Jump to content

How do I report a false positive or whitelist my software with ESET?


Recommended Posts

  • ESET Staff

False positive reports
To submit a possible False Positive see Submit a suspicious website / potential false positive / potential miscategorization by Parental control to ESET for analysis when you wish to submit via email or use Submit sample for analysis function from the program GUI of ESET product installed on your computer.

Whitelisting
ESET does provide a whitelisting service for software vendors by which you can submit your software to minimize the chances of false positives, e.g., when your software is being downloaded.

This service is intended as preventive measure for trusted and undetected applications to minimize risk of future false positives. Whitelisting service is not a channel for removing existing detections, disputes or solving other unrelated problems.

If you want to register your software for whitelisting, please follow the instructions in the KB article How do I whitelist my software with ESET?


Requirement for False positive submissions
When submitting false positive file(s) via email or via program GUI, it is necessary to send copy of falsely detected file(s) as well as description of the file.

I will explain what information is needed and why it is important.

1) Name of the legitimate application the file belongs to.
When submitting false positives you must be able to identify what is the name of application that is being falsely detected.
No-name false positive reports (when information about the application name is missing) are harder/slower to examine and in many cases indicate correctly detected malware rather then false positive.

Example of correctly provided information:
This file belongs to VLC media player 3.0.6.
When you provide the specific version number, it helps.

Example how not to submit false positives:
I don’t know what it is and why I have it on my computer but I think it is a false positive.
If you don’t know what the file is, don’t report it as false positive.

2) Name of the application’s author, developer, vendor or website where you downloaded the software
Each legitimate software have known author or there is known company who developed it. There is known source/origin where the software can be obtained and you can learn information about it.

This information is needed in investigation process. Researchers need to verify whether the software is safe and they may need the full installer to evaluate the software properly. Researchers may need to investigate whether other versions of the same software were affected by false positive or not.
It is important to know the source/website where you downloaded the software because some download websites provide different installers than original vendors.

3) Application's purpose
Let the researchers know what the application is supposed to do, what value does it offer to you. This information is usually available on vendor’s website but there are many old applications where the website is no longer available, or software was distributed only on CD-ROM/DVD, or the software is custom/in-house developed and the description is not generally available.

Examples how of application’s purpose:
This is a picture viewer, video convertor, movie player, communication software, printing program, database program, web browser, accounting software, computer game, tool I use for programming, etc.

Don’t hesitate to provide any additional information you deem important.
You may add the specific detection name you saw when detection occurred.
In case some specific circumstances are needed to reproduce the problem, tell it to the researchers how (For example it may happen that the file itself is not detected but it downloads/creates other files that trigger detection).

You may submit false positives via email or directly from ESET product via Submit sample for analysis function. In order to use the function open GUI of ESET Internet Security, you will find following icon in Tools and clicking More Tools:

submit_sample00.png

Please select “False positive file” option and attach the file you want to submit.

submit_fp_file01.png

Please provide all necessary information (as described above) researchers need to process your false positive submission.

submit_fp_file02.png

Information you provide indeed significantly helps ESET laboratories in the identification and processing of samples. Thank you for your submission!

Link to comment
Share on other sites

  • Marcos pinned and locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...