Technical question regarding F-Secure DeepGuard
Hi.
i have a question about how F-Secure DeepGuard works ( of cours i read it's whitepapre so please don't suggest me to read that ), i have a simple question about that, and i prefer to give an answer from a VirLab expert so if any of you kind F-Secure staffs it's possible for you please forward my question to one of them and let me know what is the answer 
Question: is F-Secure DeepGuard also works based behavioral algorithms? i was testing F-Secure with some pack of Ransomwares ( in a Virutal Machine of cours ) , i turned off F-Secure RealTime , only DeepGuard was On. well it did great, BUT some of Ransomwares which was exist in F-Secure database, DeepGuard failed against them, so i want to know F-Secure have such ability to add these behavioral algorithms to it's DeepGuard if we send them to the VirLab ? or they just tell us our Scanner detect this sample already? i also was Dr.Web Beta tester for a while, their behavior blocker had such ability they was adding the undetected behavioral algorithms to their behavior blocker ( specialy those one which was exists in their database but their behavior blocker was not able to catch it )
Comments
-
Hi Parham,
I did a quick check with the labs on your query.
It is recommended to submit the samples to SAS. Although generally the labs consider the files as detected if Real-Time protection is already blocking them, they may still investigate if adding behavioural block into DeepGuard would be feasible. Just mention in the SAS description that the ransomware samples are caught by Real-Time Scanning, but DeepGuard won't block them if Real-Time Scanning is disabled. -
Thank You dear Laksh.
yes i will , all i want, is that to be usefuli think it is an improtant matter, for example today i find Kirk Ransomware which exists in F-Secure Database, but DeepGuard cannot detect that when RealTime is off, so for this sample , there is no problem because F-Secure will catch it by database, but what if next version of that ransomware ( here Kirk for example ) publish in your customers's systems? that would be zero-day for some days, and if DeepGuard know it's behavior algorithm, then it can detect the zero-day one too! ( usualy ransomwares in 1 family have common behavioral algorithms in most cases i think ) so i hope Labs be able to add undetected behavioral algorithms to DeepGuard
-
-
Hi again.
dear @Laksh i sent the meintoned sample include a comment which explain the whole matter, but i just got the usual and automatic answer which says the sample already detected by F-Secure Latest Update.
i think it's a matter that we need to contact with Technical Supports based on my experience, with another AV which i was their beta testers, i open a ticket with tech supports and they forward this matter to Developers for debugg..
what do you think? -
![[Deleted User]](https://community.f-secure.com/applications/dashboard/design/images/defaulticon.png)
🚩 What Do You Think?
We’d love your thoughts on our fresh look! Quick survey, big impact!