Diagnosis of alerts and false positives.

Question

Hello everyone, I'm facing some security alerts in the software (here I would put the site's name) regarding our URL www.sts.snt-mkt-automation.com our flagged on the website www.virus.total.com and would like to understand better how to distinguish between legitimate alerts and false positives. 
 Could someone explain to me what criteria are used to determine if an alert is genuine or if it might be a false positive? 
 Also, what are the best practices for handling these alerts without compromising the security of my system, and what are the direct channels for contacting for clarification, alert removal, or for engaging services related to this issue? 
 
 Thank you for your help! 
 
 Gabriel

Qoosh · Answer

Hi Gabriel , 
 Thanks for reaching out to the Sophos Community Forum. 
 If you would like to see a more detailed analysis on why a site or file is classified as malicious or clean I'd suggest using Sophos Intelix . From the analysis performed via Sophos Intelix, it appears the SSL record validation for the site failed or other certificate errors were encountered. 
 Specifically for the URL you mentioned, this is a sub-domain of the parent "snt-mkt-automation[.]com". The parent domain is currently classified as a phishing website, as a result the URL you provided is also classified this way. 
 If you believe that the classification on this URL is inaccurate/incorrect, you can submit a reclassification request by following the steps in the following article. - URL Reassessment / URL Recategorization

Diagnosis of alerts and false positives.

Top Replies