How to Submit False Positives on Content Analysis to Symantec


Article ID: 173729


Updated On:


Malware Analysis Software - MA Content Analysis Software - CA


A file was miscategorized as a virus or given an otherwise unwarranted malicious rating (false positive) by the Content Analysis (CA) appliance. This article explains how to submit false positives on Content Analysis to Symantec.


All false positive submissions are now done through the Broadcom Support portal, and there is no longer a need to open a case with support to report it. To submit a false positive:

1) Navigate to the Symantec Enterprise Security section of the Broadcom Support Portal (

2) On the right side of the page under the Submit Evidence box, select Submit False Positive


3) On the submission page, choose a submission type to provide. For Content Analysis, this can be a file, an MD5 hash of a file, or a URL


4) Continue to fill out details on the submission, and when the detection occurs

5) For Content Analysis and Malware Analysis, choose B14 - Content and Malware Analysis as the product

6) Choose which detection type is blocking the link

This information can be found from the Content Analysis appliance Management Console by viewing the threat report. The report is found under Statistics > Recent Threats

In this example, the file was blocked by the Symantec AV engine, and so C12 - AV engine would be submitted.

7) Enter contact details and click Submit.