How To: Submit a suspected malware file or false-positive to support

Version 6

    Purpose

     

    This document outlines the process to submit undetected malware and false positives for Ivanti Endpoint Security (EMSS) Antivirus

     

    Overview

     

    Prior to creating a Case

     

    Update the scanning engine to the latest definitions and scan the files to ensure they are truly undetected by using the following steps:

    1. Open the IES Web console and navigate to Tools > Subscription Updates
    2. Click “Update Now” and make sure the “AntiVirus Engine & Definition Update” checkbox is selected
    3. This will take some time, depending on your environment, you can watch the “Subscription Service History” box to watch for “AntiVirus / Content” to complete
    4. Once the AntiVirus Content has completed, you can manually start a scan on endpoint(s) immediately by going to Manage > Endpoints and then clicking on the “AntiVirus” Tab
    5. Select one or a few endpoints and then click “Scan Now…”

     

    Creating a Case

    • Open a case with Ivanti Support via support.ivanti.com (login required)
    • Select Web Case as opposed to Phone
    • In the case subject put "Undetected Malware" or "False Positive"
    • Provide any other description as necessary.

     

    Preparing the Sample Files

     

    Do not attach your files directly to your support case.  Please follow the procedure outlined below.

     

    For Undetected Malware:

     

    The Ivanti Support technician will contact you regarding your case and will request that you upload the malware or false submission sample to a location they specify.

     

    Zip the file(s) into a single .zip archive and password protect the archive with the password “infected”.  The name of the archive should follow this standard format:

      • SupportCaseNumber_undetected malware.  (Example: 1234567_undetected.zip)
      • This is to identify the files in question as well as identify them as undetected malware (as opposed to a false positive)
        It is vital to password protect the archive so the files can be handled safely without spreading infection

    For False Positives:

    Be sure to treat potential false positive files as if they are infectious malware.  The same precautions must still be taken.

     

    The Ivanti Support technician will contact you regarding your case and will request that you upload the malware or false submission sample to a location they specify..

     

    Zip the file(s) into a single .zip archive and password protect the archive with the password “infected”.  The name of the archive should follow this standard format:

    • SupportCaseNumber_false positive.   (Example 1234567_falsepositive.zip)
    • This is to identify the files in question as well as identify them as a false positive (as opposed to undetected malware)

     

    Affected Products

     

    Ivanti Endpoint Security (EMSS)