FS-PROTECTION Android

First, This is not the first time I've attempted posting reports, however if posting actually works this time, then yes, it is my first successful post.

 

(I JUST 《 AMENDED 》 THE ORIGINAL POST THAT OF COURSE DIDN'T POST, WITH THE FOLLOWING: I actually Copy/Paste this time since I had a feeling it wasn't going to work and I was right, now I'm using a browser called Armorfly  [blocking their ip range from armorfly sending data cmcm. But if I'm right and this works then that browser FS is going to release has serious problems

《END AMENDMENT.  ORIGINAL》)

 

NOTE: Mention of AntiVirus,, FS PROTECTION, Safe Browser or any F-Secure application DID have ALL the Versions, builds, etc;

Due to the combination of this being my 3rd attempt to post, the fact you can't copy/paste the words in FSP, & this "Safe Browser" among its other problems, does not see any photos on my device, I don't have time to keep picking up the slack. If I'm queried a specific question, I'll a dress it until then, this will have to do.

END NOTE

 

Second, Safe Browser does not support split-screen view on Samsung Verizon Galaxy Note 5, Android 6.0, It does not support Pop-up view, and FS protection does not support landscape view. THIS IS VERY NERVE WRECKING.

 

Third, (Actual issues)

Antivirus has detect a Trojan in 2 games I've had for a long time on more then just this device, and Emsisoft says to report it, so that's what I've included here, and that it seems from there result, in FS-Protection it's a false positive.

 

Forth,

24 hours prior to the "false positives", FS AV engine remained in a constant scanning state (I will say loop), after getting to a file starting with Base... I let it stay that way to see what it would do, 3 hours later, nothing. I tapped cancel, no responce, I close the app by Force using Samsung Package Disabler Pro (AndroidPolice), look at the specs, then open it back up, Same result. So I restart the phone, open it up, Same result. I check 1 application I downloaded prior to this event using Emsisoft remote scan, Clean. But just to be sure, I deleted the app anyway. No result.

 

The next day, is when the auto scan in FSP finds a Trojan in an unchanged (Not updated) app, which after running through Emsisoft I kept the app, and for reasons undetirmined FSP starts working just fine again.

 

Fifth,

Now in Safe Browser, I get a pop-up warning ONLY at websites that are established in good standing like, F-Secure.com, XDA-Developers.com, AndroidCentral.com, etc.Yes I said F-Secure.com, so that says enough about safe browser.

 

Side Note

It would have been nice if FSP had displayed Anything At all about ESFILE Explorer (EStrongs), having a backdoor to China since Google was useless I was using Carrot2.org (non-marketing search), and found out enough about it to look at some logs from NetPatch Firewall (It's called a firewall but I disagree, never the less....) There actually was a timed interval which was hard to notice since there are JSON cmd's: keep alive, wake, get, syn, for changes, updates, install/uninstall, download, etc, logs it made even if I opened and ran SSH Server, it sends packets  from a IP range/domain in China.

END SIDE NOTE

 

Now I mentioned Emsisoft as though they are always right, I do not mean it to look that way so to clarify, Emsisoft uses HIPS, FS does not, (HIPS-HOST Intrusion Prevention Services), Also I've been a fan of their sadly  discontenued, "Online Armor" (It had behavioral analysis, HIPS, etc, and because of that single product I bought ALL of their commercial products with subscriptions for myself and others, and recommended them to customers, as well as install trials on their laptops, (I fix/upgrade/migrate/unlock [bypass]/etc) computers and nlany Samsung Galaxy NOTE series devices (I own them all for R&D, Debugging for venders on Google, and simply because they are awesome, accept the note 5 don't buy it.)

 

Anyhow, I don't run multiple security apps on any platform or device, so we can dismiss that. The only device that has any problems at all is this one, which is they only one without Emsisoft, but because of something ai read in a project on Google Vendors Security market (89% of Security apps are bogus or not private or etc), F-Secure was mentioned several times with good standing so here I am and I don't know what to think now after all this.

 

this will be my 4th and final attempt to post, if it fails, I'm done with FS and flashing this phone and putting what I know from experiance to work back on this device. I am however hoping, as an Android Tech Wizard with Drippler, (This post does not represent Drippler, Nor would I, post any review at all about F-Secure unless the results are a benefit to both parties, & no specifics would be disclosed, just the "feelings", the "user friendly", etc), I was hoping to have a "Good News Article" about F-Secure and if it does work, I will be grateful.

Comments

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    Sorry for my reply.

     

    Just because can be weekend-silence there --> I decided to create some words (I'm also only F-Secure user; Their home solutions and I'm not an official F-Secure Staff or so).

    Maybe there will be attention from F-Secure team later, but some of my feelings about your points currently:

     

    -- about first point -- does it was tries with reports under this Community (or under beta-portal)?

    and if I understand good -> it was not possible to do with FS Protection Safe Browser (as result)?

