How to Report False Positives to Sophos

Question

Hello, I am writing an article in which I am showing users where they can submit malware and false positives. I have already found the online form which suspicious files and false positives can be submitted through (https://secure.sophos.com/support/samples ).

I've also found the email address which I can submit suspicious files (samples@sophos.com ), but I found out that it appears I cannot use that same address to report false positives.

Is there an email address which I should advise my readers to send false positives to?

Thank you.

This thread was automatically locked due to age.

QC · Accepted Answer

Hello Chiron,

you've read Submitting samples of suspicious files to Sophos, haven't you? While it doesn't mention false positives the procedure is the same. Note that the form is the preferred method.

Personally I'd not encourage users to send samples directly - especially (assumed) false positives. First of all this is probably a managed environment and detection depends on the product's settings. In order to avoid lengthy exchanges users must have the knowledge (and rights) to identify the settings. The same is true for collecting the samples. Second - in case a new/updated IDE causes a commonly used program erroneously to be flagged this could result in many (unnecessary) submissions and (unnecessary) additional work for Support. Thus I think it's better that users turn to the site's staff who then - after assessing the situation - submit the samples. Guess this is also what Sophos prefers (though it isn't enforced) - keep in mind that the license terms require that end-users are supported by the local staff.

Christian