Lack of SHA-1 checksum on certain malware alert in the webportal

Superuser

Lack of SHA-1 checksum on certain malware alert in the webportal

Dear F-Secure,

 

I would like to repeatedly request that PSB endpoints should report the SHA-1 checksum on every malware alert to the webportal. Currently only Deepguard module based detections provide a checksum in F-Secure alerts, but traditional virus detection module based alerts do not. Let me explain why that asymmetry is a serious problem:

 

- Sometimes I see alerts like these in the PSB portal and think they may be false alarms:

 

File: ...blahblah...\c-project\2\20190531\bin\Debug\20190531\2.exe
Hash: c6da49a63d096f2515f0a3ce920f5be0a6980ff7
Threat: Suspicious:W32/Malware!DeepGuard.n

 

Here I can use the Hash as a clue to start searching e.g. in VirusTotal webportal to find a sample that matches the SHA-1 value exactly. If I find one, I can report the case to F-Secure Virus Lab and they can fix the false malware detection. Thismethod works well.

 

- Sometimes I see alerts like these in the PSB portal and think they may be false alarms:

 

File: ...blahblah...\Browny02\Brother\BrStMonW.exe

Threat: Heuristic.HEUR/AGEN.1019626

 

Here I see no Hash value to start searching for, so I cannot find an exact sample match to report. Searching for the file name is not possible in Virustotal and even if I find a file with that name elsewhere, it is ususally a different minor version of the same software, so it cannot be used to reproduce the false malware alert event and I cannot report the case to F-Secure Virus Lab to have it fixed.

 

Due to the lack of hash info in so many malware alerts (many of them obvious false alerts on the fist sight), I often feel helpless, as I would like to have them fixed by the FSC virus lab but can't find a way to submit them in a usable manner.

 

Please consider if anything could be done to alleviate this siuation!

 

Thanks in advance, Yours Sincerely:
Tamas Feher, 2F 2000 Kft., Hungary.

 

EDIT: Title

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
F-Secure Product Manager

Re: Lack of SHA-1 checksum on certain malware alert in the webportal

Hi Tamas,

 

Thanks for your post and request.

 

We've looked into this, and we should be able to add more information such as the hash to the portal.

 

I cannot give an exact timeline on this being available, but it's in our queue for implementation.

 

Best Regards,

 

Andy

 

1 REPLY 1
Highlighted
F-Secure Product Manager

Re: Lack of SHA-1 checksum on certain malware alert in the webportal

Hi Tamas,

 

Thanks for your post and request.

 

We've looked into this, and we should be able to add more information such as the hash to the portal.

 

I cannot give an exact timeline on this being available, but it's in our queue for implementation.

 

Best Regards,

 

Andy