[KB141] Submit a virus, website, or potential false positive sample to the ESET Research Lab

Issue

Solution

Before submitting samples to ESET

Use a descriptive subject line and enclose as much information about the file as possible (for example, a screenshot or the website you downloaded it from).

Send your email with the following:

  • send the email as plain text
  • do not include any other links, email addresses, or images in the body of the email aside from that which you are contacting about
  • do not include a footer in the email

The sample you want to submit must meet at least one of the following criteria:

  • Your ESET product does not detect the sample at all
  • The sample is incorrectly detected as a threat

ESET Research Lab does not perform On-demand scans for users. We do not accept personal files that you would like to scan for malware as samples.

Submit a suspicious file / potential false positive file for analysis via email

  1. Take screenshots of the threat detection notification you receive from your ESET product or any error messages or suspicious behavior that your computer is exhibiting.

Figure 1-1
Click the image to view larger in new window
  1. Compress the files into a .zip or .rar archive and password protect it with the password "infected".

  2. Create and send an email with the following information:

    1. In the Subject line: Indicate if the attached file contains a suspected infection or a false positive (for example, use the subject Suspected infection or the subject False positive).

    2. In the body of the email: Make a note of the password you set in step 1 and attach the .zip or .rar archive as well as any screenshots. Include any background information where you found the sample and, if applicable, the Technical Support case number. 

    3. In case the computer is already infected, include logs collected by ESET Log Collector.

    4. Send the email to: samples@eset.com.

You are a software vendor, and ESET detects your app as a Potentially unwanted application (PUA)

Some "Threat found" or "Threat removed" detections are classified as PUA. If you think that an app was incorrectly detected as PUA, follow the steps below:

Figure 1-2
Click the image to view larger in new window
  1. Take screenshots of the threat detection notification you receive from your ESET product.

  2. Compress your application files into a .zip or .rar archive and password protect it with the password "infected".

  3. Create and send an email with the following information:

    1. In the Subject line: Indicate that the attached file contains a false positive (for example, use the subject "PUA - False positive").
    2. In the body of the email: Make a note of the password you set in step 2 and attach the .zip or .rar archive as well as any screenshots. Include any background information where the sample is available and, if applicable, the Technical Support case number.
    3. Send the email to: samples@eset.com.
The issue is not resolved within three days, and the matter is urgent

Send a follow-up email message with the following information:

  • The subject line of the email that you sent to samples@eset.com.
  • Date and time of email.
  • The email address you sent it From.

Back to top


Submit a suspicious website / potential false-positive website / potential website miscategorization

Follow the appropriate instructions below, depending on the type of issue you want to submit:

Report a suspicious website or false-positive website via email

Create and send an email with the following information:

  • In the Subject line: If you are reporting a blocked website that may contain potentially dangerous content, include Domain whitelist followed by the blocked domain (such as www.blockeddomain.com).
  • In the body of the email: Include the URLs being blocked or that you found suspicious.
    • Why do you think it is a false positive report. Provide as much information as possible about the source of the software, including the name of the developer, the name, and the application version.
    • If you are reporting a blocked website, provide the complete URL that is blocked. Enclosing a screenshot of the notification about the blockage is recommended.
  • Send the email to: samples@eset.com.

If the issue is not resolved within three days and the matter is urgent, send a follow-up email message with the following information:

  • The subject line of the email that you sent to samples@eset.com.
  • Date and time of email.
  • The email address you sent it From.
Submit spam or spam false positives
Submit emails in .eml or .msg format

For ESET to process your submission, it must be included as an attachment in .eml or .msg format. Email sent in a different format cannot be processed.

In Microsoft Outlook, drag an email to your desktop to export it as a .msg file. If you use a web-based email client, consult their help resources for instructions to export your mail.

  • Email incorrectly marked as spam: If you received an email message classified as spam by your ESET product, and you do not recognize it as spam, send an email to nospam@eset.com with the original message as an attachment in .eml or .msg format.
  • Undetected spam: If you received an email message that you classify as spam, but your ESET product did not classify it as spam, send an email to spam@eset.com with the original message as an attachment in .eml or .msg format.
If you are using ESET Cloud Office Security, use the dedicated email addresses nospam_ecos@eset.com and spam_ecos@eset.com to report false positive (FP) / false negative (FN) detections for spam. For detailed instructions, see ECOS Online Help.
 
Following up on reported messages

If you have previously reported an email message as spam or not spam, but the message is still not categorized correctly after 24 hours, contact ESET Technical Support. Do not use spam@eset.com or nospam@eset.com addresses in such cases. For more details and assistance, get in touch with ESET Technical Support.

Submit a miscategorization of a website by the Parental control or Web control module

Report a miscategorized URL or website here.

If you have already reported it and the website is still miscategorized, contact your local ESET partner for technical support.

Submit a fraudulent page (phishing)

If you believe you have deliberately and deceitfully discovered a similar page to another, complete this form to notify us.

Back to top


Submit samples using your ESET product

Sample submission best practices in ESET products

It is strongly recommended to follow these best practices before submitting your sample to ESET (currently available only in the English language):

If you prefer not to send an email, use the sample submission form in your ESET product. The process may differ depending on your ESET product GUI. 

  1. Open the main program window of your ESET Windows product.

  2. Click Tools Quarantine, right-click the sample and click Submit sample for analysis.

  3. Follow the in-product wizard to complete your submission.

Back to top