Dealing with False Positive Detections

A false positive occurs when True Protection identifies a legitimate file or program as a threat. While our detection engine is highly accurate, occasional false positives can occur with newly released software or uncommon applications.

How to Identify a False Positive

Consider the following before restoring a detected item:

Is the file from a known and trusted publisher?
Did you intentionally download or install this file?
Does the file serve a clear and legitimate purpose on your system?
Is the detection name generic (such as "Suspicious" or "PUP") rather than a specific malware name?

Restoring a False Positive from Quarantine

Step 1: Navigate to Tools > Quarantine.
Step 2: Find the file in the quarantine list.
Step 3: Click on the file and select Restore and Add to Exclusions. This returns the file to its original location and prevents future false detections.

Reporting False Positives

Help us improve detection accuracy by reporting false positives:

Step 1: Right-click the detected item in the quarantine or scan results.
Step 2: Select Report as False Positive.
Step 3: Provide any additional context about the file.
Step 4: Submit the report. Our threat research team reviews submissions and updates definitions to prevent recurring false detections.

You can also email false positive reports to [email protected] with the file hash and detection name.