Some questions on the updated sample submission site

I noticed that Avast has recently updated its FN/FP sample submission site (https://www.avast.com/submit-a-sample), which looks nice. However, I have some questions and feedback on the updated sample submission system:

  1. Confusion description in “Report False Negative” page:

A False Negative sample means an undetected but malicious file. However, as the attached screenshot shows, the guidelines state, “this process is for detected files only. Undetected files will not be processed.” This is confusing and misleading because it contradicts the definition of a False Negative.

  1. Support submitting multiple samples at once:

As the above Guideline shows, currently submitter can only submit one sample at one time. This can be inefficient when we have several samples to upload. It would be ideal if the system supported multiple sample submissions, similar to Avira, which allows up to five samples per submission.

  1. No response after FP submission?

Previously, Avast did not send replies for FN submissions but did provide results for FP submissions, which was acceptable. However, it now appears that Avast does not send any feedback for either FN or FP submissions. This lack of response is problematic because feedback for FP submissions is necessary to confirm that the false positives have been addressed and let user know if it’s ok to restore the detected files from Quarantine.

  1. To report a possible False negative you have to have selected URL as the option you are reporting on.

  2. The only way you could do that previously was by packaging them up in a zip file (possibly password protected, with the password in the notes/description).

  3. It used to be a day or two for a response to FP reports, but Avast have very recently ceased that action.

If you restore a file from Quarantine and it hasn’t been considered an FP, the file system shield would alert again.

Note I don’t work for Avast.

But I’m reporting undetected file samples… I can’t upload the files if I select URL.

Firstly, this new form is new to me also, I have used the old link previously.

OK - Notice the (i) Information icon, presumably you either clicked that or hovered over it to display the Information.

Once you pass the validation (and fill in the information), pressing the Submit button opens up the file update function in your browser to select the file. It did in mine, see attached.

I see. Just unsure about how well the revamped sample submission portal can handle FN submissions. The new portal is confusing as it requires for an email address but does not provide any notifications regarding the receipt of samples or the completion of analysis. I submitted seven undetected samples a few days ago, but they have not been processed yet. Hope employees from Avast can make some clarifications.

Previously, Avast did not send replies for FN submissions but did provide results for FP submissions, which was acceptable. However, it now appears that Avast does not send any feedback for either FN or FP submissions. This lack of response is problematic because feedback for FP submissions is necessary to confirm that the false positives have been addressed and let user know if it's ok to restore the detected files from Quarantine.
You can check files at www.virustotal.com and remember to click the reanalyze button for a fresh result if uploaded before

As I mentioned there is a way:

If you restore a file from Quarantine and it hasn't been considered an FP, the file system shield would alert again.

I still believe it is important to send a confirmation email for FP submissions. Without this email, users may not be aware of when the analysis is complete and when it is safe to restore the file from Quarantine. If users restore the previously detected files too early (before the FP analysis is complete), the file shield may trigger the same false alarm again.

What you and I (as Avast users) believe is important is down to Avast to decide and implement, currently they have stopped sending them out.

This is not the only topic that mentions this.
That was a case of a website that submitted an FP on the site, but didn’t get a response. I confirmed by checking and the site had been removed as there was no alert. Personally for me (not Avast) this carries more weight as it has the potential to impact many more people.

As has been said you can used VirusTotal as that information should be notified to contributing antivirus software.