2

Blocklist threshold setting to avoid false positives

Just got an idea... To avoid false positives even further a way could be to let the user have a setting under "Privacy" to select how many blocklists a domain must be included in before it's blocked.

  • If the setting is "1" everything works like today and the domain is blocked immediately.
  • If the setting is "2" (or higher) the domain have to be present in two (or more) different blocklists before it's blocked.

Say a single list blocks "onedrive.live.com" by mistake (has happened) the domain won't be blocked for users that have selected 2 (or higher). This way you can also go a bit more aggresive in selecting blocklists since it has to be confirmed by another list.

Got the idea from a firewall-solution I saw using about 30 threat intelligence feeds and you select how many sources an IP-address had to be present in before blockling to avoid false positives.

Reply

null

Content aside

  • 2 Likes
  • 2 yrs agoLast active
  • 59Views
  • 2 Following