[KB141] Submit a virus, website, or potential false positive sample to the ESET Research Lab
Issue
You have a suspicious file, suspicious website, potential false positive, or potential miscategorization by Parental Control or Web control that you would like to submit to ESET for analysis
Use a descriptive subject line and enclose as much information about the file as possible (for example, a screenshot or the website you downloaded it from).
Send your email with the following:
send email as a plain text
do not include any other links, email addresses, or images in the body of the email aside from that which you are contacting about
do not include a footer in the email
The sample you want to submit must meet at least one of the following criteria:
Your ESET product does not detect the sample at all
The sample is incorrectly detected as a threat
ESET Research Lab does not perform On-demand scans for users. We do not accept personal files that you would like to scan for malware as samples.
Submit a suspicious file / potential false positive file for analysis via email
Take screenshots of the threat detection notification you receive from your ESET product or any error messages or suspicious behavior that your computer is exhibiting.
Figure 1-1 Click the image to view larger in new window
Compress the files into a .zip or .rar archive and password protect it with the password "infected".
Create and send an email with the following information:
In the Subject line: Indicate if the attached file contains a suspected infection or a false positive (for example, use the subject Suspected infection or the subject False positive).
In the body of the email: Make a note of the password you set in step 1 and attach the .zip or .rar archive as well as any screenshots. Include any background information where you found the sample and, if applicable, the Technical Support case number.
In case the computer is already infected, include logs collected by ESET Log Collector.
You are a software vendor, and ESET detects your app as a Potentially unwanted application (PUA)
Some "Threat found" or "Threat removed" detections are classified as PUA. If you think that an app was incorrectly detected as PUA, follow the steps below:
Figure 1-2 Click the image to view larger in new window
Take screenshots of the threat detection notification you receive from your ESET product.
Compress your application files into a .zip or .rar archive and password protect it with the password "infected".
Create and send an email with the following information:
In the Subject line: Indicate that the attached file contains a false positive (for example, use the subject "PUA - False positive").
In the body of the email: Make a note of the password you set in step 2 and attach the .zip or .rar archive as well as any screenshots. Include any background information where the sample is available and, if applicable, the Technical Support case number.
Follow the appropriate instructions below, depending on the type of issue you want to submit:
Report a suspicious website or false-positive website via email
Create and send an email with the following information:
In the Subject line: If you are reporting a blocked website that may contain potentially dangerous content, include Domain whitelist followed by the blocked domain (such as www.blockeddomain.com).
In the body of the email: Include the URLs being blocked or that you found suspicious.
Why do you think it is a false positive report. Provide as much information as possible about the source of the software, including the name of the developer, the name, and the application version.
If you are reporting a blocked website, provide the complete URL that is blocked. Enclosing a screenshot of the notification about the blockage is recommended.
If the issue is not resolved within three days and the matter is urgent, send a follow-up email message with the following information:
The subject line of the email that you sent to samples@eset.com.
Date and time of email.
The email address you sent it From.
Submit spam or spam false positives
Submit emails in .eml or .msg format
For ESET to process your submission, it must be included as an attachment in .eml or .msg format. Email sent in a different format cannot be processed.
In Microsoft Outlook, drag an email to your desktop to export it as a .msg file. If you use a web-based email client, consult their help resources for instructions to export your mail.
Email incorrectly marked as spam: If you received an email message classified as spam by your ESET product, and you do not recognize it as spam, send an email to nospam@eset.com with the original message as an attachment in .eml or .msg format.
Undetected spam: If you received an email message that you classify as spam, but your ESET product did not classify it as spam, send an email to spam@eset.com with the original message as an attachment in .eml or .msg format.
If you are using ESET Cloud Office Security, use dedicated email addresses nospam_ecos@eset.com and spam_ecos@eset.com to report false positive (FP) / false negative (FN) detections for spam. For detailed instructions, see ECOS Online Help.
Following up on reported messages
If you have previously reported an email message as spam or not spam, but the message is still not categorized correctly after 24 hours, contact ESET Technical Support. Do not use spam@eset.com or nospam@eset.com addresses in such cases. For more details and assistance, get in touch with ESET Technical Support.
Submit a miscategorization of a website by the Parental control or Web control module