MBF Knowledge Base

How to add a panic rule to Message Sniffer

Rulebase Panic Procedure:

Locate the rule ID in your Message Sniffer log which is causing the false positive.

Create a rule-panic entry in your your snf_engine.xml (or sndmdplugin.xml) file in the <rule-panics/> section - this will temporarily deactivate the rule.

Submit your false positive report normally.

Send a note to support@armresearch.com indicating that you are having a critical false positive issue - they will expedite processing.

Once the false positive issue is resolved (they will block, remove, or modify the rules that are causing you the false positive and they will work with you to make that decision once they know which rules are involved), remove any rule-panic entries you have made.