Announcement: New Knowledge Base

4 June 2020: We are pleased to announce the launch of a new Knowledge Base, Changelogs for Business Security Products, where you can find more details, such as bugfixes or new features, about the most recent releases of our business-related products.

FSCS DeepGuard ignores hashes

Hi there,


after deploying FSPM 13/FSC 13 all workstations experience deep guard warnings when opening  executables which are allowed by PM. The hashes are correct but FSCS seems to ignore them:


Here are the most recent alerts (120) from Policy Manager:

Security alert: Malware blocked
From: XXXXXXXXXXXXXXX, 2017-11-03 10:52:34 +01:00
Details: Action by malware was blocked. Malware path: \xxx\xxxx\xxxxxx.exe File hash: 643a2495c509e842885091b918a74b772d64c336

This email was automatically generated by F-Secure Policy Manager. Please do not reply to this message.



SHA-1-Hash    Hinweise    Vertrauenswürdig    Aktiviert
643a2495c509e842885091b918a74b772d64c336    xxxxx.exe    Ja    Ja

Can you help us with that?








  • VadVad Posts: 1,048

    Hello Dirk,


    Normally allowed applications should not be blocked in version 13.

    Please, contact support. We will need diagnostic information from affected client machine for investigation.


    Best regards,


  • Hi Dirk,


    I have the same problem with dg and some more, look at my post 1 over yours...




  • RmBRmB Posts: 31



    Same problem here with deepguard. 

  • etomcatetomcat Posts: 1,312



    Submit sample here so virus lab crew can fix the false alarm centrally:


    You will struggle for ever with the problem if you don't do that.


    (Some apps modify themselves while running so the checksum changes. These are not possible to exclude statically via hash and the only fix is to modify the scan logic to avoid the false alarm in the first place.)


    Best Regards: Tamas Feher, Hungary.

  • VadVad Posts: 1,048

    Hello Dirk and RmB,


    Did you already happen to provide diagnostic information to support for investigation? As I already mentioned, unfortunately, we can't reproduce this problem, and need your help to continue.


    Best regards,


  • Hey Vad,


    I did - support ticket is xxxxxx - I will provide fsdiag data asap.



  • Hey Vad,


    I just sent a sample and result of fsdiag.



  • RmBRmB Posts: 31



    It seems, that our problem is well known mictray64.exe file. New updated file is already deployed to our enviroment and deepguard should ignore this file, because we excluded it already.  


    Really don't get it why we keep getting these error messages. 

  • VadVad Posts: 1,048

    Hello everybody,


    We now have a fix for the whitelisting issue. It will be delivered over the channel in one-two weeks.

    If you want to try/take it in use now, please, contact support.


    Best regards,


  • RmBRmB Posts: 31

    Hi Vad


    Great to hear that fix is coming. I'd like to try whitelisting before official channel udate. Can you help me?

  • Hey RmB,


    we just sent a sample via Once our binaries were checked we enabled deep guard again  - since then everything works like a charm:)



  • Rob-KRob-K Posts: 33

    @Vad wrote:

    We now have a fix for the whitelisting issue. It will be delivered over the channel in one-two weeks.


    Hello Vad,


    what does "over the channel" mean? Will the fix be delivered as automatic update via AUA or will it be a hotfix, which needs to be pushed via Policy Manager?


    Kind regards



  • VadVad Posts: 1,048

    Hello RmB,


    No, unfortunately I can't provide binaries in the community. Please, communicate with our support.


    Best regards,


  • VadVad Posts: 1,048

    Hello Robert,


    As automatic update via AUA.


    Best regards,


This discussion has been closed.