Inconsistent results with F-Secure for Mac

Hi all, first post here.

 

I'm a happy Freedome user on my Macs and Android devices and I trust in F-Secure's expertise, that's why I'm a little bit shocked after learning that the Mac version of the antivirus solution doesn't detect a PUA (potentially unwanted application) widely known for deploying crapware; I'm talking of the (in)famous uTorrent client.

 

As you can see in the screenshot shown below the malware shipped with uTorrent is correctly detected on-the-fly just after the DMG container is opened effectively blocking the payload:

 

Screen Shot 2016-12-30 at 1.34.44 PM.pngMalware/infection detected by Avast

Now, that's performing a local scan.

Virustotal.com shows similar results:

 

Screen Shot 2017-01-10 at 4.49.36 PM.pngMalware/infection detected by Virustotal

As you can see here F-Secure correctly detects the payload shipped with uTorrent, which is not the case with the desktop application!

 

I remember that some years ago (a few, actually) F-Secure used to employ a 'hybrid' system of malware scanner using an in-house scanner coupled with Kapersky's engine; I'm not sure what is the case nowadays though. 

 

I would like to learn from someone of the F-Secure Antivirus team why the discrepancy as before finding this issue(?) I was ready to cash-out and buy the solution.

 

Best regards.

 

Pankaj1

Comments

  • LakshLaksh Posts: 4,439 Community Manager

    Hi i90rr,

     

    Welcome to our Community! Regarding your post, I am checking with the team about the detection. I will keep you posted once I get a response.

  • LakshLaksh Posts: 4,439 Community Manager

    Hi i90rr,

     

    The FSAV for Mac team looked into this issue. The uTorrent sample detection has now been added to ORSP and should  be detected by SAFE for Mac.

  • i90rri90rr Posts: 5

    Hi Laksh,

     

    Thanks! I'm seeing the same behavior with Vuze and Leap (https://www.vuze.com), could you please look at it?

  • LakshLaksh Posts: 4,439 Community Manager

    I have highlighted it to the Product team for further action. If there is any update from the team, I will keep you posted. Thanks for sharing, @i90rr!

    i90rr
This discussion has been closed.