Submit a sample
If you have a file or URL that you suspect might be malware or is being incorrectly detected, you can submit it to us for analysis.
Disclaimer
By submitting a URL or file that may contain malicious code or has been identified as a potential security threat, you agree to the following:
- Security Research Consent: You are submitting and copying it to WithSecure for security research purposes, and warrant that you have the right to do it if the file or the URL is protected by copyright laws.
- Confidentiality and Data Protection: If the file or the URL contains any personal data, WithSecure will treat it as confidential and process such data in accordance with the applicable WithSecure™ privacy policy.
- Responsibility for Consequences: You are responsible for any consequences of submitting or copying the file or the URL to WithSecure.
Report Incorrect Verdict (false positive or false negative) to WithSecure as follows:
- Find the sample you wanted to change verdict for
- Maximum file size allowed is 100MB. You can submit samples over 100MB via FTP.
- If you are submitting a file sample, select the File Sample tab.
- If you are submitting a URL sample submission, select URL Sample tab.
- If you want to receive a follow request, tick the 'I want to give more details about this sample and to be notified of the analysis results' box and provide the requested information.
- Type in the verification Captcha code.
- Click Submit
- If you need to report spam, ham or phishing please use the process described in the article
Note: Priority sample handling only available for WithSecure customers with support and have valid licenses and products.
FAQ
Follow the steps below to create a WSDiag report
WINDOWS
- Click on the Windows Start button
- In the list of apps, click on WithSecure
- Click on WithSecure Support tools
- Click Run diagnostics
- Once completed, it generates a file called wsdiag.7z on your desktop
- Attach the file to the WithSecure support email.
If the built-in support tool fails, download the standalone wsdiag tool. Follow the steps below:
- Download the standalone wsdiag support tool from: https://download.withsecure.com/support/tools/fsdiag/wsdiag_standalone.exe
- Double-click and run the wsdiag_standalone.exe file
- Click Run diagnostics. The tool starts to gather diagnostic information
- Once completed, it generates a file called wsdiag.7z on your desktop
- Attach the file to your email reply to WithSecure support.
MAC
- Click on the Withsecure icon on the Menu Bar (top right)
- Select 3 horizontal lines.
- Click on "Settings..."
- On the new window, click on Support.
- Select Open support tool.
- Select Run diagnostic.
- Enter your password.
- If there is a prompt to allow, please select Allow.
- Save the file on Desktop.
- Attach the logfile to the reply email.
If the product installation has failed and you do not have the WithSecure Support Tool available in the product folder under Applications, you can use the stand alone support tool to gather a diagnostic file:
- Download the stand alone Withsecure Support Tool for Mac.
- Extract the Support Tool.app from Support Tool.zip.
- Run the Support Tool.app.
- Select Run Diagnostics on the Support Tool window.
- Enter the administrator password for your computer.
The support tool starts and displays the progress of the data collection. - When the data collection is complete, select where you want to save the resulting tar.gz archive and then select Save.
The support tool opens a Finder window showing the saved file. - Attach the file to the support case.
Note: You need administrative rights to run the tool.
LINUX
- Download the standalone wsdiag logs from the provided link.
- Unzip the downloaded wsdiag.zip file to access the wsdiag tool.
- Execute the wsdiag tool using the bash command: bash wsdiag
- Allow a few minutes for the wsdiag.12XXXX.tar file to be generated.
- Locate the generated file in the directory /tmp/wsdiag.12XXXX.
- For more instructions please refer link
Collect quarantined files using WithSecure Quarantine Dumper by following the instructions below:
- Click on this link to download Quarantine Dumper to a location of your choice, for example, c:\temp.
- Launch Command Prompt (CMD).
- Navigate the directory to the location you selected in step 1. For example, type cd c:\temp\ and press Enter on your keyboard to go to c:\temp\ folder.
- Type fsdumpqrt.exe -d c:\temp\ to run the tool.
- Enter your administrator credentials when prompted. WithSecure license terms are now shown.
- Scroll all the way to the end of the license terms before you can accept them.
- Press E on your keyboard to accept the license terms.
- Press any key to complete the run. The quarantined files will be collected in a file named malware_samples.zip with the default password (infected) in the location you specified in step 1.
These are the parameters that can be used in the tool:
- -d, --destination: Destination directory for output (default: current admin desktop)
- -p, --password: Password for output (default: "infected")
- -v, --verbose: Verbose output
- -a, --accept-eula: Accept EULA
- -s, --silent: Silent mode
- -l, --list: Only list contents, nothing is written to disk
Tip: Running the fsdumpqrt.exe tool in command prompt without additional command line parameters will print out a short tool description and the extra parameters for using the tool.
- Open your WithSecure security product user interface
- Click on the Manual Scanning icon
- Click Open last scanning report. This opens up the report in html format in your default browser.
- To save the report to a file, right-click on the page and click Save as....
- Give the file a descriptive name, and save it
- Send it to WithSecure for analysis
Symptoms
The WithSecure security product reports an infection and states that it cannot automatically remove the infected files. Instead you will be asked to remove the files manually. In addition, in some cases the reported files cannot be found (anymore) on the system.
Diagnosis
When the WithSecure security product reports anything malicious on your computer it has already detected and stopped it, preventing it from causing any harm to your system or your data. Our security software will not remove infected files under some circumstances, they will however do no more harm than wasting your disk space and cause additional virus warnings whenever you or a system process is accessing that file.
Reasons for not deleting an infected file can be:
- File is an important system file and removing it would render your computer unusable. We prevent the malware embedded in those files from causing any harm to your system or your data, so you will be protected despite the frequent virus warning you will get whenever the infected file is executed, or otherwise accessed.
- The file is inside an archive. In that case we would have to delete the complete archive to remove it, including all clean files therein.
- The file is a temporary file created by an application, like browser downloads in progress, network streams and similar. Those files are usually locked by the application creating them, which means they cannot be opened or executed to do their damage, but also not deleted by WithSecure Anti-Virus at that point. Those files are then either replaced with a permanent version or automatically discarded when the process is finished.
Those are the cases where the files cannot be located on the system when trying to remove them manually.
Solution
It is very likely that your system is clean and safe but to be absolutely sure, run a manual full computer scan:
- Update the virus definitions manually to make sure the WithSecure security product has the latest database updates installed.
- Run a full computer scan. This will allow for a more thorough scan and is highly recommended especially if you suspect an infection.
- Details Required: Please submit at least the hash or a detailed problem description and tick the box for ‘I want to give more details about this sample and be notified of the analysis results.’
- Confirmation: You will receive a confirmation email from WithSecure containing a case number.
- File Naming: Rename your sample to include the Ticket Number.
- File Protection: Ensure your sample is inside a password-protected ZIP file, using “infected” as the password.
- Submission: Open ftp.withsecure.com/incoming in File Explorer and drop your sample there.
- Ticket Update: Inform the ticket that you have submitted an extra sample.