Re: Aquarius updates not being sent out to clients
unfortunately from my point of view F-Secure has made a very wrong decision to have switched Bitdefender's engine to Avira, after February F-Secure is detecting at most 10% of the new threats received.
I have used F-Secure for more than 10 years in my corporate network, it was the best AntiVirus in the market so far, but now it's worse than Windows Defender, I'm studying the exchange for another solution.
I am very disappointed with F-Secure.
Only 10% of new threats detected?
If you have any proof for such bad numbers I would like to ask you to share the "missing negatives" (non-detected samples) with F-Secure ( @Vad please ask LAB to pick this up directly).
AV-Test has recently reviewd F-Secure and confirming the total oposite.
But maybe something is configured wrong on your end and some modules just fail to do thier work.
I already did this through a ticket with support and before I even opened , I had submitted through https://www.f-secure.com/en/web/labs_global/submit-a-sample but I did not have the vaccine available.
Before switching the Engine, I considered the best antivirus solution on the market, but from February to here it does not detect anything else.
More than 80% of the threats that we receive are regional, that is, threats made in Brazil to Brazil, and since Bitdefender has threatened laboratory in Brazil, this gives us an effective protection against malware.
To give you an idea, I only received 5 new threats today, and none were detected by F-Secure.
I believe that it is not a bad configuration, because I have maintained the same policies for many years and it has always worked well, as I have been working with the product for many years, I believe that I have acquired a good knowledge of the tool.
Another factor that shows that it is not a configuration problem, since the sample submitted to virustotal.com, is detected by the antivirus that uses the Bitdender engine, but F-Secure does not detect
Take a look, and draw your own conclusions
Lab can explain much better, but as a first comment form my side:
1) Virustotal does not execute any behavioral analysis and 30-40% of new malware can not be detected by signatures. This is true for ALL vendors.
2) Many Vendors and VT have taken action to avoid that an attacker can use VT to hide his new malware from detection by testing. This results in more "not detected" for new samples. In the consequence VT is no proof if a certain malware is detected by your specific AV, but if the sample might be malicious. This means VT should be used to get more information on an unknown binary and not to test the AV.
Keep in mind: If only you only change one bit in the malware the sample would be new for VT.
3) I opened one of the samples that you quoted and it showed that the analysis was 4 days ond and F-Secure: "not detected", but when I retriggred the analysis F-Secure was one of the fastest to have finished with a positiv detection. So just opening the link is not sufficent as that will only display what was the fact when the sample was last scanned (e.g. when you uploaded)
4) There are some other critical statements concerning VT and what useres might interprete from the numbers. There are well documented and addressed and the overall benefit of this service is given.
Please take these statements into account when judging on any AV based on that service. VT is not a Test LAB. Such requires a way more sophisticated methods.
First of all, thank you for sharing your concers with us regarding these threats targeting Brazil.
I'd like to share that the eight Virustotal samples mentioned in your post are at this moment already detected by signatures.
Like it has been shared in this thread, Virustotal can be useful to get a quick assessment on a sample, and it should be noted that many of the protection layers available in F-Secure products won't be visible in Virustotal results, including Deepguard, Security Cloud, etc.
I'd recommend having a look at the latest edition of our Deepguard whitepaper to gain some insights on F-Secure's multi-layered security approach:
To better address your concerns regarding Brazil-specific malware, we have already discovered some points were we need to make improvements and the protection coverage should gradually improve over the following weeks.
If you have additional samples that are missed, we would appreciate if you can continue submitting them through our SAS portal.
Finally, we would like to thank you once again for helping us improving our protection and products.2 2Like