This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to Report False Positives to Sophos

Hello, I am writing an article in which I am showing users where they can submit malware and false positives. I have already found the online form which suspicious files and false positives can be submitted through (https://secure.sophos.com/support/samples ).


I've also found the email address which I can submit suspicious files (samples@sophos.com ), but I found out that it appears I cannot use that same address to report false positives.

Is there an email address which I should advise my readers to send false positives to?

Thank you.

:24577


This thread was automatically locked due to age.
Parents
  • Hello Chiron,

    you've read Submitting samples of suspicious files to Sophos, haven't you? While it doesn't mention false positives the procedure is the same. Note that the form is the preferred method.

    Personally I'd not encourage users to send samples directly - especially (assumed) false positives. First of all this is probably a managed environment and detection depends on the product's settings. In order to avoid lengthy exchanges users must have the knowledge (and rights) to identify the settings. The same is true for collecting the samples. Second - in case a new/updated IDE causes a commonly used program erroneously to be flagged this could result in many (unnecessary) submissions and (unnecessary) additional work for Support. Thus I think it's better that users turn to the site's staff who then - after assessing the situation - submit the samples. Guess this is also what Sophos prefers (though it isn't enforced) - keep in mind that the license terms require that end-users are supported by the local staff.

    Christian   

    :24607
Reply
  • Hello Chiron,

    you've read Submitting samples of suspicious files to Sophos, haven't you? While it doesn't mention false positives the procedure is the same. Note that the form is the preferred method.

    Personally I'd not encourage users to send samples directly - especially (assumed) false positives. First of all this is probably a managed environment and detection depends on the product's settings. In order to avoid lengthy exchanges users must have the knowledge (and rights) to identify the settings. The same is true for collecting the samples. Second - in case a new/updated IDE causes a commonly used program erroneously to be flagged this could result in many (unnecessary) submissions and (unnecessary) additional work for Support. Thus I think it's better that users turn to the site's staff who then - after assessing the situation - submit the samples. Guess this is also what Sophos prefers (though it isn't enforced) - keep in mind that the license terms require that end-users are supported by the local staff.

    Christian   

    :24607
Children
No Data