Auto-scan USB flash drives

PC-Cobbler

I did not see an option to turn on/off auto-scanning of USB flash drives when they are inserted. Does F-Secure do this automatically?

Ukko

Hello,

 

There indeed missing such feature/option and maybe F-Secure design not really about "auto-scan USB flash drives" as it can be with another security solutions; But for my own opinion - there quite "friendly" design for Home users;

 

F-Secure real-time scanning covered freshly connected devices. And there next meanings:

  

-> F-Secure will scan any actions/activities by real-time scanning;

So - if after/during plug-in USB Flash drive -  there any "runs" - it scanned/'hooked'/analysed; And if there something known malicious/suspicious - there will be detection;

 

-> If there "static" troubles (as potentially harmful files) - good to perform steps like "rightlick" for drive and choose option "Manual scan it" (context-menu);

It will be with scanning for files/USB flash drive and it can be with certain "time-delay" - but it will be practically as "scanning" for USB flash drive before your own access to filesystem/files under USB flash drive.

 

And F-Secure IS/SAFE do not things like:

 

-> USB flash drive is prevented/blocked while there is autoscanning process  and before you able to get access to drive (as it can be with another security solutions, where it can be certain feature/option); 

---

It discussed time to time under community, but probably there missing any recent official advices/explanation about this design. Not sure if there can be useful option as "ask" when you connect USB drive -> "Do you want to allow access to drive or do scan it before?" - since it sounds more like trick-hook, than proper design; What do you think about it? And sorry for my long=try to do response about your ask!

 

Thanks!

PC-Cobbler

Thanks, Ukko.

 

I do not want to turn-off auto-scanning of USB flash drives. As you mentioned, with other antivirus products, the user is asked whether a scan should be performed. I seem to remember ESET always asking if I wanted to scan a USB flash drive. With Bitdefender, the default option is to scan both USB flash drives and CD/DVD discs, with disc scanning causing the system to slow.

 

I do wish F-Secure would give an official answer because there might be a security loophole. For example, if I insert a USB flash drive and immediately access a file on it, does F-Secure first scan it before allowing me to access it?

Ukko

Sorry for my reply, since I do not want to break "coming" official response....

 

---

@PC-Cobbler wrote:

For example, if I insert a USB flash drive and immediately access a file on it, does F-Secure first scan it before allowing me to access it?

---

 Some of my suggestions....

Spoiler

For my own opinion (so, good if there will be clarification about it too) F-Secure always perform monitoring and scanning "at tries for access files";
Generally it should be "as designed" - since they have to provide protection "before" (by many layers);

With my own experience -> I have situations, when USB-connected devices was with "known for F-Secure threats" and them was already blocked/detected/prompted practically when I just did not notice that I already able to open the drive.
With my latest experience - there partly another design, but F-Secure anyway will prevent/hook/block access to file - if it known as malicious item;
If there "autoruns" (when you did not trigger access to certain file under usb-drive) -> there small difference - since F-Secure should detect it on-the-fly as "certain action" and should create some "decision" (allow/deny/detect/block);
And generally.. yes.. F-Secure do this things automatically (with small options to tweak level of it);

 

Because there can be some limitations and performance-improvements ... maybe it's possible to meet some strange situations, but if there "enabled" real-time-scanning ---> access (or basically "try" to access) should trigger double-check and analysing; If there is known threats - it should be blocked.

Also if there enabled "DeepGuard" -> it will perform certain checks/scans at launch and if there any reasons to block/prevent file - it will be there briefly;

Manual scan (with certain options "in use") by context-menu is useful for detecting "zipped/archives"; And as useful step before your own access to usb-drive's filesystem;

 

But I able to think about potential troublepoints:
- there can be potential overload... like if there thousands of "files" are accessed/launched per seconds and all of them are 'malicious' - but it should not be too much common situation;
- also there can be different malicious files which able to play with this vectors by some tricks and tries; But I think that F-Secure have to to monitor such tricks and create required tweaks for their security solutions.

---

While there missing any official responses about just this one certain point - you able to re-check such articles: Where Andy Patel from F-Secure Labs created some words about security designs

 

also... if you will be with time for that (some of this articles with kind of "explanation" for F-Secure design and how it works; Some of this meanings are valid for situation with USB-flash-drive; But also there can be visible some "limitations" or potential tricks);

 

Thanks!

---

// later added: by the way.. when I talk that there is "missing official response" - I mean something as explanation for "why there is missing such feature" (like -> if it totally not required OR it not enough good tested to release; or something else);

Since recent discussion was there with official clarification about such feature (that it not part of F-Secure AV/IS design):  topic ;

Where also "noted" that there still available feature-request:

https://community.f-secure.com/t5/Feature-Requests/Automatic-scan-of-USB-pendrives/idi-p/28810

nanonyme

Hey,

I might be wrong here but my understanding is that the scanning happens basically in on-demand when you're not running manual scanning. You might get all files within a directory scanned but doubtful recursively. So if you segment your files under logical directory structures, you might get away with less files being scanned per directory leading to overall performance improvement. This is assuming it doesn't just scan all files inside an external drive on mount

PC-Cobbler

Sorry, Ukko, I had trouble with your English.

 

At one of the links you provided, an F-Secure employee wrote: "Any normal antivirus automatically scans every file when accessed, and you can scan everything(i.e. Pendrive) manually if you wish."

 

But then another F-Secure employee added: "Where I would see it being useful, however, is when sharing the Pendrive with other users whose PC/device may NOT have antivirus installed, thereby accidentally spreading a hidden infection in a file."

 

https://community.f-secure.com/t5/Feature-Requests/Automatic-scan-of-USB-pendrives/idi-p/28810

 

So my question is answered. I was confused because every antivirus product has different behavior with respect to USB flash drives, for example, Bitdefender, which prevents any access of the USB flash drive until the scan is finished.

Ukko

Hello,

 

Sorry for my worst English!

And probably my reply should not be "the solution" for your topic (at least, as long as it's still important get official response there);

---

What about your "quotes" -> as I able to think -> first one is not by F-Secure employee (he is previously active F-Secure user/beta-user and community user ?!);

And second quote by F-Secure employee; But -> after this reply... there quite many changes for F-Secure scanning platforms and technologies; And... probably "first quote" will handle such situation;

---

But I also able to think that there can be potential tricks (when "autoscan"-feature can be useful) or when manual scan is strongly required (before your own usage the connected drive); While current design should be OK for most of common situations;

 

Sorry for my worst English (else one time);

 

Thanks!