Best Of

Installation, Uninstallation, malfunction

• Download installers - retail versions  (not for F-Secure SAFE or ISP versions)
• Removing other Antivirus programs before installing F-Secure
• F-Secure Uninstallation Tool for Windows and Mac
• How to install F-Secure SAFE on your PC (for Virgin Media customers)

Infections (virus, trojan, pop-ups, browser hijacks etc)

• Infection were not automatically cleaned
• General removal instructions
• Cleaning compressed files
• Cleaning a temporary folder
• Cleaning temporary Internet files in Internet Explorer
• Cleaning System Volume Information or a System Restore folder
• Cleaning the Recycle Bin 
• Pop-ups and browser hijacks are not necessarily malware. Try the free Anti-Malware from Malwarebytes which is good in detecting PUPs - Potentially Unwanted Programs
• F-Secure is detecting a trusted file as malware (report it to SAS as a false positive, but first scan it on VirusTotal to see if it's clean with other antivirus products)

Deepguard (F-Secure's application monitor)

• How can I allow an application that DeepGuard has blocked

Verifying that the protection works

• How can I check that my computer is protected and that automatic updates are working
• How to test Anti-Virus and Browsing Protection

Miscellaneous

• Submit a file or URL to F-Secure for analysis
• How can I perform a full computer scan
• The product shows that the virus definitions are old
• Where can I find the product subscription key
• Lost subscription key

Documentation & information

• User guides and FAQ
• Videos by product and function
• Knowledge Base for Home Security

Getting help from the community

• Start a New Thread  Please try to describe the problem in detail and provide information about what F-Secure product and version you have. And OS(Operating System) and version

Contact support

• Call Support
• Online Chat

Additional security advice

• Running as Administrator? Read this!
• Free 3rd party security products that complement F-Secure AV/IS
• Process Explorer: How to scan all running processes with 50+ AV products
• To be extra safe before installing/running a new program: scan it on VirusTotal which is a multi-engine scanner with more than 50 antivirus products (F-Secure is one of them)

Please suggest other issues/links I can add to this list and I will update this post.

Hello,

I am only an F-Secure user (their home solutions).

I think that it is impossible with its current design (of F-Secure SAFE).

Perhaps, the logic is "work days" vs "weekends" as a general pattern of use. Mostly, about daylight hours.

As a result, it is only possible to think about some workarounds.

That sounds fine. However, how it should be done? I mean - set it up in advance, even before the "vacation" (for a certain date) or turned on on-demand (then switched off automatically, returning to the usual limits)?

Anyway, there is a dedicated board for feature requests: https://community.f-secure.com/en/categories/Idea_Exchange

Where you can place your ideas and other users can somewhat vote, while the F-Secure teams check it at the time of planning to add or improve functionality.

Thanks!

// one small late addition: with F-Secure Internet Security (only Windows devices) - there is still an ability to set up each day. However, only one platform and no external management (only locally).

Hello,

Sorry for the delay with my response!

So, besides "hidden files shown" option, probably, you may need to modify also the next option: "Hide protected operating system files". By default, it should be checked. So, need to uncheck it and maybe the mentioned folder will be visible. Rough way to do so is ("Control Panel" - "Folder Options" - "View" tab - check list of options against one with wording around "Hide protected operating system files" and uncheck it). However, "checked" state is a recommended one. Also, even if it will be visible - access to it can be restricted anyway.

Yes, it is normal. So, both solutions are not found it by real-time scanning. Because "no access" to items, "no launch" state. It is just static 'suspicious' items. Even inside "container" (kind of limited possibilities to go out). When you scan it (full scan) - Windows Defender discovered that this item looked suspicious and maybe a certain 'pattern' that is known for its 'signature logic base'.

Quick scans are usually about the most critical system places and paths where malware can to be. Mostly against "active" ones.

If both solutions are enabled (mentioned "periodic scanning" feature of Windows Defender) and there are no some troubles (mentioned discussion under Microsoft Community "Windows Defender Identifies The SAME PUP As A Threat Repeatedly") - then it should be done after then scan event when them item is detected and the 'action' is adjusted.

