en-US
search-icon

Knowledge Base

How to report false positives or Virus/Trojan/Malware samples to the Gateway AntiVirus team

Description

There are times when a virus, trojan or malware is not blocked by the SonicWall. This might either be a new signature that has not been added to our Database, or a variant of an existing signature. In both cases, the traffic will make it through the firewall without being scanned for signature matches. In other cases, the block caused by the GAV service might be a false positive where the firewall thinks the traffic closely resembles an existing signature and blocks it as a preventive measure.�

This article describes how to submit Virus/Trojan/Malware samples to the Gateway AntiVirus team for analysis. This applies to false positives with IPS as well.

Resolution

 In order to investigate this issue our engineering team will require a sample of the Virus/Trojan/Malware or a unique identifier like an MD5 file checksum.

Here's how to provide a sample for a Virus/Trojan/Malware or false positive:

  1. Access https://mySonicWall.com
  2. On the sign in page, click Report Issues
    Image

NOTE: This page can also be accessed directly at the following link: https://www.mySonicWall.com/report/ReportIssues.aspx

  1. Select the option  Click here to submit signature issues.

Image

  1. Create a ticket including the issue and other relevant details and attach the Technical Support Report (TSR) and settings (EXP) file from the SonicWall appliance. 
    1. To download a TSR navigate to System | Diagnostics | Download Report:
      Image
    2. To download a settings file navigate to System | Settings | Export Settings:
      Image
  2. Customers must provide the sample in a password protected zip file.
  3. Also be careful in handling the Virus/Trojan/Malware samples. DO NOT DOWNLOAD THE SAMPLES TO YOUR WORK COMPUTER.Please use a computer in the lab/test network which is not connected to the office network for uploading these samples.
    Caution: DO NOT attach the samples to the SFDC case, rather upload it as mentioned in Step 4.
  4. Collect the Virus/Trojan/Malware sample and upload using below form, mention the Case number / Tracking ID # in the SFDC # during upload.
  5. By default the submission type will be set as ''Gateway Antivirus'' and the sample will get uploaded to the Virus Database and our Gateway Antivirus team will be notified about your submission. The sample submitter can expect a response from the GAV research team within 24 hours of submission
  6. Mention the case # /Tracking ID, so that the sample can be corelated with the case number.
  7. Update the case with the virus sample Submission ID number that is provided after submission of the sample. 

  Image