F-Secure keeps deleting one of my files

Philipgr
Philipgr Posts: 20 Enthusiast

F-Secure keeps deleting one of my files. I used the fsdumpqrt.exe file to restore it. Everytime I copy it from the malware_samples.zip back to its' folder F-Secure delets it again. This is extremely annoying. I never gave F-Secure permission to willy nilly delete files. My question is: How do I stop F-Secure from doing this. It should be my choice whether to delete a file not F-Secures.

Comments

  • Ukko
    Ukko Posts: 3,770 Superuser

    Hello,

     

    Sorry for my reply. I'm also only F-Secure user (their home solutions).

     

    My own feelings:

     

    -> There is large difference: F-Secure keeps deleting(!) or keeps quarantined file?

    ->  And about choice: 'whether to delete/quarantine a file' or 'whether to delete/quarantine a malicious file'.

     

    Potential workarounds/solutions:

    -- To transfer file to F-Secure Labs (F-Secure SAS) as false positive:

    https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-file

     

    -- To exclude certain file or folder/destination where file is stored (or should be stored). As potential temporary workaround before response from F-Secure Labs with previous step.

     

    I'm not sure that 'malicious' file should be with delay for quarantine. But if file is deleted - it is kind of unexpected trouble when there is false positive. For example, how it should be? Malicious/harmful item is detected -> F-Secure prevent/postpone/temporary-block process and will trigger ask user about decision? Does it safe?

     

    If file is quarantined only -> potential false-positive situation is not so critical.

     

    Thanks!

  • Philipgr
    Philipgr Posts: 20 Enthusiast

    It deleted the file from my external drive. It never asked me what I wanted to do with it which is extremely annoying. As I mentioned in my original post I found it in a zip file on my desktop.

  • Ukko
    Ukko Posts: 3,770 Superuser

    @Philipgrwrote:

    It deleted the file from my external drive. It never asked me what I wanted to do with it which is extremely annoying. As I mentioned in my original post I found it in a zip file on my desktop.


    Hello,

     

    Maybe it is an option to contact their direct Support Channels (chat as example):
    https://www.f-secure.com/en/web/home_global/contact-support

    Just like their own investigation about potential unexpected situations.

     

    As my own unofficial feelings:

    -- I think that deleting/removing file is likely situation - but more often should be "quarantine" action;

    At least, as first experience. But even if there is 'delete'-action -> your experience is about "fsdumpqrt.exe" as potential dump for quarantine even with such 'deleted' state; but if not - so, it should be possible to exclude/restore from Quarantine UI too.

     

    -- current design of F-Secure solution is that for malicious and harmful items there are autodecision.

    Partly, it is logical. Since any delay with decision is potential 'bypass'-vector for malicious item.

    When there is false-positive -> such situation is not good - but if there is false-positive -> more good to ask for less false positive detections than manual decision for detected malicious file.

     

    For example, it is possible to transfer item to F-Secure SAS (even with zip-file after quarantine dump):

    https://www.f-secure.com/en/web/labs_global/inform-us

    So, F-Secure Labs should investigate situation and maybe perform tweak for detection design (if detection is not reasoned).

     

    Thanks! 

     

This discussion has been closed.
Feedback on New Design