F-Secure Ultralight Anti-Virus

1246

Comments

  • Simon
    Simon Posts: 2,667 Superuser

    @Ukko wrote:
    About firewall; potentially there available to be addition layer.. not just a firewall. But which features you want to use with any other third party firewall? Such as.. which features can be important as additional? (it's just interesting for me, sorry).

     

    It's not really that I want extra features, it's more out of curiosity and interest as to whether the option is now possible.  To be honest, I don't even know if it might have been OK to install a different Firewall with the IS and FSP suites, given that they use Windows Firewall anyway, but I would have thought it a little 'dangerous' with those products.  Seeing as ULAV has no Firewall component, there presumably wouldn't be anything for a third party Firewall to conflict with, although, the reason I asked about Comodo is that it appears to have a feature similar to Deepguard, and I wondered if that might cause problems. Seeing as we're testing this product, we might as well try to break it!  Smiley Very Happy

  • yeoldfart
    yeoldfart Posts: 556 Superuser
    hydra version is 1418661663 could it be the latest ? I'm puzzled, can't sort it out wether it's a global manual update or correponding "service" update....
  • Ukko
    Ukko Posts: 3,611 Superuser

    --------------------

    It's not really that I want extra features, it's more out of curiosity and interest as to whether the option is now possible.  To be honest, I don't even know if it might have been OK to install a different Firewall with the IS and FSP suites, given that they use Windows Firewall anyway, but I would have thought it a little 'dangerous' with those products.  Seeing as ULAV has no Firewall component, there presumably wouldn't be anything for a third party Firewall to conflict with, although, the reason I asked about Comodo is that it appears to have a feature similar to Deepguard, and I wondered if that might cause problems. Seeing as we're testing this product, we might as well try to break it

    --------------------

     

    I think it possible. But it's possible with FS Protection too. :)

     

    Spoiler

    There just can be points: do you ready to get some of conflicts around and created exclusions rules (which can be time to time... not common steps as "visible"-ones) for both of protection-software.

    And if current company goes be with troubles around "design".. it's can be funny drivers, which can be a reason for crashes :)

    And there will be without big dfferent about FS Protection and F-Secure ULAV.

    Most risk-modules close to be same (for my opinion). But also for my opinion - Gemini (under FS Protection) can be additional point for potentially trouble-points. With F-Secure ULAV it can be not so hard with that reason - so there.. indeed can be interesting (and I also already was with some of solutions around check with same points, but I have certainly known "features" - which I can to get just with one of solution and not really known something else same - which can be trusted for me).

     

    About "Comodo" HIPS or Application Control. It's can be.. but for my opinion DeepGuard better. Such as -> more protection, less false-positives.

    With angry-style of HIPS, Application Control, Whitelist-based or Behavior- (and Reputation)-based protection.... can be interesting and can be safe around, but it's take so many "attention" and user should be worry about each of steps (when it's auto-mode.. anyway.... you want to check it and check probably; but if you don't want to check.. why not to choose something, which just work and created just important prompts as DeepGuard).

    And current one "good protection with a lot of false positives" comes with many of big security companies. But all of them... not really better, than DeepGuard (as default one) for my opinion.

     

    Such as... you can get super-protection, but I'm not sure.. that COMODO and F-Secure ULAV can be best of solution. Such as COMODO - close to strange one realization (and some of new versions can be with some of new points, which can be as conflict-things for using with F-Secure ULAV).

     

    If you want to real-break story.. maybe need to check F-Secure ULAV and EMET 5.1 :)

     

     ==========================

     

    --------------------

     hydra version is 1418661663 could it be the latest ?

    --------------------

     

    About Hydra - probably it latest ones.

     

    Spoiler

    And also .... manual "check updates" under UI - should be as re-check for updates (as global checking for all modules).

    Auto-updated should be as "scheduled" something and probably it's should be with short-time checking. Because it's cloud-based and it's should be with a lot of "updates" (not as part of engine maybe); but anyway - should be up-to-date each hour (or less). If auto-check does not paused by something important. Maybe F-Secure ULAV have logic.. and if you with high network-usage or playing (or other such as watching video; or other reasons for full-screen) game...  it will be detected.. and downloading updates goes be with "delay".

