Shocking False Positives: How Leading Antivirus Programs Classify Legitimate Apps as Threats

In an ideal world, cybersecurity companies and app developers would work together to offer users the best security solutions. Unfortunately, a recent incident shows how difficult it can be when big names in cybersecurity seemingly fail to exercise the necessary care and professionalism.

At Protectstar, we had the unpleasant experience of some of our popular Android apps being mistakenly classified as malware. These incidents were frustrating and raised serious questions about the practices and quality of the companies operating under the Gen Digital umbrella.

Gen Digital: An Overview of the Cybersecurity Giant
Gen Digital, formerly known as NortonLifeLock and originally Symantec Corporation, is a leading company in cybersecurity. It offers comprehensive security solutions for individuals and businesses. With headquarters in Tempe, Arizona, USA, and Prague, Czech Republic, Gen Digital specializes in protecting data, privacy, and identities. Through a series of strategic acquisitions, the company has significantly expanded its portfolio and established itself as one of the largest security software providers worldwide.  

Key Acquisitions:

1.    Avira
    •    Acquisition completed: December 2020
    •    Purchase price: Approximately $360 million
    •    About Avira: Avira, a German-based antivirus software provider, is known for its reliable security solutions. Gen Digital's acquisition of Avira allowed it to expand its reach, particularly in the European market, and offer a broader portfolio of cybersecurity solutions.

2.    Avast
    •    Acquisition announced: August 2021
    •    Acquisition completed: September 2022
    •    Purchase price: The transaction, which involved a mix of cash and stock, was estimated to have a total value of around $8.6 billion.
    •    About Avast: Based in the Czech Republic, Avast is one of the most well-known providers of antivirus and security software globally. It offers a wide range of products, including antivirus solutions, VPN services, and system optimization tools. The merger with Avast significantly strengthened Gen Digital's market position and expanded its user base to over 500 million users worldwide.

3.    AVG Technologies
    •    Acquisition completed: July 2016 (acquired by Avast before Avast itself became part of Gen Digital)
    •    Purchase price: Approximately $1.3 billion
    •    About AVG: AVG Technologies, a pioneer in cybersecurity, offered similar products to Avast, including antivirus software and privacy solutions. The merger of AVG and Avast was a strategic step to consolidate both companies' resources and technology platforms to improve their security products.

4.    LifeLock
    •    Acquisition completed: November 2016 (under the former name Symantec, before it became Norton LifeLock)
    •    Purchase price: Around $2.3 billion
    •    About LifeLock: LifeLock is known for its identity theft monitoring and protection services. Gen Digital's acquisition of LifeLock allowed Gen Digital to create a more comprehensive security offering that includes device protection as well as personal identity protection.

The acquisitions of Avira, Avast, AVG, and LifeLock show Gen Digital's clear strategic focus: creating a comprehensive platform that offers device protection as well as identity and privacy protection. These acquisitions have provided Gen Digital with access to a larger user base and expanded the company's technological expertise and product portfolio.

The Incident: Protectstar Apps Identified as Malware
On August 11, 2024, the problems began: More and more users reported that our apps – Micro Guard, Firewall AI, and DNS Changer – were suddenly being identified as malware by several prominent antivirus programs.
The affected security solutions included well-known brands such as AVG, Avira, Avast, Norton360, Cynet, and WithSecure (formerly F-Secure Business). These antivirus programs are among the leading solutions in the market, trusted by hundreds of millions of users worldwide. Their false classification of our apps as threats led to a cascade of problems, as these false malware detections had immediate and far-reaching consequences for Protectstar:


1.    Negative Reviews: Users who trusted the antivirus programs left negative reviews for our apps in the Google Play Store.
2.    Increased Support Workload: Confused users contacted our support in large numbers, significantly damaging our resources.
3.    Uninstallations and Canceled Subscriptions: Users' fear of alleged security risks led them to uninstall our apps and possibly cancel their subscriptions.
4.    Misleading Customer Support: One user even reported that Norton360 support specifically recommended uninstalling our Firewall AI app immediately.

To clarify the situation, we immediately submitted reports of the false positives through the channels provided by VirusTotal and the respective antivirus providers.


