SHA1 infection

Last two weeks my customers are getting this error without any explanation where the infected file is

F-Secure Protection Service for Business has identified the following security incidents:
Time;Account;Host;Infection;Action;Type;Infected Object;Infected Object SHA1

What to do?

Find more posts tagged with

Comments

CreativePC

Thanks. I will contact the customer again.

PetriKuikka

Hi,

unfortunately current client version just doesn't send that information to PSB portal. It should still show the real infections in the local UI > Advanced settings > Virus & Spyware scanning > View virus and spyware history all the found infections.

And then there is the link to latest scanning report at local UI > Advanced settings > Manual scanning > View last scanning report or with this direct link:
file:///C:/Program%20Files%20(x86)/F-Secure/Anti-Virus/FSAV_REP.HTM

Petri

CreativePC

Hi, Yes when servers are doing schedule/manual scanning the portal is giving me this alert:

An infection was found during a manual scan. As manual scan report details are not uploaded to the portal, please check the report on the local computer.

And the email alert gives this alert:

F-Secure Protection Service for Business has identified the following security incidents:

Time;Account;Host;Infection;Action;Type;Infected Object;Infected Object SHA1

2016-09-26 05:29:41UTC Customername Servername Reported File

And customer says that nothing is showned locally at server, so its a bit hard to find which file is causing this.

PetriKuikka

Hi,

and there is another case, where the infection object is missing in the infection emails, when system finds an infection during manual scanning or scheduled scanning. These again have explaining text in portal side, but still missing from infection emails. Also these will be fixed in next few releases.

Petri

PetriKuikka

Hi,

if these alerts have the SHA1 checksum, then these alerts are coming from the Deepguard. But can you explain where they see these? I just tested this with Deepguard and it nicely shows also the file location in PSB new portal under Infected object like:

\\?\c:\users\testuser\downloads\test.exe

b2d43a95958180b591ba52928d881fec57912506

Also the configured infection email from PSB portal, has the same file location. It is missing the sha at the moment, but that will be fixed soon.

Petri