Small ULAV UI update

[Deleted User]
[Deleted User] Posts: 0 Former F-Secure Employee

Hi all!

 

We're in the process of pushing a small update to the ULAV user interface. This update changes the functionality of the context menu accessed by right-clicking on one or more selected files in Windows Explorer. I'd like to briefly explain the change we've made (as it might, on the surface, appear confusing).

 

Right now, when you scan a file with ULAV, internal logic determines whether it is a file we can send to the cloud for scanning or not. For privacy reasons, we don't send all files to our cloud for scanning. The determination is mostly made based on the type of file we've encountered; executable file types are okay to send to the cloud for scanning, but document types are not, since they may contain private or sensitive information.

 

The UI change we're pushing out opens up a new context menu option "Cloud scan...". This option will apppear if you have selected one or more files that wouldn't normally be scanned in the cloud. Note that this option will only appear when selecting individual files (not directories). If you select this option, you will be presented with an additional dialog to confirm the action.

 

Note that when a file is sent for cloud scanning, it only remains on our backend for as long as it takes to be anaylzed, after which it is discarded. The reason we have excluded files that could contain private data from cloud scanning by default is to keep up with our company's privacy promise. However, we wanted to give users the option to send all types of files for a more thorough analysis, should they wish to. By default, all scans initiated by the user in any other way than selecting "Cloud scan..."  will obey the regular logic and we will only send selected non-private file types to the cloud for scanning (as mentioned above).

 

For more information on our privacy principles, check this page: https://www.f-secure.com/en/web/legal_global/privacy/principles

 

For specific details on our Security Cloud policies, check the following: https://www.f-secure.com/en/web/legal_global/privacy/security-cloud

 

 

Comments

  • yeoldfart
    yeoldfart Posts: 556 Superuser

    thank you

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    Sorry for my reply about new feature.

    - It was from first.... or after some hours... there comes limitation just for sixteen files per one cloud-scan?

    Maybe it should be with something as pop-up.... when choosed more files? On current time it's comes with silence.

     

    - And also... does it normal that cloud-scan (as Security Cloud detection... "!Online"-based) can be about files, which previously was with "detection" - but removed as "false positive". How to understand current situation:

      --> Security Cloud not updated about false positive (long time ago). Or random.

      --> "not cloud" scan goes to missing detection for "suspicious/malicious" files.

    My situation was about ".crx"-file (as Chrome extension, which was previously detected by F-Secure as normal scan... and dropped after that.. as false positive. On current day... it was still ignore this file, but Cloud-scan feature triggered previous detection with "!Online"-addition).

  • martink
    martink Posts: 427 Influencer

    After reding this I tried a small indifferent file and  the  Cloud scan worked just fine.

    Then I tried Ultimate Windows Tweaker 4.0.1.0.exe which was previously blocked by ULAV.

    The  Could scan option is not there. Wonder why.

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    I think.... because "Ultimate Windows Tweaker" is executable file. Description for "Cloud Scan" feature says... that executable files and some else (not sure which) goes to be automatically with "cloud scan"-design. Such as... "Cloud scan" created just for files (extensions), which normally ignored to be upload for cloud and cloud-check.

     

    You can try to use tricks probably. Just re-name "uwt.exe" to "uwt.msi" (or any other...) and "Cloud scan" should be visible.  If all normally worked... so... there should be not any difference between. Such as... ".exe" files during scanning goes to be checked about "if it was already checked under cloud or there required re-scan" (and if required... to do this automatically).

     

    Sorry for not nice English.

     

    =====

    But.. for full topic.

    I have else one point to question.

     

    With new design of scan-process (?) there also happened notifications about "failed to scan file".

    During normal scan.

    As result.. I have about three hundred notifications about files, which was "failed to scan" (after scan for "all local drives"). Probably it's OK... but it's start be "too much" notifications around... and still not possible to remove something as "type of notifications" by one step.

  • martink
    martink Posts: 427 Influencer

    Thanks, renaming the file with a different extension did bring back the contxt menu item.

