There are several reasons why a sample should be submitted to Sophos. Use instructions on this page in the following situations:
- A strange behavior on the computer was experienced and a suspicious file that may be malware was found
- Another anti-virus product was used that reports the file was infected and you'd like to double-check the results or report the failure to Sophos
- A Sophos product has given a warning that a suspicious file was found on the computer but it does not tell for sure if it is safe
- Sophos has asked you to submit a file, either during malware investigations or on the security descriptions page
- You believe the detection of a certain file/website is incorrect and needs to be reassessed.
Submit samples directly to Sophos website
The quickest and most efficient method of submitting samples for analysis is to use the online submission form from the Submit a sample page
- Click Submit a Sample followed by Sample File
(To report a website choose Web Address (URL) - Choose either Endpoint protection option for product/service)
- Provide the required details and sample files / website url
- Click the Submit button.
This form enables you to give Sophos all relevant information on your sample. This will help us to analyze it with maximum speed and efficiency.
Note for URL submissions: Submitted URL categorization requests will be reviewed and re-classified as quickly as possible, though it may take up to five business days once a site has been re-classified, for it to be available on your Sophos product.
- Explain why you have sent the file and who sent it. Please tell us about any odd behavior that prompted you to send the sample. Describe it as best as you can, using everyday language. We don't expect you to know the technical language used by our specialists.
- There is a 30 MB file size limit on files submitted directly to our website. If the file is too big, please include a message asking for additional upload options AND/OR send a download link from the official vendor's website.
Submit samples via email
If possible, construct the email as outlined below using the English language.
- Between your system and ours are there many forms of malware protection. The files you send must be able to pass between the systems without being detected as malware. Therefore, before sending us a suspicious file, create a password-protected zip file containing the suspicious files. We can process email messages and submitted files in other formats, but this will probably take longer.
- If you can, include a summary of the problem in English. Email messages written completely in other languages will be dealt with as rapidly as possible, but translation may delay the process.
|Subject||Sample submitted for analysis
|Attachments||Make a password-protected zip file containing your suspicious file(s) and include it in the email. If Windows (for example, for Macintosh, Linux or UNIX) was not used then use the standard compression format for that platform like Stuffit, gzip, etc.|
|Why have you sent this sample?||What was it that made the file suspicious? Give full details of any symptoms. For example:
|Operating system||What operating system, for example, the version of Windows, is the affected computer running?|
|Your details||Please provide the following details:
|Password||Password to decrypt the attached password-protected zip file.|
Additional threat resources
Scroll to the bottom section to find threat categories to choose from, or feel free to search for any specific threat.
- Setting scan exceptions
- Excluding a file or application from Machine Learning detection
- Removing an application from the Privacy Guard exceptions
- Adding local exclusions/Allowing Installations and/or applications to run