How to Submit False Positives on Content Analysis to Symantec
Article ID: 173729
Malware Analysis Software - MAContent Analysis Software - CA
A file was miscategorized as a virus or given an otherwise unwarranted malicious rating (false positive) by the Content Analysis (CA) appliance. This article explains how to submit false positives on Content Analysis to Symantec.
All false positive submissions are now done through the SymSubmit, there is no longer a need to open a case with support to report it. To submit a false positive:
1) Navigate to the Symantec SymSubmit (symsubmit.symantec.com).
2) Select "Clean software incorrectly detected".
3) On the submission page, choose a submission type to provide. For Content Analysis, this can be a file, an MD5 hash of a file, or a URL
4) Continue to fill out details on the submission, and when the detection occurs
5) For Content Analysis and Malware Analysis, choose B14 - Content and Malware Analysis as the product
6) Choose which detection type is blocking the link
This information can be found from the Content Analysis appliance Management Console by viewing the threat report. The report is found under Statistics > Recent Threats
In this example, the file was blocked by the Symantec AV engine, and so C12 - AVengine would be submitted.