Learn how to submit suspicious files found in your environment to Symantec Security Response for further review.
As of November 2019, all customers (home users and Enterprise) can submit suspected missed malware files and phishing websites to SymSubmit. Please use the Not Detected by Symantec tab.
You need to provide the following information:
Note: In the past, you may have used your Contact ID number to submit files to Security Response. The use of the Contact ID number for submissions has been discontinued in favor of the Support ID number in order to simplify submissions. Please use your Support ID number going forward.
Your Support ID number is written on your Symantec support certificate. Your Support ID number is a twelve digit number in the following format: XXXX-XXXX-XXXX.
Note: The submission site will ignore the hyphens.
If you have difficulty locating your Support ID, please open a case for additional assistance.
You can upload multiple files at once by using WinZip or WinRar. As of September 2019, a zipped file can be password-protected.
The maximum size for one submission is 100 MB. Do not submit more than 9 files in any zip file, regardless of size.
Note: Some file types, like .jar and .cab, may be containers that include files exceeding the maximum file count.
The web submission form includes a field to detail symptoms you believe are associated with this file. Symantec Security Response does not provide answers to questions posed in this form. If you need further information, please contact Technical Support.
WARNING: Do not download the file under any circumstances!
SymSubmit can also accept malicious URLs which serve a malware file. Symantec Security Response will attempt to download the file from the link and process it like a standard submission.
For emails which prompt for credentials rather than download a file, submit to your AntiSpam vendor. The suspected missed malware portal is not for phishing mails, phishing attachments or missed spam, though it is possible to paste in the URL of undetected phishing websites.
Submit files you believe are being falsely detected using SymSubmit's Incorrectly Detected by Symantec tab. A reference number will be sent via email upon submission. Symantec engineers will maintain contact through email as the reported false positive is investigated. To learn more, see Submit false positives detected by Endpoint Protection.
Suspected IPS false positives are also reported through that same SymSubmit website. To learn more, see Responding to suspected IPS false positives in Endpoint Protection.
Yes, the website uses HTTPS. It also takes advantage of Secure Sockets Layer (SSL) and 128-bit encryption, providing a secure method of transporting the files to Symantec.
For additional recommendations on using the web submission forms, see Symantec Insider Tip: Successful Submissions.