How to report undetected viruses or false positives (Kaspersky based Antivirus) to Ivanti EPM Support

Version 38

    Verified Product Versions

    Endpoint Manager 9.5Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.x

    This process is specific to Ivanti Antivirus using the Kaspersky engine.  For Ivanti Antivirus 2017 using the Bitdefender engine, please see this document:

    How To Submit False Positives and Undetected Malware for Ivanti Antivirus 2017

     

    Description

     

    Sometimes malware shows up that does not have a pattern file yet.  This is true for all viruses when they are first written.  These are called "zero day" viruses.

     

    In order for a pattern to be created, the virus must be reported and sent to Ivanti

     

    How to Report and Send an Infected or Suspicious File

     

    If there is a file(s) that is identified as suspicious, before submitting the file(s) for analysis make sure that all infected machines are scanning with the latest definition files. Once all machines have been scanned with the latest definition files then follow the steps outlined below to have the infected files analyzed.

     

    1. Collect the infected virus file(s) and compile them into a password-protected .ZIP file.
      The password must be "infected" and the file format must be in a .ZIP format
    2. Navigate to http://avdrop.ivanti.com and drag and drop the password-protected .ZIP file to the site.
      (If the file is a false positive - in other words a file that should be clean but is being detected as a virus, please prefix your filename with "false-positive-"
    3. If you would like a return contact from Ivanti Support with the verdict of the file(s) you have submitted, please Contact Ivanti Support and open a Support Case. 
      It is recommended to use the Support Portal to do this.  Please include the exact filename you have uploaded.

     

    Current virus definition release activity can be viewed here: Virus Watch | Kaspersky Lab

    For a virus glossary, virus encyclopedia, and for searchable virus information, please visit http://www.viruslist.com.   This site is maintained by Kaspersky Labs, who provides the Scanning Engine within the Ivanti Antivirus product.

    If the file you have is something you suspect is a "False Positive", or in other words a file that you believe does not contain malware but is being reported by Ivanti Antivirus as malware, the following instructions for submitting a False Positive to Ivanti should be followed:

    Ivanti Antivirus false positive virus detection submission process

     

    In addition, as an extra troubleshooting step, you can upload the suspicious file to https://www.virustotal.com.   This website will compare the file against ~40+ Antivirus engines.   If the majority say it is malware, it is likely malware, if the majority say it is not malware it is either likely not malware, or it is a very new virus variant that is not yet detected by the majority of Antivirus vendors.