Skip to main content

Handling False Positives

If a customer reports a false positive (through Zendesk, or by contacting the Support team at support@reversinglabs.com), the first thing we do is re-scan the sample to make sure that the results are up-to-date.

If the results are still malicious, our Threat Analysis team will:

  1. Conduct our own research of the software and the vendor

  2. Contact the AV scanners and notify them of the issue

  3. Change the classification in our system (we do not wait for AVs to correct the issue)


If the file is confirmed to be a false positive, we begin by analyzing why the incorrect classification occurred.

Then we try to correct the result by making adjustments related to file relationships, certificates, AV product detection velocity (e.g. are detections being added or removed), we will re-scan and reanalyze samples, adjust/add sources and, if necessary, manually investigate the file.

If these efforts do not yield a correct result, we have the ability to manually override the classification — but we only do so after thorough analysis confirms the file is benign.