False Positives

When we report these to false, how long until I get a response?

The goal is to respond to all false positive requests within 24 hours. Often we are much faster than that.

There is a "rule-panic" procedure and mechanism in place for urgent FP situations which allows you to have immediate results by disabling specific rules in your SNF configuration.

Note that the rule panic procedure includes sending a note (not containing a message sample) to support@armresearch.com so that we can be made aware of the problem sooner in case we have not already detected it. Be sure you do not include a sample of the false positive in this message because it may cause the message to be filtered out. This is just a note to let us know this is a rule-panic and that we should check our FP queue for your sample.

Note also that in some cases we detected the problem and removed the rule very quickly - often before any reports are made, and likely before any rule-panic situation can reported. Unfortunately, sometimes the bad rule is in place long enough to be included in a few rulebase files before we can remove it.