MBF Knowledge Base

How to drop an IP from the Sniffer GBUDB (Truncate) List in the case of a false-positive

A quick way to safely clear a GBUdb false positive is to use the -drop command causing GBUdb to forget what it knows about the IP and to start learning from scratch.

To do this, simply run the following from the command line:

SNFClient.exe -drop 12.34.56.78 (change this to the IP you would like to drop)

This mode drops the given IP from the GBUdb if it exists. The result is that all statistics and flags are erased. If a -test were issued for the same IP immediately after a -drop then the result would be that of a new (unknown) IP. The GBUdb record data returned after this command indicates what would happen if that -test were run:

SNFClient.exe -drop 12.34.56.78
GBUdb Record for 12.34.56.78
Type Flag: ugly
Bad Count: 0
Good Count: 0
Probability: 0
Confidence: 0
Range: new
Code: 0

Note that the flag is set to the default "ugly" and that both good and bad event counters are set to zero. The resulting calculations place the IP in the "new" range and the result of a -test for this IP would return zero.