Where to report/submit false positive samples of antivirus software

As a software developer, do you know which feature of your software your users appreciate the most?

We developed SofMeter, the free in-app analytics tool, to answer questions like that.

With SoftMeter you will see how the users are using your software, discover which features are used the most or least, and understand where you should focus your development efforts to maximize your sales.

As a desktop software developer, you might find that one of the many antivirus software flags your perfectly clean software as suspicious.

This can happen for a variety of reasons, including:

  • Your software is not code-signed.
  • Your software is not very popular so the antivirus engines do not have enough knowledge about it.
  • New scan engines that scan the files using artificial intelligence (AI) find resemblance of your software with known computer threats.
  • Your software is a small command-line utility, developed in low-level languages, e.g. C/C++.

Usually, the software developer will get an email from a user saying that their AV software caught their program as suspicious and blocked it or discourages the user from running it.

If this happens, here is what you need to do if you are the developer or the end-user of the software:

Desktop software developers End-users of software
  1. Scan your computer and the file with as many antivirus engines as you can, including the one mentioned by your user.
  2. If indeed the file is clean, submit your false-positive sample to the antivirus software that reported it as a virus.
  1. Inform the developers and mention the brand and name of your antivirus software
  2. Open your antivirus, go to the quarantined items, find the file you just downloaded and chose to submit it for further analysis by the antivirus company.
    Depending on the brand of your antivirus software, this submission may be also be labelled as "submit your false-positive* sample".

*False positive: a test result which wrongly (falsely) indicates (positive) that a particular condition (virus body) was detected.

List of antivirus software and their false positive submission URLs

Below we started a list of the URLs where software developers can submit their software for further analysis. After the analysis is complete the antivirus software makers update their engines and the new patterns are distributed to the users in a couple of days.

Antivirus software For desktop software developers:
Submit false positive		 For end-users and developers:
Free antivirus scanner
360 Total Security

If you think the file intercepted by 360 Total Security is not a Trojan horse or virus files, please send it to us for analysis

Submit via a form.

  
Adaware

Report a suspected false positive.

  
AhnLab
AhnLab logo

Report a suspected false positive. (Requires login)

  
Avast antivirus
Avast logo

Report a suspected false positive.

  
AVG antivirus
AVG logo

Report a suspected false positive.

  
Avira antivirus
Avira logo

Submit suspicious files and URLs, false positives.

  
BitDefender
BitDefender logo

Submit a sample file or URL.

 Download a free antivirus edition (for Windows or MacOS) to scan the files locally.
Check Point
Checkpoint logo

Sometimes the Check Point Spyware Scanner inappropriately detects an application as Spyware. If you have come across what seems to be identified as malicious Spyware, but in fact it is not, you can report such detection to the Check Point Security Team. Report a false positive (by email).

  
ClamavNet

Use the following form to report your false positive.
After reviewing your report, the Detection Content Team will review your submission and update the database. Report a false positive.

  
Eset antivirus

You have a suspicious file, suspicious website, potential false positive or potential miscategorization by Parental Control (or Web control)that you would like to submit to ESET for analysis.

Submit a virus, website or potential false positive sample to the ESET lab.

  
F-secure antivirus
f-secure logo

Think a file is harmful? Or that a file or website was incorrectly detected or rated? Submit it for analysis.

Submit via form or via FTP.

 F-secure free virus scanner (for Windows). It does a generic 3' scan and does not give you the ability to scan a specific folder or file that you are interested in.
Kaspersky
Kaspersky antivirus false positive

False detections by Kaspersky products / What to do with the false detections: instructions.

 Free online tool to analyse files and website pages: OpenTip.
Malwarebytes antivirus

Is Malwarebytes incorrectly flagging a program or website? Report it at the Malwarebytes forum.

  
McAfee
mcafee logo

For end-users: Submit potential false positives from the product or through Global Threat Intelligence to McAfee Labs. Report it here.

McAfee makes it really hard for both the users to send false positives back to them. By submitting a false positive, the users help the AV companies to fix their threat detection algorithms. So they deserve at least an easy way to do that.

Normally, antivirus software have a button that the user can click to send a suspicious file for further analysis to the company. There is no such option in McAfee.

The users have to prepare a specifically formatted email and provide .sup files. Probably not many users or developers will invest all the effort needed to submit a false positive.

McAfee antivirus submit false positive sample

  

For developers: How to submit your company's software to be considered for whitelisting

Customers, partners, and other third-party software manufacturers can submit their own propriety software for inclusion in the McAfee False Positive Test Rig. This ability to submit significantly reduces the chances of a DAT causing false positives on unique customer applications or data.
Microsoft defender
Microsoft logo

Report your false-positive to Microsoft. You will need to login with a Microsoft account.

 Microsoft safety scanner.
Norton
norton logo

Submit false positive.

 Free offline scanner, Norton Power Eraser.
VirusTotal

Virus total has also launched a special tool for developers and antivirus vendors, the VirusTotal Monitor. VirusTotal Monitor is a service to mitigate false positives.
You need to create an account on VirusTotal and then request a free period for the VirusTotal Monitor. Pricing for this service is not disclosed.

 You can upload your software to VirusTotal to be scanned by 70+ antivirus engines. If one or more of the engines detect your software as a false-positive threat, you can find here the details of each engine and contact them with your false-positive sample. List of virus scan engines.
SecureAPlus

Report false positive files if you think that a detection made by one of the cloud engines of the Universal AV scanner is not actually a virus or malware. Report False Positive.

  
See also: 
What is the Avast DRep (Domain reputation) threat warning when downloading a (software) file?
Warning of possibly harmful website or software - How to deal with it?
Tags: 
Software development

Comments

Patrice Martel (not verified)

Fri, 09/18/2020 - 20:24

Why does Kaspersky is not on the list? It's one of the most used antivirus in the world.

web admin

Tue, 09/22/2020 - 11:21

Thanks for pointing this out. Kasperksy and its free online scan tool were added to the list of antivirus software.

Kristof Mulier (not verified)

Fri, 01/01/2021 - 17:06

This is a great article! Thank you very much for compiling this list.

Unfortunately, submitting an executable is only a short term solution. As a startup software company, we release new versions almost every week. Our software is young (alpha version) and needs bugfixes and feature updates very regularly. Is it possible to submit a certificate (eg. an EV-certificate from Sectigo) to be added to the whitelists of antivirus companies?

Kind regards,
Kristof Mulier
embeetle.com

Add new comment