improvement suggestion

ULAV gives 2 options: safe / unsafe you should add "keep under surveillance" for files or folders which the user consider as reasonably safe but does not want to take risk, e.g. counterfeit exe. The possiblity exists in Webroot WSA. If I'm not explicit enough, pls tell me.

Comments

  • Ukko
    Ukko Posts: 3,611 Superuser

     

    Spoiler

    Hello,

     

    But probably there can be better steps for improve current meanings:

     

    -> If you mean options about scanning... it's mean.. you should to meet detection by F-Secure.

    If there detection and it's can be false-positive, but you want to "keep it as suspicious".....  or simply you have suspicious file, which ignored by F-Secure.

    Probably better to use F-Secure SAS -> https://analysis.f-secure.com/

     

    It's mean... you can to create an account there and receive response after transfer-process about sample.

    It will be with explanation about "safe, clean or malicious, suspicious" points. If there will be result, which not enough for you.... potentially you can to re-ask Labs... but if they sure.. that file clean/safe... maybe you have not reason for "dreams about risk" (but, of course, you should be with current dreams. Because clean-status does not mean safe-status in all situations).

     

    And there simply will be just as "detection"-based under signatures.

     

    -> If you mean something about DeepGuard ?! Probably it's can be helpful. But not sure... how it can be in fact about protection.

     

    Or it's can be as "sandbox"? But probably it's not really design of "ultralight". And prevent some part of "actions" by application under user's blacklist probably goes be interesting, but maybe not really helpful. Such as... F-Secure ULAV should be with automatic check about any suspicious actions always.

     

    -> But can be helpful something, which can to create less steps for manual transferring about suspicious sample. Or sample, which you want to be sure... about too much safe-status.

     

    Or ... as related point with you suggestion... indeed created something as "local sandbox" based on user's blacklists....where already file can be with restricted rights without any detections (by signatures) or behaviour-reasons.

     

     

This discussion has been closed.