False Positive Contacts

⚠️

Note on False Positives

VirusTotal only aggregates data from a variety of vendors. We produce no verdicts of our own and as such, we can’t modify these results. We are not intended to be an authoritative reputation engine, but rather provide intelligence and context to users so that they can make the best decision. 1/60 and even 5/60 doesn’t automatically mean “Bad”, and 0/60 doesn't always mean good. Each decision on whether something is malicious ultimately the responsibility of users or the security vendors who use the data to improve their services.

Below are the steps to take if you want to fix a false positive report.

  • If the false positive is for a File or a URL try re-scanning first.
  • If the false positive persists please reach out to the vendor that is producing it providing a link to the VirusTotal report. List of vendor contacts can be found at the table below.
  • If you do reach out to us, we will tell you to reach out to the vendors, as we will not be able to modify any results of scans.
  • We cache some URL results. If vendors have confirmed removal but a URL is still detecting, please reach out to us along with evidence that the vendor has removed your URL from the blacklist, as we may be able to speed up propagation.

⚠️

Note on reporting False Positives

Before reporting a False Positive, please make sure that the engine team you are engaging is responsible for the type of indicator you want to report here!

  • Files - Antivirus products
  • Network indicators - Website/domain scanning engines & datasets

Below is a list of vendor contacts that may help:

EngineContact
360[email protected]
Abusix[email protected], https://lookup.abusix.com/
Acronis[email protected]
ADMINUSLabs[email protected], [email protected], [email protected]
AegisLab[email protected]
Ahnlab[email protected], [email protected]
AILabs (Monitorapp)[email protected]
Alibaba[email protected]
AliCloud[email protected]
AlienVault[email protected]
AlphaMountain[email protected]
AlphaSOC[email protected]
Alyac (Estsoft)[email protected]
Antivir (Avira)https://www.avira.com/en/analysis/submit-url
Antiy[email protected]
Arcabit[email protected]
ArcSight Threat Intelligence[email protected]
AutoShun[email protected]
Avast[email protected]
AVGhttp://www.avg.com/submit-sample http://www.avg.com/us-en/whitelist
Baidu[email protected], [email protected]
BitDefender[email protected]
BforeAihttps://bfore.ai/support
Bkav[email protected], [email protected]
Certegohttps://www.certego.net/en/contatti/
Chong Lua Dao[email protected]
CINS Army (Sentinel IPS)http://cinsscore.com/#contact
ClamAVhttp://www.clamav.net/reports/fp
Clean-MX[email protected]
Cluster25[email protected]
CMC[email protected]
CRDFhttps://threatcenter.crdf.fr/false_positive.html
Criminal IP (AI Spera)[email protected]
CrowdStrike[email protected]
CSIS Security Group.[email protected]
CyanSecurity[email protected]
Cybereason[email protected]
Cyble[email protected]
Cylance[email protected]
Cynet[email protected]
CyRadar[email protected]
Deep Instinct[email protected]
DNS8[email protected]
DrWeb[email protected]
eGambit (Tehtris)https://tehtris.com/egambit_fp.php [email protected]
ElasticElastic False Positive Submission Form , https://discuss.elastic.co/t/submitting-false-positives/232322
Emsisoft[email protected] or [email protected] (false positives) https://www.emsisoft.com/en/support/contact/
Ermes[email protected]
ESEThttps://support.eset.com/kb141/?page=content&id=SOLN141
FireEye[email protected]
F-Prot[email protected]
F-Secure/WithSecure[email protected], [email protected]
Forcepoint ThreatSeeker[email protected]
Fortinethttps://www.fortiguard.com/faq/classificationdispute http://www.fortinet.com/support/contact_support.html
GDatahttps://www.gdata.de/help/en/general/GeneralInformation/submitFileAppURL/
Google (File Scanner)[email protected]
Google Safe Browsing (URL/Netloc Scanner)https://safebrowsing.google.com/safebrowsing/report_error/?hl=en
GreenSnowhttps://greensnow.co/contact
Gridinsoft[email protected]
Hacksoft[email protected]
Hauri[email protected]
Heimdal[email protected]
Hunt.io Intelligence[email protected]
Huorong[email protected]
Hoplite Industries[email protected]
Ikarus[email protected]
IPsumhttps://github.com/stamparm/ipsum
Jiangmin[email protected], [email protected]
K7[email protected], [email protected]
Kaspersky[email protected]
Kingsoft[email protected]
Lionichttps://www.lionic.com/reportfp/ [email protected]
Lumu[email protected]
Malbeacon[email protected]
Malwarebyteshttps://forums.malwarebytes.com/forum/122-false-positives/
Malwares.com (Saint Security)[email protected]
MalwareURL[email protected]
CTX (SaintSecurity)[email protected]
MaxSecure[email protected]
McAfeehttps://www.mcafee.com/support/s/article/000001921?language=en_US, [email protected]
Skyhigh[email protected]
Microsofthttps://www.microsoft.com/en-us/wdsi/filesubmission
Microworld[email protected]
NANOhttp://www.nanoav.ru/index.php?option=com_content&view=article&id=15&Itemid=83&lang=en [email protected]
Netcrafthttps://report.netcraft.com/report/mistake
Inca (previous nProtect)[email protected]
Palo Altohttps://live.paloaltonetworks.com/t5/virustotal/bd-p/VirusTotal_Discussions [email protected]
Panda[email protected], [email protected]
Phishing Databasehttps://github.com/mitchellkrogza/Phishing.Database#please-remove-my-domain-from-this-list-
PhishLabs[email protected]
Prebyteshttps://www.support.prebytes.com/helpcenter/removals/
Qihoo360[email protected]
QuickHeal[email protected]
Quttera[email protected]
Rising[email protected]
SafeToOpen[email protected]
Sansec eComscan[email protected]
Sangfor[email protected]
Scumware.orghttps://www.scumware.org/removals.php
SecureAgehttps://www.secureaplus.com/features/antivirus/report-false-positive/
Seclookup[email protected]
Segasec[email protected]
Sentinel One[email protected]
SkyHigh[email protected]
SOCRadar[email protected]
Sophoshttps://support.sophos.com/ [email protected]
Spamhaushttps://www.spamhaus.org/dbl/removal/form/
Sucuri[email protected]
Symantechttps://symsubmit.symantec.com/submit/false_positive https://knowledge.broadcom.com/external/article/173729/how-to-submit-false-positives-on-content.html
Tencent[email protected]
TheHacker[email protected] , [email protected]
Trapmine[email protected]
Trellix[email protected]
TrendMicrohttps://www.trendmicro.com/en_us/about/legal/detection-reevaluation.html, [email protected], [email protected]
Trustwavehttps://support.trustwave.com/virustotal-detection-review/
Trustlook[email protected]
Underworld[email protected]
URLQuery[email protected]
Varist[email protected] , [email protected]
VBA32[email protected]
Viettel Threat Intelligence[email protected]
Vipre[email protected]
VirIT[email protected]
VirusDie[email protected]
Webroothttps://www.webroot.com/us/en/business/support/vendor-dispute-contact-us
WithSecure/F-Secure[email protected], [email protected]
Xcitium Verdict Cloud (Comodo)[email protected]
Yomi[email protected]
Yandex[email protected]
Yandex Safebrowsing[email protected]
Zillya[email protected]
ZoneAlarm[email protected]
Zoner[email protected]