Learn how to submit false negatives for the following Symantec.cloud email services:
A false negative occurs when an email containing malware has been incorrectly identified as being clean of security threats. (See What is malware? below for an important distinction.)
You can now use the following submission method, available in the Symantec.cloud portal under Services > Email Services > Email Submission Settings.
Before submitting a false negative malware sample, perform an Email Track and Trace to verify that the logs for the email exist on the Symantec.cloud infrastructure. If you cannot locate the email using Email Track and Trace, review the headers of the email to verify that it came through Symantec.cloud before proceeding with the submission.
Follow these guidelines when submitting a false negative malware sample:
For more helpful guidelines, see Symantec Insider Tip: Successful Submissions!
You will receive a tracking number through email within 30 minutes of submitting the sample and results typically within 12 to 18 hours. If you need to escalate this submission, contact support and provide the submission tracking number.
Symantec monitors submissions and implements detection if we determine that the message is malicious.
Once your submission has been handled by Symantec, you will receive details on whether detection was added or not. If detection was not added, this could be due either to the sample not being malicious, or the sample was improperly submitted.
If you have provided a legitimate sample and have not received a response from Symantec within 24 hours, contact support with your submission tracking number.
WARNING: Do not attach suspicious files directly to your case.
For more information regarding blocked malware that is not available in Advanced Threat Incidents section in the Symantec.cloud portal, contact support and provide the submission tracking number.
Malware is software that is intended to damage or disable computers and computer systems. Symantec will add detection for malware email attachments.
If an email contains a phishing or malicious link in nature, submissions will not result in a malware detection. For example, documents that contain no code but an attempt to social engineer the recipient into visiting a phishing page are classified as threat artifacts rather than malware.
To report these, please follow our Anti-Spam False Negative process described in Submit false negative spam emails missed by Symantec.cloud.