False positive reporting in PrevX

Discussion in 'Prevx Releases' started by iNsuRRecTioN, Mar 5, 2010.

Thread Status:
Not open for further replies.
  1. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hi Joe,

    I got two false positives on latest PrevX after initial scan and then selected "Report false positive" with the right click context menu.

    Now I have a question, because I have read that Sticky HowTo here in the forum..

    If I click and select "Report false positive" will it be send to your team and checked whether this is really a fp and then fixed, or not?!

    Why then this sticky here in the forum with sending to report@... ?

    This is very confusing, isn't it?! o_O o_O

    Please explain, Joe.

    regards,

    iNsuRRecTiON
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The two methods of sending in false positives will eventually get back to the same team. However, there are many malware writers who use the "Report as a false positive" function within the product to report a FP, so we have to spend more time manually sifting through them. If it is a low-volume FP or an uncommon program, it is best to send it to report@prevxresearch.com so that we will take a look at it closely as the "Report as a false positive" function prioritizes by the number of reports.
     
  3. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hi Joe,

    ah ok, I understand, thx for the answer.

    But the PrevX interface is little bit confusing, because it looks like more that the "reported false positive" is simply added to the PrevX ignore list, instead of sending it to your labs..

    Maybe you should change and improve the behavior and appearence if you report a fp with PrevX.

    Like a seperate list for sucessfully reported fp or so.
    Which states that the item is sucessfully send and reported.

    And I don't understand how malware authors can misuse this system?

    Can't you integrate authentification and maybe captcha after selecting "Report this als fp" in the context menu?

    For a consumer it's more comfortable and user experience friendly if you can do it directly in the GUI, instead of creating a plain old email.. ;) :-*
    (Especially if you don't have an email client and use only webmail..)

    regards,

    iNsuRRecTiON
     
Thread Status:
Not open for further replies.