VirusTotal false positive reporting mechanism needs improvement

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

VirusTotal false positive reporting mechanism needs improvement

L1 Bithead



It is my opinion that Palo Alto Networks needs to improve false positive reporting mechanism for 3rd party software vendors. For instance: we monitor our own software releases for false positive detections via VirusTotal. Majority of security vendors working with VirusTotal have simple mechanisms in place to report false positive detections to them, even if you don’t use their software. I can’t seem to find a way to report false positive detection to Palo Alto Networks other than opening a support case. Of course, you can’t open a support case if you aren’t a licensed customer.

Please enhance your false positive reporting mechanism to allow software vendors to report problems in your definitions, or to request whitelisting; preferably via private upload / private communication mechanism. I say it because your disclaimer doesn’t give me warm fuzzies about response or turnaround times about false positive reports we'll post in this forum.

This forum is not a customer support venue. Palo Alto Networks staff will not engage in active discussions on this forum. Our staff will ingest properly formatted submissions for review and update Palo Alto Networks (Known Signatures) verdicts when appropriate.


Thank you,


L0 Member

"Compatibility Test Application Program:

Application compatibility is important when trying to access a network. Without certified compatibility, users risk denied access and administrators must write policy exceptions.

The program enables CASB, NAC, SSL-VPN, and SSO compatibility on thousands of leading access controls from vendors like Palo Alto Networks and others. Compatibility ensures that the application can be detected, classified, and displayed from over 200,000,000 endpoints in a network

administrator's management console. "  :


"Badges!  WE don't Need Any Stink'in BADGES!" : 

"Certify endpoint security application Compatibility, False Positives, and Quality.  All certified vendors receive Badges to showcase that their applications are powerful, reliable, and efficient."


I totally understand the licensing aspects of the PAN solution.  Since you don't have one, then just revert to the process of False Positives directly to .  They have just began this Threat Intel Sharing in the last week or two.


The interesting part that I thought was SOP at Virus Total is "THEY DO NOT" WHITELIST anything, unless the Virus Engine is reported to by the Virus Total client to work directly with AV vendor to determine if in fact it is a false positve and report the Positive Confirmation of the False Positive as referenced in Virus Total Anti Virus signature.


Speaking of Virus Total though leads to a pretty decent Personal/Free End-Point solution.  Not to be confused with any other type of device other than personal is:


Free Tools:


MetaDefender EndPoint Client:


MetaDefender Google Browser Extention:


What is this????:


Jeff Mathis
404-903-8027 is not responsible for the outcome of analysis, nor should they whitelist anything. simply aggregates scan results from different vendor definitions.


Definition providers (such as Palo Alto Networks, etc) are ultimately responsible for detection signatures and whitelisting.


We’ve worked with many antivirus vendors interfacing with in the past, and most of them have very simple mechanism to report false positive detections to them (upload via website, encrypted email, etc). Palo Alto Networks does not appear to have such mechanism, beyond posting in this forum. The forum’s disclaimer doesn’t seem to reassure that my false positive reports will be taken seriously and addressed in reasonably fast manner.


  • 2 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!