Submit a sample

Customer support

Submit a sample

If you suspect a file is harmful or that a file or a website was incorrectly detected and rated, you may submit it for analysis. 

File sample
  • Maximum file size allowed is 100MB. You can submit files over 100MB via FTP.
  • You can zip multiple files to submit them as one archive file.
URL sample

Disclaimer

By submitting a link or an electronic copy of the selected software/file possibly consisting of or including malicious/harmful code and/or having been detected as a possible security threat, you acknowledge that the file associated with the URL or the submitted sample may be protected by copyright laws and submission and copying such sample to WithSecure for security research purposes. In case the sample contains any personally identifiable information, WithSecure shall handle such information as confidential. More information on personal data collected in portal can be found in the WithSecure™ privacy Policy for services.

Other issues

Need help submitting a sample?

Read the instructions or watch the video

Need help with troubleshooting?

Search our support articles to find the solution to common product issues.

Read more

Dealing with ransomware?

Advice on recovering affecting device or data Ransomware: How to Predict, Prevent, Detect & Respond

Read more

FAQ

Follow the steps below to create a WSDiag report

WINDOWS

  1. Click on the Windows Start button
  2. In the list of apps, click on WithSecure
  3. Click on  WithSecure Support tools
  4. Click Run diagnostics
  5. Once completed, it generates a file called wsdiag.7z on your desktop
  6. Attach the file to the WithSecure support email.

If the built-in support tool fails, download the standalone wsdiag tool. Follow the steps below:

  1. Download the standalone wsdiag support tool from: https://download.withsecure.com/support/tools/fsdiag/wsdiag_standalone.exe
  2. Double-click and run the wsdiag_standalone.exe file
  3. Click Run diagnostics. The tool starts to gather diagnostic information
  4. Once completed, it generates a file called wsdiag.7z on your desktop
  5. Attach the file to your email reply to WithSecure support. 

 

MAC

  1. Click on the Withsecure icon on the Menu Bar (top right)
  2. Select 3 horizontal lines.
  3. Click on "Settings..."
  4. On the new window, click on Support.
  5. Select Open support tool.
  6. Select Run diagnostic.
  7. Enter your password.
  8. If there is a prompt to allow, please select Allow.
  9. Save the file on Desktop.
  10. Attach the logfile to the reply email.

If the product installation has failed and you do not have the WithSecure Support Tool available in the product folder under Applications, you can use the stand alone support tool to gather a diagnostic file:

  1. Download the stand alone Withsecure Support Tool for Mac.
  2. Extract the Support Tool.app from Support Tool.zip.
  3. Run the Support Tool.app.
  4. Select Run Diagnostics on the Support Tool window.
  5. Enter the administrator password for your computer.
    The support tool starts and displays the progress of the data collection.
  6. When the data collection is complete, select where you want to save the resulting tar.gz archive and then select Save.
    The support tool opens a Finder window showing the saved file.
  7. Attach the file to the support case.

Note: You need administrative rights to run the tool.

LINUX

  1. Download the standalone wsdiag logs from the provided link.
  2. Unzip the downloaded wsdiag.zip file to access the wsdiag tool.
  3. Execute the wsdiag tool using the bash command: bash wsdiag
  4. Allow a few minutes for the wsdiag.12XXXX.tar file to be generated.
  5. Locate the generated file in the directory /tmp/wsdiag.12XXXX.
  6. For more instructions please refer link

Collect quarantined files using WithSecure Quarantine Dumper by following the instructions below:

  1. Click on this link to download Quarantine Dumper to a location of your choice, for example, c:\temp.
  2. Launch Command Prompt (CMD).
  3. Navigate the directory to the location you selected in step 1. For example, type cd c:\temp\ and press Enter on your keyboard to go to c:\temp\ folder.
  4. Type fsdumpqrt.exe -d c:\temp\ to run the tool.
  5. Enter your administrator credentials when prompted. WithSecure license terms are now shown.
  6. Scroll all the way to the end of the license terms before you can accept them.
  7. Press E on your keyboard to accept the license terms.
  8. Press any key to complete the run. The quarantined files will be collected in a file named malware_samples.zip with the default password (infected) in the location you specified in step 1. 

These are the parameters that can be used in the tool:​

  • -d, --destination: Destination directory for output (default: current admin desktop)
  • -p, --password: Password for output (default: "infected")
  • -v, --verbose: Verbose output
  • -a, --accept-eula: Accept EULA
  • -s, --silent: Silent mode
  • -l, --list: Only list contents, nothing is written to disk

Tip: Running the fsdumpqrt.exe tool in command prompt without additional command line parameters will print out a short tool description and the extra parameters for using the tool.

  1. Open your WithSecure security product user interface 
  2. Click on the Manual Scanning icon 
  3. Click Open last scanning report. This opens up the report in html format in your default browser.
  4. To save the report to a file, right-click on the page and click Save as....
  5. Give the file a descriptive name, and save it
  6. Send it to WithSecure for analysis

Symptoms

The WithSecure security product reports an infection and states that it cannot automatically remove the infected files. Instead you will be asked to remove the files manually. In addition, in some cases the reported files cannot be found (anymore) on the system.

Diagnosis

When the WithSecure security product reports anything malicious on your computer it has already detected and stopped it, preventing it from causing any harm to your system or your data. Our security software will not remove infected files under some circumstances, they will however do no more harm than wasting your disk space and cause additional virus warnings whenever you or a system process is accessing that file.

Reasons for not deleting an infected file can be:

  1. File is an important system file and removing it would render your computer unusable. We prevent the malware embedded in those files from causing any harm to your system or your data, so you will be protected despite the frequent virus warning you will get whenever the infected file is executed, or otherwise accessed.
  2. The file is inside an archive. In that case we would have to delete the complete archive to remove it, including all clean files therein.
  3. The file is a temporary file created by an application, like browser downloads in progress, network streams and similar. Those files are usually locked by the application creating them, which means they cannot be opened or executed to do their damage, but also not deleted by WithSecure Anti-Virus at that point. Those files are then either replaced with a permanent version or automatically discarded when the process is finished.

Those are the cases where the files cannot be located on the system when trying to remove them manually.

Solution

It is very likely that your system is clean and safe but to be absolutely sure, run a manual full computer scan:

  1. Update the virus definitions manually to make sure the WithSecure security product has the latest database updates installed.
  2. Run a full computer scan. This will allow for a more thorough scan and is highly recommended especially if you suspect an infection.

Maximum file size allowed is 100MB. You can submit files over 100MB via FTP.

  1. You need to submit at least hash or add the problem description and tick the 'I want to give more details about this sample and to be notified of the analysis results'
  2. Get a confirmation email from Withsecure and Ticket Number
  3. Rename your sample with Ticker Number
  4. Sample should be submitted inside a password-protected zip, using "infected" as the password.
  5. Open ftp:withsecure.com/incoming  via File Explorer and drop your sample there.
  6. Inform on the ticket that you have extra sample.