[KB141] Submit a virus, website or potential false positive sample to the ESET lab

0
(0)

Issue

  • You have a suspicious file, suspicious website, potential false positive or potential miscategorization by Parental Control or Web control that you would like to submit to ESET for analysis
  • Submit a suspicious file / potential false positive file via email
  • Submit a suspicious website / potential false positive website via email
  • Submit spam or spam false positive via email
  • Submit miscategorized websites by the Parental control or Web control module
  • Submit a fraudulent page (phishing)
  • Submit samples using your ESET product

Solution

Before submitting samples to ESET

Use a descriptive subject line and enclose as much information about the file as possible (for example, screenshot or the website you downloaded it from). The sample you want to submit must meet at least one of the following criteria:

  • The sample is not detected by your ESET product at all
  • The sample is incorrectly detected as a threat

We do not accept your personal files (that you would like to scan for malware by ESET) as samples. ESET Research Lab does not perform on-demand scans for users.

Submit a suspicious file / potential false positive file for analysis via email

  1. Take screenshots of the threat detection notification you receive from your ESET product or any error messages or suspicious behavior that your computer is exhibiting.
Figure 1-1
Click the image to view larger in new window
  1. Compress the files into a .zip or .rar archive, and password protect it with the password infected.
  2. Create and send an email with the following information:
    1. In the Subject line: Indicate if the attached file contains a suspected infection or a false positive (for example, use the subject Suspected infection or the subject False positive).
    2. In the body of the email: Make a note of the password you set in step 1 and attach the .zip or .rar archive as well as any screenshots.
      Include any background information where the sample was found and, if applicable, the Technical Support case number.
    3. In case the computer is already infected, include logs collected by ESET Log Collector.
    4. Send the email to[email protected].
You are a software vendor and your app is detected as a Potentially unwanted application (PUA)

Some “Threat found” or “Threat removed” detections are classified as PUA. If you think that an app was incorrectly detected as PUA, follow the steps below:

Figure 1-2
Click the image to view larger in new window
  1. Take screenshots of the threat detection notification you receive from your ESET product.
  2. Compress your application files into a .zip or .rar archive, and password protect it with the password infected.
  3. Create and send an email with the following information:
    1. In the Subject line: Indicate that the attached file contains a false positive (for example, use the subject PUA – False positive).
    2. In the body of the email: Make a note of the password you set in step 2 and attach the .zip or .rar archive as well as any screenshots. Include any background information where the sample is available and, if applicable, the Technical Support case number.
    3. Send the email to[email protected].
The issue is not resolved within three days and the matter is urgent

Send a follow-up email message with the following information:

  • Subject line of email that was sent to [email protected].
  • Date and time of email.
  • Email address you sent it From.

Back to top

Submit a suspicious website / potential false positive website / potential website miscategorization

Follow the appropriate instructions below, depending on the type of issue you want to submit:

Report a suspicious website or false positive website via email

Create and send an email with the following information:

  1. In the Subject line: If you are reporting a blocked website that may contain potentially dangerous content, include Domain whitelist followed by the blocked domain (such as www.blockeddomain.com).
  2. In the body of the email: Include the URLs being blocked or that you found suspicious.
    • Why you think it is a false positive report. Provide as much information as possible about the source of the software, including the name of the developer, the name and the application version.
    • If you are reporting a blocked website, provide the complete URL that is blocked. Enclosing a screenshot of the notification about the blockage is recommended
  3. Send the email to[email protected].

If the issue is not resolved within three days and the matter is urgent, send a follow-up email message with the following information:

  • Subject line of email that was sent to [email protected].
  • Date and time of email.
  • Email address you sent it From.
Report spam or spam false positives
Submit emails in .eml or .msg format

For ESET to process your submission, it must be included as an attachment in .eml or .msg format. Email sent in a different format cannot be processed.

In Microsoft Outlook, drag an email to your desktop to export it as an .msg file. If you use a web-based email client, consult their help resources for instructions to export your mail.

  • Email incorrectly marked as spam: If you received an email message that was classified as spam by your ESET product, but you do not recognize it as spam, send an email to [email protected] with the original message as an attachment in .eml or .msg format.
  • Undetected spam: If you received an email message that you classify as spam, but your ESET product did not classify it as spam, send an email to [email protected] with the original message as an attachment in .eml or .msg format.
If you are using ESET Cloud Office Security use dedicated email addresses [email protected] and [email protected] to report false positive (FP) / false negative (FN) detections for spam. For detailed instructions, see ECOS Online Help.
Following up on reported messages

If you have previously reported an email message as spam or not spam, but the message is still not categorized correctly after 24 hours, contact ESET Technical Support. Do not use [email protected] or [email protected] addresses in such case. For more details and assistance, get in touch with ESET Technical Support.

Report a miscategorization of a website by the Parental control (or Web control) module

Report a miscategorized URL or website here.

If you have already reported it and the website is still miscategorized, contact your local ESET partner for technical support.

Report a fraudulent page (phishing)

If you believe you have deliberately and deceitfully discovered a similar page to another, complete this form to notify us.

Back to top

Submit samples using your ESET product

Sample submission best practises in ESET products

It is strongly recommended to follow these best practices before submitting your sample to ESET (currently available only in the English language):

If you prefer not to send an email, use the sample submission form in your ESET product:

  1. Open the main program window of your ESET Windows product.
  2. Click Tools  More tools and click Submit sample for analysis.
  3. Follow the in-product wizard to complete your submission.

Back to top

Languages
Last Updated: May 25, 2021

Related articles:

Source : Official ESET Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 36 times, 1 visits today)
Tagged: