FS Protection PC Release 201

Ville
Ville Posts: 671 F-Secure Employee

This release contains following applications that combined make the FS Protection PC product:

  • Common Component Framework 3.01.279
  • Antivirus 17.201.121
  • Browsing protection 2.201.6961

New features:

  • Tray icon right-click menu functionality improved, changed style
  • About box now shows same information regardless of where it is opened, changed style

Fixed issues:

Browsing Protection:

  • Adult content displayed despite parental control being on (CTS-99921)

  • Unintended context menu in 'Allow/Deny websites list' dialog (CTS-99928, SAFE_BUG-01937)

  • Banking protection now accepts ip addresses in 'Allow websites list' (CTS-99942)

  • Localization problem in "Unlimited limits for Family Rules" (CTS-99936, SAFE_BUG-01939)

  • Time limits showing wrong hours/time zone in block page (CTS-99935, SAFE_BUG-01940)

Antivirus:

  • Event log shows less message than actuality (CTS-99675, SAFE_BUG-01845)
  • Protection - Malware left after system reported clean (CTS-99557)
  • Windows incorrectly reporting protection is turned off (CTS-99885)
  • App and file window inappropriately restored from minimized by flyer (CTS-99910)
  • Russian localized scan log -reports support URL is not valid anymore (CTS-99955, SAFE_BUG-01961)

Ville

F-Secure R&D, Desktop products

Comments

  • Lord_Ami
    Lord_Ami Posts: 70 Active Engager

    Upgraded without issues!

  • yeoldfart
    yeoldfart Posts: 556 Superuser

    Hello

    not a glitch as usual on my side... just one question for my personal experience: how come the corrected bugs you mention canot be, as far as I am concerned, detected before by myself ?

  • Ville
    Ville Posts: 671 F-Secure Employee

    Hi @yeoldfart

     

    Regarding the bug list, I'm not familiar with all the fixes as the list comes from multiple teams (I personally work in the common part). Generally speaking we tend to keep the bug description short, but in reality it might require certain circumstances to happen, so it may not happen to you.

     

    Ville

    (F-Secure R&D)

     

    Ville

    F-Secure R&D, Desktop products

  • yeoldfart
    yeoldfart Posts: 556 Superuser

    Bonjour :)

    do your techs use some kind of stress test software ?

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    I'm also with good experience about upgrade from TP200 to TP201. Noticed (even read this topic before installing updates) that there upgrade-on-the-process just when tray-picture dropped and recreated with next notification about upgrade.


    Also decided to ask about some points:

     

    []-- Fresh 'About' looks with less information compare to previous 'abouts'.

    Does all other 'things' are not critical and should not be placed there?

     

    []-- How long should take 'changes' from My FS Protection portal about Content Blocker / Daily limits;

    Or what kind of delay can be unexpected? At least, for refreshing UI state.


    Thanks! 

  • Ville
    Ville Posts: 671 F-Secure Employee

    @Ukko

     

    * About box - we removed the version numbers of sub-components, because that is not relevant information to the user. We only display the main version numbers in there. Also the 3rd party copyright notices in the scrollable area is incomplete, we should have everything in there in next release.

     

    * Changes from portal to client should go in about 1 second. The UI sometimes takes few more seconds to react, but the settings are effective before the UI shows them. If your computer has been sleeping, then after wakup there is about 90 seconds before the settings start flowing again. In TP201 there is a bug related to computer sleep which stops settings from working for days after sleep, it will be fixed in next release. Also if you have been disconnected from network or have network issues, the client will start throttling itself to avoid overloading the server; when re-connected, it can take up to 2 hours until settings start flowing again.

     

     

    Ville

    (F-Secure R&D)

     

    Ville

    F-Secure R&D, Desktop products

  • betoche
    betoche Posts: 49 Observer

    I noticed the new version is lighter than before!and the system isn't slow.
    like I don't have any av :) thanks for the update

  • Lord_Ami
    Lord_Ami Posts: 70 Active Engager

    Been light for me all the time :) Haven't really noticed anything myself though.

    Perhaps a bit better startup speed, but that could have been caused by various tweaks I did to my system.