  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    @Ukko is correct. Cloud scan is performed by default for most executable file types and hence the separate context menu option won't appear for these types of files.

     

    We are aware of the increased number of error dialogs arising from failed scans. These are mostly due to network timeouts in the cloud scan functionality. We preferred to make them visible to you guys soo you can see if something wasn't actually scanned.

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    Thanks for response.

     

    Current design indeed... more nice. Such as... there visible.. that some of files not scanned.

    From first... I met current notification "about failed scan" with my steps (I turn off network connection and tried to use Security Cloud). For check... how it will be. :) There indeed time-out.. because some minutes will be "waiting" and trying to scan (and just after that created notification) .

     

    But about "a lot of notifications after scan". There probably same things, but with another reason. Such as.. rights, "in use"-status or something around this. Just because...  for some files - notification will be from first.

    swapfile.sys and other files (as example)

     

    I think on current time... my experience about files, which was not scanned.. can be partly same with files, which will be not scanned by FS Protection (as example). But with FS Protection there more files, which skipped/not scanned.

    There anyway... nice points, because previously.. F-Secure ULAV does not trigger current notifications. But probably same files was not scanned too.

     

    Sorry for my reply.

  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Hi all!

     

    I know a lot of you have had questions about how Banking Protection works, so I thought I'd direct you to a blog post that Micke wrote recently. The blog post can be found here:

     

    http://safeandsavvy.f-secure.com/2016/01/05/banking-protection-how-does-it-work/

     

    Hopefully it helps answer some of those questions!

     

    --andy

  • vadim170552
    vadim170552 Posts: 35 Explorer

     

    1 Please manual antivirus

    2 Is it possible to add banking protection manual

    3 is There a possibility to add the file to exceptions....thank you

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    Sorry for my reply. Probably F-Secure ULAV team should to answer there (or for your first reply).

     

    I can just to think about some of your questions/points:

     

    -> What kind of instruction/manual required?

    There possible to open UI and type "tutorial". Will be visible a button/string about "Show Tutorial".

    Some kind of "Greetings" and how to start use it. How work with UI.

     

    All other things... potentially...  can be helpful too, but.....  F-Secure ULAV probably "under construction" and there can be many changes - so... manual can be not valid after some time.

    And most helpful can be "ask" under community. There have some description for latest features and some of basic can be known for users (and they can to help about "how to do").

     

    -> Banking protection work with same design around F-Secure solutions (probably).

    It's mean all BP-points can be with changes by https://www.f-secure.com/en/web/labs_global/submit-a-sample (F-Secure SAS). If there banking website, which did not trigger BP - possible to transfer link for re-rate it (as banking page).

    Or if... wrong trigger - so... possible to drop "banking trigger" for certain page (which should not be banking).

     

    Also if page blocked during BP-session. It's possible to re-rate as "safe" for banking protection feature (also possible to do by F-Secure SAS page). But need to wait.

     

    What about protection for "user's" pages... maybe it's hard to do... because information comes from Security Cloud (and it's mean - global place for all users).

    As workaround I can to think about next steps: you open your page, which you want to add as "under Banking Protection"; And add any of banking webpages. BP triggered and you possible to use your page.

    In fact there can be that page blocked by BP. But how I can to remember... all BLOCKED URLs possible to allow manually.

     

    ->  It's possible.

    Choose files/folders/directories and right-click. Context menu should be with strings "Mark as safe". When it's marked as safe... current information have under UI and you able to work with this.

    And some other of steps, which not so common.

     

    Sorry for my reply and long answer. Smiley Sad

     

  • martink
    martink Posts: 427 Influencer

    One way to go to a page which is blocked by banking protection is to stop Banking Projection at that point.

    I've used that when BP fires at pages which I do not consider having anything with banking.

  • martink
    martink Posts: 427 Influencer

    Actually BP gives a simpler option

     Banking_Protections.JPG

    When this pops up and a page is blocked I click Allow URL and refresh the page.

This discussion has been closed.