WatchGuard Support Center

Knowledge Base - Article

Search the WatchGuard Knowledge Base
< Close Tab

000014425
 How to report Gateway AntiVirus false positives and false negatives

Information
How do I report Gateway AntiVirus false positives and negatives?

What Is a False Positive or False Negative?

A false positive for Gateway AntiVirus occurs when content is incorrectly identified as virus infected when the content is clean. A false negative occurs when a virus-infected file is not correctly identified as a virus.

Before You Report

If you encounter a false positive or false negative, verify that you have the latest OS version for your Firebox or XTM device. You must also confirm that your device has the latest Gateway AntiVirus signature set, and that a signature exists for the virus.

Update your Gateway AntiVirus Signatures

To display the latest status and update your Gateway AntiVirus signature version:
  1. Start Firebox System Manager.
  2. Select the Subscription Services tab.
  3. In the Gateway AntiVirus section, examine the Installed version, Last update, and Version available fields.
  4. If you do not have the latest version, click Update.
The Firebox will download the most recent available signature update.
 
If the signatures were out-of-date, your Firebox will correctly identify that particular virus. To verify, re-test with the same content that caused the false negative or false positive. To learn more about Gateway AntiVirus signature updates, see Configure the Gateway AV Update Server.

If you encounter errors when you try to update the signatures, make sure that you can resolve DNS queries.

To learn more about DNS configuration, see Add WINS and DNS Server Addresses.

If your DNS resolution works correctly but your Firebox device still cannot update the Gateway AntiVirus signatures, contact WatchGuard Technical Support.

Confirm a Signature Exists

Gateway AntiVirus uses the BitDefender antivirus engine and signature sets. To confirm whether BitDefender or other Antivirus vendors have a signature for the virus, you can submit an infected file to a virus-scanning site. For example: https://www.virustotal.com.

Report False Positives and False Negatives in v12.0 and Higher

You can report false positive or false negative results directly to BitDefender, our solutions partner for Gateway AntiVirus services. 
To report a false positive or negative, visit https://www.bitdefender.com/submit/

Report False Positives and False Negatives in v11.x

If your Firebox OS version is older than v12.0, Gateway AntiVirus uses AVG. 
To report a false positive or false negative, go to http://samplesubmit.avg.com/us-en/sample-scanning.