Firewall Services funny looking entries

Hi, 

 

In my FS under Firewall Services, the list of shown services includes lots of mysterious-looking entries that have no name and no "Used in rule" showing.  There are also a bunch of items listed that have names such as "Acid shivers - Trojan".  I can't find anything in the documentation to state what should or should not be seen here - can you please tell me if this is normal/valid/correct FS behaviour. 

 

Also, can you tell me how how to determine if my FS is correctly set up and working i.e. how to I visually inspect to determine if FS is uncompromised and working correctly.

 

thanks.

Accepted Answers

Comments

  • VadVad Posts: 1,075 F-Secure Employee

    Hello MattAU,

     

    Please, specify your F-Secure product / version.

     

    Best regards,

    Vad

  • MattAUMattAU Posts: 7

    Hi Vlad,

     

    Sorry about that.  Its:F-Secure Client Security 9.01 build 122

    F-Secure Anti-Virus 9.20 build 16071
    F-Secure Automatic Update Agent 8.25 build 4183
    F-Secure User Interface 9.23 build 6978
    F-Secure Management Agent 8.20 build 40059
    F-Secure Network connections 6.24 build 125
    F-Secure Email Scanner 6.00 build 466
    F-Secure Online Help 1.98 build 1030
    F-Secure Customization CS/1.30.01
    F-Secure Browsing Protection/SW 1.10 build 5829
    F-Secure Browsing Protection/ES 1.10 build 1039

    Cheers,

     

    Matt.

  • MattAUMattAU Posts: 7

    Hi Vlad,

     

    Thanks for the reply.  I should mention I'm a 19 yr IT industry veteran, mostly spent building enterprise web apps.  Im posting here as I've been asked to look into some machines at a work site to address some concerns raised about a recent infection.  LAN security isn't my primary specialty but I do what I can :)

     

    I haven't had a lot of previous experience with FS specifically.  When I look at the Firewall Services listing I'm seeing many entries that are all blank text i.e. I can open them and view the details, just the name and often the description too are just blank (both in the listing and the properties window).   I'm also seeing many entries whose names are the names of various pieces of malware e.g. Acid shivers - Trojan.  All other entries are things I would exect to find.

     

    For both the blank entries and the malware-named ones, can you tell me if this is the nomal correct thing to be seeing?  None of the documentation Ive seen so far proides any kind of a listing of which entries should be visible here if FS is working correctly and is not compromised.  I assume the malware-named entries are rules addressing those particular threats.  I'm concerned about the blank entries however?

     

    I'll have a word to them about the old version and recommend they upgrade as a priority.

     

    Thanks,

     

    Matt.

     

     

  • MattAUMattAU Posts: 7

    p.s. I should add that I do suspect a possibility of  FS being compromised.  I'm seeing other system issues such as Windows and FSecure disagreeing on the firewall status, machines no longer installing automatic updates etc.  So I'm looking at an environment where FS itself bing infected is a possibility.

  • VadVad Posts: 1,075 F-Secure Employee

    I see your point. I would propose you to contact support having support tool (fsdiag) information collected on suspected host at hand. We'll check if something is wrong or not.

     

    Best regards,

    Vad

  • MattAUMattAU Posts: 7

    and how about I stop calling you Vlad!  Sorry about that, I'm a tad overtired/bleary-eyed plus I'm friends with a Vlad..

  • MattAUMattAU Posts: 7

    Can you give me a general indication if the observed FS state I've described is suspect vs normal FS behaviour? Its in a restricted environment where doing as you've suggested is not a small thing - doing so just to be told what Im seeing is completely normal for FS might not be helpful to my cause :) you are totally correct though of course in advising this, and it will be my next step. Thanks!

  • MattAUMattAU Posts: 7

    Thanks Vad, this has been helpful.

     

    Cheers,

     

    Matt.

This discussion has been closed.