Submit Suspect Files for Analysis
Submit suspect files for analysis If a file has been quarantined, you can submit this for further analysis to obtain remediation information (in the event that it is confirmed to be malware) or to get the AntiVirus signatures updated to remove or modify this signature (in the event that this is a false positive). There are a couple of different methods that can be used to submit files for analysis.
Submit file to Ivanti Support
This is the best mechanism to submit files for analysis. It ensures that the submission is tracked and prioritized. As the file has been detected as malware, the file needs to be protected prior to submission as otherwise it could get blocked during transmission. Quarantined files are stored in a hardened location in the endpoint’s \Ivanti\LMAgent\Data\persist\AntiVirus\quarantine folder. If this folder is not accessible, then contact Ivanti Support for details on how to retrieve the file.
To prepare a file for submission, the file should be added to a password protected archive file with password = Infected. Once this has been done the file can then be safely emailed to Ivanti Support, added to a case in the Ivanti Self-Service Portal, or uploaded to an FTP location for download (if too large for email).
Ivanti Support will then have the file analyzed and report back on the results whether the file contained malware or was a false positive.
Submit file for analysis directly
In order to get an initial assessment on a quarantined file, you can submit it directly via Virus Total.
VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, Trojans, and all kinds of malware. This website can be used to upload a virus file where it will hash the file and compare it against a number of AntiVirus vendors.