ULAV fresh news

2

Comments

  • Ukko
    Ukko Posts: 3,609 Superuser

    And also.. there again same experience about Windows monthly updates.

    It's again comes with "non-stop" upload/network usage by F-Secure ULAV (as scanning/re-check with cloud maybe), which commonly take around hour (about installing updates I mean. just install-process. already downloaded).

    But goes to probably "full stuck" - if will be another usage for network (can be by another device  too) during this process.

     

    Maybe it also just my local experience, because it's looks like too much "visible", because installation of updates take not just five-ten minutes, but some hours (or around hour as example with less time of stuck and loading for check/scan/network usage/paused/hooked for installation-process). And just because situation from first versions of F-Secure ULAV (which was available) and with each month/Windows updates.

  • yeoldfart
    yeoldfart Posts: 556 Superuser

    HelloI have not experienced the troubles described in both above posts, the only frustrating point so far is ULAV blocking perfectly legit and clean URLs.

    Just a few things about my rig: nvidia GTX970, ssystem on Hyper X SSD, 8 gigs ram, internet on optical fiber 500/200.

    It would be intersting to have UKKO's rig specs

    see u soon :)

  • AndyP
    AndyP Posts: 45 Former F-Secure Employee

    Yesterday afternoon we published an update to Ultralight which enabled our protection components to send more executable file types to the cloud for scanning (both from file-based scanning and web traffic scanning). One of the file types that we enabled for cloud scanning was javascript.

     

    In our own testing, these changes did not impact the useability of our systems. We were, however, hoping to receive feedback from others in the beta program, so thanks for the feedback so far!

     

    Slow networks, especially those with high latencies, will likely be affected the most. I would be interested in hearing from more people as to whether these changes have caused your systems to become noticeably slower or unuseable, and in what situations. Information from speedtest would also be appreciated!

     

    We'll continue to monitor the situation and decide how to move forward once we have more information.

     

    Thanks again for the great feedback!

     

    --andy

     

     

  • yeoldfart
    yeoldfart Posts: 556 Superuser

    no slowdowns whatsoever, speedtest shows no difference: istay with 480 mbs down and 180 up with a 5 ms ping.

    pls tel the devs to work on the overzealous url filtering.

    when can we expect major changes on this point and ui ?

  • AndyP
    AndyP Posts: 45 Former F-Secure Employee

    @yeoldfart Regarding your UI crashes on Win10, we could investigate the problem. Please do the following:

     

    1) Download and run our diagnostic tool from 

     
    2) Provide the resulting zip file to us (either via [email protected] or via centercode)
     
    Thanks!
     
    --andy
  • AndyP
    AndyP Posts: 45 Former F-Secure Employee

    @yeoldfart 

    Regarding the URLs that we're blocking, if you could submit them to us via [email protected] or via centercode, we can look into whether they are false positives and get them fixed.

     

    As far as a UI update, we're hoping it will be arriving real soon. The next UI update will enable banking protection. I'll announce on here once we make the release!

  • yeoldfart
    yeoldfart Posts: 556 Superuser
    Hello Andy
    sent one 2 minutes ago, do u need a report for each crash ?
  • AndyP
    AndyP Posts: 45 Former F-Secure Employee

    @yeoldfart 

    We'll take a look at the diag you sent us and go from there. If we need more information, I'll let you know!

     

    Thanks for sending it!

  • yeoldfart
    yeoldfart Posts: 556 Superuser

    you're welcome Andy. From now on I'll run the testing on my laptop which is still under Windows 8.1

    let me confirm I don't quit, I just swapped rigs to put ulav on a secondary rig 'laptop).

  • 23
    23 Posts: 31 Explorer

    ULAV is interfering with Mozilla Firefox in a very bad way. If I want to close the browser, I need to click twice on the red X. First time it just doesn't close. Hola add-on is being disabled for some reason too. I thought FF was broken and tried to uninstall it, but ULAV is locking it's processes. If I disable ULAV, FF is working just fine. This is what I call pain in the ass!!! I had no problems with the previous versions of ULAV.

  • yeoldfart
    yeoldfart Posts: 556 Superuser
    Hello
    Never forget it's a beta, may suggest 2 things ?
    1) run diag utility and send the report
    2)avoid using expressions such as P.I.A.
  • 23
    23 Posts: 31 Explorer

    1. What diag utility? I don't see any.

     

    2.English is not my mother tongue. What should I use instead?

