Threat Description

False Positive


Aliases:False alarm


A legitimate file was inadvertently detected as 'infected', 'malicious' or 'suspicious' (also known as a False Positive or a False Alarm).



If you are certain that the file detected is a legitimate application file, you may choose to exclude it from scanning.

Sample analysis

You may also send a sample of the suspect file to F-Secure Labs for further analysis via our Sample Analysis System (SAS), specifying that you are submitting a false positive. Any additional information such as the origin of the file, scanning report file, and false positive detection name will help to resolve the issue more quickly.

Technical Details

False positives sometimes occur if a program contains code or behavioral routines sufficiently similar to known malware to be deemed a security risk, particularly if the program uses file compression or protection utilities known to be associated with malware, or is spread through a site or distribution mechanism known to be associated with malware.

Latest False Positive Notices

  • Win95.cih.299: This file signature was unintentionally triggered during download of the 2014-07-18_06 database update. This issue was resolved with the 2014-07-19_02 database update released at 1550hrs UTC on 19th July 2014.
  • Trojan:W32/Febipos: This detection, which was released only to Beta program users at 0409hrs UTC on 8th July 2014, unintentionally triggered on a number of legitimate files. The detection was removed and this issue was resolved with the 2014-07-08_03 database update released to Beta program users at 0809hrs UTC of the same day.
  • Trojan:js/kilim.o: First released in database update 2014-02-13_03 on 1841hrs UTC on 13th February 2014, this detection unintentionally triggered on a number of legitimate files. This detection was removed in the following database update; it was subsequently modified and the issue resolved with the 2014-02-13_05 database update, released 2137hrs UTC on the same day.
  • Gen:variant.barys.835: This generic signature unintentionally triggered on a recently released computer game. This issue was resolved with the 2014-01-15_01 database update released at 0250hrs UTC on 15th January 2014.


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More