SecuRom

Scholar

SecuRom

Hello everyone,

 

I have received a presentation cdrom and when I started it, deep guard prevented the starter program do run the cd and provided me with the following link

 

https://www.f-secure.com/v-descs/w32_malware.shtml

 

So I contacted the company who sent the cd and they got in touch with there vendor who claim that the blocked program does not contain any malware, but the virus scanner is either not up to date or does not consider whitelisted exceptions.

 

"Your virus scanner recognises a program which works similar to a virus. The 'malware' which was detected is called SecuRom protection from Sony."

 

According to the control center the virus database is up to date. What about the whitelisted exceptions the vendor is talking about? Is this something I can/need to configure?

 

Kind regards,

 

Oliver

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Superuser

Re: SecuRom

Hello,

 

I am only an F-Secure user (their home solutions).

 

What about the whitelisted exceptions the vendor is talking about? Is this something I can/need to configure?

If your security solution is F-Secure SAFE - then it should be possible to use exclusion list:

For example, to exclude partion with CD (CDrom?!) drive; Or certain filepath to launched application ('starter program').

Or to exclude already blocked application: 'Allow applications that DeepGuard has blocked'.

 

In addition, good to know exact detection name (since provided URL is generic, perhaps). It should be visible under "Recent events list" (or notification prompt about event) - rightclick for F-Secure tray logo and related entry under menu or by another steps.

Since, local whitelist / allowing is only an option if such a CD is trusted and from trusted people.

 

Otherwise, good to contact F-Secure support (for their assistance):

Or to transfer blocked executable (item) to F-Secure Labs for analysis (but it can be unwanted or prohibited):

More information about F-Secure DeepGuard

Sorry for my English!

 

Thanks!

2 REPLIES 2
Highlighted
Superuser

Re: SecuRom

Hello,

 

I am only an F-Secure user (their home solutions).

 

What about the whitelisted exceptions the vendor is talking about? Is this something I can/need to configure?

If your security solution is F-Secure SAFE - then it should be possible to use exclusion list:

For example, to exclude partion with CD (CDrom?!) drive; Or certain filepath to launched application ('starter program').

Or to exclude already blocked application: 'Allow applications that DeepGuard has blocked'.

 

In addition, good to know exact detection name (since provided URL is generic, perhaps). It should be visible under "Recent events list" (or notification prompt about event) - rightclick for F-Secure tray logo and related entry under menu or by another steps.

Since, local whitelist / allowing is only an option if such a CD is trusted and from trusted people.

 

Otherwise, good to contact F-Secure support (for their assistance):

Or to transfer blocked executable (item) to F-Secure Labs for analysis (but it can be unwanted or prohibited):

More information about F-Secure DeepGuard

Sorry for my English!

 

Thanks!

Senior Member

Re: SecuRom

Hey, 

Only commenting as a fellow community member but copy protection software does behave in many ways like malware. It's really to be expected behavioural scanners to detected as such. Considering how aggressive copy protections have become, I would personally classify them as potentially dangerous software.