To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

F-Secure Computer Protection MacOS - scanning exclusions

AntiHawk
AntiHawk W/ Alumni Posts: 1 Security Scout
in WithSecure Elements Endpoint Protection

Hi,

 

I'm running into problems on my MacOS laptop that are related to F-Secure Computer Protection installation:

 

After installing F-Secure Computer Protection (version installed: 17.5 (20488)) I have noticed significant performance loss especially when running virtual machines in VMware Fusion.

 

I have tried to apply this solution to F-Secure Computer Protection:

https://community.f-secure.com/t5/F-Secure-SAFE/F-Secure-SAFE-Mac-scanning/m-p/92071

but while it might have helped somewhat it is not enough.

 

While Malware Protection is on I'm seeing finder freezes time to time, applications run slow when system is under high disk I/O load and VMware Fusion becomes unusable until I disable Malware Protection under F-Secure Preferences.

(when booting up VMware Fusion virtual machine for example Windows 10 it might take over 15 minutes to it to become usable at some level).

I'm running latest MacOS version and patch level on MacBook Pro (15-inch, 2016) which is still considered to be fairly new.

Disabling XFENCE did not affect performance.

 

I'm now in need to exclude the virtual machine's files from realtime scanning to be able to fully use this product.

Is there any way to implement file exclusions by extensions or path with configuration files while exclusions are still unavailable from PSB portal or Preferences Panel?

 

 

Comments

  • kukushechkin
    kukushechkin W/ Alumni Posts: 32 W/ Former Staff

    Hi. No, unfortunetely there is no path exclusions in Mac products at the moment, there is even no magic internal file you can modify, however, as it one of the most requested (obviously) features, we will deal with it in the near future.

     

    What about your case with VMWare, please, contact support, provide them fsdiag files and ask to mentione that that fsdiag is related to this topic.

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    Hello,

     

    > unfortunetely there is no path exclusions in Mac products at the moment, there is even no magic internal file you can modify

     

    Would it be possible to "abuse" the Mac OS X permissions system to ban F-Secure software from accessing the folders which need to be excluded from scanning?

     

    (Apple Mac OS X is apparently based on the BSD kernel and Un*x-style operating systems have elaborate "rwx" permission schemes for file and folder access.)

     

    Best regards: Tamas Feher, Hungary.

  • kukushechkin
    kukushechkin W/ Alumni Posts: 32 W/ Former Staff

    Oh, that's a witty idea. Indeed, fsavd process is being launched sandboxed and you can prevent it from scanning partcular pathes by denying sandbox access, but I have doubts it will fix performance issues as interception will still happen. But feel free to try, results could be very interesting :)

     

    So, in order to deny access to a particular subpath, add following lines to /usr/local/f-secure/fsmac/sysconfig/fsavd.sb:

     

    (deny file-read*
       (subpath "/Users/tester/Downloads"))

     

    This will prevent Downloads folders of user tester from being scanned.

This discussion has been closed.

Categories