Lag in completing installation and detecting Eicar files on first install.

Blackcat
Blackcat Posts: 503 Influencer

After installing/uninstalling FSIS on several snapshots, I have noticed that there is a lag of about 10-20 minutes before ALL the initial files/updates are successfully installed.

 

The install seems to be in two parts;

 

1. The initial download takes about 7 minutes (on my connection) after which the Window states that the update was successful; this is confirmed after carrying out an update check from the tray icon which shows that the "Update check was successful and your product is already up to date". This therefore suggests that installation of the product is now completed.

 

But this is not true as the main Status Window shows "Updating virus and spyware".   Further, during this time the Eicar files cannot be detected.

 

2. About  10 minutes later, another download is triggered and eventually the Status Window now shows that "All security features are now up to date". After this time the Eicar files can now be detected.

 

 

Capture.GIFis

 

 

Capture 2.GIF

 

 

Capture 4 .GIF

 

 

Overall, IMHO, an AV/Malware Suite should provide full protection after the initial install and not after a FURTHER update to unlock all its features. A lot can potentially happen in a 10 minute window.

 

Do the above observations suggest that protection by FS is not fully functional until after the longer, second update on a first install?

 

 

Comments

  • Simon
    Simon Posts: 2,667 Superuser

    Mine took a second reboot to get fully updated after the initial install.  I noticed it hadn't fully updated, and didn't appear to be doing so, so I didn't wait 10 minutes, I just rebooted. and then the updates completed.  I haven't actually uninstalled it since, as my upgrades have all completed successfully from within the program.

  • Blackcat
    Blackcat Posts: 503 Influencer

    Therefore, it appears that you need either to reboot your machine or wait at least 10 minutes before the program is fully updated/fully functional/detects the Eicar files.

     

    So the initial Window which states that you have successfully updated the program is not true.

     

    Maybe during the install process, a further final window/pop up can be added stating "So the program can be fully updated ------------------"  

     

    suggestions;

     

    1. "Reboot your machine to complete the installation/update process".

     

    2. " Re-Check for Further Updates from within the Tools Window".

     

    3. " At the end of this update process make sure that all security features are up to date as shown in the main GUI". ( this latter point is important for successful testing with the Eicar files/providing full functionality ). 

     

    Or maybe some extra information about the installation process/testing with the Eicar files can be added to the Help-file/knowledge base?

     

    Experienced users know what to look out for to check for a successful update of a program/testing with Eicar.

     

    But my main concern is that the average Joe will not reboot or wait 10-20 minutes, as he was not told to do so, and may therefore go online before the program is fully updated/functional.

     

    Can one of the F-Secure experts explain why the initial update process appears to be in two parts? 

     

     

     

     

  • Hi Blackcat,

     

    During the "Updating virus and spyware" session, basically yes the product is not fully functional yet because it is still downloading the latest virus defintion updates.

     

    Also, it is not accurate to say that the intial update is splitted into 2 parts. The "second" part that you are referring to is most likely the Aquarius update in which it is the biggest update and has detection for Eicar file.

     

    But yes, you have a valid point. I will surely bring this higher accordingly.


    ---
    Best regards,
    Fendy

    Has somebody helped you? Say thanks by giving kudos. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.

  • Blackcat
    Blackcat Posts: 503 Influencer

    Hi Fendy

     

    thanks for the reply.

     

    Can I ask when the Bankguard functionality begins to start? Again is it after the Aquarius update?

  • Hi Blackcat,

     

    Normally the Aquarius update would be the last to be installed.

     

    By "Bankguard", are you actually referring to Banking Protection feature? If yes, it would be before Aquarius. This is under Online Safety update.

    ---
    Best regards,
    Fendy

     

    Has somebody helped you? Say thanks by giving kudos. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.

  • Same thing I wondered as far as Blackcat's general idea..it takes a heck of a long time to get the initial virus defs. to install, and I have done the same thing as Simon, waited a bit and restarted the PC, to have it show all is updated (I have 30Mbps cable internet, so it must be a program/server issue?).

