Web Security.Cloud False Positive Submission Process
search cancel

Web Security.Cloud False Positive Submission Process


Article ID: 164398


Updated On:


Web Security.cloud


  • In the middle of downloading a file, it was unexpectedly terminated and upon running a Web Detailed Report - Anti Malware report it shows blocked reason as virus.

  • You have clicked on a URL and have been redirected to one of the following blocked pages shown below.


  1. You will need to submit the URL/File for review.
    Go to URL https://symsubmit.symantec.com/false_positive
  2. Select when detection occurred:

If you are unsure of the above choices, select the last choice A8.

  1. Under Cloud and Services select B9 – Web Security.Cloud


  1. Match the scanner name that appears on the block page. If you are unsure select the last choice C11.


  1. In step 1 Choose “Provide a direct download URL” under Submission Type and enter the full address in the provided box. URLs must start with http:// or https:// or ftp://.



  • In step 2 only field that is mandatory is “Name of detection given by Symantec product”. If you know the name of the scanner that triggered detection, enter it here, if not just write unknown.
  • In step 3 fill in your details.
  • In step 4 you must check off box “I Understand” and enter the security characters before submitting.


  1.  Once submission is completed you will see a confirmation screen as seen below.  You will receive your submission number in an email shorlty.


  1.  The verdict e-mail may take upto 2 days.



  1. If you are having difficulties retrieving the URL, the url can also be found by running a Web Detailed Report – Anti Malware. All blocked items due to AV will be displayed here as seen below.


  1. If you require immediate assistance after submission you can reply back directly to the submission confirmation e-mail. If the response is not fast enough you may also log a support case with the submission number.  
  2. In the event you are 100% positive it's a false positive you may at your own risk add a bypass for the URL. See TECH237276.