Your customer service asking to run their curltest.exe files and disable virus scan for it
There has been problems to update F-secure virus database and numerous times answer has been to use for example phone shared internet access and set DNS to 8.8.8.8 and so on. But we are using 8.8.8.8 as DNS server and we get IP address for the servers etc.
Latest was to download some executable from customer service private folder and disable checks for it from F-secure and run it:
curltest.exe https: x
(I added space there after 'https:' to able to send this post)
For me it sounds quite non professional for anti-virus company.
Comments
-
Hello,
Interesting feedback. I am also only an F-Secure user.
Sounds as they tried basic troubleshooting to rule out some 'known' or obvious reasons for reported trouble. And maybe to understand what is blocking or why access to receiving updates for the AV database is being blocked (let's say).
And, then, depending on what you mean by ""from customer service private folder"", I think a whitelist/exclusion request or ""disable checks for it from F-secure and run it"" makes some sense. Because even well-known 'original' command-line tool (curl) can trigger a reaction from an AV solution (especially, behavioral-based and related things). And, so, the test run will not give any vision on why there is trouble with updating AV databases.
For me it sounds quite non professional for anti-virus company.
What you would expect as a "professional" move with described scenario?
Thanks!
-
They can explain what they want to check. Please run command 'xyz' and if need some special tools, they can provide and signed binaries with f-secure keys. I dont like idea that some guy from random call center will send binary and ask to run it by disabling all possible av checks and any signing of f-secure.
My network setup is pretty normal, nothing special in between. So far all their test has been able to access the network it has now took over 3 months and still no solution, long time between responses when some high up devteam investigate results.
And i don't like fact that F-secure is actually Avira.
-
Hello,
thanks for your response and thoughts.
Yes, that would probably be more professional indeed. But some remarks, as my own feelings on this matter.
They can explain what they want to check. Please run command 'xyz' and if need some special tools, they can provide and signed binaries with f-secure keys. I dont like idea that some guy from random call center will send binary and ask to run it by disabling all possible av checks and any signing of f-secure.
Of course, an individual approach is very important, but most likely, when most users encounter a problem, they want a quick and simple solution without delving into what is required or why something happened. Something like "tell me what to do and make everything work as before". As if someone searches for a solution on the Internet on his own. Finds a mention, tries it - it worked - well, great. No - tried the next one. So support probably just tried to quickly figure out the problem or try to give ready-made steps for solving it. Just not to bother the user too much.
Again, I don't know how the conversation went with you, but I can easily imagine something not quite "obvious" (what is happening, why is it necessary and so on). I have experience with their support of both kinds.
Regarding special tools. Certainly so. Although, as I think, in mentioned story - there could have been some improvisation on the fly. Since such a tool is not required on a permanent basis or is not tied to certain constant problem to implement its own. Again, I don't know how and whether the tool was somehow modified, then signing it is probably also expensive or does not make sense, since, for example, it is constantly being improved or being internal support tool. Or just used "as is" being widely known as safe and reliable.
My network setup is pretty normal, nothing special in between. So far all their test has been able to access the network it has now took over 3 months and still no solution, long time between responses when some high up devteam investigate results.
I think that if they had been able to repeat the problem, they would have been able to solve it much faster.
by the way, what is your trouble in precise (although most likely support would have to find out the reason anyway; but just interesting)? The community discussed various things - for example, some kind of "constant loop installation" of updates. Someone could constantly see a failed result when checking for updates. Could your experience be similar to any of the known problems? Or is it something else?
And i don't like fact that F-secure is actually Avira.
Me too. Especially if all threat intelligence / knowledge is limited to that source. Even if it is quite good and powerful.
However, this is not quite so. In my opinion.
They simply use the same technology to implement the (main) module responsible for scanning and related things, as 'Avira', for example, also does. The fact that it is not their (F-Secure's) own proprietary technology, tool or toolset does not make them a different company or equal in capabilities down to the last detail.
In fact, they professionally licensed it for professional implementation into their own solution. Side effect: it relies on more than just their infrastructure.
Thanks and sorry for the discussion.