     

     

  • yeoldfart
    yeoldfart Posts: 556 Superuser
    thank you, I'll check tomorrow
  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Hi all!

     

    As Ukko correctly pointed out, the "Check for Updates" button will check for all updates, not just the one associated with the update in that event. The reason we added a "Check for Updates" button in the events and not separately in the UI is that a majority of our users don't tend to need this button at all. However, we needed it for testing and we figured some of the more techie users would appreciate having it.

     

    As far as installing a 3rd-party Firewall alongside this product, we haven't tried it ourselves, but we would assume it would work fine. As mentioned, our more recent products simply configure the built-in Windows firewall anyway. I'd say give it a try and see!

     

    As far as interoperability with other AV software, this is a tricky situation. We have installed this on systems that already have Windows Defender active, and both security solutions work in parallel. However, since they're both essentially fighting with each other to do the same thing (block file access, quarantine, etc.), results can be unpredictable. Sometimes Windows Defender will deal with a malware first, other times it would be our software. This is why we recommend simply running one AV suite.

     

    In the case of existing F-Secure software, Ultralight does have some actual conflicts, which we are resolving. This new product contains some reworked versions of existing components and this is where conflicts may occur. This is why we currently detect the existence of our own products during the installation of Ultralight.

  • yeoldfart
    yeoldfart Posts: 556 Superuser

    @AndyP  thank you

  • yeoldfart
    yeoldfart Posts: 556 Superuser

    is there any preset hydra update frequency ? I started my rig this morning at around 08H30 ULAV kept the yday Hydra, I successfully updated it by hand: is there any automatic schedule ?

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    It should be with automatic schedule. And potentially with short-time checking (if there dropped all "limitation", when updates can be paused / with delay or something same).

     

    Spoiler

    Simply Hydra-engine can to updated not so often - how you want.

    Such as - weekend can be with silence about updates.

    Workdays... usually can be "each hour" update per certain business-hours.

    And it's can be around nine updates per day for Hydra-engine (or less, or more around).

     

    For F-Secure ULAV it's probably different now, but for "stable"-solutions you can to check F-Secure Dbtracker about updates. It's certainly different one, but... it's can be with same "meanings around" for understanding.. that there "manual-automatic"-work around  for creating updates.

     

    About your situation - probably there should be just one new update for Hydra-engine (and maybe it not happened automatically.. because goes be "logic"-work for prevent network/system stuck for prevent something, which can be overload or something same); or simply last one... around night (Little addition - OK :) or else one.. right now, or else one as just manual re-check.. which related with your story; and it should be third update for Hydra today. But... such as.. if you missing some of them - it will be from first... just latest one already (latest updates for Hydra engine as "one" downloading).)

     

     

  • yeoldfart
    yeoldfart Posts: 556 Superuser

    hello !

    strange though, as I tried a manual update right now (09H13) and Hydra updated again... I assume I should have had an automatic update since previous one @ 08H00 ... This makes me think the automated update is down for some reason.

    Am I wrong ?

  • Ukko
    Ukko Posts: 3,611 Superuser

    Can be situation, when updates comes just with your "9:01" (or later), but automatic-check was "9:00"  (when new updates not comes yet) - but it's not likely. :)

    Or simply with another words - it was planned to be automatic published around "10:00" (or "9:10" / "9:30" as example), but you trigger it right now.

     

    I also can to think that F-Secure ULAV can to be with delay / pause... if system under overload/network usage or other (such as you have laptop and it under battery-charge or specific mode of usage). It's can be that... automatic-check updates can be "dropped" or missing - but not likely "as stable-behavior" (just if conflict with another software - it's can be.. such as F-Secure ULAV updater goes to check updates and something prevent it....  and happened time-out - if it's possible).

     

    Or during installation goes something wrong and automatic-schedule-point goes be "not configured". You should try to ignore "manual"-update feature and wait some hours. For get automatic-ones. It should be comes  and automatic-update should to get it.... per short-time of re-checking. But need to wait when new updates comes again.

