You see many detections involving WS.Reputation.x (WS.Reputation.1, and WS.Reputation.6), and are having difficulty deciding if the detections merit submission as a False Positive to Broadcom Security Response SymSubmit portal.
1. In SES Cloud, add the column called "DISPOSITION" and "THREAT NAME" to the investigate page.
2. Reload the page.
3. When reviewing the results please understand the differences below:
If the "DISPOSITION" is "4-File Detection - Logged" with the "threat name" being WS.Reputation.x (WS.Reputation.1, and WS.Reputation.6) then the file was only detected and logged but NOT blocked.
NOTE: Since these events were only detected and logged, there is no need to submit the file(s) as a False Positive submission.
However, if the "DISPOSITION" is "12-File Detection - Quarantined" with the "threat name" being WS.Reputation.x (WS.Reputation.1, and WS.Reputation.6), then the file was indeed detected and blocked.
NOTE: In this specific case, if you think this file is "clean" and "incorrectly" blocked, only then would you need to consider submitting the relevant file(s) to Broadcom Security Response via the SymSubmit portal as defined here.