Antimalware vendors write signatures so that their corresponding products can detect and take action on malicious files. Every once in a while, a signature also detects a clean file – a file that doesn’t do anything malicious at all. The antimalware industry calls this a “false positive”, also referred to as an “incorrect detection”. It’s not pretty when an application or program is flagged as a false positive – users can’t run the program, customer support for that program gets deluged with calls, and the detecting antimalware/s gets a reputation hit. We, like other antimalware vendors, continuously try and make an effort to minimize the chances of us, partners, and our customers getting a false positive both as a software development company, and as a provider of antimalware solutions.
As part of this effort, we have been working closely with our partner VirusTotal - a well-known, reputable and industry-vetted online security portal where antimalware and security industry researchers, law enforcement organizations and customers can submit files and check for the presence of malicious code.
The result of this collaboration is something really exciting: VirusTotal has announced and released a new feature, called “Trusted source”. This feature communicates to the user with utmost confidence that a file can be trusted if it falls under a “Trusted source” criteria. And the first “Trusted source” feeding into this effort, we’re proud to say, is Microsoft via our Microsoft Clean-File MetaData. Now, if a user uploads a file to VirusTotal, and VirusTotal sees that the file metadata is part of Microsoft Clean-File Metadata, then VirusTotal returns this:
This can also be seen in the Additional Information tab as well:
This feature is now live for everyone to use.
The other use of this feature is that any time an antimalware solution detects a file marked as coming from a trusted source, such as Microsoft, VirusTotal informs the antimalware provider, shortening the time frame for the antimalware provider to address the problem.
With that said, we see that this feature is and will be of huge value to the industry, as well as to Microsoft customers, and there will be further improvements on this effort that can be expected as a result of our continuous collaboration with VirusTotal and the industry. We encourage other software development companies to participate in VirusTotal’s initiative.