Announcement: New Knowledge Base
4 June 2020: We are pleased to announce the launch of a new Knowledge Base, Changelogs for Business Security Products, where you can find more details, such as bugfixes or new features, about the most recent releases of our business-related products.
False positive detection in Capricorn engine
Products affected: F-Secure Protection Service for Business Server Security, F-Secure Client Security (all old versions prior to 13.0), F-Secure Email and Server Security, F-Secure Server Security, F-Secure Protection Service for Business Workstation Security.
Note also that this issue affects only products that are running on a 32-bit Windows platform.
Problem: We have a false positive detection in the Capricorn engine. This is caused by USS which creates temporary files that are then detected by Capricorn. This happens during system scanning where USS iterates through the driver images.
Detection names are (examples):
- file_path: %WINDOWS%\temp\uss27ad.tmp
- file_path: %WINDOWS%\temp\ussb31a.tmp
DO NOT REBOOT THE MACHINES!
Depending on the settings, restarting possibly removes the detected drivers and will render the computer in malfunction state.
Visible effects: If you reboot, the files are deleted. Reboot may result in a situation where the computer gets into malfunction state.
Solution: If your system has any of the above-mentioned false positive detections, ensure that you have the following update downloaded and installed (do not reboot the machine before):
Universal System Scanner 2019-02-05_02 (or newer)
Internal reference: TP-422