F-Secure Online Scanner: All You Wanted To Know
Here you will find all relevant information about F-Secure Online Scanner available for free download from our site:
http://www.f-secure.com/en/web/home_gb/online-scanner
If something is missing, feel free to ask.
Comments
-
SYSTEM REQUIREMENTS
Minimum requirements for the Online Scanner:
- Live Internet connection
- Processor: Capable of running Windows XP
- Memory: 512 MB (1 GB recommended)
- Internet Explorer (IE) 7 and newer
Supported operating systems:
- Windows XP SP3
- Windows Vista (32 and 64 bit)
- Windows 7 (32 and 64 bit)
- Windows 8 and 8.1 (32 and 64 bit)
FREQUENTLY ASKED QUESTIONS
Q: Online Scanner looks so much the same as the old Easy Clean. What is the difference?
A: On the first glance, the new Online Scanner is old Easy Clean. It is based on the same UI but inside it is rewritten and contains features that EC did not have. One of those features is memory scanning that allows Online Scanner to detect modern malware not detectable by plain disk scanning. The other is trusted OS aka DeepClean which removes rootkits that live deep enough so they block any attempts to remove them from Windows side.
Q: How does new Online Scanner relate to the old Online Scanner once available at F-Secure site?
A: They are not related at all. The only common thing is the name.
Q: Is there a possibility that Online Scanner deletes my files or corrupts system during remediation?
A: Before remediation Online Scanner creates a system restore point named “F-Secure Malware Removal”. If anything bad happens, user can always roll back using System Recovery. If System Recovery is not accessible (for example, when system does not boot), it can be reverted back to bootable state by F-Secure Rescue Media: http://www.f-secure.com/en/web/labs_global/antibot/rescue-media
Q: Does Online Scanner transfer something from my machine to the cloud?
A: When scanning, Online Scanner sends only the anonymous data that contains OS version, Online Scanner version, timestamp, name(s) of detected malware and SHA1 hashes of suspicious files found during scan. That is all it sends.
Q: So can I use it instead of an anti-virus?
A: No, it is different. Online Scanner is the highly profiled tool that detects and removes modern malware. It runs on demand and does not stay in the system as all the time as anti-virus software does. The best protection always comes from combining Online Scanner checks with any anti-virus software.KNOWN ISSUES AND LIMITATIONS
1. Online Scanner needs Internet connection
When Online Scanner scans files and memory, it queries the file reputation system located in the Cloud. To be able to do that, Online Scanner needs network connection with Internet access.
2. Windows XP: Online Scanner must be run under an Administrator account
On Windows XP, Online Scanner must always be run under an Administrator account. It needs admin privileges to scan system memory and files.
3. Internet Explorer (IE) 7 and 8: Online Scanner doesn't start when Internet and Local intranet security levels are set to High
The Online Scanner user interface uses the functionality of an Internet Explorer Server object. To allow Online Scanner to operate, you must set IE settings to default:- In the browser go to Tools > Internet options.
- Select the Security tab.
- Set Internet and Local intranet security levels to Medium.
4. IE7 and 8: Online Scanner doesn't start in "offline" mode
IE should be in its normal, "online" mode, otherwise Online Scanner cannot run.
5. Online Scanner doesn't install its DeepClean component on…
… on encrypted drives (for example, BitLocker)
… on Windows 8 systems with SecureBoot enabled
… on OS with software RAID array configured
6. Online Scanner doesn't report infections found during file scanning on AV-protected systems
When Online Scanner scans system files, it opens them one by one. Those read operations can be interrupted by existing anti-virus software installed in the system, and if the files are found infected, anti-virus blocks and removes them before Online Scanner. In such cases Online Scanner reports that no infection was found, although the infection itself is successfully removed.
7. Checking Online Scanner functionality with Eicar test file
Eicar test file is used to check if anti-virus software file scanning is up and running. Online Scanner detects the traces malware leaves in the system: memory signatures, registry keys, system launch points etc. Online Scanner does not think Eicar is a treat when it is simply stored as a file. To make Eicar look like a malware, create a launch point:- Store the file locally, e.g. as c:\windows\eicar.com
- Create random-named string variable in registry under HKCU\Software\Microsoft\Windows\CurrentVersion\Run pointing to c:\windows\eicar.com.
After that Online Scanner finds Eicar as system-wide infection.
8. Running Online Scanner on Windows 8.1 when UAC is off
When User Access Control is off (the lowest position of slider in UAC Settings dialog), non-admin user cannot perform scan at all even if she runs it as administrator. Online Scanner terminates the scan and shows error screen saying "Close and restart the scan with administrative privileges". To make it running, set UAC on. -
Nice post.
BUT I still would not recommend this scanner to average users. Even with the system restore point I still do not like the automatic cleaning aspect. And most users would not go anywhere near any Rescue Media.
Most average users do not even check that there is a relevant system tray icon or that their AV is up to-date. Further, I suspect lots of Virgin Media customers have incomplete F-Secure installations on their computers (no Computer Security) with not a care in the world.
So I would still like user interaction if any potential malware is found.
-
Well, let's confess - most average users do not (and should not) care much about security and malware. The very fact that user runs Online Scanner indicates that she is aware of what malware is capable of, and cares about keeping machine clean, or there is someone who cares (just like I sometimes run OLS on parent's machine to make sure they don't have some tricky rootkit or keylogger). And for those "above the average" users we keep things simple and even primitive at first glance, but provide a way to recover if something bad happens.
And when OLS was about to launch we, too, worried that users would not accept such a concept. But UX labs and then the real life usage demonstrated that users are generally ok with silent remediation.
-
-
@deekourtsman If not me, I guess someone else would have asked this question sooner or later regarding that statement:
Isn't iOS the only safe one since there are lots of antivirus products for OS X including F-Secure's own "Anti-virus for Mac"?
-
Ok, you got me Let me put it other way: so far, no work for OLS on Mac OSes. Online Scanner specializes in bootkits and rookits, the stuff not handled by traditional anti-viruses. On Windows platforms, it complements our (or other vendors) software. On Mac OSes, existing anti-viruses cover everything, so no need to complement.