The false positive is an incorrect detection of a clean file or a website as infected or a behavior as malicious by Kaspersky applications. In case of false positive, a file may be deleted, a process can be terminated, and some software actions may be blocked. In a critical infrastructure, this may lead to undesirable consequences.

Protection against malicious software is a complex task which involves a combination of technologies based on classification and object behavior for determining a malicious code or activity.

Because of the large number of malicious software, not only selective "point” methods are used (for example, comparing of hash sums) but also heuristic ones, as well as similarity technologies, machine learning methods, and other. Consequently, it is not possible to guarantee the complete absence of misclassification and false positives, however, the risks of their occurrence may be significantly reduced.

Kaspersky constantly improves the methods and technologies of malware detection. Each update of our antivirus databases and protection technologies is tested on vast collections of legitimate (clean) files and activity patterns. Our legitimate software databases contain data on more than 6 milliard objects. We apply the technologies of object popularity calculation, file and digital signature reputation, machine learning methods and other. Our Threat Protection efficiency against false detections is regularly confirmed by independent research.

However, the probability of false positives cannot be completely eliminated, that is why we recommend you to follow several rules that will reduce the risks for your company.

To reduce the risks of Kaspersky solutions false detections in a critical infrastructure, use the following recommendations:

• Send files via Allowlist program for guaranteed inclusion them to the legitimate software database before using them in your infrastructure. Participation in the program is free.
• Sign proprietary (private) software with digital signature for minimizing false positives on new versions in the future.
• Use Kaspersky Security Network or Kaspersky Private Security Network in Kaspersky applications.
• In advance, test the operation of a new software and latest versions of the software, which is already used in your infrastructure, with Kaspersky applications on a limited number of devices before its deployment on the whole infrastructure.
• Use an exception mechanism in Kaspersky applications for incompatible versions of software.
• Contact technical support in case of false positives or if you detect incompatibility of the software used with Kaspersky applications. To do so, create a request in CompanyAccount and provide all the information required to resolve the issue.
  • Description of the issue
  • Example of a software causing the problem
  • Trace files collected at the time of incorrect behavior of a Kaspersky application regarding the software used in the infrastructure.