DeepGuard blocks python and related processes like conda/pip
Hi,
I am running MacOS 15.3.1 with F-Secure "Cassiopeia update 2025-02-28_fw", and for a long time (over a year) I have had many problems with DeepGuard and python. DeepGuard tends to block pip/conda installations (especially if done in a virtual environment) and often blocks jupyter-related processes as well (the most recent one being just now after I opened a jupyter notebook on VSCode).
More recently, I have been trying to add DeepGuard "Allow" policies concerning the directories and files that get blocked often, but there seems to either be a bug or I don't quite understand how the policies are supposed to work. The reason I say this is that to counter these recurring blocks, I have added multiple very lenient policies concerning only the folders that get blocked often. For example, just now DeepGuard prevented python3.10 (from a conda virtual environment) from accessing the directory ~/.ipython/profile_default/. This however should not have happened, as I had previously added the following policy: allow rwcx to any process via any parent process to the directory ~/.ipython/ and everything that is in it (i.e. the prefix ~/.ipython/). Why did my process get blocked? Given the allow policy I described, shouldn't "python3.10" be granted access to the directory "~/.ipython/profile_default/"?
Before you say that I didn't allow mount, I clicked the "Allow" button from the "Activity Blocked" pop-up window, and it added the following policy: allow rcwx to python3.10 to the directory (prefix) ~/.ipython/profile_default/ (so no mount clearance in the new policy that got generated by F-Secure). For extra clarity, I'll attach a few screenshots:
Thanks in advance for any help.
Accepted Answer
-
Hello @daniel_p
I have received feedback from our Product team.
It’s possible that DeepGuard is still blocking Python because the executable hash has changed since the allow rule was created. To resolve this, please try editing the allow rule and removing the hash constraint so that the rule applies to all versions of Python.
After making this change, kindly reload the DeepGuard rules by either closing the settings window or pressing ⌘R (Command + R).
Please let us know the outcome. Thank you, and have a wonderful day.
Firmy
Community Manager | F-Secure Community
🔐 Strengthening digital security through knowledge and collaboration
🌐 Explore our User Guides | Knowledge Base for self-help resources
💻 Empower yourself with Cybersecurity Insights and protect what matters
Answers
-
What is F-Secure "Cassiopeia update 2025-02-28_fw" ?, The lastest versions for MacOs are (called) MacOS 15.3.1 and F-Secure 25.2.If problems with updated versions and python still exists you should run the support tool and have it send to F-secure for further investigation,@firmy &Co will take care of rest
-
Hello @daniel_p
Welcome to the F-Secure Community. Thank you for your question and comments.
I’m consulting with the product team regarding this issue, and I’ll update you as soon as I receive their feedback.
In the meantime, as @JOnes mentioned earlier, please enable debug logging, reproduce the issue, and generate an FSDIAG for us.
I’ve sent you a private message—please share the FSDIAG file in the chat when ready.
Thank you.
Firmy
Community Manager | F-Secure Community
🔐 Strengthening digital security through knowledge and collaboration
🌐 Explore our User Guides | Knowledge Base for self-help resources
💻 Empower yourself with Cybersecurity Insights and protect what matters
