Technical question regarding F-Secure DeepGuard

ParhamParham Posts: 109 Enthusiast

Hi.

 

i have a question about how F-Secure DeepGuard works ( of cours i read it's whitepapre so please don't suggest me to read that ), i have a simple question about that, and i prefer to give an answer from a VirLab expert so if any of you kind F-Secure staffs it's possible for you please forward my question to one of them and let me know what is the answer :)

 

Question: is F-Secure DeepGuard also works based behavioral algorithms?  i was testing F-Secure with some pack of Ransomwares ( in a Virutal Machine of cours ) , i turned off F-Secure RealTime , only DeepGuard was On. well it did great, BUT some of Ransomwares which was exist in F-Secure database, DeepGuard failed against them, so i want to know F-Secure have such ability to add these behavioral algorithms to it's DeepGuard if we send them to the VirLab ? or they just tell us our Scanner detect this sample already?  i also was Dr.Web Beta tester for a while, their behavior blocker had such ability they was adding the undetected behavioral algorithms to their behavior blocker ( specialy those one which was exists in their database but their behavior blocker was not able to catch it )

Accepted Answer

Comments

  • ParhamParham Posts: 109 Enthusiast

    Thank You dear Laksh.

    yes i will , all i want, is that to be useful

     

    i think it is an improtant matter, for example today i find Kirk Ransomware which exists in F-Secure Database, but DeepGuard cannot detect that when RealTime is off, so for this sample , there is no problem because F-Secure will catch it by database, but what if next version of that ransomware ( here Kirk for example ) publish in your customers's systems? that would be zero-day for some days, and if DeepGuard know it's behavior algorithm, then it can detect the zero-day one too! ( usualy ransomwares in 1 family have common behavioral algorithms in most cases i think ) so i hope Labs be able to add undetected behavioral algorithms to DeepGuard

  • LakshLaksh Posts: 4,444 Community Manager

    You're welcome!

    Yes, I totally understand your point here, Parham! The labs will be able to help you further.

    Parham
  • ParhamParham Posts: 109 Enthusiast

    Hi again.

    dear @Laksh i sent the meintoned sample include a comment which explain the whole matter, but i just got the usual and automatic answer which says the sample already detected by F-Secure Latest Update.

    i think it's a matter that we need to contact with Technical Supports based on my experience, with another AV which i was their beta testers, i open a ticket with tech supports and they forward this matter to Developers for debugg..

    what do you think?

  • ParhamParham Posts: 109 Enthusiast

    UPDATE: Victor from LABS is on my case now.

  • LakshLaksh Posts: 4,444 Community Manager

    Good to know he is working on it now. If it still needs any push from my side, you can PM me the case number and I can escalate it for you.

    b21
This discussion has been closed.