Question regarding DeepGuard operation

Parham
Parham Posts: 103 Enthusiast

Hi.

 

i was executing an unknown malware, DeepGuard will show a message, take a look at it:

Capture.PNG

 

as you can see DeepGuard says this program blocked! , and it's process also i can confirm terminated by DeepGuard. BUT why it's file still exists in my desktop? in fact in the same address which DeepGuard says this program blocked! if it is blocked and it is Suspicious, then it's file should quarantine by DeepGuard right? i seen this matter 2-3 times so far.. and now i'm reporting it

Hope that Helps!

Comments

  • Parham
    Parham Posts: 103 Enthusiast

    Hi dear @Laksh .

     

    thank you for your response.

     

    but i really think something is wrong here. take a look at this video ( https://www.youtube.com/watch?v=fYF4nZDAtvE ) on YouTube, you can see that when DeepGuard show this popup ( that one i share it's screenshot ) the malware will delete automatic by F-Secure. but in my system, whenever i got the same message, the own sample file will not delete or quarantine , just block from running. thats it, and i think this diffrent with the same message from DeepGuard, should not happens!

     

    now i'm really worried about this issue, how is that possible in one system DeepGuard delete automatically a malware but in mine only block from running?Smiley Surprised

  • Hi Parham,

    From the video, it seems that the sample was detected with real-time scanning. The samples get deleted because it is already detected by real-time scanning (signature detection in place maybe). When real-time protection is on, it will catch the sample first rather than DeepGuard (behaviour based).

    In your case, I would recommend to submit a sample to our labs for analysis as they can provide detailed explanation about the sample.

  • Parham
    Parham Posts: 103 Enthusiast

    Hi dear Laksh.

     

    so you are saying that DeepGuard never and ever will delete or quarantine a sample automatic? if that so then everything is Ok.

    and i sent already the sample but this issue ( if there is any issue ) is not about only 1 sample, i executed a lot samples i never seen before that DeepGuard delete/quarantine a sample automatically

  • Hi Parham,

     

    Yes, DeepGuard only blocks and terminates as it is a behavioral based engine and not a removal engine.

This discussion has been closed.
Feedback on New Design