Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Reporting a false positive issue in Worry-Free Business Security (WFBS) and Worry-Free Business Security Services (WFBS-SVC)

    • Updated:
    • 27 Sep 2021
    • Product/Version:
    • Worry-Free Business Security Advanced 10.0
    • Worry-Free Business Security Services 6.7
    • Worry-Free Business Security Standard 10.0
    • Worry-Free Business Security Standard 8
    • Worry-Free Business Security Standard 9
    • Worry-Free Business Security Standard/Advanced 8.0
    • Worry-Free Business Security Standard/Advanced 9.0
    • Platform:
Summary

You want to know how to retrieve samples from Worry-Free Business Security (WFBS) and Worry-Free Business Security Services (WFBS-SVC) and submit a false positive case when such occurs.

Details
Public
  1. Sign in to the Trend Micro Support Portal.
  2. On the navigation, click New Request.

    Click New Request

    Click the image to enlarge.

  3. Fill in the Product Profile and Affected Operating System fields.

    Product Profile

    Click the image to enlarge.

  4. Set the following:
    • Issue Type: Threat Issue
    • Issue Category: File False Positive.

    Issue Type/Catepgory

    Click the image to enlarge.

  5. Enter the Virus Pattern Type that WFBS or WFBS-SVC is using.
  6. Enter a Subject and Description to include detection name for your case. It is necessary to include falsely detected files as attachments.

    Subject and Description

    Click the image to enlarge.

  7. Fill out the Case Urgency, CC Emails, and Contact Method fields.

    Contact Method

    Click the image to enlarge.

  8. Click Submit.

To determine the detection types based on specific protection that caught the File False Positive sample, refer to the instructions below.

 
It is recommended for non-admin users of WFBS to report the false positive detection(s) to their WFBS Admin for proper handling of the incident.
 
  1. Open the WFBS Agent console.
  2. Click Logs.

    Agent Logs

  3. In the Type dropdown menu, select Virus/Malware or Behavior Monitoring.
  4. Check the Threat column.

    Agent Threat Logs

  1. Open the WFBS Security Server.
  2. Click Reports > Log Query.
  3. In Type, select Desktop/Server.
  4. In the Content, select Virus logs or Behavior Monitoring, then click Display Logs.

    Log Query

    Click the image to enlarge.

  5. Check the Virus/Malware column.

    Threat Column

    Click the image to enlarge.

To recover the falsely detected files, go to [Security Server folder]/PCCSRV/Admin/Utility/VSEncrypt.

VSEncrypt

You need to use VSEncode.exe to decrypt the quarantined file and remove encryption.

To know more about the steps when using VSEncode, refer to Restoring quarantined files in Worry-Free Business Security (WFBS).

  1. Open the WFBS-SVC Agent console.
  2. Click Logs.

    Agent Console - Logs

  3. In the Type dropdown menu, select Virus/Malware or Behavior Monitoring.
  4. Check the Threat column.

    Virus/Malware Logs

  1. Open the WFBS-SVC Web Console.
  2. Click Logs.
  3. Check for the file being blocked.
  4. Check the Threat/Violation column.

    Threat/Violation Logs

    Click the image to enlarge.

To recover the falsely detected files, go to WFBS-SVC Web Console > Administration > Tools, and then click the Download the tool link under the Restore Infected Files.

Restore Infected Files

Click the image to enlarge.

You need to use VSEncode.exe to decrypt the quarantined file and remove encryption.

To know more about the steps when using VSEncode, refer to Restoring quarantined files in Worry- Free Business Security Services (WFBS-SVC) KB article.

Premium
Internal
Partner
Rating:
Category:
Remove a Malware / Virus
Solution Id:
1115860
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.