Threat Description

False Positive


Aliases: False alarm
Category: Malware
Type: Other
Platform: W32


A legitimate file was inadvertently detected as 'infected', 'malicious' or 'suspicious' (also known as a False Positive or a False Alarm).


False Positive Fix

In most cases, a False Positive issue is fixed in a subsequent database update; updating your F-Secure security program to use the latest database is enough to resolve the issue. Details of the update containing fixes for the latest known False Positives are listed below.

Instructions on how to check if your F-Secure security program is using the latest database update are available in Community: How do I know that I have the latest updates?


If you are certain that the file detected is a legitimate application file, you may alternatively choose to exclude it from future scans by the F-Secure security product.


Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.

Technical Details

False Positives sometimes occur if a program contains code or behavioral routines sufficiently similar to known malware to be deemed a security risk, particularly if the program uses file compression or protection utilities known to be associated with malware, or is spread through a site or distribution mechanism known to be associated with malware.

Latest False Positive Notices
  • Trojan.script.622895: This detection unintentionally triggered on script files used during login to the Finnish news site Kaleva ( This issue was resolved with the 2015-01-24_02 database update released at 0913hrs UTC on 24th January 2015.
  • Exploit:JS/HuanJuanEK.A: This exploit detection unintentionally triggered on content downloaded from websites and scanned by the Web Traffic Scanning (WTS) feature. This issue was resolved with the 2015-01-01_01 database update released at 2227hrs UTC on 31st December 2014.
  • Win95.cih.299: This file signature was unintentionally triggered during download of the 2014-07-18_06 database update. This issue was resolved with the 2014-07-19_02 database update released at 1550hrs UTC on 19th July 2014.
  • Trojan:W32/Febipos: This detection, which was released only to Beta program users at 0409hrs UTC on 8th July 2014, unintentionally triggered on a number of legitimate files. The detection was removed and this issue was resolved with the 2014-07-08_03 database update released to Beta program users at 0809hrs UTC of the same day.
  • Trojan:js/kilim.o: First released in database update 2014-02-13_03 on 1841hrs UTC on 13th February 2014, this detection unintentionally triggered on a number of legitimate files. This detection was removed in the following database update; it was subsequently modified and the issue resolved with the 2014-02-13_05 database update, released 2137hrs UTC on the same day.


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More