TP130 Windows client release

Ville
Ville Posts: 671 F-Secure Employee

FS Protection PC Release 130

 

  • Common Component Framework 2.30 build 269
  • Antivirus 14.130 build 101
  • Browsing protection 2.130 build 3093

New features
Common:

  • Windows 10 support. The product has been running in Windows 8 emulation so far, now it is running in native Windows 10 environment.

Antivirus:

  • Web traffic scanning will now show flyer also for clean files that are downloaded.

Browsing Protection:

  • Applications are allowed to connect safe IP addresses during banking session.
  • Browsing protection blocking event now added to product timeline.

Fixed issues
Common:

  • Cancelling and resuming installation may not always resume properly (CTS-95811)
  • Non-privileged user in Windows XP gets no feedback when clicking "Upgrade" (CTS-95810) Please note that this fix will take effect only in upgrade from TP130 to next release.
  • Action Center title misleading (CTS-95789)
  • Setup wording misleading (CTS-95774)
  • Desktop logo looks blurry on some platforms (CTS-95569)

Antivirus:

  • Strange user mode hoster crash (CTS-95788)
  • Conflict with ODS and scheduled scan (CTS-95661)

 

Ville

F-Secure R&D, Desktop products

Comments

  • Simon
    Simon Posts: 2,667 Superuser

    Thanks Ville.  All up and running.  thumb.gif

  • Ukko
    Ukko Posts: 3,611 Superuser

     

    Spoiler

    Hello,

     

    I maybe have something strange about current upgrade-process... but maybe it should be like that.

    For example,

     

    -> First window about upgrade-prepare-step-action comes with "place-holder" (?) about Cancel-button. And maybe with wrong color for text about "fs protection"-words near small left-logo (which maybe should be white-text), but it was not visible (maybe because there black-color of text?!).

     

    -> Maybe same with "color" (?!) can be about Browsing Protection Settings-window (header!? left-place of header?!).

    Such as... Main Window of Computer Security comes as "Settings"-white-word and logo of fs protection.

    Browsing Protection comes as "Settings"-white-word and.... there missing logo of "Browsing Protection" (?!), which maybe should be there as "white-color" (but can be there black-color now ?!). Or maybe it's OK and it should be with current design.

     

     

    Also about new features:

     

    --> "Web traffic scanning will now show flyer also for clean files that are downloaded."

     

    But just for HTTP-source of downloading (HTTPS... with my experience dropped). I mean... download from HTTP as main-background for get notification/flyer. Maybe it's also as design... such as HTTPS?! meaning secure?!

     

    And time to time it's can be missing as flyer from HTTP-source too. ?! Not sure.. which steps there required.. strange-redirects (?!) or large size of file (?!), but I can to reproduce it with pages like "cnet-" (as strange redirects or other points... which prevent flyer to be created) and with "installer of Sleipnir browser" (fifty Mb-size).

     

    And some points around else.

     

    -->  "Applications are allowed to connect safe IP addresses during banking session"


    Should it be like that (for example):

    "Banking Protection turned ON" -> "goes to download F-Secure Key from F-Secure.com" and it goes be "blocked" for downloading (by Banking Protection deny connection). by Browser (I mean).

     

     

    Spoiler

    ----

     

    And maybe I can to ask....  about "Help".

    Does it can be critical .... if "tips" during "trying to search something" can be :

     

    - > not helpful (because does not give any results);

    - > maybe can be outdated about "how it sounds";

     

     

     

     

     

  • Ville
    Ville Posts: 671 F-Secure Employee

    Hello @Ukko 

     

    The first dialog in upgrade is stand-alone dialog, since the common components are upgraded. The cancel-button is disabled, but there is no visual indication of that (and it's on our work list, but not high priority).

     

    Regarding icons and font colors, please create a bug report with screenshots.

     

    Web traffic scanning is only done for HTTP traffic, since we can't scan the encrypted traffic of HTTPS. So the flyers are only shown for HTTP traffic. HTTPS downloads are scanned when they are written to disk.

     

    The banking protection whitelisting is for applications (not browser) that connect to known good places, like Spotify, Skype and additional banking authentication apps. The feature also allows us to add more applications and locations remotely when needed.

     

    Ville

    (F-Secure R&D)

     

    Ville

    F-Secure R&D, Desktop products

  • klima89
    klima89 Posts: 58 Explorer

    Everything works well, but it continues to be a big impact on computer boot.Smiley Sad

  • Antivirus:

    • Web traffic scanning will now show flyer also for clean files that are downloaded.

    This causes some annoyance to me because it doesn't tell which application downloaded a file and where did it go to. I wasn't able to find the information from any of the log files so I had to fire up MS Network Monitor to capture the reason for the message below.  It turned out to be Steam client. I wish I could turn this off or at least to be able to rule out Steam for announcing the clean files without excluding it from the scan altogether.

     

    fs_steam_annoyance.png

  • Simon
    Simon Posts: 2,667 Superuser
    I can also see how that could be a little disconcerting, especially if the download wasn't prompted by the user, although, I haven't had any flyers myself yet.
  • klima89
    klima89 Posts: 58 Explorer

    Yesterday I had a strange situations. DeepGuard blocked process c: \ windows \ system32 \ svchost.exe, strange because it is a system file.

