Malware (which is an abbreviation of “malicious software”) is a term generally used by computer professionals to refer to a variety of forms of hostile, intrusive, and/or annoying software or program code. Malware may have the form of code, scripts, active content, and/or other form that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and/or perform other abusive behavior. Malware includes various harmful program types, including computer viruses, worms, Trojan horses, spyware, dishonest adware, scareware, crimeware, most rootkits, etc. A computer that has malware present in storage of the computer may be referred to as an infected computer. When malware is loaded and executed by a computer, the malware are enabled to perform its harmful features.
Computer programs have been developed to prevent, detect, and remove malware from infected computers. Such computer programs may be referred to as anti-virus software or “antimalware.” A variety of strategies may be used by antimalware to detect malware on a computer. For instance, signature-based detection may be performed. Signature-based detection involves searching for known patterns of data/code of malware within executable code in storage of the computer.
Antimalware products or tools mistakenly classify a small percentage of non-malicious content as malware. A case where non-malicious content is misclassified as malware may be referred to as a false positive (FP) or false determination. Because most antimalware products are configured to automatically block or remove detected malware, such cases of misclassification can result in significant inconvenience or even irreparable harm for users, including reduced or disabled functionality of their computing devices and/or loss or corruption of data. Such issues can be difficult or even impossible to recover from, and are very difficult to even determine their root cause (i.e., that they were caused by antimalware). As such, it is desired to minimize the impact of false positive determinations of malware.