FS Protection PC Release 210

Fixed issues:

Antivirus:

  • Slash not backslash in forbidden protected folder error message (PBL-3170)
  • Still SBot.exe triggers Ransomware protection (SAFE_BUG-02181, CTS-100508)

Browsing Protection:

  • Crash observed in banking protection (CTS-100514)
  • Block page icons render wrong on some scaling options with IE and Edge (CTS-100499)
  • Windows 10 virtual desktops allow to bypass time limits (CTS-100465)
  • Firefox plugin causes bad performance problems with large amount of tabs (CTS-100348)
  • Remote desktop connection is cut right after start banking session (CTS-100515)

Answers

  • Thanks!

     

    Upgrade went smooth.

  • UkkoUkko Posts: 2,935

    Hello,

     

    Thanks for release!

     

    But... does Ransomware protection (as part of DeepGuard) with large changes to 'how it works'-field?

     

    For example, what if it start be with more protection against direct and strict ransomware-rules (and, for example, encrypting). Or scale it to more suspicious activities than one.

    Because otherwise -> all (?!) of available for me (own tries/checks) with perfect ignorance any modifications to files under protected folders.

     

    My brief checks are:

    -> Modify or access to file by/under/with unknown and uncommon application (executable).

    -> Deleting file or folder under protected folders by using script-files.

    -> Some of false-positive detections (when valid/common steps and valid/common executables triggered Ransomware-protection feature) are dropped. Examples of executables (Microsoft Edge, Opera Neon, Steam...).

     

    Possible to suspect that it is part of fixes with some of situations. But... not sure about all of them (so, more sounds as design is re-designed).

     

    Thanks!

  • smooth ride as usual, congrats

  • I think this new layer deserves broad advertising coverage designed for non geek PC users

  • VilleVille Posts: 478

    Hi @Ukko

     

    Ransomware protection is in beta phase, so we are still tweaking how the detections work. We must find the balance of aggressive enough but not blocking everything.

     

    We are definitely interested in your feedback.

     

    Ville

    (F-Secure R&D)

     

  • I am as always willing to help but wonder how I can test such a feature if I am not exposed to such threats, I only happen to receive spam which smell bad e.g. asking to renew my address and pw, of course I flag such mail as spam without reading (opening them).

  • UkkoUkko Posts: 2,935

    @yeoldfartwrote:

    I am as always willing to help but wonder how I can test such a feature if I am not exposed to such threats, I only happen to receive spam which smell bad e.g. asking to renew my address and pw, of course I flag such mail as spam without reading (opening them).


    With such situation: test a feature against documentation; or against false positives. Except trying to check payload from spam letters. :)

    My own experience: with TP210 I did not receive any of notifications about tries to access protected folders (files). Even I tried to provoke it by common hand-made tricks (so, maybe it is not enough for real impact and thus DeepGuard properly sense it). Basically, I'm not sure how Ransomware works (at least, with such part that other layers can not to detect it).

  • VilleVille Posts: 478

    Just like @Ukko said, just test with the normal applications that you use that there is no interference from our product. Don't test with malware/ransomware, leave that to us. We have special environment where we can do it safely.

     

    Ville

    (F-Secure R&D)

     

  • ok Ville I just wanted to help more :)
  • UkkoUkko Posts: 2,935

    Hello,

     

    Sorry for my reply.

     

    Does all reports before certain timestamp (? or other counts) are gone/removed/deleted? For FS Protection project.

     

    Today (on current minute) - I login into beta-portal (for research some of previous reports) and found that not all of them are visible.

    My own 'first' visible report is ""SAFE_BUG-01904"" (Five Months ago / 04.09.17). There was some other reports before it too.

    While, for example, entries like older "completed surveys" still there (by 'completed surveys' I meant under ""Participation""-tab as one of potential sources of list).

    .

     

    Thanks!

  • FengpingFengping Posts: 40

    Yes, due to performance issue with Centercode, we keep only up to 5 month old cases and removed all older closed cases.

  • UkkoUkko Posts: 2,935

    @Fengpingwrote:

    Yes, due to performance issue with Centercode, we keep only up to 5 month old cases and removed all older closed cases.


    Hello,

     

    Thanks for your answer and response!

    Sadly a little be (I tried, usually, to recover before report about potential double-meanings or to connect report with previous ones; or just like re-check some of previous meanings).

     

    But.. does it indeed was only closed cases?

    For example, such example:
    https://community.f-secure.com/t5/Home-Security/FS-Protection-PC-Release-204/m-p/102288/highlight/true#M3856

     

    I did not receive any replies (at least, ?! which was visible for me). I mean - noted report under ^ reply.

    "Area" was not chosen (if it is critical) - but status was still "fresh" with my latest check.


    Thanks!

  • FengpingFengping Posts: 40

    I double checked, you are right, we simply removed everything older than 5 month. I would like to keep those non-closed cases too. Sorry about that.

This discussion has been closed.