Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

False positive submission 3215441

Created: 01 Jun 2013 • Updated: 11 Jun 2013 | 3 comments
This issue has been solved. See solution.

Hi

Some users have been reporting false positive reports for my software (a signed binary).

I was told that my submission above was refused because "having reviewed the information provided we are unable to reproduce or confirm the issue described". Surely the only thing you need is the download link of my software (as provided).

Am i expected to test it across all your products? My users are not technical and to even get information like screenshots would be most difficult. Surely you can review you own data and run some tests against my software to confirm that it does not contain trojans?

You cost me money by flagging my software as a trojan and then I am expected to spend my time correcting your mistake?

Can someone with some technical knowledge please check this out and remove the false postive flag?

Thanks

Seamus Brady

Operating Systems:

Comments 3 CommentsJump to latest comment

.Brian's picture

First, you're going to need to submit a false positive report:

https://submit.symantec.com/false_positive/

After that is done, you will need to open a case with and work with technical support on this. At the very least, you need to get a case number. Symantec employees frequent the forum so one of them can assist if you have a support number they can take a look at it. Since your binary is signed I wouldn't expect this to be flagged as it is one of the requirements that needs to be met in order for it to be considered legit. Support should definitely look into this.

You can also submit your software to get it added to their whitelist:

https://submit.symantec.com/whitelist/

Brian

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
corvideon's picture

Thanks for that Brian.

I did actually send in a false positive report (ID 3215441) but they are demanding way more information than I have available. The users who report false positives are the very users who would be unable to even tell me what version of Windows they are running, so I have no information about which particular versions of what product is causing the problem.

This is why I am frustrated. I would be happy to provide technical data if I had it. I have asked some of my users for more information without any luck.

I will try the whitelist next.

Thanks

Seamus

.Brian's picture

Speaking from experience, there is some extra leg work needed. I assume Symantec Endpoint Protection is flagging this? If so, are these unmanaged clients? If they were managed, you just need to log into the SEPM and should be able to get all the info you need. But it sounds like you just don't have this ability?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.