Show SENSE logfiles and test functionality

leppenraub
leppenraub Posts: 14 Observer

I am interested to explore more details about the scanning process. Is there a possibility to download logfiles? Can I test the devices for functionality (similar to EICAR-Virus)?

Comments

  • RavC
    RavC Posts: 9 Explorer

    On the link above, all files downloaded to a *PC* are blocked by Sense. However, if you download eicar.com.txt or eicar_com.zip on your Android phone using your phone's Chrome browser, Sense doesn't detect anything?!? Is this normal behaviour? It seems to scan apps downloaded from Google Play store though but you have to manually uninstall the apps it sees as malicious. I know there are various EICAR apps on Google Play including one designed by Fsecure themselves.

     

    Additionally we need a manual scan option on the Sense phone app.

     

     

  • leppenraub
    leppenraub Posts: 14 Observer

    ...and we are not talking only about conventional scans and compare it to the pattern Smiley Wink What about someone download a malicious app for his TV or someone hacked into his lightbulb? I think we have more intelligent techniques on board (such as F-secure DeepGuard) than only a stupid pattern...

     

    And: Can I see the logs from my devices, like "This traffic was happened, but it's okay"?

  • leppenraub
    leppenraub Posts: 14 Observer

    I have made some tests on a windows client before installing the "Sense Endpoint Protection". There will be NOTHING detected if I create a eicar-test-malware or infected by USB-stick - i would have been surprised if it does. So I think it is a little bit confusing for a "normal" user if he is reading "Sense is protecting your whole network". I think it has to be claimed out, that the endpoint protection software is VERY IMPORTANT. I think that the Sense App should show this as a warning if it's detecting a windows system without endpoint protection installed. 

  • Jusu
    Jusu Posts: 10 Former F-Secure Employee

    Hello,

     

    End point protection is an important part of Sense security promise just as you state in your post. There are many scenarios where network level protection simply will not be able to protect you, like encrypted traffic or even just because the malware enters your system through USB stick or some other vector.

     

    Sense does indeed warn you to install end point protection on PC and Android devices when they are detected using "Identify device type", the state of the app will show that an action is needed and in the device list the device needing protection is tagged  and when the devices view is opened explanation about the situation is given.

     

    We feel that this is an important part of protection and therefore we wanted to have that in place from the very beginning. Because of the importance of the EPP, we are also looking into improving the EPP onboarding in the future.

This discussion has been closed.