F-Secure Ultralight Anti-Virus

BenBen Posts: 2,641 F-Secure Product Expert


F-Secure Ultralight Anti-Virus is our next generation security product. With this beta release we are piloting several new concepts:

  • Light-weight product, which utilizes cloud-based scanning
  • New modern user interface
  • Blazingly fast installation

We guarantee this is something you have never seen before. Try it here and send us feedback. We are eager to know your opinion about this product.


Supported platforms, 3rd Dec 2014

  • Windows
    • Windows 7 (64-bit)
    • Windows 8 (64-bit)
    • Windows 8.1 (64-bit)


  • SimonSimon Posts: 2,661 Superuser
    So, is this a stand alone anti virus only product, ie, not an Internet Security type multi function suite?
  • BenBen Posts: 2,641 F-Secure Product Expert

    Hello Simon,


    It is not having all the functions that some of our other products might have but I still would recommend giving it a try as it is very impressive. 


    And of course let us know what you think. :)


  • SimonSimon Posts: 2,661 Superuser

    Hi Ben,

    I'd love to try it. Will it run alongside FS Protection, if the AV component of FSP was disabled? Only, I would feel less protected without Banking Protection and Deepguard, so would need replacements for those if they're not included in the new product.

  • Hi Simon,

    Thanks for your interest!

    F-Secure Ultralight Anti-Virus cannot run alongside FS Protection. You have to uninstall FS Protection before installing F-Secure Ultralight Anti-Virus.

    As for the protection features, F-Secure Ultralight Anti-Virus includes a comprehensive set of features to protect you from various malware attacks. For instance, a new improved version of DeepGuard 6 is included with F-Secure Ultralight Anti-Virus. We also included features to protect the users from visiting malicious sites. Banking Protection feature is not included.

    -- Alex

    F-Secure Ultralight Anti-Virus Development Team
  • SimonSimon Posts: 2,661 Superuser
    Hi Alex,

    Good to hear that Deepguard will be included. I will register for the beta to try on my secondary laptop, but without Banking Protection, or an equivalent function, I'm not sure it could be a product I would use everyday.


  • etomcatetomcat Posts: 1,319 Superuser

    Dear Alex and Ben,


    From a business perspective, how would you compare:


    - F-Secure Ultralight versus F-Secure CPU Limiter?

    - F-Secure Ultralight versus F-Secure Off-load Scanning Agent (SRS/SVCE)?

    - What can be known about the novel capabilities of DG6 ?


    - Will you be including Ultralight and DG6 in business protection products, like FSAV PSB / FSCS any soon? I think CPU Limiter would be a godsend for FSAVCS, as we get ever more complaint from business customers, rather than SOHO users. (If the office lady / salaryman / necktied slave goes for a coffee break while the workstation ratchets its HDD, that's lost money.)


    Thanks in advance, Yours Sincerely:

    Tamas Feher, 2F 2000, Hungary.

  • VetraciVetraci Posts: 156 Adventurer

    Would be nice to have a look on some screenshots! Smiley Wink

  • SimonSimon Posts: 2,661 Superuser
    That would spoil the surprise! Smiley Very Happy
  • VetraciVetraci Posts: 156 Adventurer

    Well, if you want a large group of people testing a new product, then you should spread the news on every possible news site (not just on a forum) and throw some nice screenshots to push interest!

  • UkkoUkko Posts: 3,219 Superuser

    :) Probably it's should be something around "Fight club".... and rules around.

    Basically.. I think conception same with this and with new modern interface.

    But anyway....



    "We guarantee this is something you have never seen before"



    Maybe yes (and it's can be nice as "something" around new conception of using), but does it also means that (in fact):




    -> There will be less protection (such as dropped some of advanced meanings... and it's biggest part of detection results, but maybe good... for prevention false-positives) Smiley Sad

    -> There will be, of course, same Security Cloud and web-protection as web-traffic (it nice), but..... content blocker.... list of deny-websites (as URLs  not just from Security Cloud) -  also dropped. Smiley Sad

    -> It's will be nice for good normal stable network connection with speedy-speedy setting around, where also  without variants for use "all network connection" per one device. Smiley Sad

    -> DeepGuard ... what if start be with less protection too (just because less configuration-points for set up) Smiley Sad

    -> Can it's be still visible things around.. "when something goes not as design" (such as protected/encrypted files, troubles during scan for certain files - where not possible to be scanned and etc.);


    Anyway.... sorry for my reply.

    I just really with strange dreams about "cloud"-based protection, but it will be so greatest.. if F-Secure will be first one company with greatest realization of cloud-based (as ultra-light also) protection.






  • Hi Tamas!