  • Simon
    Simon Posts: 2,667 Superuser
    Even if updates are scheduled to be pushed out at certain times, shouldn't the product automatically check for updates when it is launched, ie, when you start up the machine?
  • Ukko
    Ukko Posts: 3,611 Superuser

    Probably it should be with automatically check during launch system. But:

     

    -> what if there TOO MUCH MANY updates.

    -> overload.

    -> something else.

     

    With Aquarius-engine (and main F-Secure solutions) as most hard part of "updates" downloading/installing can be next behavior:

    -> ignored at launch (as delay for check later.. when will be more good situation around usage drive, network, CPU);

    -> downloading by parts (time to time) - not sure how it works and can it's be or not - but probably yes (such as download some of recent.. but after that most of fresh).

     

    With Hydra-engine and F-Secure ULAV can be same situation. It goes to check (automatically) with launch of system, but what if there goes be time-out, prevented something or simply network connection was dropped (because too much high usage per moment)? It's maybe goes be with delay.

    Or it's can be with check... after five, ten or fifteen minutes.

     

    Anyway... we talk just about re-check updates. And it's can be each three minutes as example. Such as does not take a lot of resources. Such as ... launched services - triggered "automatic check updates". Probably during launch system. most of software goes to re-check around.

    But certainly downloading and getting updates.. can be just if they published recently :)

  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Ultralight beta is currently configured to check for updates every 10 minutes.

     

    The frequency of Hydra releases is not static - we push out Hydra updates when we have new detections. Typically there are a handful per weekday and less on the weekend. The latest Hydra update for today seems to have arrived at about 10am this morning.

  • Simon
    Simon Posts: 2,667 Superuser
    Thanks, Andy. :)
  • yeoldfart
    yeoldfart Posts: 556 Superuser

    @AndyP 

    good to know, thank you

  • mcair
    mcair Posts: 3

    fs ultralight blocked  a link  in google search box by pasting it ,not even clicking, that's great

  • yeoldfart
    yeoldfart Posts: 556 Superuser

    ULAV proposed to block a few URLS's that I definetely trust, so I allowed them, in such a case of false positive does my decision to trust and allow them feed the cloud database or is it a lost info ?

  • Ukko
    Ukko Posts: 3,611 Superuser

    I think user's decision about "allow" stay with user's device. And probably it's OK design.

    Such as.. current "whitelisting" can be with "exploit"-actions with some of situations (such as... there reason.. why WOT or same things it's not really helpful time to time).

     

    But you able to use next one link -> https://analysis.f-secure.com/ (F-Secure SAS / F-Secure Labs);

     

    And you able to register there (for get response) and create ticket about false-positive pages. Or just as "re-check"-ask - if there have reasons for malicious rating (or suspicious. Block-page with current F-Secure ULAV as malicious-description can be about "suspicious"-rating too; And I think it's nice design also; with FS Protection or F-Secure IS probably "suspicious"-rating it's not a reason for blocking page - and it's not nice). I also have a lot of URL-examples (with F-Secure ULAV it happened more often and also because some of pages was "blocklisted" by FS Protection and content blocker....  and some of points was not visible as blocked), which looks like false-positive. But I not sure.. that it's can be false positive in fact (I think there wrong interception of exploiting or phishing tries). But I mean just current URLs (which I met).

  • yeoldfart
    yeoldfart Posts: 556 Superuser

    thank you Ukko, in this case it was the url of my vps-seedbox-vpn supplier which I use for long and is 100 % safe, I was wondering wether ULAV database uses my info to reclassify this site (or any other one) as safe.

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    I think... that with current points.. there can be not nice design (description later) and normal one (such as... if it will be related with user's decision. So.. virusmakers able to use F-Secure ULAV and whitelisted some of malicious websites and it will be marked as whitelisted under Security Cloud.  So... sharing whitelist/allow decisions between users - not really nice (and certainly not nice - if it can be used by Security Cloud as main-factor). But there can be a lot of good points with sharing about blacklist/deny decisions by users - but it's not really available with current design of F-Secure ULAV).

