How to submit a false positive or negative sample file or URL to WithSecure

Issue:

Real-time scanning or DeepGuard has detected a file to be malicious. How to submit a sample file to Virus labs to find out if it is a false positive?
What if a possibly malicious file has not been detected, how to submit a sample file to virus labs to find out if it is a false negative?

Resolution:

If you suspect that:

A clean file has been falsely detected as malicious, or;
A file that is malicious but has not been detected by our software

you can submit the file for analysis suing the Sample Validation service found in the Elements portal:

Log in to the Elements portal: https://elements.withsecure.com
Go to the Requests page on the menu on the left
Click Create Request
Open the Request type drop-down menu and select Submit sample for validation
Open the Sample type drop-down menu and select File
1. Make sure you selected the correct sample type for the file:
  1. File-Based False Positive: A clean file incorrectly detected as malware. For example, a company’s internal tool flagged as a trojan.
  2. Potentially Unwanted Application (PUA): Legitimate software detected as unwanted. For example, a remote admin or adware-style installer used for business purposes.
  3. File-Based False Negative: A malicious file not detected by the product. For example, a ransomware executable encrypts data without being blocked.
2. All types of sample types and their definitions can be found here: #business/elements-welcome/latest/en/creating_and_viewing_sample_validation_request_in_the_request_views-latest-en.
Drag and drop the file or click Browse to upload the file
Open the Request reason drop-down menu and select one option:
1. False Positive - Clean file was blocked
2. False Negative - Malicious file not detected
3. Potentially unwanted application detected
4. Request whitelisting
Open the Product name drop down menu and select the product
Add a short title for the request in the Title field.
Write down a description of the file or summary of concern
Click Create Request

The sample submission is analyzed by our analysts and the databases will be updated if necessary.

You can read more about the Sample Validation service from the user guide: https://www.withsecure.com/userguides/product.html#business/elements-welcome/latest/en/concept_samplevalidation-latest-en