Reporting a false positive finding in Windows Security using NVDA


Louise Pfau
 

Hi.  I'm trying to figure out how to report a false positive finding to Microsoft through Windows Security using NVDA 2020.4 RC 1 with Windows 10 Version 2004 (OS Build 19041.804).  I conducted a Google search, and read the information that came directly from the Microsoft Support website, but I couldn't find instructions for reporting the finding.  There were instructions on how to exclude files and folders, and do different types of scans, as well as references to office 365, which I don't have.  When I went into the protection history, I pressed the APPLICATIONS KEY on the entry in question after expanding it and answering "Yes" to the UAC prompt, thinking that might bring up a context menu, but it didn't.  I realize that this is an advanced question.

Thanks,

Louise


 

I've used the Feedback Hub for this purpose in the past, as there's a category for Windows Security (or maybe Windows Defender).

The only other thing I can recommend is using the Give us feedback link on the Protection History page of Virus & Threat Protection of Windows Security.
--

Brian - Windows 10 Pro, 64-Bit, Version 20H2, Build 19042  

The depths of denial one can be pushed to by outside forces of disapproval can make you not even recognize yourself to yourself.

       ~ Brian Vogel

 


enes sarıbaş
 

There is actually a submit a sample page, where you check false posetive.The link is.

https://www.microsoft.com/en-us/wdsi/filesubmission

On 2/13/2021 5:59 PM, Brian Vogel wrote:
I've used the Feedback Hub for this purpose in the past, as there's a category for Windows Security (or maybe Windows Defender).

The only other thing I can recommend is using the Give us feedback link on the Protection History page of Virus & Threat Protection of Windows Security.
--

Brian - Windows 10 Pro, 64-Bit, Version 20H2, Build 19042  

The depths of denial one can be pushed to by outside forces of disapproval can make you not even recognize yourself to yourself.

       ~ Brian Vogel

 


Sarah k Alawami
 

Yep, this is how I reported Scarlet Shells, and other products and stuff I use. They have fixed them in later updates of defender. I even submitted false positives in regard to the auto pilot app all of us are helping to work on. They fixed that as well. So all in all submitting a sample manually is the way to go if you can.

 

From: nvda@nvda.groups.io <nvda@nvda.groups.io> On Behalf Of enes saribas
Sent: Sunday, February 14, 2021 12:47 AM
To: nvda@nvda.groups.io
Subject: Re: [nvda] Reporting a false positive finding in Windows Security using NVDA

 

There is actually a submit a sample page, where you check false posetive.The link is.

https://www.microsoft.com/en-us/wdsi/filesubmission

On 2/13/2021 5:59 PM, Brian Vogel wrote:

I've used the Feedback Hub for this purpose in the past, as there's a category for Windows Security (or maybe Windows Defender).

The only other thing I can recommend is using the Give us feedback link on the Protection History page of Virus & Threat Protection of Windows Security.
--

Brian - Windows 10 Pro, 64-Bit, Version 20H2, Build 19042  

The depths of denial one can be pushed to by outside forces of disapproval can make you not even recognize yourself to yourself.

       ~ Brian Vogel

 


 

And, since I've participated, and I will say that certain things like knowing how to report False Positives to the maker of your security suite are really important and I'd let them slide anyway, this is a perfect example of a topic that also has nothing to do with NVDA, per se.  The question is really screen reader agnostic.  The same answers, as far as Feedback Hub, the link in Windows Security (which, by the way, opens Feedback Hub), and the direct report URL (https://www.microsoft.com/en-us/wdsi/filesubmission), would all have been exactly the same regardless of the screen reader in use.

But this kind of information that is so important to know, for all computer users, it warrants a "bending of the rules."

It's also a perfect example, though, of the point I was trying to make in the group rule, restated here: ". . . before you post a message you have to consider whether the question you are about to ask is actually about NVDA itself, or about the program you’re using it to access.  Questions of the form, How do I use . . . with NVDA?, are very seldom about NVDA, but are almost always about the program being accessed with NVDA."   If the "with NVDA?," could be substituted by, "with JAWS?," or "with Narrator?," that tells you the question isn't really about the screen reader, but about what's being accessed using the screen reader.
--

Brian - Windows 10 Pro, 64-Bit, Version 20H2, Build 19042  

The depths of denial one can be pushed to by outside forces of disapproval can make you not even recognize yourself to yourself.

       ~ Brian Vogel

 


enes sarıbaş
 

It would actually be really useful if defender had an option to upload a detection to the servers from within the app. The submition URL requires an MS account to track submissions and the process of filling out all the info is rather tedious. 

