This application relates to malware protection programs.
Because malware programs are becoming increasingly sophisticated and aggressive, malware protection programs are forced to become more aggressive in their identification and handling of malicious files. Thus, malware protection programs are continuously generating new methods of identifying and remediating malicious files. Some of the more recent methods include behavioral detection, automatic signature creation, heuristic detections, and black listing packets. These detection methods and other commonly used methods are used to anticipate new, undetected malware that exhibit characteristics associated with known malware.
As malware protection programs become more aggressive in their methods of detection, there is an increasing risk of false positive identifications. A false positive identification occurs when a file is incorrectly identified as a malicious file. A problem with false positive identifications is that malware programs unknowingly remediate files that were false identified in the same manner as known malware, including the quarantining or deleting of the malicious file. These remediation techniques can have significant impacts on users and businesses. In some instances, the impact of removing or disabling a file that was falsely identified renders critical software inoperable.