[SOLVED] How to determine if something is a false positive in a scan?

Gregg Bell · 11-14-2019, 02:20 PM

On my VirusTotal scans of files I keep running into one scanner finding something. I want to get this writing software yWriter http://www.spacejock.com/yWriter6.htmland I've run the Linux zip file, the .exe file from the Linux zip file and the Windows .exe and VT has returned these three things respectively:

Suspicious.low.ml.score
Malicious.high.ml.score
W32.HfsIemusi.

I read somewhere to drop the .exe file onto hybridanalysis.com but is it safe? https://www.hybrid-analysis.com/

A lot of writers use yWriter6, should I just ignore all the warnings?

And what's the best way to determine if something is a false positive or malware?

Thanks.

frankbell · 11-14-2019, 07:36 PM

You could try submitting them to another scanner for comparison, such as Symantic or Trendmicro:

https://www.symantec.com/security-ce...-virus-samples

https://success.trendmicro.com/solut...g-threat-query

Gregg Bell · 11-14-2019, 09:03 PM

Quote:

Originally Posted by frankbell

You could try submitting them to another scanner for comparison, such as Symantic or Trendmicro:

https://www.symantec.com/security-ce...-virus-samples

https://success.trendmicro.com/solut...g-threat-query

Thanks a lot, Frank. I bookmarked the sites. (The Trend Micro looks a little more user friendly.) Good to know about these places. Thanks for passing them along.

frankbell · 11-14-2019, 09:18 PM

You are most welcome.