Best Of
Re: Re: Aquarius updates not being sent out to clients
Greetings Everson,
First of all, thank you for sharing your concers with us regarding these threats targeting Brazil.
I'd like to share that the eight Virustotal samples mentioned in your post are at this moment already detected by signatures.
Like it has been shared in this thread, Virustotal can be useful to get a quick assessment on a sample, and it should be noted that many of the protection layers available in F-Secure products won't be visible in Virustotal results, including Deepguard, Security Cloud, etc.
I'd recommend having a look at the latest edition of our Deepguard whitepaper to gain some insights on F-Secure's multi-layered security approach:
https://www.f-secure.com/documents/996508/1030745/deepguard_whitepaper.pdf
To better address your concerns regarding Brazil-specific malware, we have already discovered some points were we need to make improvements and the protection coverage should gradually improve over the following weeks.
If you have additional samples that are missed, we would appreciate if you can continue submitting them through our SAS portal.
Finally, we would like to thank you once again for helping us improving our protection and products.
Re: F-Secure: left hand doesn't know what the right hand is doing? (PSB remote FSDIAG confusion)
Hi Tamas,
As MonikaL shared, obtaining the file samples during the first stage would be the most efficient way to resolve a false positive case.
The binaries are required for us to debug how the false positive may occur in a particular file and then apply the necesary fixes, while keeping the protection on a good level to still detect valid malware samples.
In some cases, the samples may be publicly available or already in our backend. I would recommend whenever possible to provide at least the file hash (SHA1) when filing a false positive case, so that we can check if the sample is already available to us.
The PSB Management API documentation contains some examples on how to generate a report containing the detection details (including SHA1) programmatically:
https://help.f-secure.com/product.html?business/psb-rest-api/1.0.0/en/concept_216D5455656A49A38AA049D6C7B37427-1.0.0-en
For cases where the sample is not available to us (e.g. internally-developed software), there's an easy-to-use F-Secure tool available that we recommend to both Home and Corporate users to utilize in order to safely retrieve the quarantined files before submission.
The tool would have to be executed at the endpoint where the samples were quarantined, and its usage instructions are described here:
https://community.f-secure.com/t5/Common-topics/How-do-I-collect-quarantined/ta-p/78104
As PSB currently doesn't feature remote sample submission capabilities, I hope you find the above information useful for the time being.
Re: False positive, after false positive...
Dear hyvokar,
My name is Victor, from the Anti-Malware Unit here in F-Secure.
I'm glad you have reached us regarding these URL false positives, and I'm sure we'll be able to reach a satisfactory solution.
I'm sorry to see that these false positives are a cause of frustration, so the first thing I've done is revise the 4 URL's submitted above and corrected their content ratings (3 of them were incorrectly classified as Adult content, while the other one was due to a heuristic phishing rule), so you should be able to access them again.
To answer your question about what we are doing to prevent these false positives, I've been personally working closely with other members from the Labs for the past few months in reducing the amount of false positives, which should have been reduced as compared to earlier this year.
There's still much work to be done, as the issue is technically complex to resolve, so what we can do for the time being is continue collecting your valuable feedback on sites that are blocked, so that we can work out the best way to address each one of them.
I've seen you had opened a case with us back in July, so what I can recommend to make a more efficient use of your time would be to create a new case through the link below (once), and then keep on communicating with our analysts directly via email through that same ticket when you spot a new blocked site.
It could also be helpful to submit a few problematic URL's in batch inside a text file, so that all can be handled as one submission.
https://www.f-secure.com/en/web/labs_global/submit-a-sample
Would that be agreeable with you?
Re: Password Protection Android does not work
1. I have a license for PwP. I have been using PwP on 2 win/mac workstations successfully for a few weeks now. I see both devices in PSB portal PwB section. I downloaded the android app from Google Play. Actually the PwP app is not available via PSB portal (lataukset), only clients for win/mac.
2. I have partner admin access to the psb portal, but the URL is https://emea.psb.f-secure.com/ - no idea if emea2 named portal is different?
The app installs just fine but there is no possibility to insert license codes or anything, it just show white screen (with some grey squares).
I uninstalled the app -> went to PSB portal PwP section -> resent the activation email -> this email contains option for Android -> opened the link in my phone -> installed -> synced -> works!
However, if we have dozens of end users, many will download the app directly from Google Play and it definitely should be working procedure also this way.
VilleH7
Re: Problem installing with exported msi F-Secure Client Security 14.00
Computers with this problem has windows 10 with bulgarian translation, and when i switch to english translation, f-secure client security 14.00 .msi packedge installs with no problems.
jossna
Re: Client cant pull updates from policy manager
Im sorry i meant i created a ticked but didnt get a response so far.
Thomasvr
Re: Linux Agent LS64 Changelog (Elements, Business Suite, Standalone)
F-Secure Linux Security 64 RTM Release Notes
F-Secure Linux Security 64 provides an integrated, out-of-the-box security solution with strong real-time protection against viruses and potentially unwanted applications. It also includes host intrusion prevention (HIPS) functionality that provides protection against unauthorized system modifications, userspace and kernel rootkits. The solution can be easily deployed and managed using F-Secure Policy Manager.
