This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unusual response to Sample Submission

QC over 5 years ago

Hello all,

yesterday I submitted samples of Mal/Generic-S detections. The overall circumstances suggested a not-too-complex and not-too-malicious threat. In that past in sich cases it took not more than a few hours for a specific detection to be written and released.
This time I got the following response to case #8482303:

According to Sophos Labs what is the reason for submission FP or FN?

Huh? Since when does a submission of Mal/Generic-S (the first option, that I always understood as please do) imply that the reason is that I assume it is false (either FP or FN)? Furthermore - doesn't FN mean that I did not get a detection? Or does FN now encompass generic-instead-of-specific? PeterM, can you enlighten me [:)]?

Has the submission workflow been changed? I did receive the automated reply stating the usual: Our systems will analyze your sample(s) and return an automated response .... To my knowledge the samples have always been fed to the automaton. Perhaps they required release by a technician, but I can't remember any submission where the check hasn't been performed before I have been asked for further information or received a comment by a human on the files' nature.

FloSupport: I'm not complaining but the response, whether indeed a forwarded request by Labs or not, seems a little bit terse.

Christian

This thread was automatically locked due to age.

Parents

0 PeterM over 5 years ago

Hi Christian,

The process is the same, looks like it was just a misunderstanding. What labs were basically asking was "Do you believe this detection is a False positive or not". I have highlighted to them as that you hadn't mentioned it being a FP and were actually just highlighting that the cleanup had failed then obviously your main concern was getting the files removed and therefor you do believe they are malicious.

They are still looking at the files and you should get the normal automated response with the results once they have finished. Sorry for the confusion.
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 5 years ago in reply to PeterM
Hello PeterM,

you should get the normal automated response
that I did not yet get (and items still only trigger Mal/Generic-S) - instead I got this followup:

Date: Sun, 25 Nov 2018 19:30:38 +0000

Please provide the requested information as per the last email.

Apparently something's still not working as it's supposed to do.

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 5 years ago in reply to PeterM
Hello PeterM,

you should get the normal automated response
that I did not yet get (and items still only trigger Mal/Generic-S) - instead I got this followup:

Date: Sun, 25 Nov 2018 19:30:38 +0000

Please provide the requested information as per the last email.

Apparently something's still not working as it's supposed to do.

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 FloSupport over 5 years ago in reply to QC

Hey QC

Apologies for this miscommunication, I've left a note in your support case to hopefully clear things up.

Regards,

Florentino
Director, Global Community & Digital Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the 'Verify Answer' button.

The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 5 years ago in reply to FloSupport

Thanks, Flo

For those interested in the final outcome: The Mal/Generic-S samples have been analyzed and detection for the RelevantKnowledge adware has been updated.

Christian
Cancel
Vote Up 0 Vote Down

Cancel