How to report undetected viruses or false positives to LANDESK

Version 33

    Verified Product Versions

    LANDESK Management Suite 9.5LANDESK Management Suite 9.6LANDESK Management Suite 2016.x

    Description

     

    Sometimes malware shows up that does not have a pattern file yet.  This is true for all viruses when they are first written.  These are called "zero day" viruses.

     

    In order for a pattern to be created, the virus must be reported and sent to LANDESK.

     

    How to Report and Send an Infected or Suspicious File

     

    If there is a file(s) that is identified as suspicious, before submitting the file(s) for analysis make sure that all infected machines are scanning with the latest definition files. Once all machines have been scanned with the latest definition files then follow the steps outlined below to have the infected files analyzed.

     

    1. Collect the infected virus file(s) and compile them into a password protected .ZIP file.
      The password must be "infected" and the file format must be in a .ZIP format
    2. Navigate to http://avdrop.landesk.com and drag and drop the password protected .ZIP file to the site.
    3. If you would like a return contact from LANDESK Support with the verdict of the file(s) you have submitted, please Contact LANDesk Support and open a Support Case. 
      It is recommended to use the Support Portal to do this.

     

    Current virus definition release activity can be viewed here: Virus Watch | Kaspersky Lab

    For a virus glossary, virus encyclopedia, and for searchable virus information, please visit http://www.viruslist.com.   This site is maintained by Kaspersky Labs, who provides the Scanning Engine within the LANDESK Antivirus product.

    If the file you have is something you suspect is a "False Positive", or in other words a file that you believe does not contain malware but is being reported by LANDESK Antivirus as malware, the following instructions for submitting a False Positive to LANDESK Software should be followed:

    LANDESK Antivirus false positive virus detection submission process

     

    In addition, as an extra troubleshooting step, you can upload the suspicious file to https://www.virustotal.com.   This website will compare the file against ~40+ Antivirus engines.   If the majority say it is malware, it is likely malware, if the majority say it is not malware it is either likely not malware, or it is a very new virus variant that is not yet detected by the majority of Antivirus vendors.