Jump to content

Re: How To Submit Malware To Immunet


Recommended Posts

Hi Anthony,

You wrote: Quote:

"The easiest way to submit files to us is email. You can mail samples to submit@samples.immunet.com. This will feed your samples to an automated system and if we can build protections for it they will available over the cloud within a day of your submission and in some cases as soon as 2 hours"


I would agree with you, if the Immunet staff give support 24/7, that is 24 hours per day 7 days a week. Currently the Immunet staff is working only Mon-Fri 9-5 "US Mountain time". Immunet Protect is and will be used all over the world. Therefore Immunet must consider day/night, weekends & holidays globally. All repected costumer-minded software companies must therefore give full technical support 24/7 in order to survive and hopefully expand. Based upon your current work-schedule, I therefore, for now, suggest the following instructions regarding handling of malwares:



If You are uncertain, if Your file is infected or not, You can have it analyzed. Preferably use option 2 below, because option 1 should be used only if Immunet is unable to assist you. (If the file is regarded as clean, the file will not be subject to any scan by Immunet).




1a.) Download & install the freeware VirusTotal (VT) Uploader 2.0 from here: http://virustotal-up...n.softonic.com/ Using this simple freeware, You may upload the file to VT website, where 42 different Antivirus & Antimalware products will immediately analyze the file. After a few seconds You will from VT get a report, that lists if any products regard Your file as infected or not. The products, that have found Your file to be infected, will also give their names of the infection. (Many products call the infection differently by using their own vocabulary). If only a few of the products report Your file to be infected, You may(?) regard the infection to be a "false positive". Note, that results from some of the products are more reliable than from others. (Some of the products are known for reporting "false positives"!) It is up to Yourself to treat the file as clean or infected! (Therefore,see the preferable method as per item 2 below)


1b.) If you regard the file to be clean, it can be placed in a sort of "whitelist" in the Immunet software: Product->Settings->Protection Exclusions-> Add New Exclusion. (Immunet will not scan paths on the Exclusion List!) You must here enter the path to the file, and the full path will be added as a new line to the list of Exclusions. Note, that to the right of the line there is an (x)! If You change Your mind and want, that the path would be scanned by Immunet again, it can be deleted by clicking on the (x)- sign and the path (line) will disappear from the list. Note, click on the "Apply" button, otherwise your settings will not be saved!


2.) IF YOU DON'T NEED A PROMPT ANALYZIS, & YOU CAN WAIT UNTIL WORKDAYS MONDAY-FRIDAY 9-5, (”USA - MOUNTAIN TIME”), YOU SHOULD PREFERABLY HAVE YOUR FILE HANDLED BY THE IMMUNET STAFF There are several ways to report a false positive to Immunet. Option 2a is the most simple and fastest one:


Option 2a.) - Submit Your suspicious file (false postive) to this page: http://www.immunet.c...tact/index.html , where You select from the bottom of the curtain menu:“submit a false postive” and fill in the fields on the form. When complete, click on “submit”. (If this site doesn't work or if this method is not successful, there are two other options 2b or 2c below).

Option 2b.) - Send an email to: support@immunet.com: To the email attach the file and two summary lines.

Option 2c.) - Post the file in a new debate here in the forum, in our category "False Positives".

Note,that option 2a is fastest & most convenient for everybody!


3.) IF THE ANALYZIS BY IMMUNET REGARDS THE FILE AS A "FALSE POSITIVE", THIS WILL BE REPORTED TO THE IMMUNET DATABASE (THE CLOUD), AND ALL FURTHER SCANS BY IMMUNET WILL TREAT THE FILE AS CLEAN. Note, that the file does not have to be on the Exclusion list any more now! If the Immunet analyzis regards the file to be infected, this will be reported to the Immunet database (the Cloud). A scan by Immunet will then place the file in Quarantine. If You personally still regard the file as clean, you must add it to Your own Exclusion list (see item 1b above)


4.) REMEMBER If You have in emergency case used option 1 above, you should directly after the weekend or holidays anyhow follow the instructions as per option 2 as well. This is important, so that the whole Immunet communty will get proper online info from the common database (the Cloud)!




Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...