FS Protection PC Release 201

Senior Member

Re: FS Protection PC Release 201


@betoche wrote:

I want to run Memreduct which is a safe software but the Deep guard blocked it so I  put it in the Excluded list but the Deep guard keeps blocking it.
There is no way to run this tool without disabling the real-time protection because the exclude list is not working. any idea?I never had such experience with the deep guard.
P.s: the issue gon after a restart but I guess there is a bug or smth like that.


Hey,

Only tangentially related but it sounds to me like all this software does is force flush process working sets to a page file on disk. If those processes were not dormant, this is likely to lead into a lot of disk trashing and reduced system performance. You can easily DDoS a system by doing this as admin so no wonder the software is blocked by default

Supporter

Re: FS Protection PC Release 201

fs.PNGI noticed fshoster64  using HTTP to connect your servers!! and we all know port 80 is not safe! did you ever consider to use HTTPS ? for me, this is weakness and from what I know most av companies using HTTPS.

Champion

Re: FS Protection PC Release 201

I also noticed similar stuff in hotfix installer log:

 

2017-10-22 14:10:08.514 [1f38.07f8] I: *** LOGGING STARTED *** (UTC+3:00, session: 0x0)
2017-10-22 14:10:08.514 [1f38.07f8] I: ParseCommandLine: Started with cmd line: "C:\Program Files (x86)\fs protection\apps\Ultralight\ulcore\1508417709\_hotfix.exe"
2017-10-22 14:10:08.514 [1f38.07f8] I: InstallationLocker::Acquire: Lock acquired
2017-10-22 14:10:08.514 [1f38.07f8] I: Downloader::downloadAndUnpack: Downloading 'http://download.f-secure.com/ultralight/hotfixes/hotfix.zip' (fallback 'http://download.f-secure.com/ultralight/hotfixes/hotfix_fallback.zip'). Package type: 0
2017-10-22 14:10:08.514 [1f38.07f8] I: Downloader::downloadFile: Downloading from 'http://download.f-secure.com/ultralight/hotfixes/hotfix.zip' to 'C:\ProgramData\F-Secure\temp\hotfixes.zip'

 

I'm not entirely sure if it's security issue, but isn't it possbile to do MITM (when using malicious proxy)? Sorry if this is noobish question, perhaps you use some other methods on validating the downloaded files.

Supporter

Re: FS Protection PC Release 201

Ok, I just found another problem: I disabled both  Deep Guard and real-time protection from the GUI! but the problem is f-secure still trying to block my keygen!
Seems it's not working and the real-time protection is still active.


Supporter

Re: FS Protection PC Release 201

It's security issue! Even non-Av companies use https!

Senior Member

Re: FS Protection PC Release 201

HTTP isn't really something to be concerned about as long as custom payload validation systems are done on top of it

F-Secure

Re: FS Protection PC Release 201

Hi,

 

Regarding HTTP vs HTTPS. Any package we download over HTTP has a custom crypto signature that we validate before using it. If you for example look into those zip files, they have a manifest file, which is a signature made by F-Secure. The client will only accept the package if the signature is valid. HTTP is used on some downloads to make it possible to cache the files on ISP proxy level.

 

Ville

(F-Secure R&D)

 

Supporter

Re: FS Protection PC Release 201

Ok, thanks for the answer now I can trust it :)

Supporter

Re: FS Protection PC Release 201

I'm wonderingCapture.PNG what is this? xd The GUI changed from blue to red! and as  you can see its ugly

Senior Member

Re: FS Protection PC Release 201

Annual Halloween thing. Goes away soon