Report false positive for ArcSight Threat Intelligence

I have a customer with the IP of 67.219.197.94 that ArcSight has been listing as Malicious on VirusTotal for over a week.  I've tried reaching out through the OpenText contact form, any email address I thought might reach a sympathetic person at ArcSight/OpenText, but the only response I've gotten is "not our job, contact us through VirusTotal".  I attempted to do that (it sent?) but I've still not received a response.  It appears that by posting on this Discussion board, it might get picked up and addressed, so here's my plea:

Please reclassify 67.219.197.94 as a Business-use source, and reanalyze it for any malicious activity.  The only clue as to why it might be listed now is from a malware incident that happened about a year ago, and that was over a port that's not even open on that IP normally. 

We've rescanned all the machines on the network (all clean), we've reached out to other vendors on VirusTotal and they've already already done the reclassification (not sure why 7 other vendors suddenly all had the same false positives) - ArcSight is the lone holdout, and it appears to be because they are impossible to report an issue to.  Not sure why that is so difficult, but it does appear to be either an oversight, or intentional.

Hopefully this gets someone's attention.

thank you.

Parents Reply Children
  • 0 in reply to   

    thank you for the email address - i was given 2 other email addresses by other sources, but that one is a new one.  I've sent  my previous email to that new address as well.

    Would be really handy if there were an actual "report a false positive" link with this email address on the website somewhere.

    Thank you.