How do I report Gateway AntiVirus false positives and negatives?
What Is a False Positive or False Negative?
A false positive for Gateway AntiVirus occurs when content is incorrectly identified as virus infected when the content is clean. A false negative occurs when a virus-infected file is not correctly identified as a virus.
Before You ReportIf you encounter a false positive or false negative, verify that you have the latest OS version for your Firebox or XTM device. You must also confirm that your device has the latest Gateway AntiVirus signature set, and that a signature exists for the virus.
Update your Gateway AntiVirus SignaturesTo display the latest status and update your Gateway AntiVirus signature version:
The Firebox will download the most recent available signature update.
If the signatures were out-of-date, your Firebox will correctly identify that particular virus. To verify, re-test with the same content that caused the false negative or false positive. To learn more about Gateway AntiVirus signature updates, see Configure the Gateway AV Update Server.
If you encounter errors when you try to update the signatures, make sure that you can resolve DNS queries.
To learn more about DNS configuration, see Add WINS and DNS Server Addresses.
If your DNS resolution works correctly but your Firebox device still cannot update the Gateway AntiVirus signatures, contact WatchGuard Technical Support.
Confirm a Signature ExistsGateway AntiVirus uses the BitDefender antivirus engine and signature sets. To confirm whether BitDefender or other Antivirus vendors have a signature for the virus, you can submit an infected file to a virus-scanning site. For example: https://www.virustotal.com.
Report False Positives and False Negatives in v12.0 and HigherYou can report false positive or false negative results directly to BitDefender, our solutions partner for Gateway AntiVirus services.
To report a false positive or negative, visit https://www.bitdefender.com/submit/
Report False Positives and False Negatives in v11.xIf your Firebox OS version is older than v12.0, Gateway AntiVirus uses AVG.
To report a false positive or false negative, go to http://samplesubmit.avg.com/us-en/sample-scanning.