Creating a False Positive Report

Introduction

All of our products have the facility to report false positive matches to our Engineering team. This article explains some detail of how this works and what we do with the data received.

 

Report Format

A false positive report stores the following information:

  • The file path.
  • The match type.
  • The associated metadata (such as the last modification date).
  • The match itself. In Enterprise Recon, this will be masked as it appears in the Master Server console. In Card and Data Recon, this will be the complete match.
  • Up to 256 bytes of contextual information from before and after the match. 
  • (CR/DR only) The scan configuration settings.

The report file is encrypted using public key encryption. The private key is embedded in a decryption utility that is only available to authorised Ground Labs personnel. The data is then transmitted to us using a HTTP POST request.

Our team analyse the data received and use it to develop further improvements to our scanning engine.

 

Making a report

When a scan is complete, select the false positive(s) and choose the "False match" remediation option as shown below:

Card Recon and Data Recon Enterprise Recon

ershot.png

A new window will appear with two check boxes:

  • Send encrypted false match samples to Ground Labs for permanent resolution
  • Update configuration to exclude identical matches from future searches

Ticking the first box will send a report containing the false match to us. The second box will mark the false match so that our products will not pick up this match in future scan.

 

All information in this article is accurate and true as of the last edited date.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.