January 15, 2021

Is antivirus cross-check a valid way to determine false-positive detection?

Hi guys,

​

I’ve bought a KVM-like cable that allows you to use two PCs with one mouse/keyboard when you connect the two PCs with the cable. This cable has embedded software inside to do all these tricks but unfortunately, Avira Antivirus that I use detected it as a Trojan.

However I’m not sure if this result is plausible so I’d like to try cross-checking various antivirus software like Windows Defender, Kaspersky Free version, Avast, etc.

In case other AVs don’t detect this as malware, would it be safe to conclude Avira’s detection was false alarm?

Comments

ShameNap

Look it up by hash on virustotal.com. You can get about 70 av product results there.

Look at 2 things, the number of vendors who flag it bad, and how long since the file was first submitted. If convictions are less than 10 and the file is older than a year since first submission, then it is probably pretty safe.

The number of convictions change over time, so things that have only been looked at for a couple days or weeks could still have a low conviction count, but could still end up being malware later on.

You can also take into account which AV vendors are convicting it (some flag everything, where as defender is pretty conservative). And the also the signature name can tell you something. Like win32.generic is meaningless, as well as Artemis.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.