How to report Malware False Positives to VMware Carbon Black?
search cancel

How to report Malware False Positives to VMware Carbon Black?

book

Article ID: 285074

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter) Carbon Black EDR (formerly Cb Response) Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

If hash is classified as malware, but it should be trusted approved, how should this be reported to VMware Carbon Black?

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Sensor: All Versions
  • App Control: All Versions
  • EDR: All Versions

Resolution

Please Open a Support case with the following information:
  1. The affected hash(es)
  2. Current Reputation
  3. Expected Reputation
  4. Associated Events
  5. Alert ID (if available)
  6. Reason(s) why the hash is believed to be legitimate

Additional Information

If this is an internal file please remove any private data.