Symantec United States
global sites
service and support
security updates
about symantec

©1995-2014 Symantec Corporation.
All rights reserved.

Legal Notices
Privacy Policy

security updates

What is a false positive?

Last Updated on: February 16, 2006 03:53:16 PM ZE9

A false positive, also known as a false detection or false alarm, occurs when an antivirus program detects a known virus string in an uninfected file. The file, while not infected with an actual virus, does contain a string of characters that matches a string from an actual virus.

A false positive can also occur when a program performs an action, which appears to the antivirus program to be a virus-like activity.

Norton AntiVirus and Symantec AntiVirus Corporate Edition use Bloodhound heuristics to detect virus-like activity.

Examples of such activity can include, but are not limited to, writing to the master boot record of the hard disk, making changes to a system file, or running a custom macro in a program such as Microsoft Word.

False detections, once confirmed, are usually corrected as soon as possible

Write-up by: Randy Rejda