How to Submit False Positives on Content Analysis to Symantec
search cancel

How to Submit False Positives on Content Analysis to Symantec

book

Article ID: 173729

calendar_today

Updated On:

Products

Malware Analysis Software - MA Content Analysis Software - CA

Issue/Introduction

A file was miscategorized as a virus or given an otherwise unwarranted malicious rating (false positive) by the Content Analysis (CA) appliance. This article explains how to submit false positives on Content Analysis to Symantec.

Resolution

All false positive submissions are now done through the SymSubmit, there is no longer a need to open a case with support to report it. To submit a false positive:

1) Navigate to the Symantec SymSubmit  (symsubmit.symantec.com).

2) Select "Clean software incorrectly detected".

 

3) On the submission page, choose a submission type to provide. For Content Analysis, this can be a file, an MD5 hash of a file, or a URL

 

4) Continue to fill out details on the submission, and when the detection occurs

5) For Content Analysis and Malware Analysis, choose B14 - Content and Malware Analysis as the product



6) Choose which detection type is blocking the link



This information can be found from the Content Analysis appliance Management Console by viewing the threat report. The report is found under Statistics > Recent Threats




In this example, the file was blocked by the Symantec AV engine, and so C12 - AV engine would be submitted.

7) Enter contact details and click Submit.