Client Security 13.00 went broken?

AskoikAskoik Posts: 21 New Member
in Business Security

Couple of CS 13.00 users just told me, that they got error message from Windows saying that antivirus is disabled. I checked their eventvwr and found that two services were stopped 23.2.2018 at 14:27 and started 15 sec later:

F-Secure Ultralight Hoster
F-Secure Ultralight ORSP Client

 

Now I wonder, if F-secure released faulty antivir updates, which stopped these services, or do I have worm in my network? Anyone else still using 13.00, did you got similar user feedback?

Like

Comments

  • MJ-perCompMJ-perComp Posts: 1,098 Superuser
    It should not happen again and again, but even an Anti-Virus needs updates for the modules. 13.00 is already pretty old and several Updates have to be done. If too many at the same time WSC might get confused. After a Reboot ( not shutdown/restart!!!) everything should be fine.

    From that point of view you can assume "any Antivirus is broken the day it goes RTM", because all need immediate updates.
    Like
  • JachymMJachymM Posts: 4 New Member

    hi,

    we have received the message about disabled FS and Defender as well. It appeared on W10 computers using FSCSPr. v.13.10 after MS cumulative update.

     

    Check following links it could be related:

    https://support.microsoft.com/en-us/help/4074590/windows-10-update-kb4074590

    https://docs.microsoft.com/cs-cz/windows/security/identity-protection/credential-guard/credential-guard-manage

     

     

    Like
  • hyvokarhyvokar Posts: 167

    Same problem here. Never seen this behaviour before.

    Running fscspr 13.10

    Like
  • VadVad Posts: 1,055 F-Secure Employee

    Hello everybody,

     

    Most likely, the root cause is the installation of core binaries update, which may turn the protection off for a few seconds. Such update was published in the channel recently.

    You may check, that this is the reason in your case, by:

    1. Checking the fsaua.log from c:\ProgramData\F-Secure\Logs\FSAUA\, which should contain F-Secure Ultralight Core Update installation.

    2. Comparing the update installation time with Security Center informational events:

     

    Updated F-Secure Client Security Premium 13.10 status successfully to SECURITY_PRODUCT_STATE_OFF.

    Updated F-Secure Client Security Premium 13.10 status successfully to SECURITY_PRODUCT_STATE_ON.

     

    in Windows Application events log.

     

    Best regards,

    Vad

     

    Laksh
    1Like
  • hyvokarhyvokar Posts: 167

    Got this error again. 

    It seems to be F-Secure Ultralight Core Update installation what causes it.

    Like
  • hyvokarhyvokar Posts: 167

    My phone keeps ringing, since my clients are getting a popup window that "Your network connection has been disabled, since the real time scanning is disabled, would you like to enable real time scanning?". 

     

    Would there be any less dramatic way to update your product?

    Like
  • hyvokarhyvokar Posts: 167

    Got this error again, and all my network connections went down.

    Any change this would be fixed?

    Like
  • VadVad Posts: 1,055 F-Secure Employee

    Hello hyvokar,

     

    We now have a fix for this issue. Please, contact support, if you want to try it now.

    The fix will be included in CS 13.11 release.

     

    Best regards,

    Vad

    Like
This discussion has been closed.