     

  • yeoldfart
    yeoldfart Posts: 556 Superuser
  • 23
    23 Posts: 31 Explorer

    This link doesn't work for me. Downloaded file is 290 KB, but can't be open.

     scr

  • yeoldfart
    yeoldfart Posts: 556 Superuser

    sorry this is the one I used a few days agon, I suggest you wait till mondy when Andy is back on duty, the file ccan be unpacked using winra and will weigh 623 ko after unpacking (290 before).

  • Ukko
    Ukko Posts: 3,609 Superuser

    Hello,

     

    It's should be "290 KB" and probably there all OK with file.

     

    How you try to open it by 7zip(?) ?

    Do you able to use just right-click and unzip it. By default-Windows (if it was not re-changed) feature. Or by 7zip (?)  as "extract to fsdiag" (for example).

    It will be a folder with "fsdiag" (support tool) and configuration files. You able to launch fsdiag under current folder for create fsdiag-file.

     

    You prompt looks like... if trying to open .zip-file as another extension (.7z or .rar) - but maybe there just comes auto-choose. Or other variants, but with another variants... there enough just re-place file to another folder.

     

    Sorry for my reply.

  • klima89
    klima89 Posts: 58 Explorer

    Hi,

    ULAV is a very good program, but nothing annoys me so as truly continuous communication to the server, for example, when you install the program. Installing a simple program, sometimes it takes even a few minutes, because at that time the program scans in the cloud. Perhaps for the first time that there was nothing but the same software to be installed again, re-scanned. Sorry for my english but I think you understand what I meanSmiley Happy

  • yeoldfart
    yeoldfart Posts: 556 Superuser
    Hi
    I guess it's due to ulav dependance on the so called "cloud" as it has to check it's database. On my side I did not notice that as I have the luck to have an effective 480/180 bandwidth.
  • klima89
    klima89 Posts: 58 Explorer

    I envySmiley Happy But the program should no longer be scanned during reinstallation, when he was scanned and cloud it should be familiar with the program. My upload is weak and is only 2 Mb / s and installing programs is felt (waiting to install the program after communication with the cloud)

  • yeoldfart
    yeoldfart Posts: 556 Superuser
    IMO the devs definitely should investigate and rduce drastically the bandwidth it takes.
    have a nice sunday, plenty of sun here :)
  • klima89
    klima89 Posts: 58 Explorer

    mutuallySmiley Happy greet

  • 23
    23 Posts: 31 Explorer

    @Ukko, Tried every possible way to open the file. Windows explorer shows it as empty, 7z says it's broken.

    @yeoldfart. Yep, I will wait till Monday. Thanks.

     

     

    edit: Tried  uninstall and install (of both F-Secure ULAV and Firefox) to see if the problem is corrupted installation or something, but the issue still persists.

  • Ukko
    Ukko Posts: 3,609 Superuser

    Hello,

     

    23,

    Spoiler

    it's strange... just because it should be normal work.

    But there I mean.. that link should be "valid", size... around "valid"-view.

    Maybe there something goes wrong during download (by Firefox-specific?) or 7z-settings.

     

    Anyway.. just for re-try: direct-link can be also found by next steps:

    https://www.f-secure.com/en_US/web/home_us/support-tools

    -> there will be direct link for ftp-download:

    ftp://ftp.f-secure.com/support/tools/fsdiag/fsdiag.zip

    But maybe need to visit: ftp://ftp.f-secure.com/support/tools/fsdiag/   and get fsdiag from there (such as.. if there something wrong with downloading). 

    My experience with 7z comes just as "tool". Such as.. I not use it as "default" software for zip/archive-extensions. So.. by default.. there will be try to open or (unzip) it by default Windows mechanism for .zip-files.
    With 7z I can to manually unzip/unpack current archive, but not open (as normal) with another extension.
    Also.. there can be trouble just around directory-name (better to try... something where can be just English-words!? under folder and before that).
    It's just for dreams around.

    Anyway... maybe I just will try to do same steps for Firefox :) to see how it will be with my device too.

    Sorry for reply again.

     New addition:

    Spoiler

    With Firefox... and my experience (under one device).... comes with next points:

     

    -> Firefox work normally about "closing" or speed of work.

    It's looks like OK. And there just fresh installation of Firefox with disabled "auto-update-service" and some of other re-changes for settings; And not installed any of plugins/addons (except.. default ones);

     

    But there was strange point... in somewhat reason.... Firefox does not save "history of changes". Each launch was as "first one".

     

    -> Can it's also be.. that your experience about troubles.. comes just from add-on?

