FS Protection PC Release 210

[Deleted User]
[Deleted User] Posts: 0 Former F-Secure Employee

Fixed issues:

Antivirus:

  • Slash not backslash in forbidden protected folder error message (PBL-3170)
  • Still SBot.exe triggers Ransomware protection (SAFE_BUG-02181, CTS-100508)

Browsing Protection:

  • Crash observed in banking protection (CTS-100514)
  • Block page icons render wrong on some scaling options with IE and Edge (CTS-100499)
  • Windows 10 virtual desktops allow to bypass time limits (CTS-100465)
  • Firefox plugin causes bad performance problems with large amount of tabs (CTS-100348)
  • Remote desktop connection is cut right after start banking session (CTS-100515)

Comments

  • Lord_Ami
    Lord_Ami Posts: 70 Active Engager

    Thanks!

     

    Upgrade went smooth.

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    Thanks for release!

     

    But... does Ransomware protection (as part of DeepGuard) with large changes to 'how it works'-field?

     

    For example, what if it start be with more protection against direct and strict ransomware-rules (and, for example, encrypting). Or scale it to more suspicious activities than one.

    Because otherwise -> all (?!) of available for me (own tries/checks) with perfect ignorance any modifications to files under protected folders.

     

    My brief checks are:

    -> Modify or access to file by/under/with unknown and uncommon application (executable).

    -> Deleting file or folder under protected folders by using script-files.

    -> Some of false-positive detections (when valid/common steps and valid/common executables triggered Ransomware-protection feature) are dropped. Examples of executables (Microsoft Edge, Opera Neon, Steam...).

     

    Possible to suspect that it is part of fixes with some of situations. But... not sure about all of them (so, more sounds as design is re-designed).

     

    Thanks!

  • yeoldfart
    yeoldfart Posts: 556 Superuser

    smooth ride as usual, congrats

  • yeoldfart
    yeoldfart Posts: 556 Superuser

    I think this new layer deserves broad advertising coverage designed for non geek PC users

  • Ville
    Ville Posts: 671 F-Secure Employee

    Hi @Ukko

     

    Ransomware protection is in beta phase, so we are still tweaking how the detections work. We must find the balance of aggressive enough but not blocking everything.

     

    We are definitely interested in your feedback.

     

    Ville

    (F-Secure R&D)

     

    Ville

    F-Secure R&D, Desktop products

  • yeoldfart
    yeoldfart Posts: 556 Superuser

    I am as always willing to help but wonder how I can test such a feature if I am not exposed to such threats, I only happen to receive spam which smell bad e.g. asking to renew my address and pw, of course I flag such mail as spam without reading (opening them).

  • Ukko
    Ukko Posts: 3,611 Superuser

    @yeoldfartwrote:

    I am as always willing to help but wonder how I can test such a feature if I am not exposed to such threats, I only happen to receive spam which smell bad e.g. asking to renew my address and pw, of course I flag such mail as spam without reading (opening them).


    With such situation: test a feature against documentation; or against false positives. Except trying to check payload from spam letters. :)

    My own experience: with TP210 I did not receive any of notifications about tries to access protected folders (files). Even I tried to provoke it by common hand-made tricks (so, maybe it is not enough for real impact and thus DeepGuard properly sense it). Basically, I'm not sure how Ransomware works (at least, with such part that other layers can not to detect it).

  • Ville
    Ville Posts: 671 F-Secure Employee

    Just like @Ukko said, just test with the normal applications that you use that there is no interference from our product. Don't test with malware/ransomware, leave that to us. We have special environment where we can do it safely.

     

    Ville

    (F-Secure R&D)

     

    Ville

    F-Secure R&D, Desktop products

  • yeoldfart
    yeoldfart Posts: 556 Superuser
    ok Ville I just wanted to help more :)
  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    Sorry for my reply.

     

    Does all reports before certain timestamp (? or other counts) are gone/removed/deleted? For FS Protection project.

     

    Today (on current minute) - I login into beta-portal (for research some of previous reports) and found that not all of them are visible.

    My own 'first' visible report is ""SAFE_BUG-01904"" (Five Months ago / 04.09.17). There was some other reports before it too.

    While, for example, entries like older "completed surveys" still there (by 'completed surveys' I meant under ""Participation""-tab as one of potential sources of list).

    .

     

    Thanks!

  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Yes, due to performance issue with Centercode, we keep only up to 5 month old cases and removed all older closed cases.

  • Ukko
    Ukko Posts: 3,611 Superuser

    @Fengpingwrote:

    Yes, due to performance issue with Centercode, we keep only up to 5 month old cases and removed all older closed cases.


    Hello,

     

    Thanks for your answer and response!

    Sadly a little be (I tried, usually, to recover before report about potential double-meanings or to connect report with previous ones; or just like re-check some of previous meanings).

     

    But.. does it indeed was only closed cases?

    For example, such example:
    https://community.f-secure.com/t5/Home-Security/FS-Protection-PC-Release-204/m-p/102288/highlight/true#M3856

     

    I did not receive any replies (at least, ?! which was visible for me). I mean - noted report under ^ reply.

    "Area" was not chosen (if it is critical) - but status was still "fresh" with my latest check.


    Thanks!

  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    I double checked, you are right, we simply removed everything older than 5 month. I would like to keep those non-closed cases too. Sorry about that.

This discussion has been closed.