[MarekKnapek]

At my previous job we released updates to our Windows desktop application about 3-4 times per year. We had about 20'000 customers (but many of them not installing updates). We checked final build of our product on Virus Total before release and e-mail the various anti virus companies about the false positives. Thankfully, I wasn't the guy doing this work.

[pilif]

Unfortunately that doesn’t really help. We update an application about once a year but we get false positive alerts even months after AV programs have previously not complained about a binary.

What’s worse is that not all AV vendors on Virus Total have an easy way to submit a false positive report and of those that do, the majority believes getting a false positive report to be an opt-in into their marketing mailing lists.

I absolutely hate my about quarterly task of going from a name of an AV engine on Virus Total who suddenly decided that our binary which hasn’t changed on months must be infected to finding the actual submit-a-false-positive page to then writing the report and then unsubscribing from their mailing list I inevitably end up on

[account42]

How is what these virus companies are doing not defamation? Are there any legal options you have when this happens to you?

And VirusTotal bears a large responsibility for this too - not only do they not make it easy to find contacts for the various anti virus engines as you have pointed out (while disavowing themselves of any responsibility), they will highlight a "Generic" AI bullshit detection from some random company in the same way as verified malware.