We hope FS add one option when we need to choose-

Dear FS Team
I'm very luck to use your beta production named of FS Protection,
but I have a question when I used it,please open FS Protection and click DeepGuard setting,
On the right side, we have 4 options to choose,now we choosed 3(ask me whether to connect to the Internet),
 
when I opened one software,such as CCleaner,FS will ask me whether to allow the program connected to the Internet,
if I clicked "I trust this program,please continue", the program will connect to the Internet and run;
if I clicked "I don't trust this program,please stop it forever", the program will not be able to run,
 
but I want to this program run and not connect to the Internet,now FS can't meet my request, could you help me to solve this question?
We hope FS  add one option when we need to  choose----- only stop program connect to the Internet but the program will run,
 
looking forward to your reply,thanks!
 
Best Wishes!
Antony

Best Answer

  • UkkoUkko Posts: 2,999 Superuser
    Accepted Answer

    Yes,

     

    I can to feel same dreams about this points.

    And here potentially can be "realization" of this. Because... if DeepGuard prompt will be (as detected for network access trying) during work with application (not during launch) or by some part of "application" (such as module or another layer - if here "multi-layers")... able to block current action and network access was dropped and does not goes again. And if application not closed - other features will be without blocking things.

    And just during next launch... will be "blocked"-prompt as "parent"-application (which was as parent for previous blocked connection by untrusted application). It's not nice, of course.....

     

     

    But here basically another reason and trouble-meanings..  but also trouble-place:

     

     

    "Reputation/Rating"-cloud based systems. Which worked close to "worst".

    Of course, it's give a lot of protection-points... and on current time... can be so helpful. And F-Secure realization have good points as "without many false-positives" (which can be with another and many protection software). But... F-Secure realization for ratings, reputation and other cloud-meanings things... still work not nice (for me).

     

    It's hard, of course..... to create it good. But.... F-Secure as high-quality and NICEST company should to work with that also.. and potentially create here fantastic-results also.

     

    But here without that. Current examples... related with "Network connection trying" by unknown application.

     

    Unknown application can be signed (of course) - and it's can be valid application as (potentially valid) - but with malicious actions. So.. here not enough to say "application known as safe, valid signed and popular".

     

    Because for DeepGuard (by Security Cloud source) it's not really like that.

    And it's bad.

    Here can be a lot of "bad results" for protection (if here will be so biggest mistakes.. like have with WOT service). But can be a lot of "good results" - because... DeepGuard can to alerted about safe (potentially) application and prevent bad results for system. Anyway - CCLeaner (as example)  can be trusted (for example, I use it too) - but I without any good reasons for current trust. And here can be good option... which you wanted and here "created".

    But basically...  if it's can be "strange" for you (I mean - if it's can be strange action, when DeepGuard detected network connection and you want to prevent current one) - maybe here can be good.. not really use current application or.... re-transfer sample to F-Secure SAS (https://analysis.f-secure.com/) - I not sure.. if it's can be helpful, but maybe they should to work more "close" with current applications - which goes here under "false positive" as unknown applications.

     

    So... sorry again for many words.

     

    I just mean.. here more good to ask features about:

     

    "Improve work with security cloud" as created more nice work (get and analyzing) ratings/reputations for any applications. And about "popular of use". If here not enough... maybe need to use "numbers of users" (such as -> more, than hundred... or more, than thousands....  or more, than ten thousands".)

    Because current "popular of use"-status... not really visible.. as "helpful" information.

    Because here can be "normal" and rating will be "unknown".

    And DeepGuard block it as "unknown application goes to network connection".  Here without any helpful things for users.. about reputation and rating....

    And also.. here can be years... with that situation about application and it will be not fixed without user's steps.

     

    It's worst.. and better to add feature "Greatest level of rating/reputation cloud-based protection" :)

     

    With other variants of DeepGuard prompts... without questions potentially (too much rare suspicious application blocked as default - probably good). All other prompts.. should be about risks for system.

     

    And just current one features goes to be as "logical" for false-positive. When user want to receive prompts, when "any" unknown applications goes to trying create network connection (and which not trusted, not known, not really popular, not white listed).

    Also.. if I correctly remember.... current feature goes to be "not as default" with latest versions of F-Secure IS. So... here can be feature.. for users, who want to block it... and block it... if it goes to network connection as application.

    When after "blocked"-status... already.... user able to think:

    "Allow it..... because trusted" or "Block it... because current prompt created reasons for stop use application anymore".

     

    With feature "blocking" just network access.. when application goes be "work" as feature.. can be a lot of troubles for "application". when will be not work something...

    Potentially after first block (able to goes and allow application and remove from DeepGuard storage) - application will be work.. and potentially can be re-ask about "network connection" just with next try (maybe after some of time limit). So if it's ask each time... here can be just questions for software, which needed this. If it's needed for normal work of software - it's have to allow. If not - potentially here bad software.

     

    Sorry for a lot of words not about theme.

