Is F-Secure SAFE able to keep security of my PC without "site blocking" of "Browsing Protection"?

Hello all. Thank you for your access here.

Now pelase tell me about this problem arround of Browsing Protection's rating by F-secure.

 

I am using F-secure SAFE, and it sounds nice solution for consumers like me to protect PC.
But I am feeling a fault. Browsing Protection feature is providing many false positive ratings at site blocking.

 

For example, when I was accessing some major websites of my country, some logs ware saved at event log viewer of F-secure SAFE.
These logs ware showing me that some URL was blocked F-secure because of dangerous website.

 

I was sending some reports to F-secure lab every time when I was blocked access to there, obviously there ware safe sites.


These reports ware responsed from F-secure Team by quickly, and it was very nice for many users. I want to tell them that thank you.

 

But, this working is very hard for a user as a consumer. If I can protect my PC correctly, I want to use F-secure SAFE without site blocker feature.

 

In some weeks ago, I sent a message to F-secure Support, and I was got a reply from them.


They wrote that;
"Borwsing Protection is providing a protection working as important for the user, but you can turn off it.
If you turn off it, proteciton layer for your PC is dicrease."

 

So I want to ask every one these things:

 

Question1:
If the user turn off only "Browsing Protection" feature (without other feature), and continue to enable F-secure browser extention at each browser, the user will be protected correctly from threats comes by browsing?

 

Question2:
Is "Browsing Protection" scanning access from application software except browsers (MS Edge, Google Chrome, Mozilla Firefox, and mroe...)?

 

Question3:
Are major browser's security feature (e.g. Site blocker) providing a protection enough for the user, will be able to instead of F-secure's Browsing Protection?

 

Question4:
What is F-secure's Support announcing a solution about the case like above things?

 

---

My PC:
Windows 10 Home, Chrome and Firefox; the latest version.
F-secure SAFE adopted latest updates.

Config:
Browsing Protection is enabled, but not check at checkbox of "Block Suspicious Site" and "Block Probihided Site".

---

 

Please teach me your opinion, and would you help me?

I will welcome your post based on your experience around false positives.
Thank you very much!

Comments

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    Sorry for my next reply and also that it can be long reply. Smiley Sad

     

    And I want to add some points and meanings about your words:

     

    Spoiler

    --> Basically there should not be too much many "false positive" harmful/malicious-ratings for websites.

    Maybe that some of them can be with reasons for such rating/reputation;

     

    But, yes, I sure that (probably) a lot of pages wrongly marked as harmful/malicious websites, but anyway most likely there a lot of other real malicious webpages (or potentially suspicious/riskpages). And just totally disabling this layer (protection against known "harmful/suspicious"-rated pages) - not always nice.

     

    Also often there can be just "resources" (like .js-files) or certain "part of website" marked as harmful and not full page. This situation can be - if "detected" something like "exploiting" website by someone for malicious reasons. Or just randomly.

     

    And my opinion/suggestions about your asks:

     

    First

    "If the user turn off only "Browsing Protection" feature (without other feature), and continue to enable F-secure browser extension at each browser, the user will be protected correctly from threats comes by browsing?"

    ==============

    Spoiler
    Basically - all other layers will be still valid, but full protection will be with less power and with potential trouble-result (as example: when harmful src as webpage is known, but malicious files from this website - not known and tricky ones);

    Also browser extension/addon do not related with "protection features" directly.
    F-Secure Browser Protection extension required for improve/extend protection-features abilities.
    Mainly for proper support HTTPS (--> show search result rating-pictures under supported HTTPS search engines like Google/Yahoo/Bing; --> properly block malicious-rated HTTPS pages; --> some tweaks for detect banking session with valid trigger for Banking Protection and other things around).

    As example - if you just disabling "browser extension" - you should be still with security abilities like: get block-page for harmful/suspicious pages; get search-result pictures under HTTP Bing or Google/Yahoo; workable status of Banking Protection at banking HTTPS pages and other;

    But if you disabling "Browser Protection" module -> enabled extension/addon will be practically not useful/helpful.

    ========

    So you have to think about Browsing Protection module/feature (we do not talk about specific options) as about ABILITY which will prevent access to KNOWN malicious/harmful websites and resources.

    So - just if certain URL known as potentially malicious, harmful or suspicious  - it will be blocked and you do not visit such pages, do not open them and as result - small risk about their malicious activities (it can be anything - spam/scam/phishing/malicious/suspicious or other actions).

    As F-Secure Support answered for you: it possible to "switch off" Browsing Protection (blocking harmful/malicious-rated websites and eventually all "options" under this tab-settings); So disabled will be - blocking access to harmful/malicious rated websites; blocking access to suspicious-rated/not-legal websites; search-result ratings/reputation; some other "background" features;

    Next page about related "Settings"-part (but with meanings - that you want to "Switch OFF");
    https://help.f-secure.com/product.html#home/safe-windows/2016/en/task_D4AA989E68A94120BBA9C9299924D4FA-safe-windows-2016-en

    With my opinion - this is not good option (totally disabled this module/feature with additional settings);

    Most likely - that you have to be available just "allow" access to website as real-time action (for you / your settings; or as it was previously suggested - transferring URL to F-Secure SAS - which will be helpful for other users too);

    If not - you will be protected with meanings - that there still AV-protection (scanning for downloading files/launch files) and HIPS (additional/advanced monitoring system). And there will be (at least should) work features like Banking Protection and Content blocker (as Parental control features).

