False positives: Why did Emsisoft quarantine a safe program?
Why did Emsisoft quarantine a safe program?
Overview:
Sometimes, applications as games, small customized apps or even business software are erroneously flagged as dangerous, even though they are safe to use. This may happen when an application is not digitally signed.
In a perfect world, all legitimate software would be digitally signed. Code signing is the process of digitally signing executables and scripts to confirm the software author and to guarantee that the code has not been altered or corrupted from the moment of his publication.
Malware is known for not being digitally signed. For this reason, unsigned apps will be flagged by Emsisoft Anti-Malware as a precaution, giving you the choice to allow them into your system or block them.
How do deal with quarantined program:
If a program is flagged as dangerous and you are not sure if it is safe to use or not, it is best to leave it in the Quarantine.
Emsisoft gives you the possibility to share the info of this software to our lab for analysis directly, comfortably from the Quarantine panel. Here’s how:
- Open the local Emsisoft app on the computer.
- Click on: Quarantine in the blue tab: Scan & Clean
- Highlight the file
- Then click on: False Detection. Please include your accurate email address so we can reply. Please make sure to also fill out the info about the alert and the program.
- Then please click the: Send button
Once our lab receives the files information, we can analyze how safe that software is.
If it is safe, we will then whitelist. We will reply to you, so that you can then restore the file by clicking on the file in the Quarantine and by clicking: Restore.
You can also submit the file causing the detection via email to our lab: [email protected] so we can analyze and correct the suspected false detection.
If the file is too large to send, please upload it to Virustotal and send us the web address of the scan result via email to [email protected] or send us the file via wetransfer.com to [email protected]
Files that were tested by us and are not digitally signed need to be added to Monitoring Exclusions, otherwise it will be flagged again each time it is updated without the necessary certificate.
If you are CERTAIN that the program is OK, you can add it directly to the Monitoring Exclusions.