SAFE for Mac is blocking Game despite exceptions

Drakon
Drakon Posts: 4 New Member
edited September 2022 in Web Browsing

Hi everyone,


it seems F-Secure SAFE for Mac is blocking the game "XCOM 2" from starting properly, didn't had any issues with any other program or game so far. After some testing and troubleshooting, it is not DeepGuard causing the issue, but the normal AV Scanner.

When i disable the real time scan, the game starts fine. However it seems my exceptions are not being loaded.

I started with adding the XCOM2.app to the exceptions, no change.

Then the entire XCOM2 folder, no change.

The entire Steam Folder, no change.

I know the game also writes into ~/Library/Application Support/Feral Interactive/ so i added that Folder to the exceptions as well, no change. (Steam + Feral Folders)

Why are the exceptions apparently not loaded / applied correctly. The game works fine without the real time scanner.

Does anybody has an idea what else i could try?

Version 18.1 (41103) is installed.

Accepted Answer

Answers

  • Firmy
    Firmy Posts: 1,878 Community Manager
    edited April 2022

    Hi @Drakon

    Welcome to our Community Page. Thank you for your post.

    XCOM2 appears to be blocked by real-time scanning on F-Secure SAFE. At the moment, it is not possible to set exclusions for real-time scanning on F-Secure SAFE for Mac. This feature request is already being considered, but its implementation is not yet decided.


    However, if DeepGuard has blocked an application that you trust and want to allow, you can edit the rule for that application in the DeepGuard Configuration app.

    To allow an application that DeepGuard has blocked:

    1. Click on the product icon in the menu bar.
    2. Select Preferences from the menu.
    3. Click the DeepGuard tab.
    4. Click Advanced.
    5. Click the lock icon in the bottom-left corner.

    You need administrative rights to change the settings. Without this authorization, you cannot change any of the DeepGuard settings.

    1. In the DeepGuard Configuration app, right-click the rule for the application that you want to allow and select Edit.
    2. Select Allow as the Policy for the application.
    3. Select the permissions that you want to allow for the application.
    4. Click Save.


    Kindly let me know if this helps.

    Thank you and stay safe.

    Firmy
    Community Manager | F-Secure Community
    🔐 Strengthening digital security through knowledge and collaboration
    🌐 Explore our User Guides | Knowledge Base for self-help resources
    💻 Empower yourself with Cybersecurity Insights and protect what matters
    📢 Help Shape Our New Homepage! Share your input in our design survey.

  • Drakon
    Drakon Posts: 4 New Member

    Hi @Firmy ,

    thanks for your answer, however DeepGuard is not the issue here. I disabled DeepGuard entirely (while the normal AV was still running) and it didn't worked too.

    So there is no way to exclude an App from the real time scanner? Is there any plans to implement this functionality? It would be highly appreciated.

    Kind regards

  • ArthurVal
    ArthurVal Posts: 261 F-Secure Product Expert

    Hi, @Drakon!

    I would recommend to collect SAFE diagnostics in debug mode and share them with Customer Care so that they could forward it to us (the SAFE product team).

    So I would start with the steps below:

    • Hold Option (Alt) key and click on the SAFE icon in the menubar area on top right.
    • Click "Enable debug logging" and navigate to System Preferences app to confirm the installation of the debug configuration profile. It's needed to configure macOS logging subsystem to allow SAFE collect debug log messages. You can remove it from "Profiles" section in System Preferences app once you are done with all the steps.
    • Reproduce the issue by launching the app that you are experiencing issues with.
    • Launch SAFE Support Tool (located in /Applications/F-Secure/) and click "Run Diagnostics". Once it's done it will create an archive with debug information that will hopefully help us locate the issue.
    • Submit the archive with SAFE diagnostics to Customer Care. It's best not to upload the diagnostics here on the Community Forum as it contains details specific to your SAFE installation. You can mention this thread so that they could forward it directly to us and we can take a closer look.

    Thanks!

    Best regards, Arthur

    F-Secure Technology, Mac Team

  • Drakon
    Drakon Posts: 4 New Member

    Hi @ArthurVal

    i did as described and got the archive here. However... how do i contact customer care? The support page only says, besides the forum, chat and phone. Chat is however unavailable all the time and not sure how over phone works.

    Any idea how i can send the file?

  • Firmy
    Firmy Posts: 1,878 Community Manager

    Hi @Drakon

    I have sent you a private message.

    You may send me the FSDIAG via message.

    Looking forward for your reply.

    Thank you and stay safe.

    Firmy
    Community Manager | F-Secure Community
    🔐 Strengthening digital security through knowledge and collaboration
    🌐 Explore our User Guides | Knowledge Base for self-help resources
    💻 Empower yourself with Cybersecurity Insights and protect what matters
    📢 Help Shape Our New Homepage! Share your input in our design survey.

  • ArthurVal
    ArthurVal Posts: 261 F-Secure Product Expert
    edited April 2022

    Hey, @Drakon!

    Thanks for submitting the diagnostics.

    A couple of observations:

    1. I see a few references to CrossOver app from real-time virus scanner logs. If that how XCOM is being launched? You could also try adding "~/Library/Application Support/CrossOver" to scanning exclusions.
    2. In that Support Tool capture, I can also see that DeepGuard is evaluating quite a lot of XCOM2 app related files. So I would suggest adding a new policy for DeepGuard to treat that application a bit better.

    Here is how you can create a new policy for DeepGuard

    • Hold Option (Alt) key and click on the SAFE icon in the menubar area on top right
    • Click "Configure DeepGuard" from the drop-down menu
    • Once the Configuration app is open, click on the lock icon in the lower left to authorize as admin and click "New Policy Rule"
    • Set application to "~/Library/Application Support/Steam/steamapps/common/XCOM 2/XCOM 2.app/", file path to "~/Library/Application Support/Steam/steamapps/common/" and make sure the file type is prefix. It will look similar to the screenshot below.
    • Select "Save" and close Configuration app to apply changes.

    Let's see if that improves the situation. Thanks

    Best regards, Arthur

    F-Secure Technology, Mac Team

  • Drakon
    Drakon Posts: 4 New Member

    Hi @ArthurVal

    thats a bit weird actually that CrossOver seems to get called. Yes it is installed on my Mac, however it wasn't running at all, nor do i use it to start the game. I have the native Mac Steam client installed and over that one i downloaded XCOM 2. So thats a bit confusing me.

    Anyway, i tried both methods you told me. Excluding the crossover folder and adding a deepguard rule for XCOM2, however that still doesn't work. Same issue as before.

  • ArthurVal
    ArthurVal Posts: 261 F-Secure Product Expert

    @Drakon, thanks for the update and clarification on CrossOver.

    We'll investigate the diagnostics further with the team and will let you know once there is more clarity on the issue.

    Best regards, Arthur

    F-Secure Technology, Mac Team

This discussion has been closed.
Feedback on New Design