Howto handle W32.Malware.Gen due to "unusual compression method"

  • 13 November 2013
  • 1 reply

Userlevel 2
Badge +3
Hi Expert,
we have several FalsePositive due to the fact that softwarevendors using "unusual comression methods" also used by many Malware. So most of our reported infections as W32.Malware.Gen are FP.
That sucks.
Sure we can try to ask the vendor not to use these methods but we are not willing to do that for every software vendor our employees uses software from.
Sure we can report that as FP due to the webroot Support - but this is not implemented in the Console (I have to manual c&p).
Sure we can do an override (but thats not what is suggested from webroot to do)
so how do you handle your W32.Malware.Gen FP?

1 reply

Userlevel 5
Hello newmy,
I can't remember having ever seen these, so from my perspective it's not a common thing.
How many are we talking about?
If I encounter false positives, I generally report them with Webroot through the Copy&Paste method. Generally support is quick to respond to them.