Reporting a Vulnerability almost in every single F-Secure Products

Hi Developers and other friends in Community :)

 

just do a simple test in any F-Secure products, with my Instruction:

 

press Windows+R ( open Run ) on keyboard together, type Services.msc then tap on enter ,

ok we now can see (find) all of f-secure services which is normal , obviously they should be running.

BUT ! here is the dangerous Vulnerability, just try to Stop and Disable all of F-Secure related services , easly easly they all can be stop and disable, and then your f-security is gone. you are unprotected, i like to put a plus here

+ another vendors i tested this .... with them and all of them deny the request about disabling their services.

how i found out about this Vulnerability ? i'm reading PcMag reviews for F-Secure products about 3 years.

and in every review, reviewer noticed this Vulnerability, no fixing ! so i hope this topic in your forum,F-Secure :) got a result Smiley Wink

 

 

Best Regards,

Parham

Best Answer

  • gancalgancal Posts: 23
    Accepted Answer

    Hi MrParham,

     

    Thank you for bringing this up to us. For future bug reports, please do contact us by sending an email to [email protected] with details for further investigation.

     

    As for the issue you've raised up in this post, we do not consider this as a vulnerability in our products. Disabling F-Secure services (or any other services) through the Services Management Console interface requires admininstrator privillege. It is not possible for a limited account user to stop a service (including F-Secure services) without providing an administrator credentials.

     

    It is likely that your current user account is already an Administrator account hence the ability to stop any services without the UAC prompt as Windows skips the elevation if you are already in the administrator group. If an attacker has access to an administrator account in your machine, they could likely perform any other task too than just disabling the AV.

     

    If however you have method to disable any F-Secure services without using an Administrator account through the services.msc interface, we would like to hear more from you. Please do provide us with details (steps to reproduce or PoC if available) and send them to [email protected] You could be rewarded too if the issue you raised to us is a valid vulnerability.

     

    Hope this reply helps clarify the situation. If you have questions, please do post them and I'll gladly answer you. Till then, have a nice day! Smiley Happy

     

    Regards,

    Calvin Gan

    F-Secure Security Vulnerability Expert

    UkkoKirafscMrParhamJimijamteeschmid

Comments

  • SimonSimon Posts: 2,587

    Thanks for reporting this.

     

    I'd be surprised if it was quite so easy for a malicious program to disable F-Secure in this way, but it would be interesting to hear what the developers / tech guys have to say about it.

    MrParham
This discussion has been closed.