Skip to main content

Resolving legitimate applications detected as threats by Bitdefender

This section explains what to do when Bitdefender reports legitimate files as being infected (false positives).

Bitdefender strives to reduce false-positive reports to a minimum. However, these reports are commonly due to bad programming practices. For example, some applications change the Master Boot Record, add Run registry entries, change system files without the user’s confirmation, or execute custom macros in Office applications.

When applications are wrongfully detected, try adding exclusions, as explained in In-policy exclusions.

Should the exclusions fail, you need to send us the detected files as described below:


These files are used only for malware analysis and are treated accordingly.

  1. Locate the files on your drive.

  2. Add the detected files to a .zip file using the file compression software of your choice (WinZip, WinRAR, etc.).


    If you cannot add the files to a .zip archive because BEST blocks them, you need to temporarily disable the Bitdefender On-Access antimalware protection on the endpoint. For details, refer to Preparing the endpoint for troubleshooting detections.

  3. Take screenshots with the detection of the legitimate applications.

  4. Go to the Sample or URL Submit form.

  5. Complete the submission form with:

    • Your Bitdefender product

    • The category type (False Positive)

    • Your contact details

    • The sample type (File)

    • The .zip file storing the malware files (upload via the Choose Files field from the Attach a file section)


      If the archive is bigger than 25 MB, please contact the Bitdefender Enterprise Support.

    • The detection name

    • The previously taken screenshots (upload via the Choose Files field from the Screenshots section)


      Screenshots should have one of the following formats: jpg, gif, jpeg, png.

  6. Click the Submit button.


    Samples provided through the online submission form are automatically encrypted to prevent corruption or mishandling.

False positive reports are corrected as soon as possible once we receive the samples.


If you had issues adding the detected files to the .zip archive and had to apply a clone of the policy, don't forget to apply the original policy back on the endpoint.