Main features in this release
- New on-access scanner for continuous protection.
- New system integrity checker for protection against unauthorized system changes.
- Support for manual scanning of files.
- Configurable automatic updates.
- Support for management using F-Secure Policy Manager.
Supported platforms
Linux Security 64 supports the following Linux distributions:
- CentOS 7
- RHEL 7
- Oracle Linux 7
- Amazon Linux 2.0
- Debian 9
- Ubuntu 16.04
- Ubuntu 18.04
Dependencies
Linux Security 64 requires the following packages to be installed before installing the product:
CentOS, RHEL, Oracle Linux, and Amazon Linux
- fuse-libs
- libcurl
- python
Debian and Ubuntu 16.04
- libfuse2
- libcurl3
- python
Ubuntu 18.04
- libfuse2
- libcurl4
- python
Installation
To install Linux Security 64, you first need to create an installation package using Policy Manager, then use that installation package to install the product on the target machine.
Note that you will need Policy Manager version 14.20 to install and manage Linux Security 64.
- Create the installation package:
- In Policy Manager Console, select Tools > Installation packages from the menu. This opens the Installation packages window.
- Click Import.
- Select the Linux Security installation package you want to use and click Import.
- Select the imported installation package in the packages list and click Export.
- Specify a name and a folder for the exported zip file. A Remote Installation Wizard window will appear.
- Click Next.
- Enter your license keycode for the product and click Next.
- Adjust the address of your Policy Manager Server and its HTTP and HTTPS ports if necessary, then click Finish.
-
Copy the exported zip file to the Linux host in your network.
- Install the product:
- Log into the Linux host as
root. - Make sure that you have the prerequisites installed (refer to the dependencies listed above).
- Extract the zip file into an empty directory.
- Run the following command:
bash f-secure-linuxsecurity/f-secure-linuxsecurity-installer - Read and accept the license terms when prompted.
- After the installation process finishes, Policy Manager Console will shortly show the Linux host in Pending hosts list.
- Log into the Linux host as
Uninstallation
You can uninstall the product from the command line.
- Log in to the Linux host as
root. - Run the uninstallation command:
- RHEL-based distributions:
rpm -e f-secure-linuxsecurity - Debian-based distributions:
dpkg -r f-secure-linuxsecurity
- RHEL-based distributions:
Known Issues
- CSLP-3319: Manual scanning cannot be invoked from Policy Manager Console.
- CSLP-3320: Scheduled scanning reports do not contain checksums of the detected files.
- CSLP-3321: Scheduled scanning reports do not contain engine names and versions.
- CSLP-3322: Command-line and scheduled scanning also applies malware actions to files that are part of integrity checker baseline.
- CSLP-3323: Manual channel updates cannot be triggered from Policy Manager Console.
- CSLP-3289: All alerts are not mirrored in the system log.
- CSLP-3327: Removing the product does not stop or remove f-secure-linuxsecurity-scand service.
Samuel_L
Re: Linux Agent LS64 Changelog (Elements, Business Suite, Standalone)
F-Secure Linux Security 64 Update 12.0.35 Release Notes
Change Log
- CSLP-3327: Uninstalling Linux Security 64 now properly stops and removes all the associated services.
- CSLP-3289: Alerts are now visible in system log.
Known Issues
- CSLP-3319: Manual scanning cannot be invoked from Policy Manager Console.
- CSLP-3320: Scheduled scanning reports do not contain checksums of the detected files.
- CSLP-3321: Scheduled scanning reports do not contain engine names and versions.
- CSLP-3322: Command-line and scheduled scanning also applies malware actions to files that are part of integrity checker baseline.
- CSLP-3323: Manual channel updates cannot be triggered from Policy Manager Console.
Samuel_L
Re: Linux Agent LS64 Changelog (Elements, Business Suite, Standalone)
F-Secure Linux Security 64 Update 12.0.52 Release Notes
Change Log
- Added support for Red Hat Enterprise Linux 8 and Suse Linux Enterprise Server 12.
- Configuration changes done via Policy Manager now applied more rapidly to Linux Security 64 installations.
- Miscellaneous bug fixes.
Known Issues
- CSLP-3319: Manual scanning cannot be invoked from Policy Manager Console.
- CSLP-3320: Scheduled scanning reports do not contain checksums of the detected files.
- CSLP-3321: Scheduled scanning reports do not contain engine names and versions.
- CSLP-3322: Command-line and scheduled scanning also applies malware actions to files that are part of integrity checker baseline.
- CSLP-3323: Manual channel updates cannot be triggered from Policy Manager Console.
Samuel_L
Re: Linux Agent LS64 Changelog (Elements, Business Suite, Standalone)
Change Log
- CSLP-3462: Fixed a crash in f-secure-linuxsecurity-scand.service that occurs during the scheduled scanning when scanned files have invalid UTF-8 codepoints in their file names.
- CSLP-3468: The amount of skipped files (scan errors) has been limited to 1000 in the scheduled scan report to avoid sending too long scan reports to Policy Manager.
- CSLP-3465: Removed the EULA acceptance prompt during the installation.
- CSLP-3485: Allow a regular user to run fsanalyze.
Samuel_L