On 2/14/2021 12:17 PM, Brian Vogel wrote:
And, since I've participated, and I will say that certain things like knowing how to report False Positives to the maker of your security suite are really important and I'd let them slide anyway, this is a perfect example of a topic that also has nothing to do with NVDA, per se.  The question is really screen reader agnostic.  The same answers, as far as Feedback Hub, the link in Windows Security (which, by the way, opens Feedback Hub), and the direct report URL (https://www.microsoft.com/en-us/wdsi/filesubmission), would all have been exactly the same regardless of the screen reader in use.

But this kind of information that is so important to know, for all computer users, it warrants a "bending of the rules."

It's also a perfect example, though, of the point I was trying to make in the group rule, restated here: ". . . before you post a message you have to consider whether the question you are about to ask is actually about NVDA itself, or about the program you’re using it to access.  Questions of the form, How do I use . . . with NVDA?, are very seldom about NVDA, but are almost always about the program being accessed with NVDA."   If the "with NVDA?," could be substituted by, "with JAWS?," or "with Narrator?," that tells you the question isn't really about the screen reader, but about what's being accessed using the screen reader.
--

Brian - Windows 10 Pro, 64-Bit, Version 20H2, Build 19042  

The depths of denial one can be pushed to by outside forces of disapproval can make you not even recognize yourself to yourself.

       ~ Brian Vogel

 


 

On Sun, Feb 14, 2021 at 04:09 PM, enes sarıbaş wrote:
The submission URL requires an MS account to track submissions and the process of filling out all the info is rather tedious. 
-
A) The submission process for anything of this sort, Microsoft or not, is tedious.  (And I'm not disagreeing with you, just pointing out it's ubiquitous).

B) Though MS could conceivably drop the need for an MS-Account for tracking purposes, I can understand in this day and age why they won't.  I haven't been able to "contact tech support" or "contact customer support" for virtually any entity, for years now, without having first created an account for doing so.  You do not have to use your Microsoft Account as part of a Microsoft Account linked Windows 10 User Account, either.  You can work from a local account, but when you need to submit feedback (regardless of mechanism) that requires the MS account, enter the credentials then.

C) They kinda sorta do have it in the app, via the link I previously mentioned, which opens the Feedback Hub to where you can give feedback and all the appropriate categories are already populated for you.  It's not a direct link like the file submission link, but you can submit files, screenshots, and the like via the Feedback Hub.  I did my false positive reporting this way, and one of them was fixed in less than 24 hours.

I do wish they had, as part of the Protection History Pane, an option in the dropdown for a detection that was something like, "Report false positive," when you believe that's what you have.  It would make life so much easier, as the file in question is already known and quarantined, and they could easily automate the snagging and submission of the sample.
 
--

Brian - Windows 10 Pro, 64-Bit, Version 20H2, Build 19042  

The depths of denial one can be pushed to by outside forces of disapproval can make you not even recognize yourself to yourself.

       ~ Brian Vogel

 


 

On Sun, Feb 14, 2021 at 04:09 PM, enes sarıbaş wrote:
[the process for submitting a false positive report and sample] . . . is rather tedious.

This observation, and my agreement with it, pushed me to submit feedback via the Feedback Hub suggesting that a "Report False Positive" action be added to the list of actions when a detection occurs that the end user believes is in error.  The whole process of sample submission would be automated by using that action, as the file in question is already identified and its location (even if quarantined) is known by Windows Security.

If you agree that this would be a good idea, have a look at the feedback link, https://aka.ms/AAb4kfu, then upvote and/or comment on it.
 
--

Brian - Windows 10 Pro, 64-Bit, Version 20H2, Build 19042  

The depths of denial one can be pushed to by outside forces of disapproval can make you not even recognize yourself to yourself.

       ~ Brian Vogel

 


Sarah k Alawami
 

I don’t mind filling in all the info, this way I have full control, and can write up a description myself. I need to do that for several apps actually this week that I have that are reporting false positives. Like I said they are very good at reviewing the results we give them.

 

From: nvda@nvda.groups.io <nvda@nvda.groups.io> On Behalf Of enes saribas
Sent: Sunday, February 14, 2021 1:10 PM
To: nvda@nvda.groups.io
Subject: Re: [nvda] Reporting a false positive finding in Windows Security using NVDA

 

It would actually be really useful if defender had an option to upload a detection to the servers from within the app. The submition URL requires an MS account to track submissions and the process of filling out all the info is rather tedious. 

