F-Secure keeps deleting one of my files
F-Secure keeps deleting one of my files. I used the fsdumpqrt.exe file to restore it. Everytime I copy it from the malware_samples.zip back to its' folder F-Secure delets it again. This is extremely annoying. I never gave F-Secure permission to willy nilly delete files. My question is: How do I stop F-Secure from doing this. It should be my choice whether to delete a file not F-Secures.
Comments
-
Hello,
Sorry for my reply. I'm also only F-Secure user (their home solutions).
My own feelings:
-> There is large difference: F-Secure keeps deleting(!) or keeps quarantined file?
-> And about choice: 'whether to delete/quarantine a file' or 'whether to delete/quarantine a malicious file'.
Potential workarounds/solutions:
-- To transfer file to F-Secure Labs (F-Secure SAS) as false positive:
https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-file
-- To exclude certain file or folder/destination where file is stored (or should be stored). As potential temporary workaround before response from F-Secure Labs with previous step.
I'm not sure that 'malicious' file should be with delay for quarantine. But if file is deleted - it is kind of unexpected trouble when there is false positive. For example, how it should be? Malicious/harmful item is detected -> F-Secure prevent/postpone/temporary-block process and will trigger ask user about decision? Does it safe?
If file is quarantined only -> potential false-positive situation is not so critical.
Thanks!
-
@Philipgrwrote:It deleted the file from my external drive. It never asked me what I wanted to do with it which is extremely annoying. As I mentioned in my original post I found it in a zip file on my desktop.
Hello,
Maybe it is an option to contact their direct Support Channels (chat as example):
https://www.f-secure.com/en/web/home_global/contact-supportJust like their own investigation about potential unexpected situations.
As my own unofficial feelings:
-- I think that deleting/removing file is likely situation - but more often should be "quarantine" action;
At least, as first experience. But even if there is 'delete'-action -> your experience is about "fsdumpqrt.exe" as potential dump for quarantine even with such 'deleted' state; but if not - so, it should be possible to exclude/restore from Quarantine UI too.
-- current design of F-Secure solution is that for malicious and harmful items there are autodecision.
Partly, it is logical. Since any delay with decision is potential 'bypass'-vector for malicious item.
When there is false-positive -> such situation is not good - but if there is false-positive -> more good to ask for less false positive detections than manual decision for detected malicious file.
For example, it is possible to transfer item to F-Secure SAS (even with zip-file after quarantine dump):
https://www.f-secure.com/en/web/labs_global/inform-us
So, F-Secure Labs should investigate situation and maybe perform tweak for detection design (if detection is not reasoned).
Thanks!