Self-defense and integrity checking

CyberDevil
CyberDevil Posts: 8 Observer
edited August 2022 in Feature Requests

Hi. F-Secure and community!

As I understand it, the current policy of developers is that it is enough not to run programs as an administrator and then DeepGuard will most likely not allow anything to terminate the F-Secure process.

But I don't think that's a very good idea. I wouldn't like to be afraid to run any utilities as an administrator, knowing that my antivirus is most likely defenseless against them. At the same time, I am sure that most users will agree that they often run certain installers or applications as an administrator, since they require this by default.

I recently saw a real example on YouTube from the COMSS portal with the launch of a set of malware with administrator rights. This test isn't in English, however you can visually see, that F-Secure did a great job of protecting system, but at 11:23 it can't start the scanning process after clicking on the corresponding button in the interface, and at 11: 30 in comodo kill switch you can see that the fssettings.exe process is infected with worm.win32.vb

On the malwaretips portal, one of the experienced users also conducted a series of small tests in a topic called " On the topic of terminating F-Secure processes....", where he showed the ability to disable F-Secure using batch and python scripts

So, my suggestion: + Add protection against the termination of key processes related to the protection of the system, even with administrator rights; + Add an additional process that checks the integrity of the antivirus files and is able to restore them in case of damage.

P.S. As a new user, I can't add links, so I apologize that they aren't here.

2
2 votes

Completed · Last Updated

Comments

This discussion has been closed.
Feedback on New Design