    From the business perspective, F-Secure Ultralight Anti-Virus is targeting consumers, versus SRS/SVCE targeting corporate customers or SMBs. For instance, Ultralight also means "light on settings". Therefore, we do not force the users to configure/decide on things, but rather try to deliver protection that "just works". The latter strategy might be unfavorable for some of the corporate customers.


    From the technical perspective, indeed, Ultralight AV and SRS/SVCE have something in common. They both offload some of the scanning to the cloud or to an external server.


    With DG6 we are mostly on quality/performance/compatibility improvement track. Also, in the spirit of Ultralight, DG6 does ask users less questions than before. We try to make the decisions for them, not to offload the decision making to them.


    As for including Ultralight features into other products, it is too early to have plans on that. We just started the beta, and feeback from this beta program is very important for us, also to make the decisions on inluding features into other products. However, I do admit that everything you see in Ultralight AV has its chance to appear in other solutions.


      -- Alex


    F-Secure Ultralight Anti-Virus Development Team

  • etomcatetomcat Posts: 1,319 Superuser

    Dear Alex,


    Thanks for the insight!


    > From the technical perspective, indeed, Ultralight AV and SRS/SVCE have something in common. They both offload some of the scanning to the cloud or to an external server.


    The problem with this comparison is that F-Secure Corp. decided not to promote SRS/SVCE for use in non-virtualized workstation protection (reportedly because of lag issues at <10Gbps network speeds).


    This leaves corporate-institutional and SMB customers of F-Secure with the traditional FSCS / PSB protection, based mainly on the heavy-weight Aquarius engine. We have complaints about office people taking "coffee breaks" when the HDD light stays on, because they are already accustomed to how long signature updates take. Customers are seeing unpredictable performance spikes, that cannot be tolerated in any computers involved with manufacturing or control processes. Essentially it is a re-eanctment of the events, which resulted in the AVP->BD engine change many years ago.


    You really need to provide some remedy to business customers, be it a working CPU/HDD limiter or a hard second look at the use of OSA/SRS technology in the non-virtualized world. Being 6 months or more behind on the technology curve versus home-SOHO products, means FSC's corporate-SMB products customer base will erode even further.


    Thanks for your kind attention, Sincerely:

    Tamas Feher, 2F 2000, Hungary.

  • SimonSimon Posts: 2,661 Superuser

    OK, it's installed.  I'm afraid first impressions are not great.  Smiley Sad


    I'm trying to explore the product to see what I might be missing, but so far have found no settings, or anything particularly to 'explore'.  There appear to be no settings for types of scan, etc, or for Deepguard, unless I just haven't found them yet.


    The full screen desktop overlay is not displayed well on a dark background, and much of the text, particularly the scrolling text over the big green 'Protected' circle, is barely visible.  Maybe this is a transparency setting?  The Tutorial is virtually unreadable, even on a light background.


    There is no desktop icon, and on Windows 8.1, the program doesn't appear in the Programs list, so there seems to be no way to add one.  This may not be a particularly important issue for some, but I am used to having one - and why does the program not appear in the programs list?


    I'm not sure I really like the whole 'overlay' concept.  It's very different from conventional antivirus products, and will take some getting used to.  I will give it a couple of days, but at the moment, I don't really feel that this is a product I would use, and given the lack of banking / browsing protection, I feel that I am now less protected than with FS Protection, and if I were to keep Ultralight, I would be looking for other products to replace the 'missing' features from FSP, which kind of defeats the object.


    It also appears that my web browsing has slowed down since installing Ultralight, but I will have to run it for a while to make a fair comparison.


    A couple of positive points to make - it did install very quickly, and performed an initial scan in only a few minutes, finding some Adware that neither FSP or Malwarebytes had detected.  However, there seems to be no way to get any further details of the Adware, and this was removed without requesting a confirmation from me, which is a slight worry where possible false positives are concerned.


    Maybe I'm missing the entire point of this product, but it does seem perhaps a little too stripped down, and without banking and browser protection, I wonder who the product is actually aimed at?

  • AndyPAndyP Posts: 45

    Hi Simon, this is Andy, the Project Manager for Ultralight. Firstly, I'd like to thank you for posting your impressions of this product


    We're very interested in hearing comments related to the user experience we've created for this product, since it is indeed quite different to most of the traditional products out there. This is an experiment to see if we can come up with a more modern and intuitive way of providing a user interface for a security product.


    Related to the desktop icon and start menu items, this is something we were planning on adding down the road. We appreciate that this is standard behaviour for Windows applications. Our installer is bare-bones for now, but we hope that it provides enough access to the application (via the systray icon and Explorer contextual menu items) in order to test features.


