FSecure deletes (harmless) files without warning and without quarantine

Ruekaka
Ruekaka Posts: 4 New Member

Hello,

FSecure delete an old file from my harddisk (a setup actually) that is not harmfull at all.
It happens now several times.
The problem is that FSecure deletes the files without putting it into quarantine so I got no chance to tell FSecure that is harmless or send it to FSecure to investigate the problem

This file was not recognized as harmfull for years.

This happened several times now and I start to be more afraid of FSecure than a real virus.

The problem is that FSecure deletes the backup files, too.

Please give us (at least optional) the chance to decide if a file is harmfull or not.
If it happens again I consider using a different product.

I apologize for putting this into the forum, but I was not able to find a proper support mail address.

With kind regards,
Ruediger Kabbasch

Comments

  • Ukko
    Ukko Posts: 3,770 Superuser

    Hello,

     

    Sorry for my reply. I'm also only F-Secure user (their home solutions).

    Maybe F-Secure should not do to such. Expected view: detected item goes to quarantine (or possible to choose action based on certain prompt). Or detected item blocked by DeepGuard. Not sure when applicable autoremoval action (ignore quarantine specially) and unrecoverable state.

     

    But some points to discuss:

     

    --> current options of F-Secure Support channels is phone/chat:

    https://www.f-secure.com/en/web/home_global/contact-support

    Support Agents with abilities to perform remote help (maybe);

     

    --> does it possible to find this 'file/setup' on the web. As potential ability to re-check situation with other systems. With meanings -> file is available to be downloaded by any user? Or it's not available anymore and not possible to try repeat this situation with other systems.

     

    --> does it possible to re-check what version of F-Secure installed (?!). Possible to check it by rightclick F-Secure tray-picture and choose "About".

    Also possible to add information about 'detection name' from "Recent events" (under menu by rigthclick F-Secure tray-picture).

     

    Thanks!

  • Ruekaka
    Ruekaka Posts: 4 New Member

    Hi Ukko,

     

    thanks for your reply.

     

    But the file is gone for good, that's the problem.

    FSecure is uptodate.

    The message said that the file has been infected by a Trojan.GenerikKD.12628369.

    I had similar messages with files after I compiled them where FSecure deletes my files. In this case I can exclude the folder where I compile my application to.

     

    I had a chat a while ago but what does that help if there's no option available?

     

    Don't get me wrong, I appreciate the work of FSecure, but it's annoying when I loose my purchased executables, just because FSecure thinks there's an infection. That's why I prefer to be asked before a file has been deleted.

     

    Regards
    Ruediger Kabbasch

  • Ukko
    Ukko Posts: 3,770 Superuser

    Hello,

     

    Sorry for my long reply. Will be good - if will be official F-Secure attention here.

     

    But the file is gone for good, that's the problem.

    Yes, it's clear. I meant that maybe it possible to download this file (find on the web) and it was not your own file (or file which not possible to find anymore). It was my own feelings -> kind of re-check how it will be with my systems.

     

    The message said that the file has been infected by a Trojan.GenerikKD.12628369.

    Based on detection name (Trojan.GenericKD.12628369) -> generic signature is added on 27.11.2017: https://www.f-secure.com/dbtracker/Aquarius/2017-11-27_06.html

     

    And sounds as potential false-positive for your certain file.

     

    I had a chat a while ago but what does that help if there's no option available?
    ..
    just because FSecure thinks there's an infection. That's why I prefer to be asked before a file has been deleted.

    Basically, I able to think that F-Secure should ask (before) or should to use Quarantine (when possible).

     

    Maybe can be difference with certain platform (but based on your words about ability to exclude folder - it's not about Mac-platform). For example, Windows-platform with such 'potential' documented design (for real-time scanning):

     


    When your computer tries to access a file, Real-time scanning scans the file for malware before it allows your computer to access the file.

    If Real-time scanning finds any harmful content, it puts the file to quarantine before it can cause any harm.


    https://help.f-secure.com/product.html#home/safe-windows/2017/en/real_time_scanning-safe-windows-2017-en

     

    It should be as autoremoving/autodeleting in fact. But I suspect that should be with 'quarantine'-option.

    Recent F-Secure SAFE/IS solutions switched to design with meanings like "Real-time scanning now removes all malware automatically without prompting"(and ""Low-risk potentially harmful applications will not be blocked and removed automatically. Instead, real-time scanning will report them without blocking and the user will be able to exclude them from detection if so wished"" || ""DeepGuard no longer prompts the user for action, blocking all harmful or suspicions applications automatically. To allow an application, click on "Unblock" in the Events list entry for this blocked application"");

     

    Maybe with certain situation -> not possible to use Quarantine and file is removed only. And this was a reason about potential experience with F-Secure Support. Maybe possible to investigate more (based on removal logs or so): why it was removed totally and Quarantine is not used. Or just as their own clarification about removal-design (also possible to receive this clarification under community).


    I tried next steps:

    -- tried to download ""eicar.com.txt"" (HTTPS) from http://www.eicar.org/85-0-Download.html;

    -- this try is detected and F-Secure triggered prompt about 'file is removed' (and placed under Quarantine as result).

    -- then I tried to create 'modified' eicar under file-system;

    -- this try is detected and F-Secure triggered prompt about 'file is removed' (and placed under Quarantine as result).

     

    Maybe certain size of application (or file) is a reason for troubles with quarantine it. Or maybe multiple-detections per small timeframe. Or any other reasons (like certain detection-type).

     

    But, at least, maybe possible to re-try such steps with your own system and check if your F-Secure installation will quarantine items with noted steps (or also will remove it only).


    Thanks!

This discussion has been closed.
Feedback on New Design