Where to report/submit false positives of antivirus software
As a software developer, do you know which feature of your software your users appreciate the most?
We developed SofMeter, the free in-app analytics tool, to answer questions like that.
With SoftMeter you will see how the users are using your software, discover which features are used the most or least, and understand where you should focus your development efforts to maximize your sales.
As a desktop software developer, you might find that one of the many antivirus software flags your perfectly clean software as suspicious.
This can happen for a variety of reasons, including:
- Your software is not code-signed.
- Your software is not very popular so the antivirus engines do not have enough knowledge about it.
- New scan engines that scan the files using artificial intelligence (AI) find resemblance of your software with known computer threats.
- Your software is a small command-line utility, developed in low-level languages, e.g. C/C++.
Usually, you get an email from a user saying that their AV software caught your program as suspicious and blocked it or discourages the user from running it.
Should this happen,
- Scan your computer and the file with as many antivirus engines as you can, including the one mentioned by your user.
- If indeed the file is clean, submit your false-positive* sample to the antivirus software that reported it as a virus.
*False positive: a test result which wrongly (falsely) indicates (positive) that a particular condition (virus body) was detected.
Below we started a list of the URLs where you can submit your software for further analysis. After the analysis is complete the antivirus software makers update their engines.
360 Total Security
If you think the file intercepted by 360 Total Security is not a Trojan horse or virus files, please send it to us for analysis
Submit via a form.
Report a suspected false positive. (Requires login)
Report a suspected false positive.
Report a suspected false positive.
Submit a sample file or URL.
Sometimes the Check Point Spyware Scanner inappropriately detects an application as Spyware. If you have come across what seems to be identified as malicious Spyware, but in fact it is not, you can report such detection to the Check Point Security Team. Report a false positive (by email).
You have a suspicious file, suspicious website, potential false positive or potential miscategorization by Parental Control (or Web control)that you would like to submit to ESET for analysis.
Think a file is harmful? Or that a file or website was incorrectly detected or rated? Submit it for analysis.
Is Malwarebytes incorrectly flagging a program or website? Report it in the Malwarebytes forum.
Report your false-positive to Microsoft.
You can upload your software to VirusTotal to be scanned by 70+ antivirus engines. If one or more of the engines detect your software as a false-positive threat, you can find here the details of each engine and contact them with your false-positive sample. List of virus scan engines.
Virus total has also launched a special tool for developers and antivirus vendors, the VirusTotal Monitor. VirusTotal Monitor is a service to mitigate false positives.
You need to create an account on VirusTotal and then request a free period for the VirusTotal Monitor. Pricing for this service is not disclosed.
Report false positive files if you think that a detection made by one of the cloud engines of the Universal AV scanner is not actually a virus or malware. Report False Positive.