[DeepGuard] TeamID in rules no longer work

66f2e490
66f2e490 Posts: 56 Contributor

Hi Dev team,

With the newest release Version 19.8 (63381) I found that TeamID in rules are not working properly in strict mode.

For example, I only allow apps with TeamID UBF8T346G9, which is Microsoft-Apps that can read/write .xlsx file:

allow suffix ".xlsx" "/ via any" rw "" "UBF8T346G9" ; Microsoft

This works in pervious version.

As the screenshot I attached here:

  • file type ".uuidcache-114514-2" is not pre-defined. Deleting this file will trigger a DeepGuard pop-up, which I rejected.
  • file-type ".xlsx" is configured as only processes with TeamID UBF8T346G9 can access it. But deleting it won't trigger any DeepGuard pop-up and thus user will have no chance to notice this event.

I checked the other rules that has TeamID, and it seems that these rules do not check the TeamID but instead allow the rule for all processes.

ProductName:macOS

ProductVersion:15.1

BuildVersion:24B5070a

F-Secure: Version 19.8 (63381), DeepGuard is running under strict mode.

Answers

  • 66f2e490
    66f2e490 Posts: 56 Contributor
    edited October 14

    After downgrading to Version 19.7 (62280), TeamID in rules is working again.

    *only in this form:

    allow suffix ".xlsx" "/ via any" rw "" "UBF8T346G9" ; Microsoft

  • PawełP
    PawełP Posts: 396 Moderator

    Hallo @66f2e490

    Thank you for your post.

    Our technicians at R&D have investigated this problem.

    It sounds like a potential regression related to optimization work done in that area. The technicians will review the difference in product logic between 19.7 and 19.8 and fix the issue.

    I will inform you as I receive an update on this matter.

    Thank you very much for bringing this problem to our attention and thank you for your understanding.

    Best regards.

    Pawel

    Making every digital moment secure, for everyone


  • 66f2e490
    66f2e490 Posts: 56 Contributor

    Hi @PawełP

    Thanks for getting back to us so quickly! We're super excited to see the fix in the future releases.

  • PawełP
    PawełP Posts: 396 Moderator

    Hello @66f2e490

    I just received an update from R&D.

    Our technicians have found the cause of this problem. It will be resolved with the release of the next version of the program (19.10).

    I hope this information will be helpful and thank you for your patience.

    Best regards.

    Pawel

    Making every digital moment secure, for everyone


  • 66f2e490
    66f2e490 Posts: 56 Contributor

    @PawełP

    Thank you very much to the team for all the hard work here, this is really a good news.

    Cheers!

  • Karibu
    Karibu Posts: 42 Contributor

    How is it possible that DeepGuard will be fixed in version 19.10 when it has been announced that in version 19.9 DeepGuard is discontinued and switching to a new technology?

    DeepGuard is being replaced with Behavioral Analysis?

    Ville posted "DeepGuard will not exist anymore after 19.8" in another thread?

    So what exactly is going on?

  • 66f2e490
    66f2e490 Posts: 56 Contributor
    edited November 16

    Hi @Karibu


    AFAIK DeepGuard has been replaced by another EPP solution on the newest beta of FSP for Windows.


    In this thread we're talking about FSP for macOS, which DeepGuard is a totally different technology under the hood, they just share the same name.

  • Karibu
    Karibu Posts: 42 Contributor

    How is it that you know, but nobody else does?

    Where is the official announcement from F-Secure that it is moving to Avira components for its Windows product line?

    There are a lot of people that do not want Avira on their systems. I know that I do not want Avira on my system - whether it is brand name labeled or white labeled F-Secure.

    I think it is very underhanded and shady that F-Secure leadership (I am pointing my finger at you - F-Secure executives) is not making any official announcement about v19.9 becoming an essentially 100% Avira product.

  • 66f2e490
    66f2e490 Posts: 56 Contributor

    What you're discussing now is off-topic for this thread. If you have any opinions or suggestions regarding FSP development, please submit a ticket.

Feedback on New Design