAP and the detection will removed in most of the times in the next update.

http://forum.bitdefender.com/index.php?showforum=138

Thank you.