By default (Windows 10), if F-Secure AV/IS/SAFE enabled/active - then Windows Defender is disabled (off). And there is no 'good' way to use both of them with real-time scanning (at least, it is not recommended and may be tricky). Windows Defender can be used as on-demand scanner and Windows Defender can handle own findings.

Again, PUA only means that it is a potentially unwanted application, which under some circumstances can be dangerous. Or, which is undesirable since of a hidden installation. That is, if the user did not install this software on his own. Instead it was "bundle" from another installation.

In this case, it is more likely "leftovers" or inactive remained things (because was there as 'initial' state of your system / packaged PC applications). Pre-installed game on your PC.

For example, certain network driver (based on its name) need for the game. It is located under game files. Maybe during installation or launch - driver is 'copied' to System folder (System32) for its wide use. So, it can be different places - but based on provided paths by you - it is anyway somewhat pinned to ASUS GameFirst IV.

Actually, there are some topics on their community about detections against their files / drivers:

• GameFirst IV - Flagged as malware by McAfee (asus.com)
• ASUS ROG Game First III driver detected as Adware (NetTool / NetFilter) [Archive] - ASUS Republic of Gamers [ROG] | The Choice of Champions – Overclocking, PC Gaming, PC Modding, Support, Guides, Advice

the average conclusion was that it was a false positive. Since of its 'design' - unknown network driver - looks as a somewhat that can interfere with user's network (suspicious).

By default - not. I mean - Windows Defender should be with an option to perform scan OR be enabled. Otherwise - Windows Defender can not to detect/handle something.

If your concern is about - will F-Secure prevent trying to quarantine / delete file by Windows Defender. I think that - no. Should be fine. At least, if F-Secure did not think that this is critical file OR also think that this is malicious item.

In addition, F-Secure never had notification about this item (detected as PUA by Windows Defender) - because, for example, these files are not dangerous or rogue. Instead legit, valid ones. That can not be PUA since of its normal design. F-Secure, basically, detect something as PUA based on this policy matter: https://www.f-secure.com/v-descs/guides/classification_guide_pua.shtml

It is OK. Actually, based on provided information - situation is quite normal and nothing really to be concerned.

Two detected items (netfilter2.sys) are placed under Recovery directory. As part of initial state of PC. So, static. And perhaps about safe files from certain game. And only Windows Defender (of tried scanners) think about them something. What is more looks like as a false positive.

It is not removed/deleted/quarantined - because inside container (not possible to modify / repack it).

Good step is somehow contact Microsoft and to inform them about situation - maybe their Labs can to analyzing items (files) and whether drop detection or to provide more information abut risks

Thanks!

Hello, @Architect!

I believe that the root cause of the issue is that DeepGuard feature of SAFE is currently unaware of Graphisoft developer team identifier and is trying to collet as much diagnostic information as possible.

Let's try the steps below to mitigate low performance in Archicad due to DeepGuard interference.

Please open Terminal app and enter the commands below to create an ignore rule for DeepGuard which targets Graphisoft applications. There are three commands: the first two create an ignore rule for applications which are signed with Graphisoft team identifier and the last one restarts DeepGuard service (xfencedaemon).

echo 'allow prefix "/Users/" "any" rwcx "t" "3E9E9FN277"' | sudo /bin/sh -c "cat >> /Users/Shared/F-Secure\ XFENCE/local.xfence.rc"
echo 'allow prefix "/Volumes/" "any" rwcx "t" "3E9E9FN277"' | sudo /bin/sh -c "cat >> /Users/Shared/F-Secure\ XFENCE/local.xfence.rc"
sudo killall xfencedaemon

I would give it about 5-10 seconds for DeepGuard to restart and apply these new rules. Please let me know if there is any improvement in Archicad performance after that. Thanks.

One thing worth mentioning is that we are planning a new release of SAFE quite soon (upcoming weeks) with more user-friendly controls. The command line interaction with DeepGuard is unfortunately a limitation of the current release of SAFE.

Best regards, Arthur

SAFE Mac R&D Team