False positive, after false positive...

hyvokar
hyvokar W/ Alumni Posts: 165 Junior Protector

Website blocked, again a false postive.

 

Trying to access https://www.certest.es/ , reason adult content.


The amount of false positives is forcing us to disable the web content control, since we cannot do our jobs any more.

What is F-secure doing to reduce the false positives?

Comments

  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector

    Quick manager decision, we wont no longer report false positives to F-secure and wait for couple of days to get the sites unblocked. It's not our job. It's F-secure's job.

     

     

  • Chameni
    Chameni W/ Alumni Posts: 2 Digital Defender

    Hi hyvokar,

     

    We have submited this to our Lab Representative in order for them to analyze the provided URL. Our support team will revert back to you once there is an update on this.

     

    Thanks.

  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector

    The problem is, that we get quite a lot these "adult content" false positives. 

    Just guessing here, but could be something in your algorithm that decides is the site is adult content or not. 

    Now, that we most likely will get correct error messages from chrome and mozilla, the problem will be migitated a little, but still requires extra effort to white list them in PMC. 

  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector

    I repeat my question,

     

    What is F-secure doing to prevent these false positives? These are really a head ache.

     

    Latest one: https://www.gyneko.fi

     

     

  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector

    oh... and let us just have a little fun also and not block everything?

     

    user.uefa.com/en/ForgottenPassword?returnUrl=https%3A%2F%2Fgaming.uefa.com%2Fen%2Fuclfantasy%2Fcreate-team

     

    EDIT: Removed Hyperlink

  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector

    false positive of the day...

    https://irc-galleria.net

  • Laksh
    Laksh W/ Alumni Posts: 237 Cybercrime Crusader

    Hello hyvokar,

     

    If you suspect a URL to be a false positive, kindly submit it to our labs for analysis here. They would be able to check the URL and advise further.

     

    Please tick the option 'I want to give more details about this sample and to be notified of the analysis results' to get the results of the submission.

  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector
    As stated earlier, I have no time to report these. This is a f-secure problem, so I'd like you to fix your algorithms.
  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector

    Sounds good, 

     

    false positive of the day 

     

    http://www.winestudio.fi (marked incorrectly as adult content)

  • Ukko
    Ukko W/ Alumni Posts: 39 Cybercrime Crusader

    @hyvokar wrote:

    Sounds good, 

     

    false positive of the day 


    Hello,

     

    I am also only an F-Secure user.  And my experience, usually, is about home beta F-Secure (so, maybe stable F-Secure or Business F-Secure solutions with another ratings).

     

    Some of false positives (!? likely) from my collection:

    Adult category is added to likely unrelated websites (one is bar/pub/restaurant - what is possible to rate as something else rather than adult maybe; especially, when Alcohol-category is introduced; another is someone's Wordpress blog):

    https://cocksandcows.dk/
    http://mikeadcock.com

    **bleep**’s & Cows  bar and Mike Adcock blog.

     

    -- F-Secure Community decided to BleepIt bar too.

     

    I also found that F-Secure rating does not like Adcock surname at all. Most of random checks against indexed pages are about someone's website (Alison, Anthony, Bryan, Carolyn, Kathleen, ... Adcock) or some companies as health-care?!/design?!/business?!/..anything - where Adcock is own of owners (or part of company's name). All of them with "Adult content"-category rating.

     

    I do not know what is wrong with them.

     

    // little addition: not all (after today's doublecheck) - but many. while most of them are likely false positive anyway.

  • alexmetcalfe
    alexmetcalfe W/ Alumni Posts: 4 Security Scout

    they even had Netgear's login page blocked ...

  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector

    False positive of the day.. 

    https://www.genericassays.com/

     

     

  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector

    false positive of the day

     

    https://trulaboratories.com

     

    F-secure, here's a tip for you.... if the site contains medical business or laboratory related stuff, it's most likely not adult content or gambling related....

  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector

    Hi victor.

    It seems that the false positive problem has not gotten any better.

    In fact I had to hire new employee to whitelist all the false positives. She'll continue posting false positives here.

     

    I also tried to use the same case to report multiple false positives over longer period of time, but that does not seem to be possible, since f-secure closes the case, and apparrently it's then unpossible to reply via email.

  • MatthewTurner
    MatthewTurner W/ Alumni Posts: 2 Security Scout

    Good quastion guy

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    Hello,

     

    > She'll continue posting false positives here.

     

    Alleged file and website false alarm cases need to be submitted at this URL, you instantly receive an automatic response with ticket ID and the usual time of re-evaluation result is just under 3 hours:

     

    https://www.f-secure.com/en/web/labs_global/submit-a-sample

     

    (Making noise in the forum isn't going to magically solve anything.)

     

    Best Regards: Tamas Feher.

  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector

    Web site blocked

    https://en.wikipedia.org/wiki/Information_technology

    This web site contains restricted content.
    Access to this type of content has been blocked.

    Adult content
     
     
    This is actually getting hilarious
  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    Hello,

     

    >> Web site blocked: Adult content
    >> https://en.wikipedia.org/wiki/Information_technology
    >
    > This is actually getting hilarious

     

    I looked at that Wikipedia article and I have a theory: around the middle of the page, there is a photo insert of an unfolded pink punch tape roll. I would guess the image analysis tool mistook that sight for pantsu, thus classifying the webpage as adult content.

     

    ( By the way, a  long time ago, photos of fire service trucks were the favourite source of "pornography classification" false alarms in a high-end british gateway content filter. Nowadays, the AI computer in Tesla e-cars can correctly identify and follow fire trucks, so we can't deny that progress exists: https://old.reddit.com/r/teslamotors/comments/bi8j85/following_a_fire_engine_with_tesla_autopilot/ )

This discussion has been closed.