[KB141] Submit a virus, website, or potential false positive sample to the ESET Research Lab

Issue

You have a suspicious file, suspicious website, potential false positive, or potential miscategorization by Parental Control or Web control that you would like to submit to ESET for analysis
Submit a suspicious file / potential false positive file for analysis via email
Submit a suspicious website / potential false positive website / potential website miscategorization
Submit spam or spam false positive via email
Submit a miscategorization of a website by the Parental control or Web control module
Submit a fraudulent page (phishing)
Submit samples using your ESET product

Solution

Before submitting samples to ESET

Use a descriptive subject line and enclose as much information about the file as possible (for example, a screenshot or the website you downloaded it from).

Send your email with the following:

send email as a plain text
do not include any other links, email addresses, or images in the body of the email aside from that which you are contacting about
do not include a footer in the email

The sample you want to submit must meet at least one of the following criteria:

Your ESET product does not detect the sample at all
The sample is incorrectly detected as a threat

ESET Research Lab does not perform On-demand scans for users. We do not accept personal files that you would like to scan for malware as samples.

Submit a suspicious file / potential false positive file for analysis via email

Take screenshots of the threat detection notification you receive from your ESET product or any error messages or suspicious behavior that your computer is exhibiting.

Figure 1-1
Click the image to view larger in new window

Compress the files into a .zip or .rar archive and password protect it with the password "infected".
Create and send an email with the following information:
1. In the Subject line: Indicate if the attached file contains a suspected infection or a false positive (for example, use the subject Suspected infection or the subject False positive).
2. In the body of the email: Make a note of the password you set in step 1 and attach the .zip or .rar archive as well as any screenshots. Include any background information where you found the sample and, if applicable, the Technical Support case number.
3. In case the computer is already infected, include logs collected by ESET Log Collector.
4. Send the email to: samples@eset.com.

You are a software vendor, and ESET detects your app as a Potentially unwanted application (PUA)

Some "Threat found" or "Threat removed" detections are classified as PUA. If you think that an app was incorrectly detected as PUA, follow the steps below:

Figure 1-2
Click the image to view larger in new window

Take screenshots of the threat detection notification you receive from your ESET product.
Compress your application files into a .zip or .rar archive and password protect it with the password "infected".
Create and send an email with the following information:
1. In the Subject line: Indicate that the attached file contains a false positive (for example, use the subject "PUA - False positive").
2. In the body of the email: Make a note of the password you set in step 2 and attach the .zip or .rar archive as well as any screenshots. Include any background information where the sample is available and, if applicable, the Technical Support case number.
3. Send the email to: samples@eset.com.

The issue is not resolved within three days, and the matter is urgent

Send a follow-up email message with the following information:

The subject line of the email that you sent to samples@eset.com.
Date and time of email.
The email address you sent it From.

Submit a suspicious website / potential false-positive website / potential website miscategorization

Follow the appropriate instructions below, depending on the type of issue you want to submit:

Report a suspicious website or false-positive website via email

Create and send an email with the following information:

In the Subject line: If you are reporting a blocked website that may contain potentially dangerous content, include Domain whitelist followed by the blocked domain (such as www.blockeddomain.com).
In the body of the email: Include the URLs being blocked or that you found suspicious.
- Why do you think it is a false positive report. Provide as much information as possible about the source of the software, including the name of the developer, the name, and the application version.
- If you are reporting a blocked website, provide the complete URL that is blocked. Enclosing a screenshot of the notification about the blockage is recommended.
Send the email to: samples@eset.com.

If the issue is not resolved within three days and the matter is urgent, send a follow-up email message with the following information:

The subject line of the email that you sent to samples@eset.com.
Date and time of email.
The email address you sent it From.

Submit spam or spam false positives

Submit emails in .eml or .msg format

For ESET to process your submission, it must be included as an attachment in .eml or .msg format. Email sent in a different format cannot be processed.

In Microsoft Outlook, drag an email to your desktop to export it as a .msg file. If you use a web-based email client, consult their help resources for instructions to export your mail.

Email incorrectly marked as spam: If you received an email message classified as spam by your ESET product, and you do not recognize it as spam, send an email to nospam@eset.com with the original message as an attachment in .eml or .msg format.
Undetected spam: If you received an email message that you classify as spam, but your ESET product did not classify it as spam, send an email to spam@eset.com with the original message as an attachment in .eml or .msg format.

If you are using ESET Cloud Office Security, use dedicated email addresses nospam_ecos@eset.com and spam_ecos@eset.com to report false positive (FP) / false negative (FN) detections for spam. For detailed instructions, see ECOS Online Help.

Following up on reported messages

If you have previously reported an email message as spam or not spam, but the message is still not categorized correctly after 24 hours, contact ESET Technical Support. Do not use spam@eset.com or nospam@eset.com addresses in such cases. For more details and assistance, get in touch with ESET Technical Support.

Submit a miscategorization of a website by the Parental control or Web control module

Report a miscategorized URL or website here.

If you have already reported it and the website is still miscategorized, contact your local ESET partner for technical support.

Click here to learn more about ESET Parental control.
Click here to learn more about Web control in ESET Windows endpoint products.

Submit a fraudulent page (phishing)

If you believe you have deliberately and deceitfully discovered a similar page to another, complete this form to notify us.

Submit samples using your ESET product

Sample submission best practices in ESET products

It is strongly recommended to follow these best practices before submitting your sample to ESET (currently available only in the English language):

If you prefer not to send an email, use the sample submission form in your ESET product:

Open the main program window of your ESET Windows product.
Click Tools → More tools and click Submit sample for analysis.
Follow the in-product wizard to complete your submission.

Last Updated: Aug 10, 2022