Submitting False Positives

We welcome your False Positive report for Elastic’s malware detection. These FP reports help us improve our security products.

If you have a customer support relationship with Elastic, we highly recommend you use your existing Support process so we can better track it with respect to your organization

To submit a FP, please send an email to carefully following the template below. Failure to complete the template may result in your report being unprocessed. We don’t guarantee that we’ll take action on each request. If we decide to take action and treat the detection as a FP, you can expect to see an update within a month.

Report Template:


Subject: False Positive Report

Hash: SHA256 hash of the file

Filename (Optional): The filename of the submission

VirusTotal Link (Optional): URL to the sample on VirusTotal

Signer (Optional): The Name on the code signing cert you’ve signed the software with

Company Name: Name of the company, or name of the software if not company affiliated

Company website (Optional): Link to the company website associated with the software

Contact Name: Your name

Contact Email: The email address we should use for any further questions or discussions

Attachment (Optional) - You may attach the binary to the email. This will be ignored unless it is a .zip encrypted with the password “dangerous”. This is only necessary if the file is not in VirusTotal

If you are reporting multiple related files, please provide hashes comma-separated. Please send separate emails if you need to attach more than one file, one file per email.