On 2/14/2021 12:17 PM, Brian Vogel wrote:

And, since I've participated, and I will say that certain things like knowing how to report False Positives to the maker of your security suite are really important and I'd let them slide anyway, this is a perfect example of a topic that also has nothing to do with NVDA, per se.  The question is really screen reader agnostic.  The same answers, as far as Feedback Hub, the link in Windows Security (which, by the way, opens Feedback Hub), and the direct report URL (https://www.microsoft.com/en-us/wdsi/filesubmission), would all have been exactly the same regardless of the screen reader in use.

But this kind of information that is so important to know, for all computer users, it warrants a "bending of the rules."

It's also a perfect example, though, of the point I was trying to make in the group rule, restated here: ". . . before you post a message you have to consider whether the question you are about to ask is actually about NVDA itself, or about the program you’re using it to access.  Questions of the form, How do I use . . . with NVDA?, are very seldom about NVDA, but are almost always about the program being accessed with NVDA."   If the "with NVDA?," could be substituted by, "with JAWS?," or "with Narrator?," that tells you the question isn't really about the screen reader, but about what's being accessed using the screen reader.
--

Brian - Windows 10 Pro, 64-Bit, Version 20H2, Build 19042  

The depths of denial one can be pushed to by outside forces of disapproval can make you not even recognize yourself to yourself.

       ~ Brian Vogel

 


Louise Pfau
 

Hi.  I created feedback about reporting a false positive using a screen reader after I'd seen Brian's first response to the original post.  I think it may be similar to the feedback that Brian created.  When I activated the link to that feedback, I got a message saying that my account doesn't have access to it.  I don't have a Microsoft account, so I can't provide the link to my feedback for tracking and voting purposes.

Thanks,

Louise


enes sarıbaş
 

Brian, the issue I feel here is that microsoft requires a sign in into an account, whereas most av vendors only require the e-mail and that's it for tracking. Also, unlike all the other av vendors I've seen, Microsoft requires the detection name, and recommends adding defenition version.

On 2/14/2021 4:00 PM, Brian Vogel wrote:
On Sun, Feb 14, 2021 at 04:09 PM, enes sarıbaş wrote:
The submission URL requires an MS account to track submissions and the process of filling out all the info is rather tedious. 
-
A) The submission process for anything of this sort, Microsoft or not, is tedious.  (And I'm not disagreeing with you, just pointing out it's ubiquitous).

B) Though MS could conceivably drop the need for an MS-Account for tracking purposes, I can understand in this day and age why they won't.  I haven't been able to "contact tech support" or "contact customer support" for virtually any entity, for years now, without having first created an account for doing so.  You do not have to use your Microsoft Account as part of a Microsoft Account linked Windows 10 User Account, either.  You can work from a local account, but when you need to submit feedback (regardless of mechanism) that requires the MS account, enter the credentials then.

C) They kinda sorta do have it in the app, via the link I previously mentioned, which opens the Feedback Hub to where you can give feedback and all the appropriate categories are already populated for you.  It's not a direct link like the file submission link, but you can submit files, screenshots, and the like via the Feedback Hub.  I did my false positive reporting this way, and one of them was fixed in less than 24 hours.

I do wish they had, as part of the Protection History Pane, an option in the dropdown for a detection that was something like, "Report false positive," when you believe that's what you have.  It would make life so much easier, as the file in question is already known and quarantined, and they could easily automate the snagging and submission of the sample.
 
--

Brian - Windows 10 Pro, 64-Bit, Version 20H2, Build 19042  

The depths of denial one can be pushed to by outside forces of disapproval can make you not even recognize yourself to yourself.

       ~ Brian Vogel

 


 

On Sun, Feb 14, 2021 at 06:53 PM, enes sarıbaş wrote:
the issue I feel here is that microsoft requires a sign in into an account, whereas most av vendors only require the e-mail and that's it for tracking.
-
I have no issue with requiring a Microsoft Account.  As I noted, a very great many software makers require same for using any sort of communication mechanism for them.  This is no longer unusual, nor particularly onerous, in my opinion.

And, as I already said, Feedback Hub when I last used it to report a False Positive did not require either of the things you mention, and I imagine it can and probably does query the definition version on its own, but there's no way I can prove that.

You have chosen a very specific method, the Microsoft Submit a file for malware analysis page, and don't seem to like it.  You don't have to use that mechanism for submission.  Use another one, as it's been identified.  No one is forcing you to stick with one you don't like.  You may not like using the Feedback Hub, either, but I have zero sympathy with regard to the previously noted page, as it's not, and never has been, the one and only way to report a false positive.
 
--

Brian - Windows 10 Pro, 64-Bit, Version 20H2, Build 19042  

The depths of denial one can be pushed to by outside forces of disapproval can make you not even recognize yourself to yourself.

       ~ Brian Vogel