Black Friday sale is here! Enjoy 20% OFF Emsisoft Enterprise Security. Offer ends on Dec 17, 2023.

False positives: Why did Emsisoft detect this program file as malicious?

  • October 26, 2023
  • 2 min read

False Positives

Programs are either known as good, bad or the status is not yet known.
Bad and unknown programs are flagged by Emsisoft.

Often Games and smaller Apps are flagged as dangerous that are actually not dangerous. These are mostly Apps that are not digitally signed.

Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. The process employs the use of a cryptographic hash to validate authenticity and integrity.

Since Malware is also not digitally signed and since we focus on security, such apps will be flagged. In a perfect world, all legitimate Software would be digitally signed.

So if a program is flagged as dangerous, it is best to let it be quarantined and then send it to our lab for analysis directly from the Quarantine:

  1. Open the local Emsisoft app
  2. Click on: Quarantine in the blue tab: Scan & Clean

  3. Highlight the file

  4. Then click on: False Detection. Please include your accurate email address so we can reply. Please make sure to also fill out the info about the alert and the program.

  5. Then please click the: Send button

That will send it to our lab for analysis. We can then whitelist it if legitimate and inform you, so that you can then restore the file: by clicking on the file in the Quarantine and by clicking “Restore”.

You can also submit the file causing the detection via email to our lab: [email protected] so we can analyze and correct the false detection.

If the file is too large to send, please upload it to Virustotal and send us the web address of the scan result via email to [email protected] or send us the file via

Files that were tested by us and are not digitally signed need to be added to Exclusions, otherwise every time your program is updated, it will be flagged again and it needs to be added to the Whitelist again. Therefore it has to be added to the Monitoring Exclusions.

If you are CERTAIN that the program is OK, you can add it directly to the Exclusions.

If you still have difficulties, please contact us by email at [email protected]

No votes yet.
Please wait...

Similar topics