You want to submit suspicious files found in your environment to Symantec Security Response for review.
You can submit suspected missed malware files and phishing websites to SymSubmit.
Please use the Not Detected by Symantec tab when submitting files.
CAUTION: Do not send any malicious, detected, or suspected files via email or upload to cases. The submission portal is the only acceptable option for submitting files to Security Response.
When submitting a file, provide the following information:
Note: In the past, you may have used your Contact ID number to submit files to Security Response. The use of the Contact ID number for submissions has been discontinued in favor of the Support ID number in order to simplify submissions. Please use your Support ID number going forward.
Your Support ID number is written on your Symantec support certificate or was provided by your Designated Support Engineer (DSE)/Customer Success Manager (CSM).
Note: The submission site will ignore the hyphens.
You can upload multiple files at once by using WinZip or WinRar. As of September 2019, a zipped file can be password-protected.
The maximum total size for one submission is 100 MB. Do not submit more than 9 files in any zip file, regardless of size.
Note: Some file types, like .jar and .cab, may be containers that include files exceeding the maximum file count.
The web submission form includes a field to detail symptoms you believe are associated with this file. Symantec Security Response does not provide answers to questions posed in this form. If you need further information, please contact Technical Support.
WARNING: Do not download the file under any circumstances!
SymSubmit can also accept malicious URLs which serve a malware file. Symantec Security Response will attempt to download the file from the link and process it like a standard submission.
For emails which prompt for credentials rather than download a file, submit to your AntiSpam vendor. The suspected missed malware portal is not for phishing mails, phishing attachments or missed spam, though it is possible to paste in the URL of undetected phishing websites.
Submit files you believe are being falsely detected using SymSubmit's Incorrectly Detected by Symantec tab. A reference number will be sent via email upon submission. Symantec engineers will maintain contact through email as the reported false positive is investigated. To learn more, see Submit false positives detected by Endpoint Protection.
Suspected IPS false positives are also reported through that same SymSubmit website. To learn more, see Responding to suspected IPS false positives in Endpoint Protection.
Yes, the website uses HTTPS. It also takes advantage of Secure Sockets Layer (SSL) and 128-bit encryption, providing a secure method of transporting the files to Symantec.
For additional recommendations on using the web submission forms, see Symantec Insider Tip: Successful Submissions.