SHA1 infection

Hi

 

Last two weeks my customers are getting this error without any explanation where the infected file is

F-Secure Protection Service for Business has identified the following security incidents:
Time;Account;Host;Infection;Action;Type;Infected Object;Infected Object SHA1

 

What to do?

fredi-parastar

Best Answer

  • PetriKuikkaPetriKuikka Posts: 205 F-Secure Employee
    Accepted Answer

    Hi,

     

    unfortunately current client version just doesn't send that information to PSB portal. It should still show the real infections in the local UI > Advanced settings > Virus & Spyware scanning > View virus and spyware history all the found infections.

     

    And then there is the link to latest scanning report at  local UI > Advanced settings > Manual  scanning > View last scanning report or with this direct link:
    file:///C:/Program%20Files%20(x86)/F-Secure/Anti-Virus/FSAV_REP.HTM

     

    Petri

    CreativePC

Comments

  • PetriKuikkaPetriKuikka Posts: 205 F-Secure Employee

    Hi,

     

    if these alerts have the SHA1 checksum, then these alerts are coming from the Deepguard. But can you explain where they see these? I just tested this with Deepguard and it nicely shows also the file location in PSB new portal under Infected object like:

     

    \\?\c:\users\testuser\downloads\test.exe

    b2d43a95958180b591ba52928d881fec57912506
     

    Also the configured infection email from PSB portal, has the same file location. It is missing the sha at the moment, but that will be fixed soon.

     

    Petri

    etomcat
  • PetriKuikkaPetriKuikka Posts: 205 F-Secure Employee

    Hi,

     

    and there is another case, where the infection object is missing in the infection emails, when system finds an infection during manual scanning or scheduled scanning. These again have explaining text in portal side, but still missing from infection emails. Also these will be fixed in next few releases.

     

    Petri

  • CreativePCCreativePC Posts: 14 New Member

    Hi, Yes when servers are doing schedule/manual scanning the portal is giving me this alert:

     

    An infection was found during a manual scan. As manual scan report details are not uploaded to the portal, please check the report on the local computer.

     

    And the email alert gives this alert:

    F-Secure Protection Service for Business has identified the following security incidents:

    Time;Account;Host;Infection;Action;Type;Infected Object;Infected Object SHA1

      2016-09-26 05:29:41UTC  Customername  Servername     Reported    File   

     

     And customer says that nothing is showned locally at server, so its a bit hard to find which file is causing this.

     

  • CreativePCCreativePC Posts: 14 New Member

    Thanks. I will contact the customer again.

This discussion has been closed.