Forum Discussion
OlaOwolabi
Jul 04, 2019Copper Contributor
Forwarded messages with "ATT000x.htm", same file hash - as Malware/Reputation
The past two weeks have shown a high number of email filtered as malware/reputation but still got delivered to users inbox. Checked further and realized it's as a result of a particular hash file common with FWD: messages (the "ATT0000.htm"). Guess this is false positive from Microsoft anti-malware engine, but how do we get rid of this or report this?
- Reza_Ameri-ArchivedBronze ContributorFor any cases of false-positive detection, you may report it here:
https://www.microsoft.com/en-us/wdsi/filesubmission - Roel_WijnandsCopper Contributor
Hi OlaOwolabi,
We have the same issue with forwarded messages.
All ATT000x.htm files are marked with the threat status Reputation.
This is a false positive, but i don't know how we can fix this.
Is there a way to fix this issue?
- OlaOwolabiCopper Contributor
Thanks for the reply, thought it's only from our end.
I guess as much, it's false positive.
Stumbled on a previous thread with similar case that happened in 2017. See link below;
I believe the fix will be from Microsoft, hopefully they are aware.
- itsgautamCopper Contributor
OlaOwolabiWe are having the same issue in May 2020 with attachments with the name ATT00003.htm getting blocked. The hash does not match any malware on virustotal. Did this get resolved for you?