Submitting suspicious or undetected virus for file analysis to Technical Support using Threat Query Assessment
- Solution ID:1031392
- Last Updated:Jun. 12, 2018 11:52 PM (PST)
- Applies to:Control Manager - 6.0;Deep Security - 9.5, Deep Security - 8.0;Deep Security - 9.6;OfficeScan - 11.0, 10.6;ServerProtect for Linux - 3.0;ServerProtect for Microsoft Windows/Novell Netware - 5.8, ServerProtect for Microsoft Windows/Novell Netware - 5.7;ServerProtect for Network Appliance Filer - 5.8, ServerProtect for Network Appliance Filer - 5.61;ServerProtect for Network Appliance Filer - 5.62;Worry-Free Business Security Standard/Advanced - 9.0, Worry-Free Business Security Standard/Advanced - 8.0, Worry-Free Business Security Standard/Advanced - 7.0;Worry-Free Business Security Standard/Advanced - 10.0;
- Submit a suspicious file or undetected sample for analysis to Technical Support
This is article provides a guide on how to submit files to Trend Micro for analysis using the online Threat Query Assessment.
If you encounter a virus or malware or if you suspect that there is a threat affecting one of your machines or your entire network, you can minimize the waiting time and fast-track the resolution of your case using Trend Micro's Threat Query Assessment.
- Access the Submit a Support Case website.
- On the Issue Category dropdown, select Files to Submit for Analysis.
- On the Description section, provide a brief description of the file you are sending.
- Click Browse to locate and upload the sample file you want to submit.
Things to keep in mind before uploading files to avoid delay in processing the files:
- Use single layer of compression
- Only ZIP or RAR extensions are accepted
- Encrypt the sample file with the password “virus”
- Files should only be up to 50 MB in size
- Wait for the upload to complete and then click Next.
- Provide all the required product and system information (*) and click Next.
- Fill out the all the required customer information (*) and click Submit.
A confirmation will appear stating that you will receive an email with your service request number.
- When you receive your confirmation email, copy the Reference ID from the email notification and click the File Analysis Results link.
- On the Threat Service Request window, enter the reference number you copied and click View Results.
The Results page may show the following results depending on the analysis of the file you submitted:
Normal – tagged as not malicious
Malicious – confirmed malicious
Undecided – needs further analysis
Unknown password – password you used in the zip file is not recognized by Trend Micro (You did not use “virus” as the password)
Below is a sample Results page that shows the file submitted was already submitted before and appears as malicious.
Click image to enlarge.
Submit a support case to Technical Support if you want files that are found suspicious to be analyzed further.
- On the Threat Service Request page, select the files that are for further analysis and then click the Open a Support Case button.
The Generate a Custom ATTK Package feature can be used to collect the files. This has a higher Threat Score or it uses more aggresive patterns when analyzing sample files. This feature, however, does not clean the files.
- On the Select Request Type drop-down, select Submit File for Further Analysis.
You can submit one Service Request with multiple request types for your threat service analysis results. Any follow up action related to the same Reference ID should be serviced under that Service Request.
In case the Issue Category is not applicable to the submission, the error message "There are now records applicable for the selected request type" will appear.
- Select the files you’d like to re-analyze or needs further follow up action and then click Add Files.
- Once the files appear at the bottom of the page, click Submit Case.
A confirmation message will appear and an email will be sent to you with your Support Case number.