Jump to content
WacoJohn

Submitting Fps Difficult

Recommended Posts

There is a post instructing us on how to submit false positives. It says:

 

First method:

Go to this page: http://www.immunet.c...tact/index.html and choose "submit a false positive", complete the fields and finally click on "submit".

 

If the site doesn't work or if the previous method had not gone well, below you can find other methods.

 

Other methods:

1 - Send an email to support@immunet.com with the attached file and two summary lines.

2 - Post the file in a new debate here in the forum, in our category "False Positives".

 

I have used the first method .. several times. I get a response that someone will 'contact me soon', but no one ever does. A week later, the same false positives get quarantined. This is not working for me.

 

Can't use the first 'other method' because GMAIL does not allow exe files or exe files within zip files. Apparently, GMAIL has its 'false positive' issues because when I try to attach a 'false positive' .. often GMAIL flags the attachement as infected even though it has passed scanning at www.virustotal.com. Basically, GMAIL is useless for sending attachments.

 

Cannot use the 2nd 'other method' because of "Max. single file size: 1.6MB" .. and several of the false positives are larger than that.

 

Frankly .. the false positive rate of Immunet is pretty poor. I have been battling 'false positives' since I installed it .. and it is getting really old fast.

Share this post


Link to post
Share on other sites

There is a post instructing us on how to submit false positives. It says:

First method:

Go to this page: http://www.immunet.c...tact/index.html and choose "submit a false positive", complete the fields and finally click on "submit".

If the site doesn't work or if the previous method had not gone well, below you can find other methods.

Other methods:

1 - Send an email to support@immunet.com with the attached file and two summary lines.

2 - Post the file in a new debate here in the forum, in our category "False Positives".

I have used the first method .. several times. I get a response that someone will 'contact me soon', but no one ever does. A week later, the same false positives get quarantined. This is not working for me.

Can't use the first 'other method' because GMAIL does not allow exe files or exe files within zip files. Apparently, GMAIL has its 'false positive' issues because when I try to attach a 'false positive' .. often GMAIL flags the attachement as infected even though it has passed scanning at www.virustotal.com. Basically, GMAIL is useless for sending attachments.

Cannot use the 2nd 'other method' because of "Max. single file size: 1.6MB" .. and several of the false positives are larger than that.

Frankly .. the false positive rate of Immunet is pretty poor. I have been battling 'false positives' since I installed it .. and it is getting really old fast.

Hi WacoJohn,

There has been many proposals for submitting FPs. (I hope, that latest valid method, will soon be placed by Anthony in the forum cathegory: FAQ!) I think , that the latest method is now to submit as an attachment to an email to support@samples.immunet.com But, please, do no blame me, if there is a later available method, that I am not been informed about! Have a try!

Cheers,

sweidre

Share this post


Link to post
Share on other sites
Guest Orlando

You can submit the file on www.mediafire.com without an account and you will post here the link. Free and fast.

 

Orlando

Share this post


Link to post
Share on other sites

You can submit the file on www.mediafire.com without an account and you will post here the link. Free and fast.

 

Orlando

 

I am not looking to blame anyone. You are VERY helpful Orlando. I am only trying to use the product effectively and follow 'procedures'.

 

Emailing attachments ..which may or may not be infected is not going to work for Gmail users. It is just not going to work that way.

 

That leaves me the option of posting HERE .. using the MEDIAFIRE suggestion you have made (thank you for that). That seems to be the only 'trouble-free' way to do it .. considering all the drawbacks to other methods. I just hope that method will be accepted.

 

As usual, .. thank you for your reply.

Share this post


Link to post
Share on other sites
Guest Orlando

No problem, this way is accepted, I haven't inserted it because I don't want to advertise.

 

Orlando

Share this post


Link to post
Share on other sites

No problem, this way is accepted, I haven't inserted it because I don't want to advertise.

Orlando

I think, that all necessary options to handle/reporting FPs should be listed for all users as a FAQ (regardless of the fact, that a 3rd party must be involved in some cases!)

(For example: Is using Hijackthis an advertisement for TrendMicro!? Some necessary tools are developed by any companies, this fact cannot be avoided! Most of us are using Windows developed by Microsoft!)

Cheers,

sweidre

Share this post


Link to post
Share on other sites

You can submit the file on www.mediafire.com without an account and you will post here the link. Free and fast.

Orlando

Hmm..

1. First, I tested to send an email from my address sweidre@gmail.com with CCleaner64.exe attached to my normal address sweidre@telia.com . (No, .exe- file was not accepted to attach)

2. Secondly, I tested to send an email from my address sweidre@gmail.com with CCleaner64.zip attached to my normal address sweidre@telia.com . (No, .zip- file was not accepted to attach)

3. Thirdly, I tested to send an email from my address sweidre@gmail.com with CCleaner64.7z attached to my normal address sweidre@telia.com . (Yes, .7z- file was accepted to attach!)

And I received the email to my computer from sweidre@gmail.com with CCleaner64.7z attached to my normal address sweidre@telia.com . No problems! (see attachment)

I have also attached a printscreen of my gmail- test, but my email page (gmail) is in Swedish (I hope you understand it anyhow!)

But note, that the file CCleaner64.7z was not permitted to upload to this Immunet forum! Good, an executable file not yet analysed should not be able to upload to the forum by security reason! (The forum has now: already vulnerable 3,238 members!)

Cheers,

sweidre

PS. 7-zip Version: 9.21 beta (freeware) can be downloaded from CNET here: http://download.cnet...4-10045185.html There also study the review by CNET (5 stars) and the reviews by some users! A necessary advertisement like this must be permitted to publish on the board of Immunet forum! 7-Zip 9.22 Beta (64-bit) & 7-Zip 9.22 Beta (32-bit) can be also downloaded from http://www.filehippo.com/download_7-zip_64/ DS.

Share this post


Link to post
Share on other sites

The MEDIAFIRE method .. works best for me. As mentioned .. it involves a 3rd party .. so will probably NOT become the 'standard' means. For now though .. it works well .. as long as the 'other end' will get the files from there with the link I provide. It just might discourage 'follow up'. I don't know ... yet.

Share this post


Link to post
Share on other sites

Hi again,

My test above is showing, that:

Sending Gmail from a Gmail account permits not EXE-files or ZIP-files as attachments. But by compressing the attachment into 7z- files works fine!

Compressing files into 7z- format comresses the .exe- files much more than compressing into .zip- files!

So attachments xxxxxxx.7z are accepted to send by Gmail to support@samples.immunet.com as "pinned" by Anthony (admin)!

Cheers,

sweidre

PS. This method does not involve a 3rd party, but is in line with the decision made by Anthony regarding handling submittals of malicious files for analysis, if maliciuos or false postive! DS!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...