Browsing protection: Letting people know when a false positive URL has been corrected
Currently, the only way to get feedback regarding a false positive URL is to spend a lot of time interacting by email with representatives. It is helpful in specific cases, but most of the time not necessary.
In general, when I have spotted a false positive URL through Google Safe Browsing, I am simply interested in knowing when F-Secure will unlock the website I want to visit.
Therefore, what about providing in your "sample report" interface a way to simply report things quickly (as it is the case now) AND let the reporting person know when the false positive has been treated by sending an automated email to its address?
Right now, either I submit something and have to keep track of your progress on my own, checking the website from time to time, hoping that this will get solved at some point in the future, or I spend lots of time writing emails...
What do you think? Thanks in advance for your help.
Comments
-
Hello,
Sorry for my reply. I'm only an F-Secure user (their home solutions).
But did you mean that """I want to give more details about this sample and to be notified of the analysis results"" option is not enough?
With meanings like:
-> is not quickly?
-> even if you fill 'mail-address'-field - feedback is not received?
If yes -- but what is 'its address' with your request? Does it should be pinned to F-Secure installation (mail-address for subscription) or need to provide only mail-address and URL as required forms?
Thanks!
-
Thanks Ukko for your feedback.
Have a look below at the kind of email you receive when you submit a false positive, and you ask to be notified when they decide it is indeed a false positive... There is not even mention of the reported URL. If I submit several request, there is only this internal ID I can refer to: ref:xxxxx which is not extremely helpful, to say the least.Dear F-Secure Team, what about some user-friendly design of this process? This would be a great plus.
Greetings,
Thank you for your submission.
Our analysis has found that the URL you submitted is not harmful. Our security products rate it as safe.
In the event you are experiencing a block on this site, please submit us a screenshot of your browser showing the blocking message for further investigation.
If there is anything else we can help you with, please do not hesitate to contact us again.
Best regards,
Nabil
Malware Analyst
F-Secure Security Labs
Visit our Labs blog at https://labsblog.f-secure.com/
Give and get advice in our F-Secure Community at https://community.f-secure.com
Contact Support at https://www.f-secure.com/support
in response to:
ref:_xxxxxx:refEDIT: Removed Reference number (PII)
-
Hello,
Yes, it was kind of trouble for me too. Since I did not remember what is exact URL there with this certain response; or even after some days when transferred URL was not too important for me (randomly met it).
There is not even mention of the reported URL
My workaround was (is) to use "Subject"-form for URL.
As result -> response from F-Secure Labs is received with header (name of "Subject"/ticket) where URL is visible.
Just as example: "Subject"-form with next content "falsepositiveurl.dk - False Positive" (or even just URL) and false positive concern is under "Description"-form or "URL type/Trouble type"-forms.
Also, for many URLs - there is ability to use "transfer as file"-option; where file is text-file (.txt) with URLs-list and some description about.
With such situation - F-Secure LABS should to response only when all of URLs are sorted.
Sorry if I wrongly understand your concern! Good if F-Secure Team will read discussion and this feature request.
Thanks!
-
-
Dear Ukko, Dear Laksh, thanks a lot for your feedback.
Ukko, I agree this is a good workaround, but I hope Laksh and the F-Secure Team will find a more user-friendly solution.
We need new tools to engage the Internet community at large in building a safer Internet for all. F-Secure could be at the forefront of this social innovation, but the tools for enabling this do not exist yet.
Thanks in advance!
