[DeepGuard] TeamID in rules no longer work

66f2e490 · October 13

Hi Dev team,

With the newest release Version 19.8 (63381) I found that TeamID in rules are not working properly in strict mode.

For example, I only allow apps with TeamID UBF8T346G9, which is Microsoft-Apps that can read/write .xlsx file:

allow suffix ".xlsx" "/ via any" rw "" "UBF8T346G9" ; Microsoft

This works in pervious version.

As the screenshot I attached here:

file type ".uuidcache-114514-2" is not pre-defined. Deleting this file will trigger a DeepGuard pop-up, which I rejected.
file-type ".xlsx" is configured as only processes with TeamID UBF8T346G9 can access it. But deleting it won't trigger any DeepGuard pop-up and thus user will have no chance to notice this event.

I checked the other rules that has TeamID, and it seems that these rules do not check the TeamID but instead allow the rule for all processes.

ProductName:macOS

ProductVersion:15.1

BuildVersion:24B5070a

F-Secure: Version 19.8 (63381), DeepGuard is running under strict mode.

Bildschirmfoto 2024-10-14 um 04.52.08.jpg

66f2e490 · October 14

After downgrading to Version 19.7 (62280), TeamID in rules is working again.

*only in this form:

allow suffix ".xlsx" "/ via any" rw "" "UBF8T346G9" ; Microsoft

Bildschirmfoto 2024-10-14 um 17.25.32.jpg

PawełP · October 23

Hallo @66f2e490

Thank you for your post.

Our technicians at R&D have investigated this problem.

It sounds like a potential regression related to optimization work done in that area. The technicians will review the difference in product logic between 19.7 and 19.8 and fix the issue.

I will inform you as I receive an update on this matter.

Thank you very much for bringing this problem to our attention and thank you for your understanding.

Best regards.

Pawel

66f2e490 · October 23

https://community.f-secure.com/en/discussion/comment/138816#Comment_138816

Hi @PawełP

Thanks for getting back to us so quickly! We're super excited to see the fix in the future releases.

PawełP · November 14

Hello @66f2e490

I just received an update from R&D.

Our technicians have found the cause of this problem. It will be resolved with the release of the next version of the program (19.10).

I hope this information will be helpful and thank you for your patience.

Best regards.

Pawel

66f2e490 · November 14

@PawełP

Thank you very much to the team for all the hard work here, this is really a good news.

Cheers!

Karibu · November 15

How is it possible that DeepGuard will be fixed in version 19.10 when it has been announced that in version 19.9 DeepGuard is discontinued and switching to a new technology?

DeepGuard is being replaced with Behavioral Analysis?

Ville posted "DeepGuard will not exist anymore after 19.8" in another thread?

So what exactly is going on?

66f2e490 · November 16

https://community.f-secure.com/en/discussion/comment/139106#Comment_139106

Hi @Karibu

AFAIK DeepGuard has been replaced by another EPP solution on the newest beta of FSP for Windows.

In this thread we're talking about FSP for macOS, which DeepGuard is a totally different technology under the hood, they just share the same name.

Karibu · 5:50AM

https://community.f-secure.com/en/discussion/comment/139107#Comment_139107

How is it that you know, but nobody else does?

Where is the official announcement from F-Secure that it is moving to Avira components for its Windows product line?

There are a lot of people that do not want Avira on their systems. I know that I do not want Avira on my system - whether it is brand name labeled or white labeled F-Secure.

I think it is very underhanded and shady that F-Secure leadership (I am pointing my finger at you - F-Secure executives) is not making any official announcement about v19.9 becoming an essentially 100% Avira product.

[DeepGuard] TeamID in rules no longer work

Answers

🚩 What Do You Think?

Categories