My AV solution is identifying a Kaseya file as a virus

Your AV solution, be it KES/KAV modules in Kaseya, or a 3rd party tool is flagging a Kaseya file as a virus

Kaseya does not ship viruses to its customers. Our installers and software is scanned for viruses before publication.

There is of course the possibility that a computer does have a virus, and that the virus has infected the file once it has been downloaded.
However, the most common issue is that the AV is falsely identifying a virus in a file where there is not one - this is called a "False positive".

All AV vendors try their best to avoid this situation, but it can happen - a harmless and genuine file can contain data that looks just enough like the same piece of data that the AV vendor has found in a virus - this causes the AV software to incorrectly flag the genuine file as a virus.

Kaseya does not have any control over this - if an AV tool detects a genuine and harmless file as a virus, the AV vendor should be immediately informed, so that they can update their definitions to avoid problems.

To be sure that this is genuinely a false positive, you should scan the file with another AV tool and see what the results are.

A useful tool for this is "Virus Total", you can upload the suspect file to this site and they will scan the file against all the top AV tools and give you the results.
If many of the AV tools identify a virus in the file, then there is of course the possibility that the file DOES have a virus, in which case you should take the appropriate action, but if the file is only flagged as infected by one or two of the vendors (some vendors share definitions, so a bad denfintion in one AV solution can be shared by another), then it is most likely a false positive, and you should report this to the AV vendor.

Wikipedia - False positives:

Virus Total - Online Virus Scanner:

AVG False Positive reporting page:

Kaspersky False Positive reporting page:

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Article is closed for comments.