When can we expect "Boot Time Protection"?

Pankaj1
Pankaj1 Posts: 12 Observer
edited March 2022 in Feature Requests

Hi,

 

It is becoming very important these days to have "Boot time protection" or some kind of "Preferential Loading at startup of Windows". None of the F-Secure consumer products have this feature. There are certain videos on youtube which show the importance of this feature. In one particular video the F-Secure's much capable DeepGuard is immediately able to protect against a ransomware/malware sample (but this malware sample creates a daughter .js file and a startup entry for this .js file), but due to the absense of "Boot Time Protection" is not able to stop the encryption of the user files (caused by the execution of the .js file at startup). By the time F-Secure was fully up and running after startup, user files were already encrypted.

This is a must have feature and I think F-Secure team should add this to its products on a priority basis. I believe that F-Secure is one of the best products out there (I just love its DeepGuard) and am pretty sure that F-Secure's team will definitely take some positive action on this.

 

Thanks.

9
0 votes

Completed · Last Updated

Comments

  • Parham
    Parham Posts: 103 Enthusiast

    F-Secure don't have Boot Time Protection ?!

    +1 from me ! its a need, it is not just a feature, it's something necessary!

  • betoche
    betoche Posts: 49 Observer
    yes, its necessary :)
  • Parham
    Parham Posts: 103 Enthusiast

    https://www.youtube.com/embed/Y1wTfTKjBQ0?wmode=opaque

    an example which F-Secure will fail becuase of lacks of Boot Time Protection! system will infect with Ransomware in startup..

  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Thank for for informing us of this. After seeing the video, it looks like the method of the testing is not reflective of how ransomware enters the users' computer in the real world. And I'm emphasizing this because the malware's method of entry into the user's system is also part of how our detections work. Typical ransomware nowadays come in via spam emails. A minority is also propagated via exploit kits, malvertising and other web-related infection vectors. So if there are files that are coming in from those potential infection vectors, our detection layers have an extra layer of suspicion that is attributed to that file and it will most likely be detected.

     

    That being said, the testing done in the video started with the file already in the system. The infection vector is not in the picture anymore and as such, all our network, web traffic and additional data for our Deepguard, is not available anymore. And in the real world, these ransomware files will not just appear that way. So in this testing, the only parts of the products that are tested are the file detection layers, and some parts of Deepguard. So in a way, this is not our product's full potential in protecting users against ransomware in the real world.

     

    That being said, I've had a quick discussion with some of our engine developers, and we will still schedule an investigation into how we can load the product early enough without sacrificing performance. But of course we will also balance this if having this will truly give real protection for our users, or if the existing layers of protection are already sufficient when a ransomware arrives into the system via the channels it uses.

  • Parham
    Parham Posts: 103 Enthusiast

    Thanks to You dear @Chris_x10

     

    i am not that much good in English , so if i did underestand correct, i'll appreciate that if you confirm it,

    you want to do an investagion on this matter to see if it's possible  add this feature and in the meantime keep F-Secure Performance good right?

    about this i personally as your home customer, have no problem with a little bit more protection, my system startup time increase 5-6 seconds!

     

    "That being said, the testing done in the video started with the file already in the system."
     you know that DeepGuard and F-Secure other technologies cannot protect us against 100% of cyber threats right? the same thing with any other cyber security solution exists. so imagine this Ransomware Penetrate to your Customers's systems as a Zero-Day. well what happens? DeepGuard will block it and then? system still is infected and once user restart or reboot it's cumpoter.. well i'm sure we won't that.

    "or if the existing layers of protection are already sufficient when a ransomware arrives into the system via the channels it uses."

    this is something really sure that Ransomware as a Zero-Day, will arrives to user system somehow finally. so again, the story is the same.

     

    at the end, Keep us Update please in this matter.


    Thank You!

  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    @Parham: Even with zero days the files won't just automatically emerge in the system, there is still an infection vector. Whether it's browser and browser plugins exploitation, network shares, and the like. Every method of delivery of the malware into the system is still additional information that Deepguard can use. And Deepguard does use this delivery information. This is what I meant by real-world testing, to include the method through which the infection really happens.

     

    With that in mind, I am not really worried. But of course, every single layer of protection adds to the level of security.

  • Parham
    Parham Posts: 103 Enthusiast

    Thank You dear Chris for the clarification.

    " every single layer of protection adds to the level of security."

    then we await to see this layer ( Boot Time Protection ) in F-Secure Products.

     

    Thank You for care about our protection.

  • Parham
    Parham Posts: 103 Enthusiast

    Hi

    Excuse me i forgot to ask

    is this request under consideration corrently? becuase it's status had not any changes..

    Regards,Parham

  • Laksh
    Laksh Posts: 4,224 Former F-Secure Employee

    Hi Parham,

     

    We are still looking at the possibility of this request. I will change the status once we have a clear idea about it.

  • betoche
    betoche Posts: 49 Observer

    I think we can cover f-secure with MBRFilter by Cisco Smiley Tongue right?

  • Enfcmedic384
    Enfcmedic384 Posts: 181 Enthusiast

    Please also add Boot time protection for the client F-Secure Total Security for PC, F-Secure Safe for macs and of course for all customers on the SENSE router.

  • Nordic66
    Nordic66 Posts: 1 New Member

     Hi. I really wonder why F-Secure not having boot time scanning. There are many tests and videos that shows it`s importance. I have Kaspersky Free installed now on my computer , but have several years had F-Secure  from my ISP. I would really want to have F-Secure on my computers but wont buy it unless it fixes the important boot time scanning. I´m sure there are lots of customers that want this feature, and it would make F-Secure one of the absolutely best AV.

     

    MVH   Stan

  • F-User9
    F-User9 Posts: 13 Enthusiast

    This was originally suggested over 2 years ago.  Has boot time protection been implemented in F-Secure Safe or other home versions?

    If not, why not?
    This is a 100% necessary feature. If it is not available in F-Secure, I will move on to one of the MANY competitors which has had this feature for years. Thank you.

  • Cale
    Cale Posts: 288 F-Secure Product Manager


    Yes, "ELAM" (early launch malware) driver support was implemented back in 2018.

    -Cale

This discussion has been closed.