How to spot and stop false positives in your PC’s security


Wayne Williams

24 May, 2018

No matter how well-intentioned, security software can be a pain when it comes to blocking downloads and access to software, especially if you know for sure that what you’re trying to use is completely safe.

Even the best security tools can get this wrong from time to time, leaving users wondering whether it was worth installing the software in the first place.

Fortunately, there are steps you can take to rein in over-zealous security suites, or at least prove them wrong.

Get a second opinion about a threat

Sometimes Avast, Kaspersky, Malwarebytes and other security software flags a program as being infected, when it’s actually perfectly clean – an error known as a false-positive. If you’re in any doubt – perhaps you read about the download in a reputable internet magazine – you should seek a second opinion from VirusTotal instead.

This powerful, online service (which is owned by Google) lets you upload a suspicious file, or copy and paste the potentially malicious URL, to check for threats using more than 60 popular antivirus scanners and URL-blacklisting services. If the item comes back clean, or is only flagged by a couple of engines, then it’s safe to install.

If uploading a suspicious file sounds like too much hassle, the free program Winja provides an easy-to-use front end for VirusTotal that lets you use it like any standard antivirus scanner.

Run software blocked by Windows

Windows Defender SmartScreen springs into life when you try to install an unknown piece of software from an unrecognised source, and sometimes challenges programs from smaller, lesser-known developers. The error message in Windows 10 informs you that “Windows Defender SmartScreen prevented an unrecognised app from starting. Running this app might put your PC at risk.”

It then provides a ‘Don’t run’ button for you to click, with seemingly no way around this block. If, however, you’re completely sure the program in question is safe, you can force Windows to run it. Click the ‘More info’ link under the error message, and a ‘Run anyway’ button will appear. Click this, and Windows will install or run the software without any further warnings.

You can also grant a program permission to open before you run it. Right-click the EXE file and select Properties. At the bottom you’ll see a section relating to Security. Tick the Unblock box, then Apply and OK that window. You will now to be able to run your program.

If you find that SmartScreen regularly blocks programs you want to install, you can disable the feature altogether. Type ‘Windows Defender’ into the search box and launch the Windows Defender Security Centre.

Click ‘App and browser control’ and under ‘Check apps and files’ change the setting from ‘Warn’ to ‘Off’. This page also lets you disable SmartScreen in Microsoft Edge.

Find out what other users think

If a program you’ve already installed is causing problems with your security software – such as your firewall blocking its access to the internet – one of the best ways to check it for malware is using Should I Remove It. This handy free tool scans all your installed programs and provides you with a list that ranks them in order of how highly it recommends you uninstall them. Programs flagged red represent a potential security risk and should be removed immediately, while green ones are safe to keep.

You can visit the Should I Remove It website for a full explanation of what the program in question is, and how many other users have removed it. However, just because other people remove a piece of software, doesn’t mean it’s bad – they may simply have found a better alternative.

Tweak your security settings

If your antivirus software has gone as far as quarantining a program you’ve downloaded, it’s usually possible to unblock it but we don’t recommend doing so. If there’s even the smallest shred of doubt, you should leave the ‘infected’ file where it is and follow your security software provider’s official procedure for querying a potential false positive. That way, you’ll know that the file has been verified by experts before you run it.

If, on the other hand, a program you know to be safe is being blocked by your firewall, then it’s possible to unblock it. Instructions for doing so will depend on the firewall you’re using. In Windows Firewall, for example, click ‘Allow programs [or apps] to communicate through Windows Firewall’, then ‘Change settings’ and select the program you want to unblock.

Deselect bundled junk automatically

A lot of freeware programs come bundled with unwanted extras these days, which may – rightly or wrongly – trigger alerts in your security software. Provided you have your wits about you when installing a program, you can usually spot and reject these extras (choosing the ‘Custom’ install option rather than the ‘Recommended’ choice is always advisable), but an easier way is to use Unchecky.

This free tool runs in the background and monitors all installations, automatically rejecting and unticking any extras and offers that are nothing to do with the main program.

Stop Chrome blocking safe websites

Chrome automatically blocks websites that contain “dangerous and deceptive content” – typically malware, scripts, or phishing links. It usually does a good job of this but occasionally harmless sites get blocked by accident. When that happens, you can bypass the warning to access the content you want. To view a blocked website, click the Details link and select ‘Visit this unsafe site’. The page should then load.

Google will attempt to strip out any unsafe content, but if you want to see the entire site, click the Content Blocked icon at the right of the address bar, and select ‘Load full site’. To download an “unsafe” file using Google’s browser, click the menu button in the top right, open Downloads, locate the file you want and select ‘Recover malicious file’.

Finally, if you want to disable these alerts entirely, Go to More, Settings, click Advanced and under ‘Privacy and security’, toggle the ‘Protect you and your device from dangerous sites’ switch to off.

Report false positives

You can help anti-malware companies reduce the number of false positives their software flags up by reporting files erroneously identified as threats. Most security software developers will provide a way for you to submit files, so they can avoid misidentifying them as malware in future.

Sophos, for example, has a form you can access here. Avast (which also owns AVG) lets you report a suspected false positive here, while Symantec’s form can be found here.

Image: Shutterstock