  • betoche
    betoche Posts: 49 Observer

    I want to run Memreduct which is a safe software but the Deep guard blocked it so I  put it in the Excluded list but the Deep guard keeps blocking it.
    There is no way to run this tool without disabling the real-time protection because the exclude list is not working. any idea?I never had such experience with the deep guard.
    P.s: the issue gon after a restart but I guess there is a bug or smth like that.

  • nanonyme
    nanonyme Posts: 145 Path Finder

    @betoche wrote:

    I want to run Memreduct which is a safe software but the Deep guard blocked it so I  put it in the Excluded list but the Deep guard keeps blocking it.
    There is no way to run this tool without disabling the real-time protection because the exclude list is not working. any idea?I never had such experience with the deep guard.
    P.s: the issue gon after a restart but I guess there is a bug or smth like that.


    Hey,

    Only tangentially related but it sounds to me like all this software does is force flush process working sets to a page file on disk. If those processes were not dormant, this is likely to lead into a lot of disk trashing and reduced system performance. You can easily DDoS a system by doing this as admin so no wonder the software is blocked by default

  • betoche
    betoche Posts: 49 Observer

    fs.PNGI noticed fshoster64  using HTTP to connect your servers!! and we all know port 80 is not safe! did you ever consider to use HTTPS ? for me, this is weakness and from what I know most av companies using HTTPS.

  • Lord_Ami
    Lord_Ami Posts: 70 Active Engager

    I also noticed similar stuff in hotfix installer log:

     

    2017-10-22 14:10:08.514 [1f38.07f8] I: *** LOGGING STARTED *** (UTC+3:00, session: 0x0)
    2017-10-22 14:10:08.514 [1f38.07f8] I: ParseCommandLine: Started with cmd line: "C:\Program Files (x86)\fs protection\apps\Ultralight\ulcore\1508417709\_hotfix.exe"
    2017-10-22 14:10:08.514 [1f38.07f8] I: InstallationLocker::Acquire: Lock acquired
    2017-10-22 14:10:08.514 [1f38.07f8] I: Downloader::downloadAndUnpack: Downloading 'http://download.f-secure.com/ultralight/hotfixes/hotfix.zip' (fallback 'http://download.f-secure.com/ultralight/hotfixes/hotfix_fallback.zip'). Package type: 0
    2017-10-22 14:10:08.514 [1f38.07f8] I: Downloader::downloadFile: Downloading from 'http://download.f-secure.com/ultralight/hotfixes/hotfix.zip' to 'C:\ProgramData\F-Secure\temp\hotfixes.zip'

     

    I'm not entirely sure if it's security issue, but isn't it possbile to do MITM (when using malicious proxy)? Sorry if this is noobish question, perhaps you use some other methods on validating the downloaded files.

  • betoche
    betoche Posts: 49 Observer

    Ok, I just found another problem: I disabled both  Deep Guard and real-time protection from the GUI! but the problem is f-secure still trying to block my keygen!
    Seems it's not working and the real-time protection is still active.


  • betoche
    betoche Posts: 49 Observer

    It's security issue! Even non-Av companies use https!

  • nanonyme
    nanonyme Posts: 145 Path Finder

    HTTP isn't really something to be concerned about as long as custom payload validation systems are done on top of it

  • Ville
    Ville Posts: 671 F-Secure Employee

    Hi,

     

    Regarding HTTP vs HTTPS. Any package we download over HTTP has a custom crypto signature that we validate before using it. If you for example look into those zip files, they have a manifest file, which is a signature made by F-Secure. The client will only accept the package if the signature is valid. HTTP is used on some downloads to make it possible to cache the files on ISP proxy level.

     

    Ville

    (F-Secure R&D)

     

    Ville

    F-Secure R&D, Desktop products

  • betoche
    betoche Posts: 49 Observer
    Ok, thanks for the answer now I can trust it :)

  • betoche
    betoche Posts: 49 Observer

    I'm wonderingCapture.PNG what is this? xd The GUI changed from blue to red! and as  you can see its ugly

  • nanonyme
    nanonyme Posts: 145 Path Finder

    Annual Halloween thing. Goes away soon

This discussion has been closed.