    Did you try not just disabled F-Secure ULAV, but disabled or temporary remove current add-on (which also have troubles under your description);

     

    klima89,

    Spoiler

    you have good design. :)

    I feel "re-scan" each time (practically) for folders with a lot of executable files (but there include "local"-scan too.. if databases goes be updated).

    And during first launch "my music-media-audio-player" (as example) per session.


    What about "installation" as main words under your dreams...  F-Secure ULAV have more "speed"-work, than it will be with FS Protection (F-Secure IS) as example. :)

    But it's indeed can to take more time...  and maybe it's normal (during reinstallation). Cloud-databases can be with changes. And current file or part of file.. or other streams during installation already can be marked as malicious. It's should be with re-scan probably :) And any "real-time" actions should be under control.

    Also.. with my experience.. not all "installation" goes to be with stuck. But most of trouble-point for me... it's installation for Windows Updates, which goes to be "paused" for uploading (?!) by F-Secure ULAV.. and installation take not just a five minutes, but more than hours.

    Just with software.. there always differently. And usually.. it's does not take indeed more time, than it can be.

    Also your network speed.. probably much higher, than my.

     

    Sorry for reply.

    Just decided.. to ask.. what certainly you mean.. about "reinstallation". F-Secure ULAV should to scanning any of new files.... if it was not whitelisted by (exclusion list). And if not whitelisted under Security Cloud;

    Also.. how I can to understand.. Security Cloud trigger "upload" a file/metadata.. just if it's totally unknown file.

    And it's normal. Just unknown file/metadata (or creating hash/ssdeep and check it).. or first "time in use" under system..... should be uploading for Security Cloud (?!) as visible something. And all other.. brief-"skipped" during normal connection. And just "signature-hash" re-checked.

     

    But my experience with some of files (just static.. not launch/not install).. about "not temporary", but too much often "uploading" file/metadata to Security Cloud. Such as.. it's always "unknown" :) and not start be "known" already. It's often related with manual scan, but.... anyway... I not sure.. that it's related just with "ssdeep/hash"-creating action. Because it's looks like total/full upload as "unknown file". Which can be during download-files (or was before).

  • 23
    23 Posts: 31 Explorer

    Thanks for the new link. This one works. :)

     

    edit: Tried with the add-on disabled. Same.

     

     I think I found it! Disabled all the add-ons and started enabling them one by one. FF did it when  Tab Mix Plus 0.4.1.7 was enabled, not before. Ok, now I feel better. Will disable this add-on for now. Thank you everybody. :)

     

    No, actually nothing is OK. Smiley Sad Firefox resets all my add-ons to default settings on every browser restart. I think my browser is being virtualized WITHOUT my approval. Well....that's not a good thing. So, my final conclusion - ULAV is causing all the troubles.

  • Ukko
    Ukko Posts: 3,609 Superuser

    Hello,

     

    So... "virtualized" Firefox.. it was totally same with my brief-check before (where I called it as strange point - "Firefox does not save "history of changes". Each launch was as "first one". probably it's about same experience with your);

    I goes to re-check it now... and yes... maybe we get more "true" description for trouble:

     

    -> F-Secure ULAV + installed Firefox create a "virtualized" Firefox;

     

    Spoiler
    Just because also.. it's mean... other troubles.. related with add-ons (as example... it was suggestion and maybe it related with your experience after that; anyway with my experience Firefox goes be closed and work normally during launch. but there not installed any of addons/plugins, which not default)... there can be temporary work-around (?!):

     

    Because... there work next workaround too:

     

    -> turn off F-Secure ULAV... launch Firefox... set up it (include... disable addons, which can to create something wrong) or simply re-change anything. Close Firefox. Turn on F-Secure ULAV.

     

    Should be already stuck with new "changes" :) and "virtualized" normally work status again (but "virtualized" not work.. when F-Secure ULAV disabled/unloaded).

    Such as... "virtualized" was disabled. But F-Secure ULAV in somewhat reasons prevent changes for settings/other things around.

     

    I not really friendly with Firefox. But probably it's can be that Firefox totally work under "scripts" (such as UI based on real-time creation) and it's can be that... F-Secure ULAV prevent to proper save-status for any changes.

    Or maybe there just can be "time-out" for creating settings-file (?!) (Firefox have limits, but F-Secure ULAV goes to extend time for over the limit). But it's should be already under investigation by F-Secure ULAV team maybe.

    With your fsdiag and as report (if you want). And it should be work as stable behavior maybe (such as.. it same situation with my device).