     

    Bez tytułu.png

     

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    It's, of course, probably can not be totally helpful.... but with your situation.. maybe you available  check the Windows Logs (default System Journals) and get/read notification about DeepGuard detection.

     

    There should be hash about current "svchost.exe" and maybe you can to try search about hash... what if it known thing... and can be suspicious (or malicious, if DeepGuard block it).

     

    ------

    But also.. does you mean that your experience about "prompt" by DeepGuard or it was automatic block and you re-choose it to manual allowing?

  • klima89
    klima89 Posts: 58 Explorer

    Yeah i chose manual allowing. I scanned this file on virus total and as it turned out it is falsepositive. 


  • @DoubleTom wrote:

    Antivirus:

    • Web traffic scanning will now show flyer also for clean files that are downloaded.

    This causes some annoyance to me because it doesn't tell which application downloaded a file and where did it go to. I wasn't able to find the information from any of the log files so I had to fire up MS Network Monitor to capture the reason for the message below.  It turned out to be Steam client. I wish I could turn this off or at least to be able to rule out Steam for announcing the clean files without excluding it from the scan altogether.

     

    fs_steam_annoyance.png


    This kept popping for me a few times as well. As said in the quoted post, this is more annoying than helpful. Having no way to change the default is a bit of an odd one, as I remember back in the days of Internet Security having more control over some settings than you have now in "fs protection"

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    Sorry for questions again.

     

    It's also about new feature (web-traffic flyer about safe-files downloaded):

     

     

    Spoiler

    -> Does there will be some of other protocols as supported ones (except HTTP)?! Or it's not really helpful?

    I mean something as "FTP" maybe (?!);

     

     -> How it will be about files, which will be not known for F-Secure Security Cloud (if checking goes be cloud/reputation-based there). It will be marked as "safe file" - because it's not known as malicious/suspicious file? Or it will be trigger to brief analysis for file (and will be pause before downloading?!).

     

     -> Can be situations, when file goes be marked as safe-downloaded... but during downloading it goes be "re-placing" for another one (?!). On-the-fly (?!)... if it possible, of course.

    Or it's not really important, because local-scanning will be detected any malicious files.. and "safe-status" comes just from cloud  (and same with scanning by installation) and it's does not created something as new "separate" module of detection (I mean - if it's not known for engines, but can be detected before downloading - which probably not possible)?

     

    -> Can be situation... when files goes be marked "This file is safe to open", but during "open" - DeepGuard will be detected something (or suspicious, or malicious, or other). Or there meanings "safe to open", but not "to launch"?

    Or maybe I mean... what if there already can be situation... when current flyer can to create notification about "detection by DeepGuard, which can be after launch"? Such as - it's not a detection malicious web-traffic, but also related with new feature about safe-web-traffic-downloads-flyer, but with "knowledge" about potential DeepGuard prompt (for known files)? Or it's also not possible?

     

     

    Maybe all of that can not be helpful...

    And not so important how can be "optional"-status for current feature (show notification-flyer for safe-downloads or does not use it). Or maybe something as additional information around flyer.

     

    But anyway.... just decided to ask current questions too.

     

    Sorry again.

     

     

    Thanks

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    Sorry for the over-the-words... but just want (if I can) to ask about

    "Browsing protection blocking event now added to product timeline ";

     

    On current time (and previously) blocking under "background" will be "invisible" still.

     

    There I mean - if F-Secure blocked something (but not full page or current-direct URL) during visit a web-page as malicious element or other... it goes be not visible for users (if it's not available to be as "frame" and there just resources). It's mean - user goes with experience about web-site and without experience.. that there was something blocked (as malicious resources, scripts, pictures or something else from another source.... or another variants for same situations).

     

    But what if with new current feature.. it's possible to do something, which can be as trigger.. for adding "all blocking actions/events" for timeline.... and not just ones, which visible as "normal blocked page".

    Time to time it's can be helpful maybe, but can be "surprise" (because without "knowledge" where it was).

    If there should be examples... maybe I can to create some of them (which I met time to time).

     

    Sorry again for reply.

     

  • Keor
    Keor Posts: 1

    I keep having the pop-ups discussed here quite often. They don't bother me too much except for the fact that they become the active window upon appearing. This means that if I'm, for example, writing something and the notification appears I can't write again unless I reselect the windows or wait for the notification to disappear.

     

    I have also been unable to find a way to turn the notifications off.

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    Just want to say... that I also today get experience about DeepGuard and "svchost.exe" blocked at launch system (one of machines, which was not launched after upgrade fs protection....  and all of isntalled browsers, which can be a reason.. because there also was new firewall rules for them?!).

    With reason as "unknown application" trying to get network connection. And maybe related with Teredo (?!).


    So... maybe there any changes around?! Anyway.. I choose block it and get also prompt for transfer sample. So it's work too. :)

  • klima89
    klima89 Posts: 58 Explorer

    There was a similar problem at me, more I cannot add nothing because I am testing ULAV and I don't have installed FS Protection on a computer

This discussion has been closed.