     

    Such as... I think it's not really related (but basically... it's can be as part of metrics) with "Security Cloud and your decisions usage".... Because... it's can be same with websites, which not rated yet.

    So.. you available to visit page.. years.. and it will be not rated. You able to visit current page.. each day.. but it's will be not rated. Such as.. it's does not trigger any checking or "points" for start be known or need to re-check it.

    Basically.. if it's not work with "unknown" rating. Will be strange if Security Cloud able to work with "allow" decisions about malicious ones... if most common steps for re-classify reputation/rating... it's transferring URL for F-Secure SAS (previous link).

  • Simon
    Simon Posts: 2,667 Superuser
    As a potential temporary substitute for Banking Protection, I tried to install the free Bitdefender SafePay app this evening, which claims to be compatible with other antivirus products. However, I kept getting an error saying that the application cannot start because "mfc100u.dll is missing". I've tried some fixes I found online but nothing has worked so I gave up. Could this be a conflict with ULAV?
  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    But do you have "mfc100u.dll" with your system? :)

    Probably it's can be broken installation around Visutal studio components and can be related with any software (which can to use it).

    For example... with current system.. I have two variants (default ones) and else one by younited.

     

     

  • Ukko
    Ukko Posts: 3,611 Superuser

    So.. it's work with my one of devices... and F-Secure ULAV can be not a reason/conflict (or not always it's can be).

     

    Like additional (after short looking around... and removing):

    Forget to check with URLs, but notifications about malicious files (as web-traffic prompt by F-Secure ULAV) will be not visible under Bitdefender Safepay and file prevented to be download (with freeze-thinking status under Bitdefender Safepay). Without any visible conflicts between F-Secure ULAV and Bitdefender Safepay per short time (around hour of usage; some restarts and some of common actions for getting potential conflicts and looking for "banking protection" solution).

     

    But anyway... Bitdefender SafePay some kind of strange solution and not all realization looks like good (and a lot of missing with features-status of work).  You maybe able to get something more interesting.... if it's indeed can be needed-reasons. Or something more "combat" :)

  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Just to clarify, any whitelisting decisions a user makes on an object (file, url, etc.) is locally cached only. We do not send this data to our servers, nor use it to apply whitelisting/blacklisting decisions for other users.

     

    Regarding the mfc100u.dll problem, this is not a conflict with ULAV. Most likely you need to apply a Microsoft Visual C++ Redistributable package to your system for the appropriate architecture.

  • Simon
    Simon Posts: 2,667 Superuser

    @AndyP wrote:

    Regarding the mfc100u.dll problem, this is not a conflict with ULAV. Most likely you need to apply a Microsoft Visual C++ Redistributable package to your system for the appropriate architecture.


    Thanks Andy, I did that last night, but the error still appeared.  Think I'll probably give up on that one.  

  • yeoldfart
    yeoldfart Posts: 556 Superuser

    @Andy 

    thank you, that settles the question about white/blacklisting, btw still quite happy with ULAV on my W 8.1 x64 rig

     

  • yeoldfart
    yeoldfart Posts: 556 Superuser
    @ Simon
    did you try re-installing visual c++ 2010 ?
  • Simon
    Simon Posts: 2,667 Superuser

    @yeoldfart wrote:
    @ Simon
    did you try re-installing visual c++ 2010 ?

    Yes, several times.  But I didn't try fully uninstalling and reinstalling, as each time the installer said that all issues had been fixed, so I assume it ran as a repair, rather than a reinstallation.   

     

    I've had issues installing Bitdefender products before, and their support is virtually non existent, so I won't be spending too much time on it.   

  • yeoldfart
    yeoldfart Posts: 556 Superuser

    @Simon 

    may I suggest installing it completely, run CCleaner 5.0 on the registry, reboot, reinstall that C++ ?

     

     

  • yeoldfart
    yeoldfart Posts: 556 Superuser

    question to all: do you experience this too: the search area on top of gui does not accept anny input, said in other words: no way to type anything in ?

This discussion has been closed.