MBF Knowledge Base

Message Sniffer false-positive handling process

ORDINARY False Positives (For URGENT False Positives, click here)

SEND ONLY FALSE POSITIVE REPORTS TO THE FALSE@ARMRESEARCH.COM ADDRESS!

Please include your license ID in the message and send the messages from your registered email address. Email from non-registered email addresses and email having no license ID may be ignored. THEY WILL BE RESPONDING TO YOUR MESSAGE!

Please forward only one message at a time to the false@armresearch.com address. Each message is processed by their tagging system separately. When messages are sent in large batches, they must first manually split them up which takes a great deal of time.

Please send false positive reports immediately as they occur if this is possible. It is common for a single adjustment to count for a great number of messages over time. By adjusting quickly they can eliminate many of the false positives for everyone and significantly reduce the work for everyone involved.

OFFICIAL POLICY IS TO IGNORE FALSE POSITIVE SUBMISSIONS FROM SYSTEMS THEY CANNOT IDENTIFY IN ORDER TO PREVENT ABUSE.

Step by Step Instructions for Sending a False Positive:

Start a new message from your registered email address. Please include your license ID in subject line.   

Add any notes you'd like them to know about the problem.

If possible, paste in the sniffer log entries from your system that match the message in question. This is particularly important if there are ERROR messages.

Attach the message that was captured incorrectly.

Send the message only to our false@armresearch.com address.

Our system will scan the message for any rules that can be matched.

They will respond to you with an explanation and possible recommendations for changes to your rulebase.

You can respond back to authorize changes to your rulebase based on their recommendations or based on your own insight.

They will complete the changes and respond that they have done so.