This process is specific to Ivanti Antivirus using the Kaspersky engine. For Ivanti Antivirus 2017 using the Bitdefender engine, please see this document:
Sometimes malware shows up that does not have a pattern file yet. This is true for all viruses when they are first written. These are called "zero day" viruses.
In order for a pattern to be created, the virus must be reported and sent to Ivanti
How to Report and Send an Infected or Suspicious File
If there is a file(s) that is identified as suspicious, before submitting the file(s) for analysis make sure that all infected machines are scanning with the latest definition files. Once all machines have been scanned with the latest definition files then follow the steps outlined below to have the infected files analyzed.
- Collect the infected virus file(s) and compile them into a password-protected .ZIP file.The password must be "infected" and the file format must be in a .ZIP format
- Navigate to http://avdrop.ivanti.com and drag and drop the password-protected .ZIP file to the site.
(If the file is a false positive - in other words a file that should be clean but is being detected as a virus, please prefix your filename with "false-positive-"
- If you would like a return contact from Ivanti Support with the verdict of the file(s) you have submitted, please Contact Ivanti Support and open a Support Case.
It is recommended to use the Support Portal to do this. Please include the exact filename you have uploaded.
Current virus definition release activity can be viewed here: Virus Watch | Kaspersky Lab
For a virus glossary, virus encyclopedia, and for searchable virus information, please visit http://www.viruslist.com. This site is maintained by Kaspersky Labs, who provides the Scanning Engine within the Ivanti Antivirus product.
If the file you have is something you suspect is a "False Positive", or in other words a file that you believe does not contain malware but is being reported by Ivanti Antivirus as malware, the following instructions for submitting a False Positive to Ivanti should be followed:
In addition, as an extra troubleshooting step, you can upload the suspicious file to https://www.virustotal.com. This website will compare the file against ~40+ Antivirus engines. If the majority say it is malware, it is likely malware, if the majority say it is not malware it is either likely not malware, or it is a very new virus variant that is not yet detected by the majority of Antivirus vendors.