    We have taken a different approach on settings for this product - we wanted it to be out-of-the-box ready for use and configured with default settings that will work for everyone, such that a customer can quickly and easily install the product and then go about their usual business without any impact from the underlying security layer. We're avoiding asking the user for input on any decision we can safely make ourselves. Since this product makes it simple to restore, and mark safe, files that have been detected, there's always an easy way to reverse any decision made by the product. That being said, we're looking for feedback exactly like yours in order to gauge whether this is a user-friendly approach.


    To address your concerns related to both the Browsing Protection and Banking Protection functionality, this product utilizes the same network scanning technologies that those features in FSP use. We probably made a mistake naming the product "Antivirus", since it is actually a fully-featured security suite. When visiting a malicious site, this product will block the site completely and show a flyer to the user. For sites with unknown reputation, we scan all web traffic and are able to block known exploits. We also scan all executable content arriving over the network and will block anything malicious in that regard. Although we don't show any flyers when visiting banking sites, we are still protecting all traffic as explained above.


    Please do let us know more about the potential false positive you encountered and whether this product has slowed your browsing experience.


    Once again, thanks for the valuable feedback!

  • SimonSimon Posts: 2,661 Superuser
    Hi Andy, and thanks for your quick response.

    So, with the Banking Protection in particular, does the new product isolate the internet connection, in the same way that I understand FSP does? Simply scanning web traffic doesn't offer a heightened level of protection for banking processes, does it?

    I understand that the product is in very early stages. I do feel, however, that perhaps the more technically advanced user may feel a little detached from the product, given the lack of user settings and options.

    I hadn't noticed the Restore or Mark Safe oprions with the removed Adware, so will look again for those. I think, perhaps, the general readability of the product needs some work, which may make such options more obvious. As I mentioned, the Tutorial itself is barely viewable at this time.


  • AndyPAndyP Posts: 45

    Hi Simon!


    You are correct - due to the fact that we're in the early stages of developing this product, we don't currently have the feature that isolates the web connection while you are in an online banking session.


    We're also aware that some of the messaging in the product is inconsistent, and we're working on fixing that. When an event labels something as "disinfected", it normally means that the item was deleted. An event stating that something was "removed" means that it was quarantined and therefore can be restored (you can see this behaviour by clicking on the "Want to see how Antivirus works?" button) . Not all malicious items can be quarantined.


    Thanks for your feedback on the tutorial. This is something we'll definitely look at improving in the future.


    As far as the lack of settings for specific security features, we feel that we're only providing real protection if we enable everything. This product has a new protection core that we're constantly managing and tweaking to provide both the best protection and lowest impact on system performance. Everything in this new protection core integrates together. It didn't make sense to us to allow certain protection features to be toggled on and off as it really wouldn't bring any additional value to the user.

  • SimonSimon Posts: 2,661 Superuser
    Hi Andy,

    I guess the 'everything on' approach is a sensible one. So, will the product eventually have the Banking Protection isolation feature, along with anti spam?

    Also, with regards scanning, how does this work? I notice there are no options for a full system scan, but, arguably, I wonder if that is actually necessary, given the 'live' protection aspect. What types of malware is the product looking for? By this, I mean is it more comprehensive than FSP, which doesn't always find PUPs or other Adware.
  • UkkoUkko Posts: 3,219 Superuser


    Sorry for my reply.

    Can be situation that your new detection about PUPs (which was ignored by FSP) - random? Or it's just comes to be known as "PUPs" (malicious/suspicious) just now?


    Because how I can to understands F-Secure ULAV will be with less detection about this. Such as - less advanced scanning (less behavior scanning) and etc. Also can be dropped some of detections, which can be related with cloud-check background.


    Also probably DeepGuard should be with less prompts... and there was words about false-positives (what if all detection by web-traffic scanning / on access scanning goes be around false positive - does it critical?! because I can to think.. it's better... because false-positive, but logical false positive).

    And for my opinion... more hard situation with "false negative"... which can to comes, where dropped some of advances settings (such as.. F-Secure ULAV can be with look as default settings of F-Secure IS, but also with dropped else one settings... for prevent false positives, but which close to be not always nice as less protection-level).

    And for example.... execution by "application under another application.... third code" should be prevented by DeepGuard 6?! Or it will be with too much logic around (such as... if there will be just launch of calc.exe as example or notepad.exe... all OK, but if something another - will be detection?).


    Sorry for my reply again. Just I can to think about current things with that meanigns.. and just based on my dreaming around potential design.



    About "features" and light-point. Potentially it's better, than WebRoot with a lot of strange features... which does not normally work. Or Qihoo.. with a lot of "not required" applications. Or another small cloud-based software, which simply can not to guarantee any high-protection points (without tricks, which they using.. and which enough for be "so so" protection).