    If you do not open/meet (randomly or specially) REAL malicious websites (or other websites where can be malicious exploiting them) - so your system will be still with good protection.
    If you meet/open some of malicious websites - there can be different result. I think that with most of situations - F-Secure will detect malicious tries by another security-protection layers. But you will be not protected (by F-Secure knowledge database) against "web-based" troubles (when possible to prevent them just by "blocking" access to such websites); 

    Second

    "Is "Browsing Protection" scanning access from application software except browsers (MS Edge, Google Chrome, Mozilla Firefox, and mroe...)?"

    ===============

    Spoiler
     Basically F-Secure should monitor all system (of course, with strong privacy terms and with respect meanings about user).

    If I normally understand your ask:  it possible that F-Secure Browsing Protection (ability to block harmful-rated pages) will trigger "blocking" access to certain URL under other applications.

    Like if some of software ablet to check own updates. If "certain URL" of update-servers will be marked by F-Secure as "malicious"-rated - it can be that this connection-check will be blocked/prevented with "no visible" triggers to user.
    And as another example - if malicious file (in somewhat reason still undetected by F-Secure) will trigger connection to known malicious src-page (website or certain URL) for F-Secure .... maybe it can be blocked/prevented too (such as "layer", which added protection in such situations).

    But this not really "scanning".

    Third

    "Are major browser's security feature (e.g. Site blocker) providing a protection enough for the user, will be able to instead of F-secure's Browsing Protection?"

    ================

    Spoiler
    Time to time and with some of situations.
    I not sure about all browsers, but Internet Explorer/Microsoft Edge technologies, abilities and SmartScreen able to prevent access to many malicious websites.

    For most popular and most known ones basically. Also maybe Google Chrome and other will "trigger" notification about access to certain pages from search results too.

    I think that F-Secure "knowledge" (which bundle of a lot of databases/researches and information) can be more powerful. but also with more false-positives.

    Fourth

    "What is F-secure's Support announcing a solution about the case like above things?"

    ================

    Spoiler
    Not sure that I normally understand this ask.

    I think that F-Secure's Support opinion about "using all recommended features".

    Each reasonable layer-of-protection can be with useful and powerful points with certain situations. Not always critical to use all of them, but... based on a lot of additional things around.

    And I think that you still able to contact F-Secure Support directly.

     ======

    What about your current configuration:

    "Browsing Protection is enabled, but not check at checkbox of "Block Suspicious Site" and "Block Probihided Site"."

     

    Spoiler

    This situation will trigger practically good enough protection. You will be still protected by Browsing Protection feature with meanings "block access to known harmful/malicious files", but you will be allow to open suspicious-rated/probihided sites.

     

    If your experience mostly about suspicious-rated (but not harmful/malicious) - this is can be good design.

     

    As other workarounds I can to think about:

    --> when you get block-page - just use "Allow web-site"-button.
    Or add certain URLs to your "allow/deny list of websites" under the Browsing Protection features;

    --> if "Browsing Protection module switched OFF" - you able to use F-Secure Search (webpage / search-engine based on Google Search) where anyway will be visible "ratings" for websites under the search results. So you will be with information, which websites marked as harmful/suspicious and do not visit them - if you not sure that this is false-positive .

    And with many situations "build-in" browser/system-features can be helpful against access to harmful pages too.

     

    Sorry else one time for my reply. And sorry for my worst English.

     

    Thanks.

     

  • Laksh
    Laksh Posts: 4,224 Former F-Secure Employee

    Hi yagisan_post,

     

    Could you please send me a PM (private message) of your reference support case so that I can highlight about your post/feedback?

     

  • yagisan_post
    yagisan_post Posts: 11 New Member

    Hello. Thank you very much for your kindly replies.

    These messages are very nice for solving my question about this problem.

     

    First of all, I want to tell you that I'm sorry for my dilayed replies. I was not able to make a hour for write a reply because of daily working.

     

     

    Dear @Ukko and @Laksh


    Thank you for your opinion. It is very kindly for me to solve this problem.
    I read your message, and I was reaching a conclusion that I should turn on Browsing Protection Feature without blocking "Block Suspicious Site" and "Block Probihided Site".


    But, after that time, I encounterd a trouble caused by Browsing Protection. The tourble was a blocking a site which is a information site about Erectric Publushing in Amazon and more store.

     

    That site is having no dangerous contents. It was obvious that that site is clean.


    So I dicided to uninstall F-secure SAFE, and installed other malware solution as instead of F-secure SAFE.

    The problem caused by blocking site based on false positive ratings is serious for me.


    It is pity for me to uninstall F-secure SAFE because this solution is nice for many consumers as a PC security tool.


    I really want to tell you that thank you very much for your supporting!

     

  • yagisan_post
    yagisan_post Posts: 11 New Member

    Dear @Laksh

     

     

    Could you please send me a PM (private message) of your reference support case so that I can highlight about your post/feedback?

     



    What would you like more information about this case? I will write other information at that message.


    Thank you for your support!

  • Laksh
    Laksh Posts: 4,224 Former F-Secure Employee

    Hi @yagisan_post,

     

    Since you mentioned about contacting support, we can refer your post in the Community to the respective support case. This will help the agent handling the case to look at the post and provide more information if it might be helpful.

  • Laksh
    Laksh Posts: 4,224 Former F-Secure Employee

    Hi yagisan_post,

     

    Just to add on regarding the false positive, we rely heavily on automating site categorization and sometimes we tend to have false positives on unknown sites. While we are constantly working on improving the automation categorization, we would also rely on our users to report false positive to us to further improve. We appreciate your help in reporting it constantly to us.

This discussion has been closed.
Pricing & Product Info