SAFE for Mac is blocking Game despite exceptions
Hi everyone,
it seems F-Secure SAFE for Mac is blocking the game "XCOM 2" from starting properly, didn't had any issues with any other program or game so far. After some testing and troubleshooting, it is not DeepGuard causing the issue, but the normal AV Scanner.
When i disable the real time scan, the game starts fine. However it seems my exceptions are not being loaded.
I started with adding the XCOM2.app to the exceptions, no change.
Then the entire XCOM2 folder, no change.
The entire Steam Folder, no change.
I know the game also writes into ~/Library/Application Support/Feral Interactive/ so i added that Folder to the exceptions as well, no change. (Steam + Feral Folders)
Why are the exceptions apparently not loaded / applied correctly. The game works fine without the real time scanner.
Does anybody has an idea what else i could try?
Version 18.1 (41103) is installed.
Accepted Answer
-
Hi @Drakon
Thank you for your reply.
This feature request is already under review, but its implementation has not yet been decided.
When it comes to excluding processes we do have this https://community.f-secure.com/t5/F-Secure-SAFE/F-Secure-SAFE-Mac-scanning/m-p/92071 however, it's not the most straight-forward thing to do.
Thank you and stay safe.
Firmy
Community Manager | F-Secure Community
🔐 Strengthening digital security through knowledge and collaboration
🌐 Explore our User Guides | Knowledge Base for self-help resources
💻 Empower yourself with Cybersecurity Insights and protect what matters
Answers
-
Hi @Drakon
Welcome to our Community Page. Thank you for your post.
XCOM2 appears to be blocked by real-time scanning on F-Secure SAFE. At the moment, it is not possible to set exclusions for real-time scanning on F-Secure SAFE for Mac. This feature request is already being considered, but its implementation is not yet decided.
However, if DeepGuard has blocked an application that you trust and want to allow, you can edit the rule for that application in the DeepGuard Configuration app.
To allow an application that DeepGuard has blocked:
- Click on the product icon in the menu bar.
- Select Preferences from the menu.
- Click the DeepGuard tab.
- Click Advanced.
- Click the lock icon in the bottom-left corner.
You need administrative rights to change the settings. Without this authorization, you cannot change any of the DeepGuard settings.
- In the DeepGuard Configuration app, right-click the rule for the application that you want to allow and select Edit.
- Select Allow as the Policy for the application.
- Select the permissions that you want to allow for the application.
- Click Save.
Kindly let me know if this helps.
Thank you and stay safe.
Firmy
Community Manager | F-Secure Community
🔐 Strengthening digital security through knowledge and collaboration
🌐 Explore our User Guides | Knowledge Base for self-help resources
💻 Empower yourself with Cybersecurity Insights and protect what matters -
Hi @Firmy ,
thanks for your answer, however DeepGuard is not the issue here. I disabled DeepGuard entirely (while the normal AV was still running) and it didn't worked too.
So there is no way to exclude an App from the real time scanner? Is there any plans to implement this functionality? It would be highly appreciated.
Kind regards
-
Hi, @Drakon!
I would recommend to collect SAFE diagnostics in debug mode and share them with Customer Care so that they could forward it to us (the SAFE product team).
So I would start with the steps below:
- Hold Option (Alt) key and click on the SAFE icon in the menubar area on top right.
- Click "Enable debug logging" and navigate to System Preferences app to confirm the installation of the debug configuration profile. It's needed to configure macOS logging subsystem to allow SAFE collect debug log messages. You can remove it from "Profiles" section in System Preferences app once you are done with all the steps.
- Reproduce the issue by launching the app that you are experiencing issues with.
- Launch SAFE Support Tool (located in /Applications/F-Secure/) and click "Run Diagnostics". Once it's done it will create an archive with debug information that will hopefully help us locate the issue.
- Submit the archive with SAFE diagnostics to Customer Care. It's best not to upload the diagnostics here on the Community Forum as it contains details specific to your SAFE installation. You can mention this thread so that they could forward it directly to us and we can take a closer look.
Thanks!
Best regards, Arthur
F-Secure Technology, Mac Team
-
Hi @ArthurVal
i did as described and got the archive here. However... how do i contact customer care? The support page only says, besides the forum, chat and phone. Chat is however unavailable all the time and not sure how over phone works.
Any idea how i can send the file?
-
Hi @Drakon
I have sent you a private message.
You may send me the FSDIAG via message.
Looking forward for your reply.
Thank you and stay safe.
Firmy
Community Manager | F-Secure Community
🔐 Strengthening digital security through knowledge and collaboration
🌐 Explore our User Guides | Knowledge Base for self-help resources
💻 Empower yourself with Cybersecurity Insights and protect what matters -
Hey, @Drakon!
Thanks for submitting the diagnostics.
A couple of observations:
- I see a few references to CrossOver app from real-time virus scanner logs. If that how XCOM is being launched? You could also try adding "~/Library/Application Support/CrossOver" to scanning exclusions.
- In that Support Tool capture, I can also see that DeepGuard is evaluating quite a lot of XCOM2 app related files. So I would suggest adding a new policy for DeepGuard to treat that application a bit better.
Here is how you can create a new policy for DeepGuard
- Hold Option (Alt) key and click on the SAFE icon in the menubar area on top right
- Click "Configure DeepGuard" from the drop-down menu
- Once the Configuration app is open, click on the lock icon in the lower left to authorize as admin and click "New Policy Rule"
- Set application to "~/Library/Application Support/Steam/steamapps/common/XCOM 2/XCOM 2.app/", file path to "~/Library/Application Support/Steam/steamapps/common/" and make sure the file type is prefix. It will look similar to the screenshot below.
- Select "Save" and close Configuration app to apply changes.
Let's see if that improves the situation. Thanks
Best regards, Arthur
F-Secure Technology, Mac Team
-
Hi @ArthurVal
thats a bit weird actually that CrossOver seems to get called. Yes it is installed on my Mac, however it wasn't running at all, nor do i use it to start the game. I have the native Mac Steam client installed and over that one i downloaded XCOM 2. So thats a bit confusing me.
Anyway, i tried both methods you told me. Excluding the crossover folder and adding a deepguard rule for XCOM2, however that still doesn't work. Same issue as before.