cancel
Showing results for 
Search instead for 
Did you mean: 

F-Secure Computer Protection: Main differences compared to Workstation Security 12

F-Secure

Re: F-Secure Computer Protection: Main differences compared to Workstation Security 12


@linck_tello wrote:

Hi F-Secure

 

Some things.

 

1. The new Computer Protection have only 16 categories to block the browsing protection when the usual is that the new versions have more functions. The workstation version have more categories, why?

 

2. The Application control soulbe renamed because this is more a malware prevention/execution from critical paths. (used by malware and payloads). One Application Control module is used to block/permit the application execution or installation, for example, P2P apps, Remote Control Apps, Games Apps, etc.

 

3. The computer details should be display more info as Last Loged User, Basic HW Inventory and SW Inventory.

 

4. The Portal should be permit create Groups for a best computer organization becase today is a large list of computers. 

 

5. PSB don't a have a Central Quarantine.

 

6. PSB don't permit execute a remote clean up of computer infected.

 

Regards

 

Linck Tello Flores

www.innovare.pe

 

 


 

Hello,

 

It is a good list of additional features and we have all of them in our backlog so they will appear in Computer Protection.

 

I only don't understand point 6. Can you elaborate what did you mean?

You can schedule remote computer scan operation from portal which will automatically clean infected machine. We always handle infections during scan and don't allow to "ignore" them.

 

Superuser

Re: F-Secure Computer Protection: Main differences compared to Workstation Security 12

Hello,

 

> PSB don't a have a Central Quarantine

 

Regrettably F-Secure PSB webportal lacks the ability to click on a particular virus alert under the Reports / Infections list and select "submit binary sample to lab".

 

This missing feature makes it essentially impossible to use PSB WKS 12 and CP18 e.g. in school environments, where I see a LOT of obvious Deepguard false blocking alerts on Delphi and Basic language program code, as written by pupils during courses. Since there are so many schools with so many classroom computers, located all over the country and mostly lacking on-site system administrators, we just can't ask anybody to go there and fetch a sample via physical access. As the program code are one-off, having the Deepguard reported SHA-1 checksum means nothing. Thus, those false alarm incidents cannot be investigated for lack of a binary and never get fixed.

 

We desperately need remote file sample submit capability, I have been begging F-Secure Corp. for over a year to implement this skill in the PSB webportal, at least for Solution Provider accounts, but nothing happens. (F-Secure is probably afraid of the kind of legal / PR scandal which hit Kaspersky Lab when their auto-submission system downloaded an "under construction" new trojan malware sample from an NSA laptop...)

 

If we had the long-promised F-Secure PSB integrated remote desktop capability, that would be a passable alternative to collecting file samples manually to fix the DG false alarm problems, but remote access was also never implemented. I feel helpless stuck in this situation.

 

Yours Sincerely: Tamas Feher, Hungary.

F-Secure

Re: F-Secure Computer Protection: Main differences compared to Workstation Security 12

Tamas, I think you will be pleased to hear that this feature is in our backlog. It will be added.

 

But I don't think it will help with false positives on fresh compiled samples - they are just too fresh. We have a lot of developers at F-Secure and we have the same problem - our own code gets blocked from time to time.

So, we try to improve it and remove false positives from locally built binaries but that's not trivial to do securelly (just because it can allow attacker an easy way into the system).

F-Secure Product Manager

Re: F-Secure Computer Protection: Main differences compared to Workstation Security 12

Hi Tamas,

 

Thankyou for your comments.

 

We will be adding remote quarantine support to Computer Protection, later this year. This will allow the admin to manage the quarantine contents from the portal, and we will look into the possibility for the admin to submit samples directly from the quarantine, remotely.

 

Quarantine does not work with DeepGuard at all, DG6 simply blocks access to the file if it is detected. We will look into possible solutions around this. For the moment, we would recommend the use of exclusions, and have the students generate their files to an excluded location.

 

Best Regards,

 

Andy