False positive, after false positive...

Website blocked, again a false postive.

 

Trying to access https://www.certest.es/ , reason adult content.


The amount of false positives is forcing us to disable the web content control, since we cannot do our jobs any more.

What is F-secure doing to reduce the false positives?

Best Answer

  • victor_jsvictor_js Posts: 5
    Accepted Answer

    Dear hyvokar,

    My name is Victor, from the Anti-Malware Unit here in F-Secure.

    I'm glad you have reached us regarding these URL false positives, and I'm sure we'll be able to reach a satisfactory solution.

    I'm sorry to see that these false positives are a cause of frustration, so the first thing I've done is revise the 4 URL's submitted above and corrected their content ratings (3 of them were incorrectly classified as Adult content, while the other one was due to a heuristic phishing rule), so you should be able to access them again.

    To answer your question about what we are doing to prevent these false positives, I've been personally working closely with other members from the Labs for the past few months in reducing the amount of false positives, which should have been reduced as compared to earlier this year.

    There's still much work to be done, as the issue is technically complex to resolve, so what we can do for the time being is continue collecting your valuable feedback on sites that are blocked, so that we can work out the best way to address each one of them.

    I've seen you had opened a case with us back in July,  so what I can recommend to make a more efficient use of your time would be to create a new case through the link below (once), and then keep on communicating with our analysts directly via email through that same ticket when you spot a new blocked site.

    It could also be helpful to submit a few problematic URL's in batch inside a text file, so that all can be handled as one submission.

    https://www.f-secure.com/en/web/labs_global/submit-a-sample

    Would that be agreeable with you?

Answers

  • hyvokarhyvokar Posts: 159

    Quick manager decision, we wont no longer report false positives to F-secure and wait for couple of days to get the sites unblocked. It's not our job. It's F-secure's job.

     

     

  • ChameniChameni Posts: 235

    Hi hyvokar,

     

    We have submited this to our Lab Representative in order for them to analyze the provided URL. Our support team will revert back to you once there is an update on this.

     

    Thanks.

  • hyvokarhyvokar Posts: 159

    The problem is, that we get quite a lot these "adult content" false positives. 

    Just guessing here, but could be something in your algorithm that decides is the site is adult content or not. 

    Now, that we most likely will get correct error messages from chrome and mozilla, the problem will be migitated a little, but still requires extra effort to white list them in PMC. 

  • hyvokarhyvokar Posts: 159

    I repeat my question,

     

    What is F-secure doing to prevent these false positives? These are really a head ache.

     

    Latest one: https://www.gyneko.fi

     

     

  • hyvokarhyvokar Posts: 159

    oh... and let us just have a little fun also and not block everything?

     

    user.uefa.com/en/ForgottenPassword?returnUrl=https%3A%2F%2Fgaming.uefa.com%2Fen%2Fuclfantasy%2Fcreate-team

     

    EDIT: Removed Hyperlink

  • hyvokarhyvokar Posts: 159

    false positive of the day...

    https://irc-galleria.net

  • LakshLaksh Posts: 4,426

    Hello hyvokar,

     

    If you suspect a URL to be a false positive, kindly submit it to our labs for analysis here. They would be able to check the URL and advise further.

     

    Please tick the option 'I want to give more details about this sample and to be notified of the analysis results' to get the results of the submission.

  • hyvokarhyvokar Posts: 159
    As stated earlier, I have no time to report these. This is a f-secure problem, so I'd like you to fix your algorithms.
  • hyvokarhyvokar Posts: 159

    Sounds good, 

     

    false positive of the day 

     

    http://www.winestudio.fi (marked incorrectly as adult content)

  • UkkoUkko Posts: 2,943

    @hyvokar wrote:

    Sounds good, 

     

    false positive of the day 


    Hello,

     

    I am also only an F-Secure user.  And my experience, usually, is about home beta F-Secure (so, maybe stable F-Secure or Business F-Secure solutions with another ratings).

     

    Some of false positives (!? likely) from my collection:

    Adult category is added to likely unrelated websites (one is bar/pub/restaurant - what is possible to rate as something else rather than adult maybe; especially, when Alcohol-category is introduced; another is someone's Wordpress blog):

    https://cocksandcows.dk/
    http://mikeadcock.com

    **bleep**’s & Cows  bar and Mike Adcock blog.

     

    -- F-Secure Community decided to BleepIt bar too.

     

    I also found that F-Secure rating does not like Adcock surname at all. Most of random checks against indexed pages are about someone's website (Alison, Anthony, Bryan, Carolyn, Kathleen, ... Adcock) or some companies as health-care?!/design?!/business?!/..anything - where Adcock is own of owners (or part of company's name). All of them with "Adult content"-category rating.

     

    I do not know what is wrong with them.

     

    // little addition: not all (after today's doublecheck) - but many. while most of them are likely false positive anyway.

  • they even had Netgear's login page blocked ...

  • hyvokarhyvokar Posts: 159

    False positive of the day.. 

    https://www.genericassays.com/

     

     

  • hyvokarhyvokar Posts: 159

    false positive of the day

     

    https://trulaboratories.com

     

    F-secure, here's a tip for you.... if the site contains medical business or laboratory related stuff, it's most likely not adult content or gambling related....

  • hyvokarhyvokar Posts: 159

    Hi victor.

    It seems that the false positive problem has not gotten any better.

    In fact I had to hire new employee to whitelist all the false positives. She'll continue posting false positives here.

     

    I also tried to use the same case to report multiple false positives over longer period of time, but that does not seem to be possible, since f-secure closes the case, and apparrently it's then unpossible to reply via email.

  • Good quastion guy

  • etomcatetomcat Posts: 1,312

    Hello,

     

    > She'll continue posting false positives here.

     

    Alleged file and website false alarm cases need to be submitted at this URL, you instantly receive an automatic response with ticket ID and the usual time of re-evaluation result is just under 3 hours:

     

    https://www.f-secure.com/en/web/labs_global/submit-a-sample

     

    (Making noise in the forum isn't going to magically solve anything.)

     

    Best Regards: Tamas Feher.

  • hyvokarhyvokar Posts: 159

    Web site blocked

    https://en.wikipedia.org/wiki/Information_technology

    This web site contains restricted content.
    Access to this type of content has been blocked.

    Adult content
     
     
    This is actually getting hilarious
  • etomcatetomcat Posts: 1,312

    Hello,

     

    >> Web site blocked: Adult content
    >> https://en.wikipedia.org/wiki/Information_technology
    >
    > This is actually getting hilarious

     

    I looked at that Wikipedia article and I have a theory: around the middle of the page, there is a photo insert of an unfolded pink punch tape roll. I would guess the image analysis tool mistook that sight for pantsu, thus classifying the webpage as adult content.

     

    ( By the way, a  long time ago, photos of fire service trucks were the favourite source of "pornography classification" false alarms in a high-end british gateway content filter. Nowadays, the AI computer in Tesla e-cars can correctly identify and follow fire trucks, so we can't deny that progress exists: https://old.reddit.com/r/teslamotors/comments/bi8j85/following_a_fire_engine_with_tesla_autopilot/ )

This discussion has been closed.