A false positive occurs when legitimate software or files are mistakenly flagged as malicious and quarantined, or when our software incorrectly blocks a website. If you suspect that you are experiencing a false positive, inform our support and research teams so they can investigate and validate it. If they determine it is safe, they will remove the block.
In the event ThreatDown identifies a false positive, we occasionally distribute unquarantine commands to restore what was previously incorrectly detected.
Submit a ticket from the cloud console
For customers, submit a support ticket from the console:
- In the left navigation menu, click Support.
- In the top-right, click your profile icon.
- Click Submit a ticket.
- Fill out the following details:
- Subject: Enter a ticket subject.
- Description: Include the endpoint name(s) and file path or website being blocked.
- Product: Select your product.
- Issue: Select I need to report a false positive.
- Click Submit.
- A support engineer will reply to your request.
Report a blocked website
Websites can also be reported directly from the Detection Log page:
- In the cloud console, go to Monitor > Detection Center.
- Along the top, click Detection Log.
- Check the checkbox next to a Malicious Website detection.
- Click Actions > Create a false positive request.
- Confirm the selected domains and enter any additional information.
- Click Submit.
- If the item is deemed safe, it will be unblocked in the next few hours.
Note: A feedback loop to inform you of resolved false positives reported this way is being implemented in the future.
Create a post on the forums
If you are not a ThreatDown customer, create a post on our forums.
- Sign up or Log in to the Forums.
- Go to the False Positives page.
- Select the type of false positive.
- Create a post with details about the issue.
- A Staff member will reply to your forum post.