    //fsdiag-link from previous replies and "previous link" was same or should be same with link from reply. it's mean.. not really new one// :)

  • 23
    23 Posts: 31 Explorer

    Yes, if I disable ULAV, then launch FF and then enable ULAV, everything is fine, but that's not really a solution. Thank you anyway. :)

     

    Edit: I've sent a report from fsdiag to the ULAV support.

     

    P.S. I don't like virtualization and never use it. Prefer common sense.

  • Ukko
    Ukko Posts: 3,609 Superuser

    Yes.. can be just as workaround for situation, when it's can be helpful. :)

    Solution can be just.... if there can be fix/update for design of work (maybe there some of simple reasons... for current local behavior... but not sure that it's can not be something same about other software) after a report about it.

    Probably it's certainly not a special virtualization. Just in somewhat reason.. F-Secure ULAV prevent a save for changes after session of using Firefox (or part of changes). Maybe it's also related with changes about scanning platform and scripts-scanning.

  • Ukko
    Ukko Posts: 3,609 Superuser

    Sorry that I back to previous words about Firefox.

     

    Spoiler

    Just I decided to install Firefox again and look for that (about... what else can to do or why it's happened).

    Not really friendly with Firefox... so.. I just go to search.. where placed a local files for Firefox (as profile settings).

     

    -> It was something about (if there something as around modern system):

    C:\Users\User-name\AppData\Roaming\Mozilla\Firefox\Profiles\some-characters.default

     

    -> There indeed have some (a lot of) scripts... such as .js-files/.json and etc.

    Some of them was with "related" (potentially) names: I thought about next ones:

    sessionstore.js, prefs.js and other session/settings.js files; include subfolder with "backup" for session(?) as "previous.js" and .etc

     

    -> I decided to do next action: for first -> some of scripts marked as safe. not helpful.

    After that I decided to use "Mark as safe" (not scanning by F-Secure ULAV as exclusion) full folder (current one as profile-folder for Firefox).

    Not work also. Firefox still with "virtualized"-result.

     

    -> I decided to brief-check something around sessionstore/prefs .js-files. And probably it's can be that.. for example... prefs.js during work created a "copy"-file, which should be re-placing after session.

    But I not get it under folder. It's not created... and not really "modified" during work with browser (?!).

     

    -> So...I can to think... what if there can be work other layer of system (and file just a hidden for somewhat design).. or something as "alternative data streams" or other... So... I mean.. something.. which can be work and will be scanned.... when folder should be "excluded" from scanning?!

     

    -> And as potentially... a reason for "virtualized"-result can be... that  "real-time created file or something as alternative data-stream" (or other meanings.. if it's can be under memory or other.. I not really friendly with technologies and computers-things) about prefs.js (and changes for that) can be not saved because..... it not possible to on-the-fly re-placing "previous one version" to "new one version" with re-naming from "temporary name" to "original name". Because there not happened save-changes/modify-action for pref.js, when F-Secure ULAV work.

    Maybe it's related with "on access" usage. Such as... F-Secure ULAV scanning "new created file" (which not possible to exclude manually) and it's hooked/prevented... or something other... and it's not goes to be re-placed.

     

    I goes to try read about "pref.js" under Firefox pages.. and maybe there have something same about potentially troubles with "virtualized"-result of Firefox. But not sure... how certainly it's can be related with F-Secure ULAV design.

    But maybe it's indeed related with new scanning platform (where .js-files/resources/scripts goes to be scanning under cloud too). So will be interesting to read.. response from F-Secure about "situation" (and reasons for behavior, whic there will be in fact).

     

    Sorry again for new one reply.

     

  • klima89
    klima89 Posts: 58 Explorer

    @Ukko wrote:

    Hello,

     

    23,

    Spoiler

    it's strange... just because it should be normal work.

    But there I mean.. that link should be "valid", size... around "valid"-view.

    Maybe there something goes wrong during download (by Firefox-specific?) or 7z-settings.

     

    Anyway.. just for re-try: direct-link can be also found by next steps:

    https://www.f-secure.com/en_US/web/home_us/support-tools

    -> there will be direct link for ftp-download:

    ftp://ftp.f-secure.com/support/tools/fsdiag/fsdiag.zip

    But maybe need to visit: ftp://ftp.f-secure.com/support/tools/fsdiag/   and get fsdiag from there (such as.. if there something wrong with downloading). 

