Deleting files wihtout quarantine (false positive)

Scholar

Deleting files wihtout quarantine (false positive)

A while ago I lost an older application that I purchased a while ago because FSecure deleted the file wihtout confirmation or putting it into the quarantine first.
I was also unable to use the backup, because the file was deleted from the backup disk, too.
O.K. put it to the list of lost stuff, but I was not happy.

But now FSecure start to drive me nuts. I'm a developer and after compiling one of my applications it's deleted immediately from the harddisk because FSecure think it's harmful (it isn't, of course).
(I'm working on this application for a while now, but the strange behaviour  started with the latest changes).

I must create fake files for all folders I want to copy the file into, add that manually to the list of files that should not be scanned and replace it after that with the real file.
But that's an annoying process.

How can I tell FSecure to ask me first before deleting a file for good?
Putting the file into quarantine is expected and welcome, but I want to have a chance to tell FSecure that a file is save.

Any hint is welcome.
With kind regards,
Ruediger Kabbasch

3 REPLIES 3
Community Manager

Re: Deleting files wihtout quarantine (false positive)

Hi Ruediger ,

 

If you suspect it is a false positive detection, please submit a sample to our labs here and explain your issue in detail by selecting 'I want to give more details about this sample and to be notified of the analysis results'. They should be able to analyze it further.

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
Scholar

Re: Deleting files wihtout quarantine (false positive)

Hi Laksh,

 

thanks for your reply. I will do that.

 

But that doesn't solve the problem that files are deleted without confirmation.

I the case with my own compilation I'm lucky, because I can create the file again, but with the file that I purchased I'm not able to do it, it's lost.

 

Superuser

Re: Deleting files wihtout quarantine (false positive)

Hello,

 

Sorry for my reply. I'm also only F-Secure user... so it will be only my own suggestions (and there can be much more options/steps/view-points);

 

How can I tell FSecure to ask me first before deleting a file for good?
Putting the file into quarantine is expected and welcome, but I want to have a chance to tell FSecure that a file is save.

Probably with recent F-Secure AV/IS/SAFE it not possible by common steps (but available by some tweaks);

 

But generally it was always with next view (?!); or it can be about next design:

 

--> File detected by Real-time scanning;

--> F-Secure ask you about your decision: Clean/Skip-Block/Remove/Quarantine (as example options);

 

clean/clear as try to "fix" file;

skip/block as temporary allow/skip file - but detection comes with next (?!) try to access;

remove as delete file;

quarantine as quarantine file (with option to restore file);

 

Probably not really useful anyway (if there is ask);

 

--> I able to think that for common situations: default action is "Quarantine" (by "handling automatically" with real-time scan detection); And not "totally" remove (but I have experience about this; and with another view too);

 

Maybe you able to create fsdiag after repeat-steps for such trouble:

- https://community.f-secure.com/t5/Common-topics/How-do-I-create-an-FSDIAG-file/ta-p/18190

And then transfer it to F-Secure Support (?!) for proper investigation: 

- https://www.f-secure.com/en/web/home_global/contact-support

 

At least, with meanings, as confirmation if there all works as should be;


As most valid design for such situations --> Exclusion lists (for folders or certain file);

But with situation - when you have to re-place file between many folders - it not really useful. But if there is only certain "folders" (and their subfolders) - it can be an option to exclude destination; Or some other workarounds.

While most useful workaround is F-Secure SAS (which suggested already) - since if there is false positive detection for safe-actions - maybe it possible to improve this detections for avoid wrong detection and save proper ones;

 

Sorry for my reply!

 

Thanks!

 

// And with previous builds of F-Secure solutions there probably... was certain options about "how to handle detected files";

Also situation maybe can be with differences (based on detection type);