cancel
Showing results for 
Search instead for 
Did you mean: 

False positive, after false positive...

Highlighted
Supporter

False positive, after false positive...

Website blocked, again a false postive.

 

Trying to access https://www.certest.es/ , reason adult content.


The amount of false positives is forcing us to disable the web content control, since we cannot do our jobs any more.

What is F-secure doing to reduce the false positives?

1 ACCEPTED SOLUTION

Accepted Solutions
F-Secure

Re: False positive, after false positive...

Dear hyvokar,

My name is Victor, from the Anti-Malware Unit here in F-Secure.

I'm glad you have reached us regarding these URL false positives, and I'm sure we'll be able to reach a satisfactory solution.

I'm sorry to see that these false positives are a cause of frustration, so the first thing I've done is revise the 4 URL's submitted above and corrected their content ratings (3 of them were incorrectly classified as Adult content, while the other one was due to a heuristic phishing rule), so you should be able to access them again.

To answer your question about what we are doing to prevent these false positives, I've been personally working closely with other members from the Labs for the past few months in reducing the amount of false positives, which should have been reduced as compared to earlier this year.

There's still much work to be done, as the issue is technically complex to resolve, so what we can do for the time being is continue collecting your valuable feedback on sites that are blocked, so that we can work out the best way to address each one of them.

I've seen you had opened a case with us back in July,  so what I can recommend to make a more efficient use of your time would be to create a new case through the link below (once), and then keep on communicating with our analysts directly via email through that same ticket when you spot a new blocked site.

It could also be helpful to submit a few problematic URL's in batch inside a text file, so that all can be handled as one submission.

https://www.f-secure.com/en/web/labs_global/submit-a-sample

Would that be agreeable with you?

11 REPLIES
Supporter

Re: False positive, after false positive...

Quick manager decision, we wont no longer report false positives to F-secure and wait for couple of days to get the sites unblocked. It's not our job. It's F-secure's job.

 

 

Moderator

Re: False positive, after false positive...

Hi hyvokar,

 

We have submited this to our Lab Representative in order for them to analyze the provided URL. Our support team will revert back to you once there is an update on this.

 

Thanks.

Best Regards

-Chameni

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know
Supporter

Re: False positive, after false positive...

The problem is, that we get quite a lot these "adult content" false positives. 

Just guessing here, but could be something in your algorithm that decides is the site is adult content or not. 

Now, that we most likely will get correct error messages from chrome and mozilla, the problem will be migitated a little, but still requires extra effort to white list them in PMC. 

Supporter

Re: False positive, after false positive...

I repeat my question,

 

What is F-secure doing to prevent these false positives? These are really a head ache.

 

Latest one: https://www.gyneko.fi

 

 

Supporter

Re: False positive, after false positive...

oh... and let us just have a little fun also and not block everything?

 

user.uefa.com/en/ForgottenPassword?returnUrl=https%3A%2F%2Fgaming.uefa.com%2Fen%2Fuclfantasy%2Fcreate-team

 

EDIT: Removed Hyperlink

Supporter

Re: False positive, after false positive...

false positive of the day...

https://irc-galleria.net

Community Manager

Re: False positive, after false positive...

Hello hyvokar,

 

If you suspect a URL to be a false positive, kindly submit it to our labs for analysis here. They would be able to check the URL and advise further.

 

Please tick the option 'I want to give more details about this sample and to be notified of the analysis results' to get the results of the submission.

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
Supporter

Re: False positive, after false positive...

As stated earlier, I have no time to report these. This is a f-secure problem, so I'd like you to fix your algorithms.
F-Secure

Re: False positive, after false positive...

Dear hyvokar,

My name is Victor, from the Anti-Malware Unit here in F-Secure.

I'm glad you have reached us regarding these URL false positives, and I'm sure we'll be able to reach a satisfactory solution.

I'm sorry to see that these false positives are a cause of frustration, so the first thing I've done is revise the 4 URL's submitted above and corrected their content ratings (3 of them were incorrectly classified as Adult content, while the other one was due to a heuristic phishing rule), so you should be able to access them again.

To answer your question about what we are doing to prevent these false positives, I've been personally working closely with other members from the Labs for the past few months in reducing the amount of false positives, which should have been reduced as compared to earlier this year.

There's still much work to be done, as the issue is technically complex to resolve, so what we can do for the time being is continue collecting your valuable feedback on sites that are blocked, so that we can work out the best way to address each one of them.

I've seen you had opened a case with us back in July,  so what I can recommend to make a more efficient use of your time would be to create a new case through the link below (once), and then keep on communicating with our analysts directly via email through that same ticket when you spot a new blocked site.

It could also be helpful to submit a few problematic URL's in batch inside a text file, so that all can be handled as one submission.

https://www.f-secure.com/en/web/labs_global/submit-a-sample

Would that be agreeable with you?