A method includes decreasing a suspicion of a negative action by an application if the application has previously performed a positive action. The positive action is an action that is never or rarely taken by malicious code. In one example, the positive action is use of a user interface element by the application to have a user interaction with a user of the computer system. By taking into consideration the positive action by the application, the occurrence of false positives is minimized.
展开▼