linermyi.blogg.se

4 Januari 2023 - 08:24
Report file as false positive
Allmänt
Report file as false positive











report file as false positive
  1. REPORT FILE AS FALSE POSITIVE HOW TO
  2. REPORT FILE AS FALSE POSITIVE SOFTWARE

  • Is this file analyzed internally? Have you checked any other reputational source such as VirusTotal verdict? (IF THE HASH IS NOT IN VIRUSTOTAL, WE DO NOT RECOMMEND UPLOADING THE SAMPLE TO VIRUSTOTAL AS ANYONE CAN VIEW IT AND USERS WITH DOWNLOAD RIGHTS CAN DOWNLOAD IT).
  • Is this file signed by a trusted party?.
  • Is this file or application is from a trusted 3rd party?.
  • Is this your application, developed by your internal team?.
  • Context around why you suspected these AV alerts were false positive?.

    • REPORT FILE AS FALSE POSITIVE HOW TO

  • How to export the log from the firewall.
    • It is important to filter out and collect only the relevant logs, the unnecessary logs can make a file big and hard to upload.
  • Threat logs: Please export the threat log for these events in the CSV format and upload it to the case.
    • Please note that we might not be able to confirm the False Positive if the actual sample isn't provided.
  • If the file has sensitive information and you do not want to share it, provide the sha256 hash of the file.

    • report file as false positive report file as false positive

    Please note, a "public application" means when a file can be download without creating an account.

    REPORT FILE AS FALSE POSITIVE SOFTWARE

  • For a public application where software is download, a publicly accessible URL is useful.
    • Along with file, please add the sha256 hash to ensure the integrity of the file. The password protecting the ZIP file will ensure the attachment will not be stripped by any host or network-based security devices when it is uploaded. You can use any simple zip or compression utility.
  • Actual sample files that trigger each AV signature, compressed(zip) with password "infected".
    • Please note one of the following is enough.
  • File information: Any of the following data can provide file information please use any feasible method.
  • What is the protocol when used? Although this information can be identified by threat logs, however, it will be useful to add it.
  • The current version of the Anti-Virus and WildFire signature package: CLI's output of 'show system info' or from PA firewall "Dashboard Widget-> General Information" indicates current version information.
    • A False Positive submission will result in a quicker resolution if the following data is collected proactively and uploaded to the case.













    Report file as false positive
    0 kommentar(er)
    Om Mig: