SecuRom

osecure

Hello everyone,

 

I have received a presentation cdrom and when I started it, deep guard prevented the starter program do run the cd and provided me with the following link

 

https://www.f-secure.com/v-descs/w32_malware.shtml

 

So I contacted the company who sent the cd and they got in touch with there vendor who claim that the blocked program does not contain any malware, but the virus scanner is either not up to date or does not consider whitelisted exceptions.

 

"Your virus scanner recognises a program which works similar to a virus. The 'malware' which was detected is called SecuRom protection from Sony."

 

According to the control center the virus database is up to date. What about the whitelisted exceptions the vendor is talking about? Is this something I can/need to configure?

 

Kind regards,

 

Oliver

 

 

Ukko

Hello,

 

I am only an F-Secure user (their home solutions).

 

What about the whitelisted exceptions the vendor is talking about? Is this something I can/need to configure?

If your security solution is F-Secure SAFE - then it should be possible to use exclusion list:

• https://help.f-secure.com/product.html#home/safe-windows/latest/en/task_13205052E3D44C44BA2491A55A7F818F-safe-windows-latest-en

For example, to exclude partion with CD (CDrom?!) drive; Or certain filepath to launched application ('starter program').

Or to exclude already blocked application: 'Allow applications that DeepGuard has blocked'.

 

In addition, good to know exact detection name (since provided URL is generic, perhaps). It should be visible under "Recent events list" (or notification prompt about event) - rightclick for F-Secure tray logo and related entry under menu or by another steps.

Since, local whitelist / allowing is only an option if such a CD is trusted and from trusted people.

 

Otherwise, good to contact F-Secure support (for their assistance):

• https://www.f-secure.com/en/web/home_global/contact-support

Or to transfer blocked executable (item) to F-Secure Labs for analysis (but it can be unwanted or prohibited):

• https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-file

More information about F-Secure DeepGuard

• https://help.f-secure.com/product.html#home/safe-windows/latest/en/task_4FAC03A45F4D4B35AA713210F65BE116-safe-windows-latest-en

Sorry for my English!

 

Thanks!

nanonyme

Hey, 

Only commenting as a fellow community member but copy protection software does behave in many ways like malware. It's really to be expected behavioural scanners to detected as such. Considering how aggressive copy protections have become, I would personally classify them as potentially dangerous software.