Is it possible to submit false positives online

Discussion in 'ESET NOD32 Antivirus' started by Chiron, Jun 6, 2012.

Thread Status:
Not open for further replies.
  1. Chiron

    Chiron Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
    Is there any online option for users to submit false positives to ESET online? I am aware of the email address, but am looking for an alternate method.
     
  2. DrewD

    DrewD Eset Staff Account

    Joined:
    Feb 19, 2010
    Posts:
    88
    This is the official way to submit a false positive online:

    * If you have a current ESET license, you can also contact ESET Support directly for assistance:
    ----------------------------------------------------------------------------------------------------------------

    How do I submit a virus, website or potential false positive sample to ESET's lab?

    http://kb.eset.com/esetkb/index?page=content&id=SOLN141

    We are very interested in receiving malware and virus samples in order to better protect our customers. To submit a suspicious file or website to ESET for analysis, please follow these steps:

    1.Compress the file(s) into a .zip or .rar archive, and password protect it with the password “infected”.

    2.Make a note of this password in the email (including the quotation marks), attach the zipped file, and email it to samples@eset.com.

    3.Use a subject line which clearly states if the attached file contains a suspected infection or a false positive (ie. use the subject Suspected infection or the subject False positive if you report a false positive). Also, please include the Customer Care case number if applicable.

    If you are reporting a blocked web page that may contain potentially dangerous content, include Domain whitelist followed by the blocked domain in the subject line. Notice: do not include the complete url in the subject (ie. www.blockeddomain.com/pages/index.htm) but only the domain itself (ie. www.blockeddomain.com).

    4.In the body of the email it is very important to include:

    •Any background information as to where the sample was found, especially the url you downloaded the sample from.
    •If you are submitting a website, include the url(s) you found suspicious.
    •Why you think it is malware or a false positive report.
    •If you know that another antivirus company already detects it.
    •If you are reporting a potential false positive, please provide as much information as possible about the source of the software, including the name of the developer, the name and version application and the address of the site from which the file was downloaded.
    •If you are reporting a blocked website, please provide the complete url that is blocked. Enclosing a screen shot of the notification about the blockage is recommended.
    Taking the above steps will greatly assist our labs in the process of identifying and processing samples. If the issue is not resolved within two days and the matter is urgent, please send a follow-up email message with the following information:

    •Subject line of email that was sent to samples@eset.com.
    •Date and time of email
    •Email address you sent it FROM and email address you sent it TO.

    Thank you for helping ESET better protect its customers!
     
  3. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi DrewD,

    May I add to "virus, website or potential false positive" also phishing email.
    (submitting the complete source of an phishing email in plain text (zipped, password protected) recently did the trick :) )
     
  4. Chiron

    Chiron Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
    Thank you, I was aware of that page. However, I didn't see any mention of submitting a malware sample via this page, which is another way of submitting malware.

    Thus I wanted to make sure that there was no corresponding form for submitting false positives?

    Can you please make sure that there is no online form for submitting false positives as well?

    Thanks.
     
  5. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Are you constantly coming across false positive alarms with software that you develop, or is this more of a general query?

    Regards,

    Aryeh Goretsky
     
  6. Chiron

    Chiron Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
    It's a general query.

    I'm working on an article in which I explain to people how to report malware or false positives to different vendors. Thus I wanted to make sure I had all methods of submitting false positives figured out for Eset.

    Why do you ask?
     
  7. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    I was thinking that if it was an issue with a specific set of files (e.g., software your company develops or uses) we could provide more specific guidance about how to resolve the issue (e.g., avoiding programming tools and techniques commonly used by malware, sign files with a digital signature and so forth).

    On the other hand, if you were setting up a service to aggregate sample submissions ala VirusTotal or Jotti, ESET would probably want to set up some kind of sample submission process (email, sftp/scp and so forth).

    For a listing of sample submission mechanisms, I would suggest using the method outlined in ESET Knowledgebase Article 141, "How to submit virus or potential false positive samples to ESET's labs."

    Regards,

    Aryeh Goretsky
     
  8. Chiron

    Chiron Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
    Thank you.

    So if I am reading this correctly this means that there is no online form available for submitting false positives. Is this correct?

    Thanks.
     
  9. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Yes, that is the best mechanisms for individuals to submit malware samples, false positives and questions about web site blocking to ESET.

    Regards,

    Aryeh Goretsky
     
  10. Chiron

    Chiron Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
    Thank you.
     
Thread Status:
Not open for further replies.