To do the best possible job to prevent false positives, we are going to make some changes to the rule releases. From this point forward for standard support customers any new rules or countermeasures will only be added to the realtime rules during normal support hours on weekdays, and will be released in the morning to provide maximum coverage in case there is a false positive we can not test for in our test environments. We have 10s of thousands of rules now, so the ability to test for every case is an exponentially difficult if not impossible problem. Although we do have an automated test system to check for false positives and negatives before rule updates are released, and we run every rule on all our production systems before we release them to you, we recognize that there will always be test cases we can not account for, so we will only release updates for our standard support customers during normal support hours.

Extended support customers will have access to advanced copies of the rules during out of core hours and 24 hour support in accordance with their support contracts.

Bug fixes may be released anytime as these only tighten the rules, and do not add additional checks. However we may hold these back as well if we believe they could produce a bug or false positive.

Michael,

Is there a way that standard support customers can request or configure the advanced rule sets?

I think why could it not be an option like configuring the testing repository to get advanced packages, a testing rule repository.

We're looking into how to do that so that its clear that they are supported differently. We'd like to make that option available as well as we know there are customers like yourself that want to have the latest rules as they become available.

Hi Michael,

Excellent, hope a way can be worked out and then everyone can choose.

Cheers!

Its at the top of my list.