    My experience with 7z comes just as "tool". Such as.. I not use it as "default" software for zip/archive-extensions. So.. by default.. there will be try to open or (unzip) it by default Windows mechanism for .zip-files.
    With 7z I can to manually unzip/unpack current archive, but not open (as normal) with another extension.
    Also.. there can be trouble just around directory-name (better to try... something where can be just English-words!? under folder and before that).
    It's just for dreams around.

    Anyway... maybe I just will try to do same steps for Firefox :) to see how it will be with my device too.

    Sorry for reply again.

     New addition:

    Spoiler

    With Firefox... and my experience (under one device).... comes with next points:

     

    -> Firefox work normally about "closing" or speed of work.

    It's looks like OK. And there just fresh installation of Firefox with disabled "auto-update-service" and some of other re-changes for settings; And not installed any of plugins/addons (except.. default ones);

     

    But there was strange point... in somewhat reason.... Firefox does not save "history of changes". Each launch was as "first one".

     

    -> Can it's also be.. that your experience about troubles.. comes just from add-on?

    Did you try not just disabled F-Secure ULAV, but disabled or temporary remove current add-on (which also have troubles under your description);

     

    @klima89,

    Spoiler

    you have good design. :)

    I feel "re-scan" each time (practically) for folders with a lot of executable files (but there include "local"-scan too.. if databases goes be updated).

    And during first launch "my music-media-audio-player" (as example) per session.


    What about "installation" as main words under your dreams...  F-Secure ULAV have more "speed"-work, than it will be with FS Protection (F-Secure IS) as example. :)

    But it's indeed can to take more time...  and maybe it's normal (during reinstallation). Cloud-databases can be with changes. And current file or part of file.. or other streams during installation already can be marked as malicious. It's should be with re-scan probably :) And any "real-time" actions should be under control.

    Also.. with my experience.. not all "installation" goes to be with stuck. But most of trouble-point for me... it's installation for Windows Updates, which goes to be "paused" for uploading (?!) by F-Secure ULAV.. and installation take not just a five minutes, but more than hours.

    Just with software.. there always differently. And usually.. it's does not take indeed more time, than it can be.

    Also your network speed.. probably much higher, than my.

     

    Sorry for reply.

    Just decided.. to ask.. what certainly you mean.. about "reinstallation". F-Secure ULAV should to scanning any of new files.... if it was not whitelisted by (exclusion list). And if not whitelisted under Security Cloud;

    Also.. how I can to understand.. Security Cloud trigger "upload" a file/metadata.. just if it's totally unknown file.

    And it's normal. Just unknown file/metadata (or creating hash/ssdeep and check it).. or first "time in use" under system..... should be uploading for Security Cloud (?!) as visible something. And all other.. brief-"skipped" during normal connection. And just "signature-hash" re-checked.

     

    But my experience with some of files (just static.. not launch/not install).. about "not temporary", but too much often "uploading" file/metadata to Security Cloud. Such as.. it's always "unknown" :) and not start be "known" already. It's often related with manual scan, but.... anyway... I not sure.. that it's related just with "ssdeep/hash"-creating action. Because it's looks like total/full upload as "unknown file". Which can be during download-files (or was before).


    "re-instalation" means that I often uninstall the program to install it again after some time. And the point is that this program is still scanned during installation. And yes, it takes forever to install the windows update, developers must reduce transmission to the server, because only someone who has a big upload can easily use ULAV, without long waiting

  • AndyP
    AndyP Posts: 45 Former F-Secure Employee

    With regards to the issue you're seeing with Firefox, it seems that, since we're now cloud scanning javascript files, delays in those scans due to slow network connections could be causing some problems. I recommend excluding the mozilla profiles directory from being scanned and see how it behaves after that:

     

    %APPDATA%\ROAMING\MOZILLA\FIREFOX\PROFILES

     

    We aren't virtualizing applications in ULSDK.

     

    With regards to the problem you're seeing with installing/reinstalling applications, can you explain in a little more detail what you're doing there? We'd be interested in hearing what software you're installing and reinstalling and how long you wait between the first install and subsequent reinstalls.

     

    If you install an application and then uninstall-reinstall the application within about 15 minutes, it's possible that the verdicts from your initial scans haven't arrived at our backends, which is why the files are being re-sent to the cloud for scanning.

     

    If you're our only customer using a specific application (and it is unsigned), your machine will end up occasionally re-sending files to the cloud for scanning in order to refresh verdicts. Currently, since this is beta, we don't have a lot of users on this service. With more users, the likelyhood of being the only customer scanning a specific piece of software should be dramatically lower.

     

This discussion has been closed.