False positives occur when a pattern of code in the file matches the same pattern contained in a virus signature. This can occur due to a faulty signature or it can occur after improper disinfection by the same or different antivirus scanner.
False positives can be more than just annoying. Repeated warnings that are erroneous cause the same effect as the boy who cried wolf. If too many false positives occur, when a legitimate warning is presented, users may disregard it. In other cases, a false positive can cause legitimate files to be deleted, causing the operating system or program to no longer function properly.
If your antivirus scanner says a file is clean that you believe is actually infected, here are six steps to determine if a virus alert is legitimate.
Some users claim that behavior blocking results in too many false positives. In fact, the very nature of behavioral analysis is to prevent any unauthorized modifications to key system areas. In the case of behavior blocking, the prompting for user input is a desireable occurance and should not be categorized as a false positive.
