F-Secure keeps deleting one of my files

Highlighted
Regular Member

F-Secure keeps deleting one of my files

F-Secure keeps deleting one of my files. I used the fsdumpqrt.exe file to restore it. Everytime I copy it from the malware_samples.zip back to its' folder F-Secure delets it again. This is extremely annoying. I never gave F-Secure permission to willy nilly delete files. My question is: How do I stop F-Secure from doing this. It should be my choice whether to delete a file not F-Secures.

3 REPLIES 3
Superuser

Re: F-Secure keeps deleting one of my files

Hello,

 

Sorry for my reply. I'm also only F-Secure user (their home solutions).

 

My own feelings:

 

-> There is large difference: F-Secure keeps deleting(!) or keeps quarantined file?

->  And about choice: 'whether to delete/quarantine a file' or 'whether to delete/quarantine a malicious file'.

 

Potential workarounds/solutions:

-- To transfer file to F-Secure Labs (F-Secure SAS) as false positive:

https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-file

 

-- To exclude certain file or folder/destination where file is stored (or should be stored). As potential temporary workaround before response from F-Secure Labs with previous step.

 

I'm not sure that 'malicious' file should be with delay for quarantine. But if file is deleted - it is kind of unexpected trouble when there is false positive. For example, how it should be? Malicious/harmful item is detected -> F-Secure prevent/postpone/temporary-block process and will trigger ask user about decision? Does it safe?

 

If file is quarantined only -> potential false-positive situation is not so critical.

 

Thanks!

Regular Member

Re: F-Secure keeps deleting one of my files

It deleted the file from my external drive. It never asked me what I wanted to do with it which is extremely annoying. As I mentioned in my original post I found it in a zip file on my desktop.

Superuser

Re: F-Secure keeps deleting one of my files


@Philipgrwrote:

It deleted the file from my external drive. It never asked me what I wanted to do with it which is extremely annoying. As I mentioned in my original post I found it in a zip file on my desktop.


Hello,

 

Maybe it is an option to contact their direct Support Channels (chat as example):
https://www.f-secure.com/en/web/home_global/contact-support

Just like their own investigation about potential unexpected situations.

 

As my own unofficial feelings:

-- I think that deleting/removing file is likely situation - but more often should be "quarantine" action;

At least, as first experience. But even if there is 'delete'-action -> your experience is about "fsdumpqrt.exe" as potential dump for quarantine even with such 'deleted' state; but if not - so, it should be possible to exclude/restore from Quarantine UI too.

 

-- current design of F-Secure solution is that for malicious and harmful items there are autodecision.

Partly, it is logical. Since any delay with decision is potential 'bypass'-vector for malicious item.

When there is false-positive -> such situation is not good - but if there is false-positive -> more good to ask for less false positive detections than manual decision for detected malicious file.

 

For example, it is possible to transfer item to F-Secure SAS (even with zip-file after quarantine dump):

https://www.f-secure.com/en/web/labs_global/inform-us

So, F-Secure Labs should investigate situation and maybe perform tweak for detection design (if detection is not reasoned).

 

Thanks!