Hello,   > She'll continue posting false positives here.   Alleged file and website false alarm cases need to be submitted at this URL, you instantly receive an automatic response with ticket ID and the usual time of re-evaluation result is just under 3 hours:   https://www.f-secure.com/en/web/labs_global/submit-a-sample   (Making noise in the forum isn't going to magically solve anything.)   Best Regards: Tamas Feher. ... View more

Dear PSB Team,   We have a PSB EMEA "SoP" account with app. 5300 devices under it. Using the portal account with IE browser is acceptably swift, but the views (e.g. list of computers, list of infection reports) are displayed in a kind of blurry font, even though menus of the browser and OS are sharp at the same time.   Using Firefox results in overall sharper view, but that browser struggles to compose long lists in the portal without freezing, e.g. the rooster of computers with PSB WKS or CP Standard or CP Premium installed on them. Seems like their "Gecko" web rendering engine has lower performance than Microsoft's Triton, which would be hard to fix independently?   Thus, please check if something could be done to offer sharper PSB portal font display for IE browser users, since that one seems to have the necessary list-processing power?   (Being on Win 8.1 OS I don't have the Edge browser and I'd rather not use Chrome, since Google Alphabet Inc. lives off syphoning away and selling data and the PSB portal works with customer's data.)   Thanks in advance, Yours Sincerely: Tamas Feher, Hungary. ... View more

Dear Fedool,   Thanks for your quick action in the Windows Fax case!   I would like to ask for another lab-related intervention, however:   I use e-mails sent to "xxx@xxx.com" to submit false alarm reports. There I ususally quickly receive automatic answers with the ticket ID in them, but the human response with the re-evaluation verdict consistently takes a longer time to arrive, like 2-3 workdays.   It seems submitting malware detection cases via the webform on F-Secure's site results in a much quicker human response, often as soon as within 1-2 hours: https://www.f-secure.com/en/web/labs_global/submit-a-sample   On the other hand, using the web form is difficult for me, since we need to keep track of what we submit (GDPR, etc.) That's easily achieved when using the e-mail venue, but the webform based method kinds of forgets the orignal submission, so when we recieve a response that doesn't show what the question I entered was, only the analyst's answer and verdict. That makes keeping track of submissions difficult.   Thus, I would like to ask that the above mentioned PARTNER sample submission e-mail address should be given at least equal priority in lab case processing, compared to the web-based submission method.   Thanks in advance, Yours Sincerely: Tamas Feher, Hungary.   EDIT: Removed Email address ... View more

Dear Fedool,   Thanks for your quick response!   > Please add details here   The PSB SoP webportal reports the following incident:   Date and time: 03/18/2019 09:33:27 AM   Computer: https://emea.psb.f-secure.com/#/c285931/devices/computer/2064347   OS: Win 8.1 Pro 64-bit, version 6.3.9600   Software: FSAV PSB Computer Protection Premium 19.2   Module: DataGuard   File: C:\Windows\System32\WFS.exe   Target: C:\Users\Ferencz Krisztina\Documents\Fax\Inbox\WelcomeFax.tif   Threat: reports.infections.types.ransomwareAccessControl   Action: Blocked   Thanks in advance, Yours Sincerely: Tamas Feher, Hungary. ... View more

Dear Fedool,   I would like to ask if a DataGuard trust re-evaluation could also take place for the F-Secure lab ticket xxxx (theme: FSAV PSB CP19 blocks the operation of Windows 8 built-in fax).   Thanks in advance, Yours Sincerely: Tamas Feher, Hungary.   EDIT: Removed Case number ... View more

Dear Maaret,   Thank you! Using your instructions I was able to fix the .NET pre-requisite on my notebook, so it received PSB CP19.2 eventually.   On the other hand, I feel the same manual process would be too complicated for un-attended PSB locations and many F-Secure home-user customers, who are now also receiving new FSIS versions with the .NET pre-requisite condition. For example, I had to do the .NET reset process twice with reboot to succeed and the website's description says some people had to repeat it 3x times to be effective.   I feel F-Secure needs to find some automatic remediation for those customers who have problems with .NET v4.72 not installing on their computers. Especially since the minimum version requirement of .NET is likely to increase in the future, so the problem could emerge again and again! F-Secure's ethos has always been about automation and un-obstrusive operation, so the current situation is rather unfortunate.   Thanks in advance, Yours Sincerely: Tamas Feher, Hungary. ... View more

Dear Maaret,   Could you please confirm if the F-Secure home user products, like Internet Security, are now also suffering from the .NET pre-requisite installation failure problem?   Thanks in advace, Yours Sincerely: Tamas Feher, Hungary. ... View more

