Our Core Security Updates team uses a False Positive Test Rig as part of our extensive pre-release testing. This test rig is a large array of cataloged data, used by the Core Security Updates team to guard against false positives that occur in released DATs. It consists of a collection of known clean data, acquired from commercial software vendors, including Intel®, Microsoft, and IBM. Also, the Trellix False Prevention team actively targets data from the internet for download to the rig.
Our Advanced Research Center also offers customers, partners, and other third-party software manufacturers the opportunity to submit their own proprietary software for inclusion in this rig. This inclusion significantly reduces the chances of a DAT causing false positives on unique customer applications or data. The False Positive Test Rig is located on an isolated network, and the data it contains is used only for false-positive identification testing.
Before every DAT release, the data on the false rig is scanned to identify false positive detections. Any identifications are passed to our researchers for analysis. The Advanced Research Center team have final sign-off on every DAT release.
Data submission process
IMPORTANT:
If you want files to be included, you can submit them using the following methods:
NOTE: The supported submission formats are ZIP, RAR, or pre-extracted. Presently, our Advanced Research Center is unable to process Norton Ghost, ISO, VMware, or other proprietary image formats. If you are submitting specific applications or data, submit the extracted contents of the installation package in addition to the installer. Submitting both ensures that all components are added to the allow list.
After the data is processed and moved to the scanning rig, a confirmation email is sent to you. The expected time between the Advanced Research Center receiving the data, and it being processed, varies with the size of the submission and current workloads. It normally does not exceed
two working days from receipt of the submission.
What happens to the submitted data?
Where possible, the data is extracted and hashes are created to uniquely identify each file. These hashes are compared against a database of existing data. Any that we already have are discarded. Any new data not currently held on the False Rig is included on the rig and scanned with each DAT release.
Submission details
Include as much information as possible with any submission, including (but not limited to) the following:
- Company name
- Contact name
- Address
- Contact phone number (including country code)
- Contact email address
- SAM or Account Manager name
- Products used (including product version and update level)
- Any Scan or product settings used
- If posting by traditional mail, confirm the count of media enclosed, including the number of files
- Description of submission contents (for example, bespoke product, internal data, software functionality and purpose)
- Any other relevant information (such as frequency of updates)
