gancal F-Secure Product Expert

Activity Highlights

1 Discussions started
28 Comments posted
101 Points earned
14 Solutions given

gancal F-Secure Product Expert

About

Username
gancal
Joined
Visits
6
Last Active
Roles
FSAccount, PartnersAndResellers, MyAccount, FSEmployee, FSProductExpert
Points
101
Posts
29

Comments

  • @JohnWick , thanks for raising it up and we definitely understand your concern regarding missing detection. Rest assured, I can verify and confirm that the file you linked is currently detected by us as Malware.W97M/Dldr.Agent.vvwhk. While VirusTotal is a good tool to get an indicator of the status of a sample, the way…
  • Hi @memika , Good day to you and thanks for reaching out! While specific information regarding the exploitation of CVE-2021-40444 is still being investigated, we have ascertained that our Capricorn engine in Endpoint Protection products is able to detect known malicious samples in-the-wild with the detection name…
  • Hello @mrF , Good day to you! We have now been notified that the revised version of the paper has now been released and can be accessed from the following links: https://vx-underground.org/papers/VXUG/Mirrors/APT_assessment.pdf Feel free to let us know if you have more questions :) Have a great day! Regards, Calvin Gan of…
  • Hello @mrF , Thanks for reaching our to us and sorry it took a while to get back to you! On 9 July George Karantzas (Information Management System Institute, Marousi, Greece) and Constantinos Patsakis (Department of Informatics at the University of Piraeus, Greece) published a paper titled “An Empirical Assessment of…
  • @1lluminate, thank you for the response! As you've restored the system to a previous backup, please do let us know (with a new FSDIAG to Submit A Sample page) should you face the detection occurrence again. Have a great day! -Calvin Gan
  • Hi 1lluminate, My name is Calvin from the Tactical Defense Unit in F-Secure. There is a likelihood that the detection you are seeing is a false positive based on your description. Can you submit the generated FSDIAG (or a fresh one) to us so that we can analyze it further and potentially locate the file causing the alert?…
  • Hello all, I just realized I have not provided an update regarding this issue. Sorry about that! I would like to confirm that we have deployed detection in DeepGuard to monitor/block processs spawned from Powershell. We have monitored the detection for a period now and have not faced high rates of false positive, hence the…
  • Hi Parham, First and foremost, we would like to thank you for bringing this video up to our attention. Our Labs analyst is still studying and fully understanding the test case, attack vector plus detection coverage based on the video. At the moment, we are unable to provide you with an ETA on when we have something…
  • Hi Parham, Thank you for reaching out to us in our Community with your concerns. Allow me to address your questions regarding DoubleAgent. 1. We decided not to publish this statement but only provide them when needed because while this Proof-of-Concept provides an interesting academic exercise, it is not a new threat to…
  • Hi MrParham, Thank you for bringing this up to us. For future bug reports, please do contact us by sending an email to [email protected] with details for further investigation. As for the issue you've raised up in this post, we do not consider this as a vulnerability in our products. Disabling F-Secure services (or any…
  • Hello MrParham, Welcome to our F-Secure Community My name is Calvin and I’m the primary contact for security vulnerabilities concerning F-Secure’s products and services. Posting a topic in Community, creating a support ticket or contacting Support are some ways where you can report a bug about our products to us.…
  • Hi ankontini, For starter, you can look into high level programming such as C/C++. The idea behind learning this is also to identify how a typical software structure will look like when coded. In the course, you will most likely learn to do secure coding hence the basic understanding is needed. For scripting language, I…
  • Hi andrewfd, Good day to you! The vulnerabilities discovered by CheckPoint are on the phone chipset itself which F-Secure does not protect against. However our malware analyst team is already on the lookout for malicious samples which tries to use these vulnerabilities to gain access to a device. Detection will be made…
  • Hi Everson, Thank you for bringing this to our attention! Our analyst have received your submission and are currently working on analyzing the submitted samples. We will keep you updated with the progress through the Support ticket you have created. Thank you for your patience in resolving this case. Please do not hesitate…
  • Hello Josh4200, My name is Calvin, and I’m the primary contact for security vulnerabilities concerning F-Secure’s products and services. With regards to the article you posted, we were made aware of it earlier and we are pleased to inform you that Freedome is not affected by this issue. No action is needed from our users.…
  • Hello whitefox, Good day to you and thanks for bringing this up for everyones' attention! The Logjam attack described in the paper is not new as it was already made public back in May. F-Secure has already taken all the necessary steps to update our servers to not only rely on DHE cipher suites when the news broke. Though…
  • Hello alpacat, Good day to you and welcome to our F-Secure Community! My name is Calvin, and I’m the primary contact for security vulnerabilities concerning F-Secure’s products and services. We would like to thank you for bringing this issue to our attention and would also like to inform you that our Freedome development…
  • Glad to be of help. :) p/s: Something more recent, Upatre family might be of interest as well.
  • Hi nickth93, I guess you're looking at more into polymorphic viruses as well? Sality would be a good candidate or any Mystic compressed files. Some interesting SHA1 hashes (unfortunately we won't be able to share samples with you directly) which you can search in VirusTotal or Malwr.com with regards to Mystic:…
  • Hi Jack, I believe upon running those additional programs, there are no longer malware detection appearing? If there is none, then that should be a good sign and we would not require any logs. However should you still require assistance, please do not hesitate to contact us. Have a great day! Best regards, Calvin Gan…
  • Hi Jack, As mentioned in the previous reply, the Microsoft detection that you saw is detecting only flash files and is not related with the keylogging trojan that could possibly be in your machine. In order for us to help you troubleshoot further, can you kindly create a support request here with the FSDIAG attached?…
  • Hi Jack, Good day to you! Allow me to respond to your feedback. The detection you are seeing from Microsoft is related to Adobe Flash Player exploit files (SWF extension) and F-Secure detects similar exploit files as Exploit: SWF/Salama.T. We have investigated further upon seeing your post in Community and there are indeed…
  • Hello Jachym, Good day to you! My name is Calvin, and I’m the primary contact for security vulnerabilities concerning F-Secure’s products and services. With regards to your question about the latest OpenSSL fix and our F-Secure business products, allow me to respond to you: * F-Secure corporate server products (Policy…
  • Hi Alpengreis, My name is Calvin, and I’m the primary contact for security vulnerabilities concerning F-Secure’s products and services. With regards to your inquiry, we are aware that the OpenSSL version used in the product is currently not the latest build. The component was not updated because the vulnerabilities as…
  • Hello Costas, Our apologies for the confusion caused from the security advisory. We will update the advisory with a more conscise information to avoid further confusion. In the meantime, here is the updated instructions for both IGK VA 5.20 and SRS VA 11.00. * Download and re-install the latest version of the appliance. *…
  • Hello Costas, My name is Calvin and I'm the primary contact for security vulnerabilities concerning F-Secure's products and services. With regards to your inquiry, allow me to respond to you. * All supported version of F-Secure Messaging Security Gateway products are affected and we are currently working on releasing a…
  • Hi Rusli, Thank you for bringing this up to us! Here you may find our official statment regarding the article. Regarding the vulnerabilities in F-Secure products found by Mr. Joxean Koret: The vulnerabilities were responsibly disclosed to F-Secure during the spring of 2014. We worked together with the researcher to analyze…
  • Hello Blackcat, Thanks for bringing this up to us. We are aware of the vulnerabilities in our product engine and have released fixes for them in the latest database update. Our customers do not need to manually apply hotfixes or patches as this was done through our normal database update channel. We at F-Secure is taking…