Iné produkty

Report a Suspected Erroneous Detection (False Positive) to Symantec

This document describes the steps on how to report a false positive to Symantec through the online false positive submission form.

Report a false positive to Symantec

  1. Go to Report a Suspected Erroneous Detection (False Positive)

  2. Under When did the detection you are reporting occur?, choose the most appropriate option.

    • A1 - When downloading or uploading a file

    • A2 - While using an application

    • A3 - When installing an application

    • A4 - When browsing the web

    • A5 - During a scheduled scan, or during a scan I requested

    • A6 - When sending or receiving email

    • A7 - While writing or reading files to/from a storage device

    • A8 - Don't know, am unsure, or the options provided do not apply

  3. Click Next.

  4. Under Which product were you using when you saw this?, select your product.

    Click View screenshot next to each option to view a sample screen shot of each product.

    • Enterprise Endpoint Products

      • B1 - Symantec Endpoint Protection 12.x

      • B2 - Symantec Endpoint Protection 14.x

    • Advanced Threat Protection

      • B3 - Symantec Advanced Threat Protection: Network, Endpoint, or Roaming

    • Consumer Endpoint Products

      • B4 - Norton Internet Security or Norton AntiVirus

      • B5 - Norton Security or Norton Security with Backup

      • B6 - Norton 360

      • B7 - Norton Rescue Tool (Norton Power Eraser or Norton Bootable Recovery Tool)

    • Cloud and Services

      • B8 - Symantec Endpoint Protection SBE 2013

      • B9 - Web Security.cloud

    • Mobile

      • B10 - Norton Mobile Security (any version)

    • B11 - Don't know, am unsure, or the options provided do not apply

  5. Click Next.

  6. Under Which of the following types of detection are you reporting?, select the appropriate option.

    Depending on your selection in Step 2 and Step 4, some options may not be shown.

    • C1 - Download/File Insight (Reputation Based Detection)

    • C2 - SONAR (Behavioral Heuristics Detection)

    • C3 - Auto-Protect (File Based Detection)

    • C4 - ATP AntiVirus / AV File Scanning (File Based Detection)

    • C5 - IPS (Network Intrusion Detection, Vantage)

    • C6 - On-Demand Scan / Scheduled Scan

    • C7 - SafeWeb (Phishing URLs, Malicious Web Pages)

    • C8 - Cynic (Sandbox Detonation)

    • C9 - Mobile Insight (Mobile App Analysis and Reputation Based Detection)

    • C10 - Dynamic Adversary Intelligence

    • C11 - Don't know, am unsure, or the options provided do not apply

  7. Click Next.

  8. Under Help us locate the software, select an appropriate submission type from the drop-down list.

    • For Upload a file

      Click Choose File and select a file to submit.

      The guidelines for file uploads are:

      • Uploads may be a maximum size of 100MB.

      • You may upload a maximum of nine files in each submission by placing the sample files within a ZIP or RAR archive.

      • Uploads must not be password protected. Password protected files cannot be processed.

    • For Provide a direct download URL or Provide Dynamic Adversary Intelligence URL (ATP) or Provide blocked URL (IPS)

      Enter the URL in the text box.

      The guidelines for direct download URLs are:

      • URLs must start with http:// or https:// or ftp:// and must return a file in response.

      • Files must not be password protected. Password protected files cannot be processed.

    • For Provide a password protected URL

      Enter the URL, user name, and password.

      • This option is specifically to provide a URL which is password protected. Automation will attempt to download the file(s) using the credentials provided.

      • URLs must start with http:// or https:// or ftp:// and must return a file in response.

      • Files must not be password protected. Password protected files cannot be processed.

    • For Provide a File Hash

      Enter the File Hash in the text box.

      The guidelines for hash submissions are:

      • The hash provided, should be in the MD5 or Sha256 format only.

      • File may be a maximum size of 100MB.

      • The hash provided, should be of only a single file. Containers such as ZIP or RAR are not supported.

  9. Under Tell us about the detection, enter the required information.

    • Name of the software being detected

      If you don't know, or are unsure, you can skip this field.

    • Name of detection given by Symantec product

      This field is mandatory.

    • File quarantine, product clipboard information, or additional details

      In the main product window, double-click Security and then click History. In the Security History window, nest to Show, select Quarantine from the drop-down. Click on the activity, then More Options and then on Copy to Clipboard. Now, paste the content here.

  10. Under Your details, enter the required information.

    • Contact Name

    • Email address

    • Confirm email address

      Enter your correct email address to receive emails regarding your tracking number and results.

    • Are you the creator or distributor of the software in question?

  11. Under Submit, select I understand.

    Please provide as much information as possible. Submissions with insufficient detail will be rejected.

  12. Type in the characters as shown in the Security characters in the Answer box and click Submit.

  13. If your false positive report is submitted to us successfully, you will receive an email in English with a tracking number.

    Title: [No Reply] False Positive submission (12345)

    Thank you for contacting Symantec.

    Your submission has been received and will be reviewed. We endeavor to respond to all submissions within 2 working days.

    The tracking number for your submission is: 12345, please reference this tracking number in any further correspondence on this issue.

  14. You will receive an email in English about the result for your False Positive submission from Symantec.

    • If it is determined to be a malicious file or URL.

      Title: [No Reply] False Positive submission (12345)

      In relation to submission 12345.

      Upon further analysis and investigation, we have determined that the URL(s) in question meets the necessary criteria to be detected by our products and as such, the detection cannot be revoked.

    • If it is determined to be a non-malicious file or URL.

      Title: [No Reply] False Positive submission (12345)

      In relation to submission 12345.

      Upon further analysis and investigation, we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

      • File name:

      • MD5:

      • SHA256:

        Note: Whitelisting may take up to 24 hours to take effect by LiveUpdate.

Riešenie mi pomohlo pri vyriešení môjho problému.

Áno Nie

Pomôžte nám pri vylepšení tohto riešenia.

Ďakujeme vám za pomoc pri zlepšení používateľskej skúsenosti.

Čo chcete urobiť ako ďalšie?

Vyhľadajte riešenie alebo nás kontaktujte.

DOCID: v126152382
Operačný systém: Windows, Mac OS X
Naposledy zmenené: 03.06.2019