How to Use the Web Submission Process to Submit Suspicious Files

Article:TECH102419  |  Created: 2007-01-07  |  Updated: 2014-03-11  |  Article URL http://www.symantec.com/docs/TECH102419
Article Type
Technical Solution


Subject

Issue



You have located suspicious files in your environment and would like to submit them to Security Response for review.


Solution



Q) How do I submit suspicious files to Symantec?

A) Customers can submit up to 9 files in a compressed file at once via Symantec's Web Submission Site. These MUST be in either a WinRAR or WinZIP format.

Essential and Business Critical customers should call Support for access to our priority queues.


Q) Is this a secure submission site?

A) Yes. This site uses HTTPS. It also takes advantage of Secure Sockets Layer (SSL) and 128-bit encryption, providing a secure method of transporting the files to Symantec. If you have not previously used the web submission site, please contact support for the URL.


Q) What information is needed to submit through the web submission site?

A) You will need to provide your name, company name, email address and Support ID number. Please note: In the past, you may have used your Contact ID number to submit files to Security Response. The use of the Contact ID number for submissions is being discontinued in favor of the Support ID number in order to simplify submissions. Please use your Support ID number going forward.


Q) Where can I find my Support ID number?

A) Your Support ID number is written on your Symantec support certificate. Your Support ID number is a twelve digit number in the following format: XXXX-XXXX-XXXX. If you have difficulty locating your Support ID, please open a Technical Support Case for additional assistance. To do so, begin here.


Q) How many files may I submit?

A) You may upload multiple files at once by using WinZip or WinRar. A zipped file must not be password-protected. The maximum size for one submission is 20 MB. Please submit no more than 9 files in any zip file regardless of size. It is important to note that some file types, like .jar and .cab may be containers and may contain files that will exceed the maximum file count. 


Q) May I provide information or ask questions at this site?

A) The web submission form includes a field to detail symptoms you believe are associated with this file. Security Response engineers do not provide answers to questions posed in this form. If you need further information, please contact support.


Q) What happens next?

A) After the "Your Submission Has Been Sent" message is displayed, the submission process follows the steps below:

  • You will receive an automated email reply that contains the Tracking number for this submission. Please retain this number. The sender's address will be SecurityResponse@Symantec.com. Note: if you have a TAM (Technical Account Manager) or an RPS (Remote Product Specialist), he or she will receive a copy of all automated email messages sent to you.
     
  • Your submission will be immediately scanned by our automated system using current certified and current rapid release definitions. If this file has been previously submitted, you will receive an automated closing email. The email will include the known determination and, if malicious or a security risk, instructions on how to retrieve definitions that will detect the file.
     
  • The Security Response engineer who reviews the file will make a determination on the status of the file. If clean, he or she will close the submission process and an automated email message will be sent identifying the file as clean.
     
  • If it is determined the file is malicious or a security risk, the engineer will create a signature that will trigger a detection on this file. He or she will then pass the submission on to a Quality Assurance (QA) engineer.
     
  • Once the QA engineer has verified that the signature correctly identifies the file, that engineer will close the submission process and an automated email message will be sent. This message will indicate the determination on the file and include instructions on how to download definitions that contain the detection.
     

Q) What if I want to submit a file that I believe is being falsely detected?

A) Please submit the file via the Symantec's False Positive Submission Site. A reference number will be dispatched via email shortly thereafter.  Symantec engineers will maintain contact via email as the reported False Positive is investigated.




Legacy ID



2007090711312848


Article URL http://www.symantec.com/docs/TECH102419


Terms of use for this information are found in Legal Notices