If an antivirus program doesn't have a link in this list, also make sure you read the comments below; there are some helpful things there. I need to update the list.
Today someone came in to our live chat support with a false positive for Blender in McAfee. I couldn't find out how to report it. So when I finally found it, I decided to try investigating more vendors and listing links for them so that they can be put into the support pages.
I went through the list of checked software at VirusTotal. Ones I couldn't track down are struck out (if you can find a source, please add a comment and I'll add it). I haven't finished going through yet.
AhnLab V3Antiy Labs Antiy-AVLAladdin eSafe- ALWIL Avast! (applies to false positives as well)
- Authentium Command Antivirus
- AVG
- Avira AntiVir
- Quick Heal
- ClamAV
- Comodo
- CA Inc. Vet
- DrWeb
- a-squared (fp@emsisoft.com)
- Eset Software ESET NOD32
- Fortinet
- FRISK Software F-Prot
- F-Secure
- G DATA Software GData
- Hacksoft The Hacker
- Hauri ViRobot
- Ikarus Software Ikarus
- INCA Internet nProtect
- K7 Computing K7AntiVirus
- Kaspersky
- McAfee
- Microsoft Malware Protection
- Norman Antivirus
- Panda Security
- PCTools
- Prevx Prevx1
- Rising Antivirus Rising
- Secure Computing SecureWeb
- BitDefender
- Sophos SAV
- Sunbelt Software Antivirus
- Symantec Norton Antivirus
- VirusBlokAda VBA32
- TrendMicro
- VirusBuster
- Chris Morgan's blog
- Log in or register to post comments
Comments
Good stuff
This is good stuff. I should link to this in the FAQ because false positives are too commonly posted.
Is there a site that allows you to upload a file to see if it is, in fact, a false positive? That would be very useful among all these links.
I've been lucky so far. I've only used AVG Free since using portable apps and have never gotten a false positive.
Yes
There are two main online virus checkers with multiple scanners: VirusTotal and Jotti.
See https://portableapps.com/support#false_positive for these links and a few more details. I'm just hoping that we'll be able to polish this list up a bit and then have it as another page - portableapps.com/support/false_positive - which will be the old info plus the new links to each vendor's false-positive-reporting location.
Thanks
Thanks. What I'll do is, link to one or both of those online virus scanners, emphasize that the official apps are thoroughly checked (probably shouldn't speak for the others), and then link here for how to report false positives.
Also, didn't you say in the topic for your launcher that, going forward, your Swiss Army Knife launch-all would be used for many upcoming releases? If so, would it be a good idea to point folks to it for making their own portable apps (as opposed to just linking the field guide)?
Also, didn't you say in the
For stuff he does, yes. When its official, sure. Now? I don't think so. I'm sure someone will correct me if I'm wrong.
Antiy Labs Antiy-AVL
Found an email address near the foot of the "Contact Us" page:
http://www.antiy.net/contacts/
False Positive
Email: submit@antiy.com
Submit a Sample
Submit suspicious file here:
http://cloud.antiyfx.com:8081/index_en.html
However, their email is apparently hosted by or forwards to gmail, which rejects attachments with the ZIP extension. I had intentionally encrypted the file with a password and provided the password "Harmless" in the body. Now I have resubmitted it with the extension z_p with instructions to change it back to zip.
Chris, Please note
Chris,
Please note that this:
http://www.mcafee.com/us/threat_center/dispute/dispute_form.asp
is not how a user reports what they believe to be a false positive to McAfee.
That is the "McAfee Detection Dispute Submission Form" and is intended for software developers to dispute McAfee's belief that their software is a virus/malware.
The actual method for McAfee users is to use "WebImmune"
https://www.webimmune.net/default.asp
[Which unfortunately requires registration]
or by e-mail submission to:
virus_research@avertlabs.com
with the file zipped and password protected [the password needs to be the word infected] and the word FALSE should be in the subject line.
Thanks for putting together this list,
Tim
Thanks
I had searched around quite a bit and that dispute form was the best I had found - and a (non-Adobe-employed) user had used it to report a false positive in Adobe Reader in their forum, so I figured unless I could find anything better, I'd leave it in that.
I've updated the link to http://community.mcafee.com/docs/DOC-1041 which I have since found (the keyword "webimmune" helped, thanks for that :-)).
ALWIL Software avast!
You can email them also.
This is the general response I give in the avast! forums, when discussing a false positive, don't know how you want to implement it into this list...
I'll post a link to one, save wasting space...
http://forum.avast.com/index.php?topic=48353.msg408223#msg408223
Link found
Since then I've found an official document which says it and by a couple of comments in the forums seems to apply to false positives as well, so I've updated the link to that. http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbart...
yeah
I was looking for something like that...
The 'Email to ALWIL Software' button produces another window that gives the option of 'Potential Malware' or 'False positive'
This may change somewhat, when version 5 arrives, so I'll keep an eye out for an updated version.
Ha, just realised, the one I linked to was an 'Undetected Malware' one...
(and obviously, 7zip portable is the one for the password protected archive ;))
What I could find...
ESET
Fortinet
Frisk Software F-Prot
This one seems to be only undetected viruses, but you could put false positive in the comment...Couldn't find another one for that...
F-Secure
Not sure about GDATA, since they use avast's engine and another and I can't find it on the site...
Hauri ViRobot
INCA Internet nProtect
Norman
Panda Security
Could only find an email address: Virus(@)pandasecurity(.)com
Bitdefender --> Could only find a forum...
Sophos
Sunbelt
Symantec
Not sure if this can be applied to false positives as well...
And after all of that, I find this: http://www.virusbtn.com/resources/cybercrime/type
It has some in there I couldn't find, I think...
Thanks
Thanks for filling that out.
Grr... I looked through the Virus Bulletin site at the start as I thought it would probably have something like that... I didn't find that page though
Wonder what I should do now. Possibly tell them that their Hauri (ViRobot) and VirusBuster links are broken...
Still interested?
Hey Chris, are you still interested in doing this? I recently started compiling my own list of FP reporting methods, and I found a couple that aren't on your list. I'd be happy to share if you're interested.
To the powers that be
*whispers* ... wiki page.
I second the motion
A wiki page would be nice to have; especially since a lot of AV companies seem to hide their FP-reporting pages (I'm looking at you, Authentium), having a public resource would probably save many of us a lot of time & hair.
Generally no but...
I know it's something that's been mentioned a few times and in general I think it's probably overkill for this particular website. However there are one of two resources here where it just makes sense. Case in point: This thread.
Symantec / Norton AV FP page
False Positive Submission
https://submit.symantec.com/dispute/false_positive/
Sunbelt Security / VIPRE FP reports
Sunbelt Security - False Positive
http://www.sunbeltsecurity.com/falsepositive/
or email in a passworded ZIP to falsepositive@sunbeltsoftware.com -- be sure to include the password [grin].
Ikarus
send an email to: sample AT ikarus DOT at
eSafe
Please upload the file to our FTP:-
ftp://techsup.esafe.com/wts/
Name: esafe-user
Pass: !DirXml0
And let us know the name of uploaded file at support AT safenet-inc DOT com
F-prot
f-prot: http://www.f-prot.com/virusinfo/false_positive_form.html
f-secure
https://analysis.f-secure.com/portal/login.html
bitdefender
http://kb.bitdefender.com/site/KnowledgeBase/article/491/
Dude
Write one comment and include them all.