The problem with unsophosticated customer support
Photo by: Joshua Hoehne @mrthetrain
False positives causing a legitimate application to be blocked is a common problem with security software, and if not handled properly and quickly, it is one that could hurt, or even destroy a security product's credibility, or in the worst case, the credibility of the entire sector.
It is therefore very important that whenever a security vendor's product is incorrectly flagging a legitimate product that the vendor resolve the issue within hours, or at most a couple of days of being notified about the problem. Such problems should really be handled with a priority just barely short of problems threatening the customer's system (like security vulnerabilities).
If a user cannot use their chosen, legitimate products because a security product blocks it, they are far more likely to disable, or uninstall, the security product, than to change their chosen product.
If the problem is caused by some actual problem with the flagged product, the security vendor should immediately contact the application vendor with detailed information about what the problem is, and how to solve it.
Easier said than done
As an example of how to not go about handling such cases, consider this recent case.
About a month ago, in early September, the Vivaldi users at a small German company discovered that they were no longer able to use Vivaldi, since their Sophos firewall was blocking it.
They contacted Sophos customer support and were effectively told that "The block was a management decision", "Vivaldi does not support content filtering", "Vivaldi does not support a required API", "Submit a feature request, we can't do anything before we receive that" (the latter had been filed over a month before this case started).
No information was provided about which API support was "missing", or why "management" had decided to block Vivaldi.
Since Vivaldi is based on Chromium, just like Google Chrome, if the blocking was really due to missing support for an API, then Sophos should be blocking Google Chrome as well. We have the same feature support as other Chromium-based browsers. The only real difference is that (e.g. on Windows) our executable is named "vivaldi.exe", not "chrome.exe" and our UI is implemented differently.
After receiving the replies from Sophos, one of the users in the company reported the problem in a post to our German language forum, and it was then forwarded to those of us in the security group.
I decided to look into the Sophos support site, and did find their chat support, but after two hours of back and forth, being passed from one person to another, their response was effectively "We need a support ticket number, file it from the upload site".
There were several problems with that upload site, mainly that there was no option to upload a file as "Affected vendor". You had to be either a "registered user" or "evaluating before purchase"...