Until October 2019, Symantec Security Response maintained several different portals through which customers could report suspected missed malware samples, suspected False Positives, phishing domains and so on. In that month SymSubmit was launched, uniting all products and all needs under one convenient location.
Most fields and selections on SymSubmit are self-explanatory. This document aims to provide guidance and answer FAQs about the use of this portal.
Suspicious files and suspected phishing websites which are not currently detected by your Symantec and Carbon Black products can be submitted to Security Response for examination. Click on Malware Not Detected tile and be sure to complete the form.
Ensure you select the product for submissions
Files can be uploaded, submitted by their MD5 or SHA256 hash (if that file is publicly available from virustotal.com), or submitted by URL (if that URL leads to a directly downloadable file).
Suspected Phishing sites are webpages which imitate a legitimate site in an attempt to trick visitors into providing their credentials. Provide the URL of the suspected phishing page, including http:// or https:// or ftp://.
If a file is believed to be innocent/clean file but is being detected, make a submission by choosing the tile: "Clean Software Incorrectly Detected".
Files can be uploaded, submitted by their MD5 or SHA256 hash (if that file is publicly available from virustotal.com), or submitted by URL (if that URL leads to a directly downloadable file). It is also possible to provide a password protected URL submission, if a password is necessary to download the detected file from a URL. For customers who experience a suspected False Positive in the Content and Malware Analysis / Web Security Service Malware Analysis Service, it is possible to provide blocked file's URL.
Through the Clean Software Incorrectly Detected tile, it is important to provide full and complete Product Details about which product and component were involved. Security Response will attempt to reproduce the submission's detection, but if they are scanning (for example) am IPS packet capture (.pcap) file with AntiVirus definitions, nothing will happen. If they are replaying that packet capture, an IPS vent will be triggered.
In addition to the file or website submitted, there is an Additional Details input field that can accept up to 20000 characters. If you have a case open with Technical Support, do specify the case number here. Provide any additional information that will assist Security Response engineers in processing the submission. Note that Security Response will not be able to respond to any questions or concerns in the Additional Details field- please contact Technical Support for assistance.
In the other fields, provide the following information:
Your Site ID number is written on your entitlement records/can be located through the Support portal.
If you have difficulty locating your Site ID, please open a case with customer care for additional assistance.
You can upload multiple files at once by using WinZip or WinRar. As of September 2019, a zipped file can be password-protected.
The maximum size for one submission is 750 MB. Do not submit more than 9 files in any zip file, regardless of size.
Note: Some file types, like .jar and .cab, may be containers that include files exceeding the maximum file count.
Additional information and FAQ can be found in the Connect article Symantec Insider Tip: Successful Submissions!