     

    -- second -- not sure about all other features/options, but 'unsupported landscape'-view also valid for most (?) of other F-Secure Android applications. Maybe it's kind of design (I'm not friendly with Android-platform) and not sure how common it with other companies/applications.

    There was feature-request (about Freedome/Key , but maybe possible to extend it for SAFE/FS Protection and vote it).

     

    -- third -- by 'trojan' do you mean indeed such detection? As detection-name?

    there was such topic under Community:

    https://community.f-secure.com/t5/F-Secure-SAFE/Android-app-flags-Kingdom-Rush/td-p/100488

    maybe F-Secure engine (or information under Security Cloud) start be with some 'improves' about potential unwanted application's design (or fake advertisements). And it's not always can be trojan.

    But you noted that Emsisoft also detect it (which can be with explanation under desktops; for false-positive) and sounds strange for Android-platform. Maybe Security Cloud do trigger generic detection based on knowledge (if it indeed false positive). But based on your 'fourth'-point -> maybe Emsisoft did not detect it (but did request for 'analysis')?

     

    -- fifth -- do you mean any blockpages under this websites? Or what kind of notifications/pop-ups under noted websites with Safe Browser?

    I with experience when restricted content (like Parental control's restricted categories) was a trigger to block website with 'harmful'-reason words. Kind of wording-mistake. But with current Android FS Protection required to configure installation for kids-profile and not so likely to get such blockpages randomly.

    with my Windows Phone and FS Protection SAFE Browser - I did receive some 'notification/pop-up' under certain websites. Like 'internal/external' trouble. While with Internet Explorer Mobile website work good. Does your experience about broken 'view' of website or work-abilities?

     

     I do not mean it to look that way so to clarify, Emsisoft uses HIPS, FS does not, (HIPS-HOST Intrusion Prevention Services), 

    Does it about Android-platform solutions? If so... probably yes, FS Protection for Android with changes for their design to practically full 'cloud'-based. And - with my opinion - something like powerful "intrusion prevention system" with requirements about much more device's resources than currently FS Protection will use.

    With common steps/usage maybe such meanings covered by another layers, but.. does Emsisoft indeed with certain HIPS-view/features as Android-application?

     

    And about some potential threats -> possible to use F-Secure SAS:

    https://www.f-secure.com/en/web/labs_global/inform-us

    Usually, F-Secure Labs will response (when we check/tick options about 'more information).

     

    Sorry for my reply.

     

    Thanks!

     

  • ErrorHazard
    ErrorHazard Posts: 9 Observer
    Ive got to get ready for class but I'll get to your questions this weekend. For the moment...

    LATEST REPORT: short summary;
    I realized I did once have Emsisoft installed on my Samsung Note 5 prior to having FS. So to rule out multiple installations of AV/AM products & to be sure of the behavior of FS, I took the liberty of a full factory reset. No back up restoration.

    Will post this weekend.
  • ErrorHazard
    ErrorHazard Posts: 9 Observer

    Okay, Your question about HIPS on android, no Emsisoft does not, however using wifi on home network, using Online Armor (emsisoft with HIPS foundation), the LAN set up with router behind router setting for hardware firewall on gateway, on a Co-Linux/Windows7Ultimate, configured to route all IP traffic through a loopback, was near flawless, (I dont recall a Single flaw but for fairness I say near), all androids wifi based connections were hosted. Your comment about resources, I am not an advanced programmer but from experiance, HIPS (on emsisoft) literally used less CPU, RAM, RAMDAC, etc.. Then any AV or AMW product to date. Prople on youtube actually made videos of diliberately going to flagged sites with virus maleaare worms etc and then downloading the infection, while their AV service is disabled, and tleven though online armor is not AV/AMW their computers (windows) even in the worst case, worked without damaages warrenting a wipe/recover/reinstall. Now that sound to good to be true so I will say that Online Armor in said cases was pre configured, but thats the remarkable thing, the user can configure settings to such an extent, even a tiny detail, such as filter packets for specific encryption method to trigger wireshark, wireshark run settings, if any code with "" specific protocol/command/etc then, (like man in middle but with you in control of your own network), run VM sandbox inject memory blocks etc etc etc... Im not sure if I stated that very clearly but im trying. Im upset and disappointed in emsisoft, they aithout reason have discontenued Online armor. (very very upset as a paying consumer).

     

    Your question/comment on emsisoft scanned apps, they were clean, and did not find any problem. FSP is probably reporting them as unwanted because of non standard permissions, tags, library (shared), modules, etc,  that dont meet the specifications encoded but God i wish it would remember the applications I previously tapped keep anyway, yes im sure.

     

    Back to FSP

    False positves on both devices, frequent crashes, Safe Broswer still has the same problems, and AV wont stop reporting the same unwanted applicattions over and over and over and over and... Nerve wrecking.

This discussion has been closed.