How to report false positive on Virustotal.com?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to report false positive on Virustotal.com?

L1 Bithead

Hello,

 

File Hash: c31341b8ed142e4fe4d8ead6ef773b99394fb8efd5bfae6af763c592bf460017
Link to Virustotal report for the file: https://www.virustotal.com/gui/file/c31341b8ed142e4fe4d8ead6ef773b99394fb8efd5bfae6af763c592bf460017...
Current VirustTotal Verdict: Generic.ml
Description: Barcode Recognition SDK, library for developers

 

We are software development company, one of our .exe files has been detected as malware on Virustotal.com by Palo Alto Networks antivirus.

What is the correct way to report false positive? I've tried to submit false positive by e-mail provided on virustotal.com false positive report vendors list (https://docs.virustotal.com/docs/false-positive-contacts), but it is not possible to send .exe or password protected archive because of e-mail declined by Palo Alto mail server, so I've just sent a Virustotal hash, but didn't get any notification back that request has been received.

1 accepted solution

Accepted Solutions

I'm not aware of anyone monitoring the PAN email.  This is the forum for requesting verdict changes for non-Palo Alto Networks customers.  

As for your file, the verdict has been updated; this is no longer deemed malware. 

View solution in original post

11 REPLIES 11

Cyber Elite
Cyber Elite

Hello,

 

Do you have an active Palo Alto support account? If so you can open a tac case and follow these KBs. 

 

How to Submit a Vulnerability Signature False Positive - Knowledge Base - Palo Alto Networks

How to submit Anti-Virus False Positive - Knowledge Base - Palo Alto Networks

I am not Palo Alto Networks customer, so am not able to create support account.

Cyber Elite
Cyber Elite

You could try contacting their support through here, granted they may not be able to assist without a contract. Otherwise you may just have to wait for confirmation on your email to them or their are PAN employees that monitor this and could see this and assist

 

Contact Us - Palo Alto Networks

On virustotal.com false positive report vendor contact list (https://docs.virustotal.com/docs/false-positive-contacts) there is e-mail address (vt-pan-false-positive@paloaltonetworks.comwhere you can send false positive report, but when you try to send .exe or password protected archive, e-mail will be automatically declined. So I've sent just explanation with virustotal.com hash many days ago, but nobody replied back, even with some automatic notification with "Thank you, your request has been received".

In Contact Us if I press on create a case on support portal, I open a page with "An unexpected error has occurred. Please contact support." and it leads to phone numbers list in different countries, but my country not in the list.

Is it the only option to contact IT company support is grab the phone and call to abroad? 😄

L5 Sessionator

Hello,

Please follow the pin post at the top of this forum for how to provide the information we need for VT file reviews.  This post can be found here:

Pinned Post 

Hello, what is missing in my first post?

We would like to know the actual description of this file.  What does it do, what is the purpose for this file?  A more description description will give us a better idea of what this file's purpose is so that we can understand why it maybe doing what it's doing. 

First post amended, this is library for developers, file is digitally signed, are there any option to report in more private manner and provide file or download link on our company website?

That should be all that is needed.  Thank you for the detailed description.  This file has been submitted for review. 

Is it possible to report by email vt-pan-false-positive@paloaltonetworks.com provided on https://docs.virustotal.com/docs/false-positive-contacts website? Is this e-mail monitored by someone? I did sent a request on 14 May 2024 but never get answer back, even automatic notification that request has been received.

I'm not aware of anyone monitoring the PAN email.  This is the forum for requesting verdict changes for non-Palo Alto Networks customers.  

As for your file, the verdict has been updated; this is no longer deemed malware. 

  • 1 accepted solution
  • 7698 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!