How to submit your company's software to be considered for validation against DAT files (Allow List program)
Last Modified: 2023-05-03 15:56:36 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
How to submit your company's software to be considered for validation against DAT files (Allow List program)
Technical Articles ID:
KB85568
Last Modified: 2023-05-03 15:56:36 Etc/GMT EnvironmentTrellix DAT files SummaryOur Core Security Updates team uses a False Positive Test Rig as part of our extensive pre-release testing. This test rig is a large array of cataloged data, used by the Core Security Updates team to guard against false positives that occur in released DATs. It consists of a collection of known clean data, acquired from commercial software vendors, including Intel®, Microsoft, and IBM. Also, the Trellix False Prevention team actively targets data from the internet for download to the rig.
Our Advanced Research Center also offers customers, partners, and other third-party software manufacturers the opportunity to submit their own proprietary software for inclusion in this rig. This inclusion significantly reduces the chances of a DAT causing false positives on unique customer applications or data. The False Positive Test Rig is located on an isolated network, and the data it contains is used only for false-positive identification testing. Before every DAT release, the data on the false rig is scanned to identify false positive detections. Any identifications are passed to our researchers for analysis. The Advanced Research Center team have final sign-off on every DAT release. Data submission process IMPORTANT:
If you want files to be included, you can submit them using the following methods:
NOTE: The supported submission formats are ZIP, RAR, or pre-extracted. Presently, our Advanced Research Center is unable to process Norton Ghost, ISO, VMware, or other proprietary image formats. If you are submitting specific applications or data, submit the extracted contents of the installation package in addition to the installer. Submitting both ensures that all components are added to the allow list.
After the data is processed and moved to the scanning rig, a confirmation email is sent to you. The expected time between the Advanced Research Center receiving the data, and it being processed, varies with the size of the submission and current workloads. It normally does not exceed two working days from receipt of the submission. What happens to the submitted data? Where possible, the data is extracted and hashes are created to uniquely identify each file. These hashes are compared against a database of existing data. Any that we already have are discarded. Any new data not currently held on the False Rig is included on the rig and scanned with each DAT release. Submission details Include as much information as possible with any submission, including (but not limited to) the following:
For further information or questions, contact the False Prevention team at: datasubmission@trellix.com
Related InformationAffected ProductsLanguages:This article is available in the following languages: |
|