False Positives
-
This is a very short guide to some forms of false positives you may see in the file sharing scene
Introductions:
There are several types of false positives you may see in the wild when downloading files.
first and foremost, I would recommend that you:Refrain from accusing people of spreading malware unless it is confirmed via testing.
This entire website is based on reputation, and accusing someone of spreading malware falsely could mean halting their progress of sharing files, and it alienates people from uploading in the first place.
False Positives can be caused by a host of things, one of the most common things that causes false positives as far as I have found are as follows:
- Nested Archives:
If a archive (zip, rar, rar5, or 7z) contains more archives, It seems to be apt to triggering a false positive in quite a few programs, I am unsure why this is but this is how I was banned previously from vrmodels without ability to appeal my ban.
- Aggressive Filter Settings:
Certain Browsers will have built in protection settings to stop tech illiterate users from downloading pretty much all files or quite a few files, Edge is one such browser that does this as Windows Defender and Smart-Screen Filter are built into it's functionality, making it quite aggressive at preventing you from "downloading malware."
- Poor Quality Anti-viruses':
Several antiviruses are quite stupid to say the least, a dumb antivirus that approaches everything like it's a threat is not the best, and quite a few antiviruses subscribe to the "protection by prevention" sort of mentality and will just prevent downloading completely benign files.
- "This File isn't commonly Downloaded":
Yet another file download Prevention, but a bit more rare, some browsers based on settings will give a "this file isn't commonly downloaded" error and prevent downloading newly uploaded files, this is most common in chromium browsers as far as i could tell.
- MD5 Hash Look-A-Likes:
Quite a few rather bad antiviruses don't scan behavior of files, rather they look at the digital footprint of the file known as it's Hash, but this isn't very robust, it may be rare but two files that are completely different can have the same or similar enough hashes to trip certain antiviruses.
Can your antivirus detect malware anyway?
It may sound a little bit silly but actually it isn't quite as silly as it sounds, UnityPackages can't even be scanned properly, they are proprietary formats that aren't shared with antivirus developers, the only way you can actually scan a UnityPackage is to decompress it in unity and make it readable by your antivirus. at which point, you have already ran the malicious code.
(unless you're using FACS Safe Import to prevent loading on import) -
By the way, if anyone else knows of more things that can cause false positives, let me know and I can update this article, cheers!
