I have a customer with the IP of 67.219.197.94 that ArcSight has been listing as Malicious on VirusTotal for over a week. I've tried reaching out through the OpenText contact form, any email address I thought might reach a sympathetic person at ArcSight/OpenText, but the only response I've gotten is "not our job, contact us through VirusTotal". I attempted to do that (it sent?) but I've still not received a response. It appears that by posting on this Discussion board, it might get picked up and addressed, so here's my plea:
Please reclassify 67.219.197.94 as a Business-use source, and reanalyze it for any malicious activity. The only clue as to why it might be listed now is from a malware incident that happened about a year ago, and that was over a port that's not even open on that IP normally.
We've rescanned all the machines on the network (all clean), we've reached out to other vendors on VirusTotal and they've already already done the reclassification (not sure why 7 other vendors suddenly all had the same false positives) - ArcSight is the lone holdout, and it appears to be because they are impossible to report an issue to. Not sure why that is so difficult, but it does appear to be either an oversight, or intentional.
Hopefully this gets someone's attention.
thank you.