     

    Thanks for considering bringing this to upper tier techs attention, Fendy, as a heads up for users during F-Secure install of the lengthy initial update time, would be a nice warning before proceeding with browsing/file downloads. Kudos for your post # 4.

  • Blackcat
    Blackcat Posts: 503 Influencer

    The "second" part of the initial scan is due to the loading of the Aquarius/Bitdefender engine and signatures; and there are a LOT of signatures in that part of the update. 

  • It was a good and informative thread you started, Blackcat, as I've wondered what was going on with such a long install update process. You just asked more questions and had more observations than the "normal" user, in which case we learned more in depth information with yours and Fendy's back and forth dialogue :)

  • Rusli
    Rusli Posts: 1,022 Influencer

    Yeah... It take a while to install the updates.

     

    The Long and Winding Road man.(Beatles)

     

     

     

    You can view it via Open Common Settings. Under Download option.

     

    Check the status.

     

    It will indicate as installed when it has completed the install and updating the files downloads.

     

     

    I had simillar problem downloading and updating to a newer TP96 beta release which I am using now.

     

    I found that F-Secure Fumble on the Eicar SSL files while downloading.

     

    There is no notification to stop the file being downloading.

     

    It can only detect if you do a full scan.

     

    The heuristic detections need to be further fine tune.

     

    Why F-Secure did not fix these bugs! 

     

  • Simon
    Simon Posts: 2,667 Superuser
    Another suggestion for a post-installation popup might be along the lines of:

    "Thank you for installing F-Secure. Your computer is now protected, but we suggest a second reboot of your machine, in order to ensure that all of F-Secure's databases are fully updated."
  • Blackcat
    Blackcat Posts: 503 Influencer

    @Simon

     

    but since there F-Secure is not fully functional until the last update of the Aqarius/Bitdefender signatures, maybe it would be better to state on the first window after installation; 

     

     "Thank you for installing F-Secure but your computer is not yet fully protected. So either reboot your machine or wait until the Update completes, as shown in the Status Window."

  • Rusli
    Rusli Posts: 1,022 Influencer

    Blackcat,

     

    Eicar files detections are varies with IE 10, Mozilla, Google Chrome browser.

     

    Need to test with Opera.

     

    Detections the SSL Eicar files seems to be no notification at all under IE 10 and Mozilla.

     

  • Simon
    Simon Posts: 2,667 Superuser
    @ Blackcat,

    To be honest, I can't recall the exact sequence of 'welcome' popups, for want of a better description, but the second reboot instruction needs to come after the initial post-install reboot, yes? The wording could be debated ad-infinitum, but essentially, it needs to advise the user that a second reboot is required for all databases to be fully updated and functional.

    We have to bear in mind that not all users will immediately start testing the product or go looking for viruses, so the message needs to clear and not too technical, whilst accurately informing the user. :)
  • Blackcat
    Blackcat Posts: 503 Influencer

    @Simon

     

    Overall, a reboot is not necessary for the Full installation, as eventually  the second full Aquarius update will occur (after 10 minutes or so after the first pop-up window which states incorrectly that there has been a successful install).

     

    My overall concern is that users will start to use the Internet BEFORE full functionality of the program is achieved; and you do not have to go looking for viruses to become infected.

     

    I agree that the message/Window needs to be kept simple BUT needs to inform users when the FULL install has taken place and not the "initial, successful install" which is still lacking the big signatures update.

     

    My overall concern is that at the present time the program is not stating correctly when it is FULLY functional/ALL updates have been downloaded and appears to be in two separate parts. 

  • Simon
    Simon Posts: 2,667 Superuser
    I agree in principal with what you're saying, Blackcat, except that I don't believe it's THAT easy to become infected with normal 'safe' surfing habits. Of course, there are exceptions to that, and one could be unlucky, but my FS has never blocked a website I've visited due to it being unsafe, and I've never had a random 'virus removed' popup. Maybe I've just been lucky.

