Thanks for the reply. I carefully read and evaluated all the options on the SymSubmission Webseite. There is no way to submit our installer there, because of the file size limitations on the site.
Our binaries are properly signed by a code signing CA and recognized by Windows as a trusted executable.
I read through the provided KB-Article, and the remaining option is to whitelist our download location at the customer's Endpoint Protection Installation. This is suboptimal, as it requires additional action by every customer.
With a different Antivirus company, we have the option to upload our files via ftp and get them checked and whitelisted. Is there no such option for Broadcom/Symantec?
Original Message:
Sent: 12-28-2020 12:54 PM
From: Jeremy Davis
Subject: Symantec False Positive Submission
This post is not related to the SEDR appliance. All of the options available to you are listed on that website. Please read it carefully.
Have you considered signing your binaries with a certificate?
Endpoint Protection Download Insight is blocking an internally developed program
https://knowledge.broadcom.com/external/article?articleId=155316
------------------------------
Strategic Support Engineer
Broadcom
Original Message:
Sent: 12-21-2020 07:51 AM
From: Sebastian Steuer
Subject: Symantec False Positive Submission
Hi,
we develop software and one of our customers experienced a problem with Symantec Endpoint Protection classifying our installer as suspicous and preventing the download.
I tried to submit our software to Sample Submission | SymSubmission but none of the methods to provide the file were working, uploading and submitting a download link failed because of file size limitiations (our installer is 150MB) and a MD5-Hash was also rejected.
Is there any alternative method to provide files to reporting false positive or get it whitelisted? Ideally for all Symantec security products? We would like to include this as a step in our release process.
Thanks in advance!