Why does f secure detect files that it cannot delete?

Scholar

Why does f secure detect files that it cannot delete?

In my opinion this is really **bleep**ty..... I tested a few EICAR test files and now they are showing up each and every scan and F secure can’t even remove them???? Are you freaking kidding me???? If you are detecting files in you’re databases you should be able to remove them..... this is utter bull crap. I shouldn’t hbe to rely on windows defender to delete a simple file.... what if this was actually real active malware??? What are you guys thinking??? Every security program can detect and delete eicar 

3 REPLIES 3
Superuser

Re: Why does f secure detect files that it cannot delete?

Hello,

 

I am only an F-Secure user (their home solutions).

 

There is Knowledgebase article about subject of "items that impossible to delete automatically":


But sounds that your experience is about something else (however, good to read article too).

 I tested a few EICAR test files and now they are showing up each and every scan and F secure can’t even remove them???? 

So, items are detected by scan? But not possible to automatically remove them?

 

Could you delete them manually? If so - what was the reason of inability to remove them by F-Secure (usually, there description for each item under Scan Wizard user interface with generic information)? What is location / destination of file? Is it archive / container?

 

If you are detecting files in you’re databases you should be able to remove them

I think that if file is detected. Then, of course, it is possible to remove it or to quarantine this item.

But if there are limitations (read-only media OR anything else from provided article) - then it is just technically impossible to perform action or such action is unwanted for user (may affect other safe files. For example, if it is archive and to auto unpack/repack/modify container is not an option).

 

what if this was actually real active malware??

Active malware, usually, blocked by real-time scanning or DeepGuard module.

In fact, if file is not quarantined or removed - then access to file is restricted / blocked. Kind of isolation. Of course, with some exclusions or limitations.

When it is not possible to automatically perform good enough action - F-Secure should to inform about it and to suggest remove it manually (by user).

 

Every security program can detect and delete eicar 

I just checked with my installation. EICAR test file (as try to download; or to create it manually) is detected and deleted on-the-fly.

// but, by the way, what is your OS / platform?

 

Thanks!

Highlighted
Novice

Re: Why does f secure detect files that it cannot delete?

When a malware is detected and it cannot be automatically removed, the F-Secure program will provide the path/location where the malware is found so you can manually remove it.

Aspirant

Re: Why does f secure detect files that it cannot delete?

Eicar has been around for centuries. I think most security programs are on to it as being a "test" file by now. I've seen some delete one or all  files along with actually labeling it as an exercise file. 

 

Another one to use is the Amtso malware test site. It checks Eicar formats as well as Phishing attempts etc.