What is the Proactive whitelisting program?

At Broadcom we go to serious lengths to generate, and also source, clean data to assist with our false-positive prevention efforts. The whitelisting program allows Enterprise customer software developers to provide us with their software for inclusion on our internal whitelisting database. The key benefit to providing us with the software is that it reduces the risk of false positives on the software whitelisted. 
 

Is this whitelisting process the same as the false positive process?

No, the whitelisting process is a proactive process. Prevention is better than cure. Therefore, with whitelisting, we request that concerned customers with a current Premium contract provide us with files/software prior to releasing it.  This is intended to avoid any possible future false positive detection on any files within your software.

If you are currently experiencing a false positive detection on one or more of your files then you should use the False Positive portal.

Who can take part in this proactive whitelisting process?

Broadcom customers with a current premium contract for Symantec Endpoint Protection/Security product can submit their internally-developed applications.  Contact your Designated Support Engineer(DSE) or Customer Service Manager (CSM) for details on how to take part in this program.

I have a new version of my software. Do I need to submit this new version?

Whitelisting is file specific. A new version of your software may have new files and thus new versions of the files would not be known to us. This could result in a false positive occurring on the new files. In order to mitigate this risk, we recommend submitting new versions of your software to us.

What LiveUpdate definition will my files be whitelisted in?
The whitelisting process is cloud based (Insight) and therefore the whitelist is not contained in any LiveUpdate definition that is downloaded by the products. Requests from Symantec products to the Symantec cloud about the specific file being queried will inform the product that the file has a high positive reputation.

What products are covered by whitelisting?

Any Broadcom/Symantec products that are cloud enabled (uses Insight) are covered by our whitelisting process. This includes products such as SEP 14.0 onwards.

What else can I do to reduce the risk of my files being flagged as a false positive?

To prevent false positive detections we strongly recommend that you digitally sign your software with a class 3 digital certificate.

Code signing from a recognized and trusted Certificate Authority provides explicit third-party confirmation of the publisher's identity. It also helps ensure the integrity of the application since it indicates that code has not been tampered with since the initial digital signature.

What is Signer whitelisting?

We are extending Proactive Whitelisting Program (PWP) to support Signer Whitelisting.
In the new service, customers who intend to get their signers whitelisted can submit the signed files or binaries under the specific directory on the same PWP portal. The signers attached to such files will be extracted and whitelisted. 

Advantages:
- Signer whitelisting has a wider scope than hash-based whitelisting, as one signer can be used to sign multiple files.
- Once whitelisted, files that are signed by the signer are automatically elevated even if they are not submitted to hash-based whitelisting.
Less resource-intensive

Instructions:

- Only the signed installer/binaries needs to be uploaded to whitelist signers.
- This is proactive whitelist submission program -  No malicious file should be submitted through this channel.

What does Broadcom do with the data? 
Once validated, the data submitted is incorporated into Broadcom clean file database and reputation web service. This data is then used for Broadcom's internal processes to mitigate false positives and by our cloud-enabled products to exonerate any possible false positive detection on the hashes of the submitted files.

Is the data shared with third parties?

No, the data is not shared with third parties.

Do other customers have access to the data?

No, other customers do not have access to the data.

Is it possible to submit .apk files for Mobile Insight whitelisting?

No, not at this time.

Is there a Submission/file upload guidelines?

We are looking for standardization in file/FTP uploading process to speed up the white-listing process. This streamline will help us to grab files on time and process the submission at the earliest.

• This FTP is only to whitelist clean files only. Please note if customer submits any TP file, we disable white-listing account.
  if your file is being detected you can submit file(s) for analysis at https://symsubmit.symantec.com/false_positive
• We recommend directory structure should not be more than 4 level    
  
• You can submit the samples in multiple directories, each directory should not have total samples size more than 5GB or 1000 files
• Single file should not be greater than 2GB size
• Please do not submit sample along with empty directories
• Please avoid duplicate sample upload in same submission