Twice in a short time I got a false alarm, which costs me (down)time.
Once I could deduce that a dropbox link (containing the string eqh9vf7y23mta2w) was the cause, in the other case I have no idea at all. The threats were deemed severe, so the compiled programs simply disappeared, not, though, before being executed several times.
This can pop up on you at any time by any (imo stupid or at least complacently superficial) 'security intelligence' update, so it would help greatly to be able to pinpoint the offending bytes to try change them either as data or through a minimal program change.
Off course I gave feedback, but that doesn't help a lot, and certainly not quickly.
I would highly wellcome advice in this.
What I have tried:
Feedback and lucky deduction by a macro defined variation, where only 1 out of 3 was tagged as a virus.