Reporting false positive and false negative file convictions
Last Updated September 25, 2018
A false positive occurs when Symantec Advanced Threat Protection (ATP) incorrectly identifies that a file is infected. The criteria that Symantec products use to identify malicious code are constantly updated and revised in response to the newest emerging threats. In some cases, however, legitimate files have been mistakenly classified as a threat. Symantec definitions are continually refined and corrected to identify only malicious code.
Symantec recommends that you treat all files that a Symantec product identifies as being infected as malicious until Symantec Security Response verifies it's a false detection. If you believe that a legitimate file was identified in error, report the suspected false positive file conviction to Symantec at the following URL: