Question regarding DeepGuard operation
i was executing an unknown malware, DeepGuard will show a message, take a look at it:
as you can see DeepGuard says this program blocked! , and it's process also i can confirm terminated by DeepGuard. BUT why it's file still exists in my desktop? in fact in the same address which DeepGuard says this program blocked! if it is blocked and it is Suspicious, then it's file should quarantine by DeepGuard right? i seen this matter 2-3 times so far.. and now i'm reporting it
Hope that Helps!
DeepGuard detection is behaviour based. Hence, it will not quarantine any sample it detects because it only has the capability to block the sample. For this issue, it looks like the file does not have hits in our system (may be not a common file) and that's why DeepGuard blocked it. The best way to fix it is by sending the sample to us so that our labs can look at the file and analyze it.6 1Like
Hi dear @Laksh .
thank you for your response.
but i really think something is wrong here. take a look at this video ( https://www.youtube.com/watch?v=fYF4nZDAtvE ) on YouTube, you can see that when DeepGuard show this popup ( that one i share it's screenshot ) the malware will delete automatic by F-Secure. but in my system, whenever i got the same message, the own sample file will not delete or quarantine , just block from running. thats it, and i think this diffrent with the same message from DeepGuard, should not happens!
now i'm really worried about this issue, how is that possible in one system DeepGuard delete automatically a malware but in mine only block from running?
From the video, it seems that the sample was detected with real-time scanning. The samples get deleted because it is already detected by real-time scanning (signature detection in place maybe). When real-time protection is on, it will catch the sample first rather than DeepGuard (behaviour based).
In your case, I would recommend to submit a sample to our labs for analysis as they can provide detailed explanation about the sample.1 1Like
Hi dear Laksh.
so you are saying that DeepGuard never and ever will delete or quarantine a sample automatic? if that so then everything is Ok.
and i sent already the sample but this issue ( if there is any issue ) is not about only 1 sample, i executed a lot samples i never seen before that DeepGuard delete/quarantine a sample automatically