We welcome your False Positive report for Elastic’s malware detection. These FP reports help us improve our security products.
If you have a customer support relationship with Elastic, we highly recommend you use your existing Support process so we can better track it with respect to your organization
To submit a FP, please send an email to fp_reports@elastic.co carefully following the template below. Failure to complete the template may result in your report being unprocessed. We don’t guarantee that we’ll take action on each request. If we decide to take action and treat the detection as a FP, you can expect to see an update within a month.
Report Template:
Subject: False Positive Report
Hash: SHA256 hash of the file
Filename (Optional): The filename of the submission
VirusTotal Link (Optional): URL to the sample on VirusTotal
Signer (Optional): The Name on the code signing cert you’ve signed the software with
Company Name: Name of the company, or name of the software if not company affiliated
Company website (Optional): Link to the company website associated with the software
Contact Name: Your name
Contact Email: The email address we should use for any further questions or discussions
Attachment (Optional) - You may attach the binary to the email. This will be ignored unless it is a .zip encrypted with the password “dangerous”. This is only necessary if the file is not in VirusTotal
If you are reporting multiple related files, please provide hashes comma-separated. Please send separate emails if you need to attach more than one file, one file per email.