Deal with malware detected by deep learning

Deep learning uses advanced machine learning to detect malware or PUAs without using signatures.

Malware that’s detected by deep learning is shown in alerts with an “ML/” prefix.

PE files (applications, libraries, system files) that have been detected are quarantined. You can restore and allow them if they’re safe.

When deep learning identifies a file as malicious, these steps are taken:

  • We check whether the file has been added to an allowed applications list. (This list lets you exclude a file from checking if it's been incorrectly detected as malware.)
  • If the file is not on an allowed list, it’s reported as malware and put into quarantine.
  • A threat case is generated.
  • The computer’s security health is shown as green because the malware is quarantined.

What you should do

As the malware has been quarantined, you don’t usually need to take any action.

However, deep learning can occasionally report a legitimate file as malware (a false positive). If you’re sure that the file is safe, you can restore it and allow your users to use it again.

To restore and allow a file, follow the steps in Allowed applications.