Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Reporting a false positive issue in Worry-Free Business Security (WFBS)

    • Updated:
    • 1 Dec 2016
    • Product/Version:
    • Worry-Free Business Security Standard/Advanced 8.0
    • Worry-Free Business Security Standard/Advanced 9.0
    • Platform:
    • Windows 10 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Server R2
    • Windows 2008 Small Business Server
    • Windows 2008 Standard
    • Windows 2011 Small Business Server Standard
    • Windows 2012 Enterprise
    • Windows 2012 Server Essentials
    • Windows 2012 Standard R2
    • Windows 7 32-Bit
    • Windows 7 64-Bit
    • Windows 8 32-Bit
    • Windows 8 64-Bit
    • Windows 8.1 32-Bit
    • Windows 8.1 64-Bit
Summary

You want to know how to retrieve samples from WFBS and submit a false positive case when such occurs.

Details
Public

To submit a false positive case:

  1. Sign in to the Trend Micro Support Portal. If you are logged in but on eSupport, click My Support found in the header navigation.
  2. On the side navigation, click New Request.
  3. Fill in the Product Profile and Affected Operating System fields. The Request Type field's default is the “Submit a Case” option. There is no need to change it.
  4. Select the appropriate category: Virus False Alarm.
  5. Enter the Scan Engine Version and Virus Pattern Type that WFBS is using.
  6. Enter a subject and description to include detection name for your case. It is necessary to include falsely detected files as attachments.
  7. Fill out the Case Urgency, CC Emails, and Contact Method fields.
  8. Click Submit.

To determine the detection types based on specific protection that caught the FA sample, refer to the instructions below.

  1. Open the WFBS Agent console.
  2. Click Logs.
  3. In the Type dropdown menu, select Virus/Malware.
  4. Check the Threat column.

    Virus Scan Execution 
  1. Open the WFBS Agent console.
  2. Click Logs.
  3. In the Type dropdown menu, select Behavior Monitoring.
  4. Check the Threat column.|

    Malware Behavior Blocking
  1. Open the WFBS Agent console.
  2. Click Logs.
  3. In the Type dropdown menu, select Behavior Monitoring.
  4. Check the Threat column.

    Behavior Monitoring for Unauthorized File Encryption 

To collect falsely detected attachment, go to [Server folder]/PCCSRV/Admin/Utility/VSEncrypt. You need to use VSEncode.exe to decrypt the quarantined file and remove encryption.

To know more about the steps when using VSEncode, refer to Restoring quarantined files in Worry-Free Business Security (WFBS) KB article.

Premium
Internal
Rating:
Category:
Remove a Malware / Virus
Solution Id:
1115860
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.