    I understand and think about same things as "feature needed" - but... basically here can be more important things around (such as - worst reputation/rating-cloud based;  and "user" should be driver for "security car" and think about application as.. can be trusted or not...). And current feature will be just as "workaround" without big result... for protection or user's worry (with try to understand.. which action here more important).

     

    Just because.. I not sure.. but basically UAC also not always work as "ask" just for current action. And it's not always able to "deny" UAC prompt, but application will be work (without critical features dropped). :)

     

     

    antony

Comments

  • SimonSimon Posts: 2,611 Superuser
    I'm not sure that an option such as you suggest would actually help in this situation, as it would be the program itself which decides if it will run without being connected to the internet. F-Secure would only prevent internet access in this case - it wouldn't block the program from running.
  • NikKNikK Posts: 931

    I made a feature request for this about a year ago, but still no feedback from F-Secure Smiley Sad

    Here's a picture of what I wanted:

    Deepguard new.png

     

    http://community.f-secure.com/t5/Feature-Requests/Improve-Deepguard-security-for/idi-p/36795

    antony
  • SimonSimon Posts: 2,611 Superuser
    But FS isn't blocking the application, is it? It's only blocking the internet connection. So, if the application is programed not to run without an internet connection, this option wouldn't help, would it?
  • antonyantony Posts: 9

    yes,wonderful picture,

    You understand my opinion!Smiley Tongue

  • antonyantony Posts: 9
    In some cases,maybe we only need run the program and
    did not want the program use network.
  • NikKNikK Posts: 931

    Hi Simon,

     

    It's blocking the application until you allow it. And when you allow it it means you also allow its connections. You have no other option if you want to continue using the application and that's the problem.

    Programs make connections to "phone home", check for updates, log things etc, and even worse if it's a bad program, but most programs still run fine even without a connection.

     

    However, programs that require a connection would probably not run or work properly, for example programs like online scanners.

     

    I started using a product called WFC by BiniSoft to have full control of my Windows Firewall outbound connections, partly because of this problem with DeepGuard. But it's something I only recommend to advanced users. An easier option is using Sandboxie and restrict what programs are allowed to connect to the Internet from within Sandboxie. CCleaner is not suitable to run inside a sandbox, but many other programs are.

  • NikKNikK Posts: 931

    Antony,

     

    I don't know if they've changed DeepGuard in Beta as I don't use Beta. But I've never seen DeepGuard ask me about CCleaner as that's a known and trusted program. ATM I'm using the latest CCleaner version v4.18.4844 (26 Sep 2014) and I get pop-ups from Windows Firewall about connections, but not from DeepGuard.

  • antonyantony Posts: 9

    .

  • antonyantony Posts: 9

    Hi NikK

    Here is my picture,I am not sure whether you can understand Chinese language.Smiley TongueSmiley TongueSmiley Tongue

     20140927171456.jpg

     

    20140927171915.jpg

  • NikKNikK Posts: 931

    I don't understand Chinese but I understand the pictures :)  We want the same thing.

     

    See my previous post and verify if you have a legitimate CCleaner version. I found it strange that DeepGuard asked about CCleaner.

  • UkkoUkko Posts: 2,999 Superuser

    DeepGuard will be ask about CCLeaner (and asked it before) with some of next points:

     

    -> During installation about languages files (as trying to get/re-get it during installation).

    But probably it's should be dropped already.... as detected-reason.

     

    -> During first launch with checking for updates (by new version of CCLeaner - which can be new.. after latest version, which known for DeepGuard as trusted application).

     

    If you don't want to see this Prompt by DeepGuard.......... probably during installation you able to configure CCleaner as "unmarked feature for automaticlaly checking updates" (and some other).

     

    Also.. if you do not trust for application, which potentially can to goes work with network connection - probably here better... does not use it. Because - it's can be with network traffic.. which will be not prevented by any security features. Here I mean - current "feature"-point good.. as "allow application, but prevent network connection" - but basically.. it's can be just workaround... and application will be work with broken design. If here "malicious" reason for network connectio - good that it's blocked totally..

     

    Anyway - current situation with CCLeaner can be prevented by "uncheck/unmark" feature "automatically check for updates" by CCleaner.

    Or one time allowing - which will be as "remembered trusted for system" (not likely).

     

    But your screenshot with Prompt.. have "pcmaster.exe" name.. which maybe not really related with original version of CCleaner?

     

    Sorry for long reply without good information.

  • antonyantony Posts: 9

    You are so modest,thanks for your reply.

    Maybe I confused you,

    Actually, CClean is my example,not only CClean need us to choose but also others, 

     

    I has  trusted  the CClean otherwise it doesn't work,so you can't see the picture now,

    the picture shows PCMASTER.EXE not CClean,this is another application,I know the application is safe and connect to the Internet maybe order  to checking for updates,but I still want to let it run without  network  situations.

    Ukko
This discussion has been closed.