Issue Report - 19.6 F-Secure Internet Security - Banking Protection - Breaks VPN\Internet
- F-Secure Internet Security v19.6 > Banking Protection
- Windows 11 23H2
- Mullvad VPN
I can reproduce this issue at-will every single time on any website that activates F-Secure Internet Security > Banking Protection:
1. System is configured to always connect to internet via Mullvad VPN network interface (this VPN must be used per security policy; may not\can not disable VPN).
2. Navigate to any website that activates Banking Protection.
3. Banking Protection blocks Mullvad VPN and thereby breaks network interconnectivity completely.Because Banking Protection blocks the VPN and thereby breaks all network connectivity, I must disable Banking Protection completely before performing any financial transactions - which defeats the entire purpose of using the F-Secure product in the first place.This is the only workaround available on my end. I cannot disable the VPN nor may I or do I have the capability to alter the system network configuration in any way per security policy.
I have FSDIAG and I also ran Debug Logs (I need to know where the Debug Log is located so I can submit it via Private Message; I also need to review it for sensitive data prior to submission).
SANITIZED:2024-09-30 15:19:25.127 [1aec.208c] D: OlsBanking::QueryOpenedConnectionsForTermination: Need to block connection pid=*, path=C:\Program Files\Mullvad VPN\resources\mullvad-daemon.exe,dstIp=0.0.0.0, port=0, type=12024-09-30 15:20:18.476 [1aec.20b4] D: OlsEvents::SendConnectionBlockedEvent: Blocked event data: {"direction":"out","ip":"*.*.*.*","path":"\device\harddiskvolume3\program files\mullvad vpn\resources\mullvad-daemon.exe","port":443,"process":"mullvad-daemon.exe","sid":"S-1-5-18"}
Accepted Answer
-
Hello,
Sorry for my reply.
You can surely try to 'namedrop' some Community Managers or Moderators as a measure to speed up the escalation of this trouble and get their attention (visibility of the need of their action).
However, can you meanwhile add some information:
Up until version 19.6, F-Secure Banking Protection never blocked Mullvad VPN or its network adapter.
So, the only change is F-Secure app build/version?
Has Mullvad VPN been changed/updated recently? I mean it looks like that "mullvad-daemon.exe" is somehow not marked as a trusted/safe for Banking Protection logic.
And the option as "Disconnect untrusted apps" triggered". Could you check, at least, that with unchecked "Disconnect untrusted apps" (or/and unchecked "Disconnect command-line and scripting tools" then) - you can use Mullvad VPN after triggering Banking Protection? Or will it still be broken?
If their executable is 'treated' as untrusted app - then one of the options is to send this file for analysis (Submit a sample | F‑Secure (f-secure.com)) as a global workaround as opposed to a local workaround by manual excluding it (as suggested earlier).
Adding Mullvad VPN creates a security hole; programs that should be blocked from accessing the network can bypass Banking Protection via direct access to the network via the excluded Mullvad VPN daemon (service).
however, if to read it like that.
When F-Secure (Banking Protection) sees only "Mullvad VPN" ('another' program with direct access to the network via even not excluded Mullvad VPN daemon / service) - what will be the difference then?
I am not sure what the actual design will be there - but even if to read it like that - perhaps, other parts of security still there (browsing protection / device protection to some extend). The only point is whether app / established network connection is trusted/safe for the Banking Protection session or not (from F-Secure perspective).
Thanks!
Answers
-
Hi @Karibu
Is there any way for you to change the tunnel protocol from Wireguard to OpenVPN to see if that helps, or is that under an admins control and cannot be changed ? (#1 security policy)
Mullvad is one of my favorite VPN's, but it is also the one that gets flagged the most, especially by Google's CAPTCHA's as well at one time by my bank, including getting the email verification, "is that really you"? To help with that, I connect to the nearest Mullvad VPN server location to me and use their OpenVPN protocol which does seem to help quite things down in general. The login from F-Secure's Password Vault went through.
Otherwise, as was posted above, is to add Mullvad into F-Secure Exclusions, and just have the Banking Protection protect you.
-
Up until version 19.6, F-Secure Banking Protection never blocked Mullvad VPN or its network adapter.
Now, no matter how Mullvad is configured, F-Secure Banking Protection blocks it. This happens on any Windows 10 or 11 system. Any build or version.
This is something that F-Secure needs to fix. -
Is no one from F-Secure staff going to look at this and escalate it? This is affecting every single Mullvad user since version 19.6.
Adding Mullvad VPN creates a security hole; programs that should be blocked from accessing the network can bypass Banking Protection via direct access to the network via the excluded Mullvad VPN daemon (service). -
🚩 What Do You Think?
We’d love your thoughts on our fresh look! Quick survey, big impact!