cancel
Showing results for 
Search instead for 
Did you mean: 

F-Secure PSB DataGuard not practically usable in low-tech environments, like public education?

Superuser

Re: F-Secure PSB DataGuard not practically usable in low-tech environments, like public education?

Dear Fedool,

 

I would like to ask if a DataGuard trust re-evaluation could also take place for the F-Secure lab ticket xxxx (theme: FSAV PSB CP19 blocks the operation of Windows 8 built-in fax).

 

Thanks in advance, Yours Sincerely:
Tamas Feher, Hungary.

 

EDIT: Removed Case number

F-Secure

Re: F-Secure PSB DataGuard not practically usable in low-tech environments, like public education?


@etomcat wrote:

Dear Fedool,

 

I would like to ask if a DataGuard trust re-evaluation could also take place for the F-Secure lab ticket xxxx (theme: FSAV PSB CP19 blocks the operation of Windows 8 built-in fax).

 

Thanks in advance, Yours Sincerely:
Tamas Feher, Hungary.


I don't have access to this ticket so, most likely answer is "no". Please add details here

 

EDIT: Removed Case information (PII)

Superuser

Re: F-Secure PSB DataGuard not practically usable in low-tech environments, like public education?

Dear Fedool,

 

Thanks for your quick response!

 

> Please add details here

 

The PSB SoP webportal reports the following incident:

 

Date and time: 03/18/2019 09:33:27 AM

 

Computer:
https://emea.psb.f-secure.com/#/c285931/devices/computer/2064347

 

OS: Win 8.1 Pro 64-bit, version 6.3.9600

 

Software: FSAV PSB Computer Protection Premium 19.2

 

Module: DataGuard

 

File: C:\Windows\System32\WFS.exe

 

Target: C:\Users\Ferencz Krisztina\Documents\Fax\Inbox\WelcomeFax.tif

 

Threat: reports.infections.types.ransomwareAccessControl

 

Action: Blocked

 

Thanks in advance, Yours Sincerely:
Tamas Feher, Hungary.

F-Secure

Re: F-Secure PSB DataGuard not practically usable in low-tech environments, like public education?

Thank you for reporting this.

WFS.exe added to exclusions

Highlighted
Superuser

Re: F-Secure PSB DataGuard not practically usable in low-tech environments, like public education?

Dear Fedool,

 

Thanks for your quick action in the Windows Fax case!

 

I would like to ask for another lab-related intervention, however:

 

I use e-mails sent to "xxx@xxx.com" to submit false alarm reports. There I ususally quickly receive automatic answers with the ticket ID in them, but the human response with the re-evaluation verdict consistently takes a longer time to arrive, like 2-3 workdays.

 

It seems submitting malware detection cases via the webform on F-Secure's site results in a much quicker human response, often as soon as within 1-2 hours:
https://www.f-secure.com/en/web/labs_global/submit-a-sample

 

On the other hand, using the web form is difficult for me, since we need to keep track of what we submit (GDPR, etc.) That's easily achieved when using the e-mail venue, but the webform based method kinds of forgets the orignal submission, so when we recieve a response that doesn't show what the question I entered was, only the analyst's answer and verdict. That makes keeping track of submissions difficult.

 

Thus, I would like to ask that the above mentioned PARTNER sample submission e-mail address should be given at least equal priority in lab case processing, compared to the web-based submission method.

 

Thanks in advance, Yours Sincerely: Tamas Feher, Hungary.

 

EDIT: Removed Email address

Superuser

Re: F-Secure PSB DataGuard not practically usable in low-tech environments, like public education?

Dear Fedool,

 

I would like to ask for a review of the following, potentially Windows file related FSAV PSB CP security incident as spotted in a hungarian primary school:

 

Date and time: 03/25/2019 10:22:31 AM

 

Customer: https://emea.psb.f-secure.com/#/c282723

 

Computer:
https://emea.psb.f-secure.com/#/c282723/devices/computer/2603846

 

OS: Win10 Ent. 64-bit, version 10.0.17134

 

Software: F-Secure PSB Computer Protection Premium 19.2

 

Module: F-Secure DataGuard

 

File: C:\Windows\SysWOW64\dllhost.exe

 

Target: C:\Users\kri75\Pictures\Saját\2019. március 23 - Fotós tábor (török idők)\P90323-094531.jpg

 

Threat: reports.infections.types.ransomwareAccessControl

 

Action: Blocked

 

FSDIAG: remote creation has been requested, hope the local user will approve its submission. The related diagnostic ID is e166aec5-8d6f-4cee-9899-6f9d87030cb4.

 

Please see if the incident may have been a false blocking and whether the situation warrants a central exclusion?

 

Thanks in advance, Yours Sincerely:
Tamas Feher, 2F 2000 Kft., Budapest, Hungary.