However, the responses varied:
•    No Response from AVG, Avast, and Avira: These companies, all under the Gen Digital umbrella, seemed not to respond to our concerns. The lack of feedback and delayed resolution raised serious doubts about the quality and commitment of these providers.
•    Delayed and Unclear Responses from Norton: It took longer for Norton to find a solution due to issues with the originally provided contacts and portals. On August 13, 2024, we reported the false positives through a separate portal specifically for Norton. The response was greatly delayed, but after nine days, we finally received confirmation that the apps were clean. This contrasts sharply with the promised two business days for feedback, revealing significant shortcomings in the support process.
•    Quick Responses from WithSecure and Cynet: While WithSecure and Cynet acted promptly, the question remains as to why other Gen Digital companies did not demonstrate the same level of professionalism and efficiency.

Similar Experiences with Malwarebytes
Unfortunately, what we experienced with Gen Digital is not an isolated case. Over the years, we have repeatedly encountered similar issues with Malwarebytes. Despite repeated reports of false positives and ongoing communication, our apps were regularly misclassified as threats. Here, too, the response time to our reports was always unsatisfactory, and the support channels rarely offered a quick solution.
These recurring incidents make us question the effectiveness and professionalism of such security solutions, especially when legitimate software is mistakenly flagged as a threat.


The incident also raises some troubling questions:
1.    Was this a coincidence? That our apps were simultaneously identified as malware by several major antivirus brands, all owned by Gen Digital, suggests that this might not have been a coincidence. It raises the question of whether commercial interests were involved in discrediting competing products.

2.    Lack of Quality and Professionalism: The delayed and sometimes absent communication, as well as the long time it took to resolve the issue, cast a poor light on these companies' service quality. It is disappointing that support failed so badly in such essential matters as false positives.

3.    Lack of Support: The impression that there is no real support anymore and that the various brands within Gen Digital are unified is worrying. Unified support portals for AVG, Avast, and Norton indicate an overburdened infrastructure that may not be able to address specific issues effectively.

4.    No Feedback on Important Security Issues: Even with such a critical issue as false positives, timely feedback was lacking. The absence of feedback signals either disregard for the concerns of smaller developers or shows that internal processes are insufficient to efficiently handle security issues.

Some of our users reported that they were unaware that, for example, the antivirus solution they had used for years, originally from Germany or the Czech Republic, is now owned by a U.S. company.
With the acquisition of companies like Avira, Avast, AVG, and LifeLock, Gen Digital has expanded its user base to over 500 million users worldwide. These massive user numbers show how far-reaching Gen Digital's influence is and how important it is for the company to ensure high quality in security monitoring and customer support.


The largest shareholders of Gen Digital include:
    1.    Vanguard Fiduciary Trust Co.: Holds about 10.83% of the shares.
    2.    BlackRock Advisors LLC: Owns approximately 6.764% of the shares.

These two investment firms are well-known players in institutional investments and hold significant stakes in large publicly traded companies.

Call to Action: What Users Can Do
If users are affected by false positives, staying calm and not taking drastic measures immediately is important. Here are some recommendations:

1.    Check the Source of the Detection: To validate the detection, use multiple antivirus programs or online services like VirusTotal.
2.    Contact the App Developer: Before uninstalling an app that has been trusted for years, contact the app developer for further information. If necessary, the app can be placed in quarantine or observation (as in Antivirus AI).
3.    Report False Positives: Use the reporting portals of antivirus providers to report false positives. The more users who do this, the higher the likelihood that the issue will be resolved.

Long-Term Impacts: Trust and Reliability in Cybersecurity
This incident underscores the crucial role that trust plays in the cybersecurity industry. When users find that their trusted security solutions mistakenly block legitimate software or classify it as a threat, it leads to frustration and undermines trust in the entire cybersecurity infrastructure. Such false alarms may also lead users to ignore real security warnings.

Companies like Gen Digital need to do more to maintain this trust. They must provide transparent, fast, and effective support and communication channels to address user concerns and issues promptly. Only through proactive and clear communication can misunderstandings be avoided and user trust maintained.

At a time when cyberattacks are becoming increasingly sophisticated and frequent, it is important that security providers offer protection and respond quickly and transparently to false alarms.
At Protectstar, we have learned valuable lessons from this incident and are grateful for our users' understanding and patience. Our commitment to providing them with the safest and most reliable solutions remains unwavering.