Report false positive for ArcSight Threat Intelligence

I have a customer with the IP of 67.219.197.94 that ArcSight has been listing as Malicious on VirusTotal for over a week.  I've tried reaching out through the OpenText contact form, any email address I thought might reach a sympathetic person at ArcSight/OpenText, but the only response I've gotten is "not our job, contact us through VirusTotal".  I attempted to do that (it sent?) but I've still not received a response.  It appears that by posting on this Discussion board, it might get picked up and addressed, so here's my plea:

Please reclassify 67.219.197.94 as a Business-use source, and reanalyze it for any malicious activity.  The only clue as to why it might be listed now is from a malware incident that happened about a year ago, and that was over a port that's not even open on that IP normally. 

We've rescanned all the machines on the network (all clean), we've reached out to other vendors on VirusTotal and they've already already done the reclassification (not sure why 7 other vendors suddenly all had the same false positives) - ArcSight is the lone holdout, and it appears to be because they are impossible to report an issue to.  Not sure why that is so difficult, but it does appear to be either an oversight, or intentional.

Hopefully this gets someone's attention.

thank you.

Parents Reply
  • 0 in reply to 

    just reporting there's been no change, and no feedback - not even an acknowledgement that the submission was received or being worked on.  Not really all that impressed that a company can make a claim that can directly impact the ability of another entity to access services on the internet effectively, and have no recourse for dealing with mistakes in a timely and approachable manner.

Children
  • 0   in reply to 

    apologies for this,  I have contacted the team again and they just replied with the following:

    We have submitted the request to remove the IP as malicious after analysing it and it should be removed once the request has been processed. I’ll update here once it has been removed. Typically it takes 1 to 2 working days to execute these type of requests.

    So as soon as I hear back, I will let you know.



    Raquel Winkler
    OpenText Community Manager
    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button