cancel
Showing results for 
Search instead for 
Did you mean: 

F-Secure 12.10 - virus detection as a trigger

SOLVED
Highlighted
Scholar

F-Secure 12.10 - virus detection as a trigger

Hi, 

 

is it possible to set some additional action to be triggered in case of virus detection? To be more precise - i've got a script that i'd like to be run on each virus detenction - how can this be done? And if it can't be done - is virus detection reported somewhere? Like, for example, windows event viewer? 

1 ACCEPTED SOLUTION

Accepted Solutions
F-Secure
F-Secure

Re: F-Secure 12.10 - virus detection as a trigger

Virus_detection_event.png

Here is the example of virus detection event.

10 REPLIES
F-Secure
F-Secure

Re: F-Secure 12.10 - virus detection as a trigger

Hello freedomsarge,

 

Triggering of additional action is not supported in current versions.

By default, virus detection is reported to Policy Manager, to event viewer Application log as a Critical event, and to c:\Program Files (x86)\F-Secure\Common\LogFile.log.

In addition, you can configure sending a email notification.

 

Best regards,

Vad

Scholar

Re: F-Secure 12.10 - virus detection as a trigger

Hi Vad, 

 

thank you for the information - so i can create a windows scheduled task triggered by this event - could you please give me some details about it? Unfourtunately i don't have any PCs after such detection (we reinstall them ASAP). 

Superuser

Re: F-Secure 12.10 - virus detection as a trigger

I think this is what you are looking for:

 

https://community.f-secure.com/t5/Business/On-demand-scanner-fsav-exit/ta-p/20254

 

from inside a script

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de

Scholar

Re: F-Secure 12.10 - virus detection as a trigger

Not really - i don't want to run the scan manually from the script - i want it to be triggered by the "Virus and spyware scanning" that runs in background. So i can set up a scheduled task in windows using a GPO - but i need to know how to recognize this event :) So a screenshot from Event Viewer with such event would be all i need :)

Superuser

Re: F-Secure 12.10 - virus detection as a trigger

Every detection is recorded to Event.log as well. So if you are not keen on immidiate action a scheduled JOB that checks the eventlog might do the job.

Just to serve my curiosity: what exactly do you want to do after a detection in that script?

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de

Scholar

Re: F-Secure 12.10 - virus detection as a trigger

I want to disconnect the PC from company network by disabling all network interfaces:

Get-NetAdapter | Disable-NetAdapter -Confirm:$false 

 

and disaply a message to user: 

$wshell = New-Object -ComObject Wscript.Shell
$wshell.Popup("Virus detected - all network connections have been disabled.")

Superuser

Re: F-Secure 12.10 - virus detection as a trigger

"Not a good idea" I would say.

 

1) a found malware is a blocked malware. No need to worry after this point.

 

2) Even in regular work many malware is found and killed from Temorary Internet Files. You would not like your users to be cut of the network on every event! don't forget you need to go there to reactivate them.

 

3) False Positives happen. But F-Secure is very quick in handling those. This happens throu the reputation network. By cutting network connectivity you would loose any control over the system. It can neither be updated, unquarantined, nor can the "fixed detection" be provided by ORSP.

 

Finally. What would you win by cutting conectivity? A system that has successfully protected itself from malware will be taken out ouf business and the user is stopped from working, maybe even loose documents he is just working on. OTOH systems that don't even realize that they are corrupted stay online. A "conficker" infection in your organization would render all systems unusable except the one that failed to detect the malware.

If you still want to implement something use the F-Secure Firewall and activate the ruleset "Network Quarantine" that will restrict the traffic to PMS/F-Secure and you keep the system under controll.

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de

Tags (1)
F-Secure
F-Secure

Re: F-Secure 12.10 - virus detection as a trigger

Virus_detection_event.png

Here is the example of virus detection event.

Scholar

Re: F-Secure 12.10 - virus detection as a trigger

@MJ-perComp - the company policy says to force shut down that PC and reinstall it ASAP. So cutting the connectivity is just an additional protection - though i know it may be a little bit too... hardcore for most companies :) 

 

@Vad - thank you, that's what i was looking for!