Windows defender found trojan that f secure weren't able to detect
Accepted Answer
-
Hello,
I did a few virus checks with f Secure, and the result was no threats. When I did a comprehensive scan with windows defender, it found a trojan virus. How is it possible that f secure did not find the trojan in question but defender did?
One option is that you did Virus Check with F-Secure and Comprehensive Scan with Windows Security's Microsoft Defender.
Virus Check (Running a virus scan manually | Total | Latest | F-Secure User Guides) or so called Quick Scan "scans only the parts of your system that contain installed applications and then locations where viruses are commonly found, including your document folders". So, very limited space, and, in addition, with chosen 'Scan only file types that commonly contain harmful code (faster)' option only certain file types are scanned. Also, such scanning may not look inside archives and compressed files. This scan is good for detecting system infection, but is less valuable for detecting static malware (which can be located anywhere in the system, on any drive) and if you don't touch it, it's conditionally not dangerous.
Thus, the recommendation is to run Full Scan by F-Secure solution. This type of scanning "scans all internal and external hard drives for viruses, spyware, and potentially unwanted applications. The full computer scan can take a long time to complete".
To run it (may differ from the F-Secure version and if different, then press F1 with the application window open or manually on the (?)-symbol in the right corner of UI - to then open Help, which describes all the necessary steps.): open the main UI of the application, go to the Device Protection card, click on Virus scans in the left menu (second line), select Full Scan in the central part of the open screen.
In Settings, you can improve the ability to detect static threats by disabling the option to scan only among known file-types and enable scanning inside archives and other things.
Another option is that F-Secure does not know this threat or does not identify this type of threat. To understand the situation better - could you add a little more information? For example, what is detection called? What is the detected file, for example? Is it really a Trojan (that is, it appears in the name of the detection) or just a PUA?
For example, it can be called something like "Trojan:JS/Cryxos.hfge" as detection name. And something like "malicious.scr" as a filename.
While location, for example, is on some drive in "somefolder\compilation.zip".
Knowing this information, it is easier to understand why F-Secure did not detect this item. It would also be possible to scan this file manually using context scanning (by mouse-rightclick and "Virus scan" in opened menu) for this location or item.
Third option is that Microsoft Defender's detection is false positive.
Thanks!
🚩 What Do You Think?
We’d love your thoughts on our fresh look! Quick survey, big impact!