... back to the original entry ...
... leave a comment feel free to write English comment in the Polish-comment section ...

AV: false-positives

False positives, delivered by the antivirus software aren't such a huge problem. It's better to be informed about the potential malware, than to have an infected system without any warning. The problem starts when AV treats critical system files as suspicious stuff, which often leads to the OS destabilisation.

The pretty nice example could be the patch number 5418, provided by NOD32 a few days ago or McAfee update, which placed svchost.exe into the quarantine. Let's try to face the problem and think a bit, how to avoid false-positives, which could interfere with OS.

One buggy update is able to destabilize all computers in the whole company. The easiest solution seems to be installing a few, different AV software in our company. When one kind of AV software fails, we will still remain with the rest of functional PCs. However this is not a great idea. A lot of documentation, a lot of negotiation of AVs' contracts and tons of license agreements.

Much more sensible idea is to delay AVs' updates. We choose the least strategic computers and allow them to immediate update. When we notice the unstable behaviour on them, we could forbid updates on the rest of PCs and wait for stable versions of AVs' patches.