When can we expect "Boot Time Protection"?

Hi,

 

It is becoming very important these days to have "Boot time protection" or some kind of "Preferential Loading at startup of Windows". None of the F-Secure consumer products have this feature. There are certain videos on youtube which show the importance of this feature. In one particular video the F-Secure's much capable DeepGuard is immediately able to protect against a ransomware/malware sample (but this malware sample creates a daughter .js file and a startup entry for this .js file), but due to the absense of "Boot Time Protection" is not able to stop the encryption of the user files (caused by the execution of the .js file at startup). By the time F-Secure was fully up and running after startup, user files were already encrypted.

This is a must have feature and I think F-Secure team should add this to its products on a priority basis. I believe that F-Secure is one of the best products out there (I just love its DeepGuard) and am pretty sure that F-Secure's team will definitely take some positive action on this.

 

Thanks.

Enfcmedic384Mysticizals97A2JdayvanParhambetocheitsParhamF-User9

Comments

  • ParhamParham Posts: 109 New Member

    F-Secure don't have Boot Time Protection ?!

    +1 from me ! its a need, it is not just a feature, it's something necessary!

  • betochebetoche Posts: 49
    yes, its necessary :)
  • ParhamParham Posts: 109 New Member

    https://www.youtube.com/embed/Y1wTfTKjBQ0?wmode=opaque

    an example which F-Secure will fail becuase of lacks of Boot Time Protection! system will infect with Ransomware in startup..

  • Thank for for informing us of this. After seeing the video, it looks like the method of the testing is not reflective of how ransomware enters the users' computer in the real world. And I'm emphasizing this because the malware's method of entry into the user's system is also part of how our detections work. Typical ransomware nowadays come in via spam emails. A minority is also propagated via exploit kits, malvertising and other web-related infection vectors. So if there are files that are coming in from those potential infection vectors, our detection layers have an extra layer of suspicion that is attributed to that file and it will most likely be detected.

     

    That being said, the testing done in the video started with the file already in the system. The infection vector is not in the picture anymore and as such, all our network, web traffic and additional data for our Deepguard, is not available anymore. And in the real world, these ransomware files will not just appear that way. So in this testing, the only parts of the products that are tested are the file detection layers, and some parts of Deepguard. So in a way, this is not our product's full potential in protecting users against ransomware in the real world.

     

    That being said, I've had a quick discussion with some of our engine developers, and we will still schedule an investigation into how we can load the product early enough without sacrificing performance. But of course we will also balance this if having this will truly give real protection for our users, or if the existing layers of protection are already sufficient when a ransomware arrives into the system via the channels it uses.

  • ParhamParham Posts: 109 New Member

    Thanks to You dear @Chris_x10

     

    i am not that much good in English , so if i did underestand correct, i'll appreciate that if you confirm it,

    you want to do an investagion on this matter to see if it's possible  add this feature and in the meantime keep F-Secure Performance good right?

    about this i personally as your home customer, have no problem with a little bit more protection, my system startup time increase 5-6 seconds!

     

    "That being said, the testing done in the video started with the file already in the system."
     you know that DeepGuard and F-Secure other technologies cannot protect us against 100% of cyber threats right? the same thing with any other cyber security solution exists. so imagine this Ransomware Penetrate to your Customers's systems as a Zero-Day. well what happens? DeepGuard will block it and then? system still is infected and once user restart or reboot it's cumpoter.. well i'm sure we won't that.

    "or if the existing layers of protection are already sufficient when a ransomware arrives into the system via the channels it uses."

    this is something really sure that Ransomware as a Zero-Day, will arrives to user system somehow finally. so again, the story is the same.

     

    at the end, Keep us Update please in this matter.


    Thank You!

  • @Parham: Even with zero days the files won't just automatically emerge in the system, there is still an infection vector. Whether it's browser and browser plugins exploitation, network shares, and the like. Every method of delivery of the malware into the system is still additional information that Deepguard can use. And Deepguard does use this delivery information. This is what I meant by real-world testing, to include the method through which the infection really happens.

     

    With that in mind, I am not really worried. But of course, every single layer of protection adds to the level of security.

  • ParhamParham Posts: 109 New Member

    Thank You dear Chris for the clarification.

    " every single layer of protection adds to the level of security."

    then we await to see this layer ( Boot Time Protection ) in F-Secure Products.

     

    Thank You for care about our protection.

  • ParhamParham Posts: 109 New Member

    Hi

    Excuse me i forgot to ask

    is this request under consideration corrently? becuase it's status had not any changes..

    Regards,Parham

  • LakshLaksh Posts: 4,435 Community Manager

    Hi Parham,

     

    We are still looking at the possibility of this request. I will change the status once we have a clear idea about it.

  • betochebetoche Posts: 49

    I think we can cover f-secure with MBRFilter by Cisco Smiley Tongue right?

  • Please also add Boot time protection for the client F-Secure Total Security for PC, F-Secure Safe for macs and of course for all customers on the SENSE router.

  •  Hi. I really wonder why F-Secure not having boot time scanning. There are many tests and videos that shows it`s importance. I have Kaspersky Free installed now on my computer , but have several years had F-Secure  from my ISP. I would really want to have F-Secure on my computers but wont buy it unless it fixes the important boot time scanning. I´m sure there are lots of customers that want this feature, and it would make F-Secure one of the absolutely best AV.

     

    MVH   Stan

  • F-User9F-User9 Posts: 8 New Member

    This was originally suggested over 2 years ago.  Has boot time protection been implemented in F-Secure Safe or other home versions?

    If not, why not?
    This is a 100% necessary feature. If it is not available in F-Secure, I will move on to one of the MANY competitors which has had this feature for years. Thank you.

Sign In or Register to comment.