New in 2025.3: Reducing false positives with Machine Learning

False positives have long been a challenge in behavioral malware detection. Monitoring the processes on a computer for malicious intent can sometimes result in mistaking legitimate software—such as software updates or unsigned applications—for malware, leading to unnecessary alerts and interruptions.
To address this, Emsisoft has integrated a machine learning model into our behavior blocker (BB) to significantly reduce false positives while maintaining a 0% false negative rate. This ensures fewer false alarms without compromising security.

Unlike traditional signature-based detection, behavioral malware detection monitors system activity in real time, identifying threats based on how they act rather than how they look. This approach is highly effective at catching new and evolving malware, but it also comes with challenges. Some legitimate software, particularly those that modify system files during installation or updates, can appear suspicious to behavior blockers. To avoid missing real threats, security software often errs on the side of caution, flagging these programs as potential risks.

Over time, we have introduced multiple layers to continually improve the effectiveness of our behavior blocker. Now, with the addition of machine learning, we’re taking false-positive reduction to the next level.

With this enhancement, Emsisoft users will experience:

• Fewer false positives on software updates – Programs that modify files, such as game launchers and drivers, are less likely to be mistakenly flagged.
• More precise malware detection – AI-powered analysis enhances the distinction between benign and malicious behavior.
• Efficient performance – The model is optimized for minimal resource usage, ensuring protection without slowing down your system.

This machine learning model serves as an intelligent filter within our behavior blocker, complementing existing false-positive reduction layers. By combining AI-driven insights with Emsisoft’s proven security technologies, we’re delivering smarter, more precise malware protection.

Device protection (desktop)

• Machine learning model for reduced false-positives
• Several minor tweaks and fixes.

Management console (web app)

• Several minor tweaks and fixes.

How to obtain the new version

So long as you have auto-updates enabled, you will receive the latest version automatically during your regularly scheduled updates.

Note to Enterprise users: If you have chosen to receive “Delayed” updates, client systems will receive the new version no earlier than 30 days after the regular “Stable” availability.

Have a great and well-protected day!