Dear Fedool,   Thanks for your quick response!   > Woudn't that be nice if you could submit false positive from portal from the "Infections" list?   Yes, certainly!   (The main problem for me currently is when schools use FSAV PSB, where pupils write program code during IT class but Deepguard false alerts on them. Since the files are entirely new, I can't do anything with their SHA1 hash reported in the alert, as they can't be found on Virustotal, etc. They also have zero reputation and zero prevalence, so the virus lab also can't help me without access to the binary file sample.   Another problemful situation is when FSAV PSB makes a potentially false virus alarm, but only the file path and name are provided in the alert, without hash value. I think some of the multiple scan engines inside F-Secure don't support the hash? Anyhow, that way I can't precisely verify if the file is known to Virustotal, etc., so I cannot report it to the virus lab without a binary sample and I can almost never obtain that.)   These kind of catch-22 situations could be solved like a gordian knot only if remote file sample submission became possible one way or another.   In fact, I would say "remote quarantine management" feature is dangerous without also having remote sample submission! I mean the observer of PSB SoP/SeP webportal is physically distant from the end user customer, who experiences an alleged false alarm. It's not responsible to restore and allow a quaratined file without first verifying its benign nature either in person or via Virustotal, etc. (but FSAV seldom provides the SHA-1 in alerts) or having received a second opinion from the virus lab upon sample submission.   It would be risky to rely on just the customer's word over the phone that the file is OK and worthy of restoration from quarantine. (You can't imagine the daily amount of activator, crack, warez, patch, serialz, spyware-in-shareware, fake freeware, etc. related malware alerts in see in an 5000-ish endpoint PSB SoP webportal. I'm in a landlocked country, yet it appears to be entirely populated by pirates and their parrots... I'm fairly sure if asked in person, 99% of the customers would claim to be entirely legal.)   Best regards: Tamas Feher, Hungary. ... View more

Hello,   F-Secure Policy Manager Server uses 80, 8080, 8081 and 443 by default, but those ports are often pre-occupied by IIS or Apache, etc.   A long time ago I have seen an F-Secure presentation where the ports were modified during setup wizard to become 85, 8085, 8086. That's what I recommend to customers here (and to change port 443 to 8443). If the customer's network isn't very large (e.g. multiple sites and with heavy internal partitioning) than such port numbers should work without problem.   Best Regards: Tamas Feher, Hungary. ... View more

Dear Mr. Petri Kuikka,   - I wish to point out that remote FSDIAG apparently only works with CP 19 security software, but now with the remaining FSAV PSB WKS 12.01 computers.   - Please also introduce remote file sample submission, as I have great difficulty reporting false malware alarms in FSAV PSB, owing to the difficulty of collecting binary samples within such a dispersed computer population. I'm afraid that feature wish, while already registered, may remain in the developer's limbo list forever.   Thanks in advance, Yours Sincerely: Tamas Feher, Hungary. ... View more

Dear Maaret,   Thanks for your quick response! I have submitted an FSDIAG as support case number xxxx.   From a broader perspective I find the situation highly problematic as the mandatory F-Secure PSB channel upgrades are supposed to start today (March 11th) on a daily 10% conversion basis, but many computers which are still on PSB WKS 12.01 won't be able to migrate to PSB CP 19.2 due to the dotNET snafu.   Thus F-Secure Corp. has created a big problem for itself, conservating a large number of endpoints on the old platform, possibly for months and likely requiring manual intervention to fix them. (If F-Secure Corp. had let CP 19.1 in place in the channel until the PSB WKS 12 pool fully migrates, those computers would have been able to adopt the dotNET-less product successfully and already be on the new generation protection platform.)   Yours Sincerely: Tamas Feher, Hungary.   EDIT: Removed Case number ... View more

Dear Maaret,   .NET 4.72 installation failed with error code: (0x00000476) ERROR_TOO_MANY_LINKS (attempt was made to create more links than the OS supports).   Please revoce the FSAV PSB CP version 19.2 immediately! It is unacceptable that so many computers are running at CPU full throttle, attempting to install .NET again and again at every hour, in complete vain! Those computers may as well mine crypto-coins as that would be the same with regards to wasting electricity and over-stressing electronic components with protracted 100% CPU load.   I also cannot accept that F-Secure is basing anti-virus security on something as fragile as .NET! F-Secure products already cannot protect against ransomware, because the hindi hackers come in through remote access and turn off F-Secure services and processes, which do not protect themselves with a password against unloading, unlike Kaspersky. Thus encryption of files can then happen undisturbed. Now F-Secure is further weakening itself by relying on a fragile and often changing Microsoft technology.   Considering that .NET is used for nothing but to display the "About" screen in PSB CP 19.2, it is ridiculous that F-Secure caused all these problem just to introduce it. I am now thinking about switching to Sophos after 18 years, due to the .NET snafu and the high false malware alarm rate seen with F-Secure DeepGuard and the Avira Capricorn scan engine.   Best Regards: Tamas Feher, Hungary. ... View more