    Anyway, I'm fairly certain that after the initial install, FS does prompt for a reboot. Maybe, instead of this, it should simply say something like, "Please wait. F-Secure's databases are being uodated. You will be notified when this is compete, and protection is fully enabled."
  • Blackcat
    Blackcat Posts: 503 Influencer

    "Anyway, I'm fairly certain that after the initial install, FS does prompt for a reboot."

     

    I have not seen this.

  • Blackcat
    Blackcat Posts: 503 Influencer

    "I agree in principal with what you're saying, Blackcat, except that I don't believe it's THAT easy to become infected with normal 'safe' surfing habits. Of course, there are exceptions to that, and one could be unlucky, but my FS has never blocked a website I've visited due to it being unsafe, and I've never had a random 'virus removed' popup. Maybe I've just been lucky."

     

    Safe surfers should be okay but try some of the Gaming/Poker/Torrent sites my son uses Smiley Wink

  • Simon
    Simon Posts: 2,667 Superuser
    Lol, indeed! Smiley Very Happy

    Now you've cast a doubt, I wouldn't stake my life on it, but I'm pretty certain it even prompts for a reboot after the TP updates we've been getting. Could you have just missed it? I assume you're using Windows?
  • Blackcat
    Blackcat Posts: 503 Influencer

    Simon

     

    are you using the beta again? I am back using the official 2014 version. Windows 7; 64-bit.

  • NikK
    NikK Posts: 903 Forum Champion

    @Simon "my FS has never blocked a website I've visited due to it being unsafe"


    Are you sure? I thought the same too, yet I have blocked sites in the statistics for Online Safety:

    F-Secure > Online Safety > Settings > Statistics

     

    Maybe FS doesn't always notify you. My guess is that FS only notifies you if the url in the address field in the browser is malicious, not if an iframe or script inside the webpage refers to a malicious site.
    This is just a guess, does someone else know more about this?

  • Simon
    Simon Posts: 2,667 Superuser
    @ Blackcat - I've never moved from the beta releases. Now on TP96, I believe.

    @ NikK - I'll check when I'm back on the computer later, but I'd be surprised if had blocked anything, as I don't tend to visit 'dodgy' websites, and usually stick to my known regulars. That's not for any puritanical moral reasons - I've just been there, seen it and already had the viruses years ago - lol - so I just tend to play safe nowadays. :)
  • Blackcat
    Blackcat Posts: 503 Influencer

    Installed F-Secure IS 2014 official version on a new snapshot; obtained some detailed logs on the update.

     

    1. After 10 minutes, pop-up Window said that FS had installed successfully, and Status Window stated that "your computer is protected". No Reboot window, so left program just sitting there waiting for the remaining updates. 

     

    2. Nearly 15 minutes later, the Aquarius update had finally installed-so now we have FULL PROTECTION. 

     

    Capture 2.GIF

     

     

     

    So 15 minutes after the Status Window had shown that your computer was protected then we finally receive the last update-Aquarius-and we are now, finally fully protected.

     

    This disparacy needs to be reflected in the Status Window during the update procedure, IMHO. The Status Window needs to confirm full protection only after the final update. 

  • Simon
    Simon Posts: 2,667 Superuser

    I've just had a beta upgrade, which I did through the program, and I did receive a reboot prompt (poorly displayed):

     

    Restart.png

     

    The Aquarius update came in two minutes after Hydra.  I think this has already been established, but this does just show that the initial installation, and subsequent upgrades are handled differently.  If there is no reboot prompt after initial installations, then this is a serious flaw, in my opinion, as the reboot would presumably prompt the remaining database updates to enable full protection.  Without this, I have to agree that security appears to be compromised for the time it takes for Aquarius to fully update.

     

    Untitled-1.png

This discussion has been closed.
Feedback on New Design