Symantec Developer Group

 View Only

  • 1.  False positive submission 3215441

    Posted Jun 01, 2013 07:11 PM

    Hi

    Some users have been reporting false positive reports for my software (a signed binary).

    I was told that my submission above was refused because "having reviewed the information provided we are unable to reproduce or confirm the issue described". Surely the only thing you need is the download link of my software (as provided).

    Am i expected to test it across all your products? My users are not technical and to even get information like screenshots would be most difficult. Surely you can review you own data and run some tests against my software to confirm that it does not contain trojans?

    You cost me money by flagging my software as a trojan and then I am expected to spend my time correcting your mistake?

    Can someone with some technical knowledge please check this out and remove the false postive flag?

    Thanks

    Seamus Brady



  • 2.  RE: False positive submission 3215441
    Best Answer

    Posted Jun 01, 2013 07:19 PM

    First, you're going to need to submit a false positive report:

    https://submit.symantec.com/false_positive/

    After that is done, you will need to open a case with and work with technical support on this. At the very least, you need to get a case number. Symantec employees frequent the forum so one of them can assist if you have a support number they can take a look at it. Since your binary is signed I wouldn't expect this to be flagged as it is one of the requirements that needs to be met in order for it to be considered legit. Support should definitely look into this.

    You can also submit your software to get it added to their whitelist:

    https://submit.symantec.com/whitelist/

    Brian



  • 3.  RE: False positive submission 3215441

    Posted Jun 01, 2013 07:27 PM

    Thanks for that Brian.

    I did actually send in a false positive report (ID 3215441) but they are demanding way more information than I have available. The users who report false positives are the very users who would be unable to even tell me what version of Windows they are running, so I have no information about which particular versions of what product is causing the problem.

    This is why I am frustrated. I would be happy to provide technical data if I had it. I have asked some of my users for more information without any luck.

    I will try the whitelist next.

    Thanks

    Seamus

     



  • 4.  RE: False positive submission 3215441

    Posted Jun 01, 2013 07:29 PM

    Speaking from experience, there is some extra leg work needed. I assume Symantec Endpoint Protection is flagging this? If so, are these unmanaged clients? If they were managed, you just need to log into the SEPM and should be able to get all the info you need. But it sounds like you just don't have this ability?