This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unusual response to Sample Submission

Hello all,

yesterday I submitted samples of Mal/Generic-S detections. The overall circumstances suggested a not-too-complex and not-too-malicious threat. In that past in sich cases it took not more than a few hours for a specific detection to be written and released.
This time I got the following response to case #8482303:

According to Sophos Labs what is the reason for submission FP or FN?

Huh? Since when does a submission of Mal/Generic-S (the first option, that I always understood as please do) imply that the reason is that I assume it is false (either FP or FN)? Furthermore - doesn't FN mean that I did not get a detection? Or does FN now encompass generic-instead-of-specific? , can you enlighten me [:)]?

Has the submission workflow been changed? I did receive the automated reply stating the usual: Our systems will analyze your sample(s) and return an automated response .... To my knowledge the samples have always been fed to the automaton. Perhaps they required release by a technician, but I can't remember any submission where the check hasn't been performed before I have been asked for further information or received a comment by a human on the files' nature.

: I'm not complaining but the response, whether indeed a forwarded request by Labs or not, seems a little bit terse.

Christian



This thread was automatically locked due to age.
Parents
  • Hi Christian,

    The process is the same, looks like it was just a misunderstanding. What labs were basically asking was "Do you believe this detection is a False positive or not". I have highlighted to them as that you hadn't mentioned it being a FP and were actually just highlighting that the cleanup had failed then obviously your main concern was getting the files removed and therefor you do believe they are malicious.

    They are still looking at the files and you should get the normal automated response with the results once they have finished. Sorry for the confusion.

  • Hello PeterM,

    you should get the normal automated response
    that I did not yet get (and items still only trigger Mal/Generic-S) - instead I got this followup:

    Date: Sun, 25 Nov 2018 19:30:38 +0000
    Please provide the requested information as per the last email.

    Apparently something's still not working as it's supposed to do.

    Christian

Reply
  • Hello PeterM,

    you should get the normal automated response
    that I did not yet get (and items still only trigger Mal/Generic-S) - instead I got this followup:

    Date: Sun, 25 Nov 2018 19:30:38 +0000
    Please provide the requested information as per the last email.

    Apparently something's still not working as it's supposed to do.

    Christian

Children