Dear Fedool, Thanks for your quick response! > Woudn't that be nice if you could submit false positive from portal from the "Infections" list? Yes, certainly! (The main problem for me currently is when schools use FSAV PSB, where pupils write program code during IT class but Deepguard false alerts on them. Since the files are entirely new, I can't do anything with their SHA1 hash reported in the alert, as they can't be found on Virustotal, etc. They also have zero reputation and zero prevalence, so the virus lab also can't help me without access to the binary file sample. Another problemful situation is when FSAV PSB makes a potentially false virus alarm, but only the file path and name are provided in the alert, without hash value. I think some of the multiple scan engines inside F-Secure don't support the hash? Anyhow, that way I can't precisely verify if the file is known to Virustotal, etc., so I cannot report it to the virus lab without a binary sample and I can almost never obtain that.) These kind of catch-22 situations could be solved like a gordian knot only if remote file sample submission became possible one way or another. In fact, I would say "remote quarantine management" feature is dangerous without also having remote sample submission! I mean the observer of PSB SoP/SeP webportal is physically distant from the end user customer, who experiences an alleged false alarm. It's not responsible to restore and allow a quaratined file without first verifying its benign nature either in person or via Virustotal, etc. (but FSAV seldom provides the SHA-1 in alerts) or having received a second opinion from the virus lab upon sample submission. It would be risky to rely on just the customer's word over the phone that the file is OK and worthy of restoration from quarantine. (You can't imagine the daily amount of activator, crack, warez, patch, serialz, spyware-in-shareware, fake freeware, etc. related malware alerts in see in an 5000-ish endpoint PSB SoP webportal. I'm in a landlocked country, yet it appears to be entirely populated by pirates and their parrots... I'm fairly sure if asked in person, 99% of the customers would claim to be entirely legal.) Best regards: Tamas Feher, Hungary.
... View more