questions about deep guard.

cmfamily
cmfamily Posts: 2 New Member

I have had ongoing problems with someone hacking my devices and recently added f secures security suite to my MacBook. I have been having problems such as my built in firewall turning off by itself all the time among other things so I installed the security suite hoping to stop anyone from possibly accessing my MacBook. But after having trouble even installing it I still have the same things happening. I even discovered someone had somehow installed a work profile onto my Samsung which also has been being controlled by someone who is not me so I'm trying to do anything to secure my devices and furthermore somehow try and prove who could be doing this to my devices but first and foremost I want to take back control of my devices, here my MacBook. I noticed even though I started DeepGuard there are still a lot of system activities being allowed through even though I didn't individually allow them nor was asked. Here is a list of what is being allowed through and blocked and I wondered if anyone could tell me if anything looks abnormal or would allow access remotely to my MacBook. also no matter what I do the things that are being allowed I am not able to block them. Not sure if it's supposed to be this way but any advice or insight would be greatly appreciated! Thanks to all who respond in advance!


Answers

  • Simon
    Simon Posts: 2,661 Superuser

    Sorry to hear you're having problems. I'm afraid I can't help you with the Mac processes, but have you actually done a full virus scan with F-Secure?

  • ArthurVal
    ArthurVal Posts: 123 F-Secure Employee

    Hello, @cmfamily!

    I can comment on the provided screenshots of DeepGuard configuration. DeepGuard indeed comes with a set of predefined policies when you install SAFE on your Mac. The main reasoning behind having those policies is to allow the operating system to perform normally and without much interference by DeepGuard.

    It is important to understand that the these policies are only targeted on actions initiated by the operating system. So suspicious, abnormal, external and malicious activity will still get prompted by DeepGuard or blocked automatically.

    You can safely hide the system policies by clicking on "Hide System Rules" button in the upper-right corner of the screen. These rules are predefined and cannot be modified.

    Could you please share the screenshot of DeepGuard Configuration app after hiding system policies? It would be much easier to spot any abnormalities of DeepGuard configuration in this case. Thanks.

    Best regards, Arthur

    SAFE Mac R&D Team

    Best regards, Arthur

    SAFE Mac R&D Team

  • cmfamily
    cmfamily Posts: 2 New Member

    When I hide my system policies it actually shows nothing. I'm just wondering if someone already had certain things in place on my Mac book before I installed it if policies deep guard considers normal system functions could be allowing someone to still access my macboook. Last year I was having issues with literally every device including my MacBook and when I started to find various issues and was able to document them. I was having files on my computer locked and unable to access them and it appeared someone had rooted my MacBook. After I went to the police about it my nearly. brand new MacBook ended up getting wiped and completely stopped working causing me to lose everything on it. Then most recently I discovered someone managed to put a work profile on my personal phone. So someone is going through a lot of trouble. I have a lot of complaints going against various groups and people which may be the reason for all of it.

  • ArthurVal
    ArthurVal Posts: 123 F-Secure Employee

    @cmfamily

    Got it, thanks for clarification that there are no custom policies added to DeepGuard configuration except for system ones. I find it very unlikely that it is possible to trick DeepGuard into classifying external/malicious activity as legitimate operating system actions. Those policies are quite strict on identifying the origin of each pre-allowed activity.

    I believe that the best way forward with the investigation of possible external interference to your system is to submit system diagnostics to our Customer Care. You can run SAFE Support Tool app located in "Applications" directory alongside SAFE installation. It will run its diagnostics and collect it in a resulting file which contains various diagnostics on SAFE and the system in general. We can take a look and see if we can spot any abnormalities in those reports.

    It is best not to share the resulting diagnostics file right here on the Community forum but to share it with F-Secure Support https://www.f-secure.com/en/home/support/contact.

    BR, Arthur

    Best regards, Arthur

    SAFE Mac R&D Team

This discussion has been closed.