Hello,   I can also report that "PSB One Client 4.02 build 1067" fails to install on my fully Microsoft Updated "Windows 8.1 Pro 64-bit" laptop. During repeated installation attempts the laptop makes a lot of cooling fan noise due to high CPU load. Because of the above situation "FSAV PSB CP 19.1 Premium, One Client 4.01 build 168" remains in use as of now.   Best Regards: Tamas Feher. ... View more

Dear Fedool,   > We cannot add user paths to be trusted by everyone because they are in unprotected folder by default   I'd hope F-Secure could approach Microsoft Corp. with that problem and convince them to relocate the OneDrive program to a more systematic folder path, were Windows OS protections are available (so that 3rd party security software can better trust the cloud client).   Yours Sincerely: Tamas Feher, Hungary. ... View more

Dear Fedool,   Thanks for your qick response!   I have posted a (tangentially related) new thread in the community's Partner forum section: https://community.f-secure.com/t5/Exclusively-for/Need-quot-anti-flood-quot/td-p/115403   Yours Sincerely: Tamas Feher, Hungary. ... View more

Dear Fedool,   Thanks for your quick response!   > OneDrive is installed in C:\Users\ and not protected - we cannot trust it by default ... I wonder if you could add it to the list of trusted apps yourself in profile?   But if it is too dangerous for F-Secure Corp. to trust, why should I add it as an exception and shift the responsibility upon me? (Note: I'm not the affected end user, I just see those events happening in the PSB SoP portal and the 650+ DataGuard blocking messages are flooding the malware detection list which summarizes a total of app. 5000 computers, thus making the recognition of e.g. false virus alarm occurances rather difficult among the noise.) > malware can just inject there and do whatever it wants   I wonder if that should be prevented by DeepGuard? (F-Secure DeepGuard already injects a mini-DLL into processes, preventing other attacks.)   Best regards: Tamas Feher, Hungary. ... View more

Dear Fedool,   Please also suggest a solution for "Onedrive.exe" related Dataguard events? One particular computer is spamming the PSB SoP portal with 655 (!) recent alerts for "reports.infections.types.ransomwareAccessControl" regarding Onedrive and .docx files, as seen here:   https://emea.psb.f-secure.com/#/c282728/devices/computer/2475086   The use of cloud is gaining importance and some kind of by default solution is needed.   Thanks in advance, Yours Sincerely: Tamas Feher, Hungary.     ... View more

Hello,   > if I want to connect to the Active Directory Domain Controller on SAMBA   What is the version of Samba and what is the underlying OS: such exacting technical information would be important for any answer.   On the other hand, Samba is a kind of hack, a reverse engineered project, so official support is probably not provided for connectivity with that, only bona fide Microsoft AD.   Best regards: Tamas Feher, Hungary. ... View more

Dear Fedool,   > we will add sihost.exe and PickerHost.exe to exclusions   Thank you for the response and the solution offered!   I would also like to ask if the Microsoft OneDrive online storage service agent's trust status could be revised as well, since the adoption of "cloud-based" solutions is accelerating?   I mean frequently recurring incidents like this, where e.g. a description of imaginary city sightseeing in ancient Rome isn't approved by F-Secure Dataguard:   Computer: https://emea.psb.f-secure.com/#/c282728/devices/computer/2475086 OS: Windows 10 64-bit, version 10.0.17134 Software: F-Secure PSB Computer Protection Premium 19.1 Module: DataGuard   Date and time: 2019.02.28. 10:04:51 File: C:\Users\user.name.HT\AppData\Local\Microsoft\OneDrive\OneDrive.exe Target: C:\Users\user.name.HT\OneDrive\Dokumentumok\5.o töri\Városnézés az ókori Rómában.docx Threat: reports.infections.types.ransomwareAccessControl Action: Blocked   Date and time: 2019.02.11. 10:05:54 File: C:\Users\user.name.HT\AppData\Local\Microsoft\OneDrive\OneDrive.exe Target: C:\Users\user.name.HT\OneDrive\Dokumentumok\5.o töri\Ókori Róma (Automatikusan mentett).doc Threat: reports.infections.types.ransomwareAccessControl Action: Blocked   Thanks in advance, Yours Sincerely: Tamas Feher, 2F 2000 Kft., Hungary. ... View more

Hello,   Please hold back the installation if your schedule allows, as the next-gen "F-Secure 14.00 for Servers" product is currently in beta version and may be released soon. (F-Secure 12.12 is quite old software by modern standards and may have performance issues.)   Otherwise, the F-Secure 12.12 release notes don't mention "Windows Core" limitations, but Exchange 2019 support isn't mentioned: https://www.f-secure.com/en/web/business_global/downloads/email-and-server-security   Best regards: Tamas Feher, Hungary. ... View more

Hello,   I heard FSCS version 14.02 will publish soon.   Best regards: Tamas Feher, Hungary.. ... View more