Our products proactively determine the reputation of websites and other Internet content using a technology called Global Threat Intelligence (GTI). GTI allows our products to block access to sites and resources that don't have a good reputation. Access to websites that contain harmful malware is an example of this blocking.
This article explains how to dispute the validity of an IP address or submit GTI-generated false positives that are identified by the ESM.
For GTI submissions, follow the steps below:
NOTE: You don't need to call Technical Support; the process is automated on the ServicePortal website.
- Log on to the ServicePortal.
- Click Service Requests, and then click Submit a sample.
- Make sure that a valid grant number is entered and your contact details at the top are correct.
- Under Submission Details, select Others.
- For Issue Type, select Suspected false. You can leave the Scan Engine and DAT Version fields blank.
- Type a description and a detailed summary of the issue (including IP addresses).
- If you have logs or samples to submit, click Choose File in the Samples section. Also, see the note below.
- Browse to your file and upload it.
NOTE:
- If a logfile or screenshot is submitted as a malware sample, the submission will be closed by Trellix Labs automation as the logfile or screenshot aren't seen as malicious.
Also, if a suspected false positive is selected, the system checks if the file is detected, and if not, it closes the submission.
So, instead of selecting 'Submit a sample' on the portal, open an SIEM SR and attach logs or screenshots to the SR. Then, add a note detailing what they represent.
When your submission is successful, you see a message that provides you with your new service request number.
For additional information, see KB68030 - How to submit samples to Labs for suspected malware detection failure.
- IP address and URL disputes must be presented to the TrustedSource team for resolution. Send an email containing all details regarding the dispute to sites@mcafee.com.
The TrustedSource team begins an investigation and contacts you to provide a ticket number.