Updated How-To-Report Malware & False Positives RRS feed

  • Question

  • A number of Sysinternals utilities are misidentified as malware by several AV/antimalware scanners each time they are updated (although perhaps correctly identified as riskware/PUPs/etc.).  Some posters express concern in other forums when their specific security software or metascanner (VirusTotal/Jotti/Metascanner-Online/etc) identifies a utility or URL as malicious.  This following list makes submitting FP reports much easier.
    The contact list for submitting malware mentioned in the Malware Policy post is quite old and comments are closed. Perhaps a mod can amend the OP to add a current comment/link.
    The most current and complete list (but limited to signature based scanners) that I know about to report malware or false positives to AV/antimalware vendors was compiled by Chiron on TechSupportAlert.  He has maintained it for >4 years (updated just last week).  One of the best features is two easily copied email lists (most vendors accept .zip but a few require .7-z) for submitting new malware.  He also includes instructions for reporting FPs and even how to submit reports for those of us who have switched to webmail (
    A nice list of instructions for reporting FPs specific to was posted by Taeil Goh on March 21, 2014, in the Metascan Online blog (provided by OPSWAT). That list includes ~40 vendors (almost all incorporated by Chiron).
    Any other good lists (e.g., specific to a metascanner)?
    Techniques for easily submitting malware or FPs to multiple vendors? 
    herdProtect (~68 scanners) supposed submits FPs to appropriate vendors. 
    X-Ray 2.0 by RaymondCC hasn't been updated in a couple of years but is supposed to submit samples to VirusTotal and ~35 vendors via email and website (anyone using it?).
    Saturday, May 31, 2014 9:01 AM

All replies