Announcement

Collapse
No announcement yet.

Guidelines and Requirements for Reporting a False Positive

Collapse
This topic is closed.
X
This is a sticky topic.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Guidelines and Requirements for Reporting a False Positive

    Before reporting a False Positive, please read the following guidelines and requirements:

    First, use the latest version of IObit Security 360 and make sure IObit Security 360 has checked for database updates, then do a scan

    Step 1: Save a scan log
    Scan Log Example:

    IObit Security 360
    OS: Windows XP
    Version:1.4.1.11
    Define Version:1331
    Time Elapsed:00:11:11
    Objects Scanned:66286
    Threats Found:1
    |Name|Type|Description|ID|
    Trojan.Agent, File, C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe, 12-912

    To read the log of the threat shown above notice that the seperator is comma ( , ).
    Name: Trojan.Agent
    Type: File
    Description: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    ID: 12-912

    Step 2: Upload the file(s) to VirusTotal @ http://www.virustotal.com/
    If you are unsure how to upload files to VirusTotal, see Post # 2

    NOTE: Do not upload the IObit Security 360 scan log to VirusTotal, this will not give any true results.
    You must upload the actual file that the IObit Security 360 scan log has identified as a threat.
    In the example above the file would be cvtres.exe

    When the VirusTotal scan has finished:
    • Note the result eg: Result: 0/41
    • There is no need to copy the whole scan result, just copy the address from the browser address bar to post here.
    The address will look something like this:

    http://www.virustotal.com/analisis/060a33f770835fa60172c4e02f4c1d3d19d643a2e915d478d07a01788ad5fdb2-1267420531

    Follow this procedure for all the threats listed in the IObit Security 360 scan.

    Step 3: Post your results in the Forum
    When you have the IObit Security 360 scan log and the VirusTotal scan result address you can post them here in the forum.

    • Go to the section False Positives Report
    • Click on New Thread (on the left near the top)
    • In the Title box put the name of the file that was listed as a threat.
    Using the example given above the Title would be cvtres.exe
    There may be more than one threat, in that case you can just choose one.
    If this is confusing for you just put the title False Positive ? and we will change it if necessary :smile:

    • Paste the IObit Security 360 scan log in the reply box
    • Write the VirusTotal scan result eg: Result: 0/41
    • Paste the VirusTotal scan results address or addresses in the reply box. There is no need to include the whole scan result.
    • Click Preview Post and check that it looks ok
    • Click Submit New Thread

    Here is an example of what your post might look like:

    Title: cvtres.exe

    This appears to be a False Positive

    IObit Security 360
    OS: Windows XP
    Version:1.4.1.11
    Define Version:1331
    Time Elapsed:00:11:11
    Objects Scanned:66286
    Threats Found:1
    |Name|Type|Description|ID|
    Trojan.Agent, File, C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe, 12-912

    VirusTotal scan result 0/41
    http://www.virustotal.com/reanalisis...db2-1267420531

    Thanks in advance
    These first 2 steps are usually enough for the IObit Specialist Team to determine if the threat is a False Positive or not but sometimes it will be necessary to send the file to IObit so it can be checked completely.
    If asked to send the file, please see Post # 5

    Thank you for your assistance :smile:
    FORUM USAGE GUIDELINES - Read this first
    Description of IObit Forum features and requirements - Reading this is compulsory

  • #2
    How to upload a file to VirusTotal - 1

    How to upload a file to VirusTotal:

    Some users are unsure of how to upload and scan a file at VirusTotal so here is a basic explanation.
    Please remember, your file may be stored in a different place so this general example is just the basics of what to do.
    The following example is an actual File Path taken from the forum but of course you should replace the various paths: Windows, Microsoft.NET, Framework, v2.0.50727 and cvtres.exe with those in your File Path.

    The example IObit Security 360 scan log used is:
    |Name|Type|Description|ID|
    Trojan.Agent, File, C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe, 12-912

    The File Path (Description) is:
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    This File Path can be easily followed once you realise that backslash ( \ ) is the seperator, so when separated, this becomes:
    C: then Windows then Microsoft.NET then Framework then v2.0.50727 then cvtres.exe

    NOTE: Do not upload the IObit Security 360 scan log to VirusTotal, this will not give any true results.
    You must upload the actual file that the IObit Security 360 scan log has identified as a threat.
    In the example above the file would be cvtres.exe

    Here is the VirusTotal procedure:
    • Go to VirusTotal
    • Click Browse
    • On the left of the window that opens click My Computer
    • Open (double click) (C:)
    • Open Windows
    • Open Microsoft.NET
    • Open Framework
    • Open v2.0.50727
    • Open cvtres.exe (it might just say cvtres in the window if the known extentions are not shown in Folder Options)

    The window will disappear and C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe will appear in the VirusTotal box.
    • Click Send File and wait (you may be in a queue)
    If it says File has already been analysed: you should reanalyse the file because your file might be infected
    • Click Reanalyse file now and wait

    When the VirusTotal scan has finished:
    • Note the result eg: Result: 0/41
    • There is no need to copy the whole scan result, just copy the address from the browser address bar to post here.
    The address will look something like this:

    http://www.virustotal.com/analisis/060a33f770835fa60172c4e02f4c1d3d19d643a2e915d478d07a01788ad5fdb2-1267420531

    Follow this procedure for all the threats listed in the IObit Security 360 scan.

    Thank you for your assistance

    **************************************************************************

    Here is the same procedure laid out in screenshots:




    Continued in the next post -->>
    Attached Files
    FORUM USAGE GUIDELINES - Read this first
    Description of IObit Forum features and requirements - Reading this is compulsory

    Comment


    • #3
      How to upload a file to VirusTotal - 2










      Continued in the next post -->>
      Attached Files
      FORUM USAGE GUIDELINES - Read this first
      Description of IObit Forum features and requirements - Reading this is compulsory

      Comment


      • #4
        How to upload a file to VirusTotal - 3



        [





        Thank you for your assistance
        Attached Files
        FORUM USAGE GUIDELINES - Read this first
        Description of IObit Forum features and requirements - Reading this is compulsory

        Comment


        • #5
          How to send the file to IObit, if necessary

          How to send the file to IObit, if necessary:

          To ensure the sample was not cleaned/infected in transit, it is necessary to put all samples in password protected ZIP files.
          The password should be infected
          There may be an infection on your system, but we are unable to make a conclusive analysis without a sample being sent in this fashion.

          Note: The maximum file size of *.zip files on IObit forums is 488.3 KB.
          If the suspicious files you want to upload is more than that, please email the IObit Security 360 scan report to is360submit@iobit.com and send *.zip file as an attachment.

          If you can't upload the file to the forum or send the file to IObit as an email attachment:
          • Upload the Password Protected ZIP file (the password should be infected) to a file sharing website like http://www.wikisend.com/ or http://www.2shared.com or http://www.mediafire.com/
          • Copy the link that is provided by the website
          • Paste the link in a new post in the forum thread

          Our IObit Specialist Team will do further investigation and solve it ASAP.

          How to copy and ZIP a file
          Once again using the example Security 360 Scan log from before you would follow the path laid out in the Scan log to get to the file.

          |Name|Type|Description|ID|
          Trojan.Agent, File, C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtr es.exe, 12-912

          • Launch Windows Explorer (Windows key + E)
          • Open My Computer (click on the + on the left)
          • Open (C:)
          • Open Windows
          • Open Microsoft.NET
          • Open Framework
          • Open v2.0.50727
          • Right click on the file cvtres.exe
          • Select the ZIP software from the Context Menu
          • Choose to add the file to a ZIP folder (probably called cvtres.zip)
          • Move the ZIP folder to the Desktop (or anywhere you like)
          • Open (double click) the ZIP folder
          • Select File (top Menu)
          • Select Add a password
          infected is the password

          **************************************************************************

          Here is the above procedure screenshots:




          Thank you for your assistance :smile:
          Attached Files
          FORUM USAGE GUIDELINES - Read this first
          Description of IObit Forum features and requirements - Reading this is compulsory

          Comment

          Working...
          X