This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Diagnosis of alerts and false positives.

Hello everyone,

I'm facing some security alerts in the software (here I would put the site's name) regarding our URL www.sts.snt-mkt-automation.com our flagged on the website www.virus.total.com and would like to understand better how to distinguish between legitimate alerts and false positives.


Could someone explain to me what criteria are used to determine if an alert is genuine or if it might be a false positive?


Also, what are the best practices for handling these alerts without compromising the security of my system, and what are the direct channels for contacting for clarification, alert removal, or for engaging services related to this issue?

Thank you for your help!

Gabriel



This thread was automatically locked due to age.
  • Hi Gabriel,

    Thanks for reaching out to the Sophos Community Forum. 

    If you would like to see a more detailed analysis on why a site or file is classified as malicious or clean I'd suggest using Sophos Intelix. From the analysis performed via Sophos Intelix, it appears the SSL record validation for the site failed or other certificate errors were encountered.

    Specifically for the URL you mentioned, this is a sub-domain of the parent "snt-mkt-automation[.]com". The parent domain is currently classified as a phishing website, as a result the URL you provided is also classified this way. 

    If you believe that the classification on this URL is inaccurate/incorrect, you can submit a reclassification request by following the steps in the following article. 
    - URL Reassessment / URL Recategorization

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids