Description
Sometimes a virus shows up that does not have a definition yet. This is true for all viruses when they are first written. These are called "zero day" viruses.
In order for a definition to be created, the virus must be reported and sent to us immediately.
How to Report and Send an Infected or Suspicious File
If there is a file(s) that is identified as suspicious, before submitting the file(s) for analysis make sure that all infected machines are scanning with the latest definition files. Once all machines have been scanned with the latest definition files then follow the steps outlined below to have the infected files analyzed.
Collect the infected virus file(s) and compile them into a password protected .ZIP file.
- Compile the infected file(s) into a password protected .ZIP file.
IMPORTANT! The file must be password protected with a password of "infected". The compression type must be a .ZIP.
Other compression types will not be accepted.The file should not be a self-extracting zip file.
Place the file on the LANDesk FTP site at ftp://ftp.landesk.com/ldav.
Contact LANDesk Supportand open a Support Incident and provide the name of the sample file uploaded to the ftp site. (case sensitive)
Critical! A support incident must be opened with LANDesk Customer Support to expedite resolution.
- Current virus definition release activity can be viewed here: http://www.kaspersky.com/viruswatchlite?
For a virus glossary, virus encyclopedia, and for searchable virus information, please visit http://www.viruslist.com. This site is maintained by Kaspersky Labs, who provides the Scanning Engine within the LANDesk Antivirus product.
Note: If the file you have is something you suspect is a "False Positive", or in other words a file that you believe does not contain malware but is being reported by LANDesk Antivirus as malware, the instructions for submitting a False Positive to LANDesk Software should be followed:
http://community.landesk.com/support/docs/DOC-7148
In addition, as an extra troubleshooting step, you can upload the suspicious file to https://www.virustotal.com. This website will compare the file against ~40+ Antivirus engines. If the majority say it is malware, it is likely malware, if the majority say it is not malware it is either likely not malware, or it is a very new virus variant that is not yet detected by the majority of Antivirus vendors.