  • AndyPAndyP Posts: 45

    Hi Simon!


    We're using this beta to validate both our new technology core and the user interface concept that we have built on top of it. The first thing we're going to do is refine the existing cloud scanning protection technologies. If we see customer interest in this particular product, we may add more protection functionality (such as the banking protection functionality you mentioned).


    As far as Anti-Spam goes, it is unlikely that we will add this functionality into the product in question. It is possible that an existing product of ours that already contains the Anti-Spam feature may, in the future, adopt the protection core used in this beta product.


    Scanning options are as follows:

    • System scan - a quick scan that checks the system for active malware
    • Real-time scan - scanning that occurs automatically when file operations occur
    • On-demand scan - a manual scan triggered by right-clicking on a file or directory in Explorer and selecting "Scan xxx". Note that you can start multiple concurrent scans using this method.

    You can manually scan a whole drive by using the third option above. However, we don't have a button that will scan all connected drives, so you'd have to kick those off manually.


    As far as what we're detecting, it is identical to our other products. The product will always act upon any malware it finds (either delete or quarantine), but should only report the existance of PUP. We did notice that a system scan will delete tracking cookies, so that's something we're looking into. The reason you may be seeing more detections in this product than in FSAV is most likely because of this tracking cookie behaviour.


    It should be noted that we do not send user-created content to the cloud for scanning. This means document formats such as Word, Excel, Powerpoint, PDF, RTF, etc. This is for privacy reasons. These are still scanned by our local engine. Our protection core contains an exploit protection feature that will prevent malicious documents from performing exploitive behaviour when opened by an application. This also protects your browser from being exploited.

  • SimonSimon Posts: 2,661 Superuser
    Hi Andy,

    To be fair, I could live without the anti spam, as I tend to use Mailwasher for that anyway, and as the firewall and parental controls in FSP are largely given over to Windows, I think that a more streamlined product could work, especially when it is more developed and refined. I do think the Banking Protection system should be included in Ultralight, as it does give the user an additional level of security and therefore more confidence in the product. Coming from FSP, I'd find it hard to live without that.
  • Hello

    How to clear quarantine and history?




  • SimonSimon Posts: 2,661 Superuser

    @Petrovic - How did you manage to create that screenshot?  When I try to do it, I get the screen underneath, but not the FS overlay. 


    I notice, similar to mine, that you don't have the 'Restore' and 'Show in Explorer' options under your first Virus, but it appears under the second entry.  The only 'System Infection' mine found was 'Adware:W32/WebInstallBundle', which it says was 'disinfected', but there are no options to Restore, or anything else.  This is why I am a little wary when a product takes everything into it's own hands.

  • yeoldfartyeoldfart Posts: 517 Superuser
    Having beta tested F-Secure 2015 AV in mid 2014, I just aplied a few hours ago for this ultra light version, I hope I'll be accepte again...
    Simon could you give ma hand ?
    thank you in advance
    best regards
  • SimonSimon Posts: 2,661 Superuser

    I'll be around, YOF, but there's not really anything much to lend a hand with.  Just make sure you uninstall your previous product before installing Ultralight.  Smiley Wink

  • yeoldfartyeoldfart Posts: 517 Superuser

    sure I am a big boy now Smiley Wink I was just starting to worry a little becaus I haven't got any answer since this afternoon, eager as I am to participate. Can you give me the dowload link ?

    but it is late now, got to go to bet

  • SimonSimon Posts: 2,661 Superuser

    No, each download link is personalised with the key, and accessed via your beta portal, so unfortunately you'll have to wait for approval. It was about 24 hours for me, so I would expect you to receive your email sometime tomorrow. If not, I'm sure Andy will read this and nudge things along for you.

  • @Simon 

    The "Restore" and "Show in Explorer" buttons will show up if you hover your mouse pointer over an entry in the list. However, these options will only be available if an item was quarantined.


  • AndyPAndyP Posts: 45


    We have two separate removal mechanisms in the product - one that moves items to quarantine and another that performs the more tricky "system disinfections". If a threat is removed by the latter mechanism, it is completely removed from the system. Since there was no way to quarantine it there is no way to restore it. In these cases, you will likely see an event flyer that states the item was "disinfected" (as opposed to "deleted").



    A new round of approvals should be happening within the next few hours, so hang in there! We're eager to get a lot more people into this beta!

  • yeoldfartyeoldfart Posts: 517 Superuser

    hello and thank you Simon, pleased to be in touch again

  • yeoldfartyeoldfart Posts: 517 Superuser
    Hello ! pleased to know you, I'll check regularly :)
This discussion has been closed.