F-Secure Computer Protection: Main differences compared to Workstation Security 12

fedool

Hello Robert,

We discussed it and decided to keep F-Secure in Company field, like it is now.
If we add it to the product name, "F-Secure" would appear in 2 places in uninstall entry.
And even Microsoft is removing "Microsoft" from product names - I can see it in my Windows10 machine where most of Microsoft apps don't have "Microsoft" in app name but only in Company name.

RobertBrown

thanks for the reply.

 

I guess Microsoft is well known.. so when you see Office 365 etc > you know its Microsoft.

 

when you see Computer Protection > the vendor name isnt so clear.

 

I also noticed you named - F-Secure Ultralight 1.1.14.0 (release) with the vendor in the name - so prehaps you might want to update this to match your new rules.

 

cheers

Robert

PetriKuikka

are now published in KB:

                https://community.f-secure.com/t5/Business/Remote-installation-of-Computer/ta-p/102154

 

Petri

Eurogroup

Hi,

looking at CEV It seems not so secure using integrated windows firewall...

However, do you will implement any interface in computer protection for configure firewall's rules or final users need to learn windows firewall interface?

 

Thanks

SergeH

Hello,

Using Computer Protection profile, the admninistrator using PSB has an interface to configure the Windows Firewall.

That is transparent to the final user.

 

Let me know if more information is needed.

 

Regards

Eurogroup

Hi,

administrator user sometime need to modify himself rules. Technicians who work from customers needs different rules for a while, and they need to change it "on the fly", whithout psb administrator (too long way).

Thanks

maaretp

The F-Secure's remotely managed windows firewall can have rules from both remote and local sources. You can add/remove separate rules both locally and through PSB Portal. However, please note these are different rules. The rules are processed overall so that all block rules, regardless of where they come from, have higher priority than allow rules.

 

You could set up a PSB profile with the block rules you want to enforce in this environment, and the user is able to add more block/allow rules as long as they are not conflicting with these.

fedool

I want to add that no matter how good UI we could add to our product to manage firewall rules, Microsoft Firewall Rules editor would still be easier to use.

Just because it's very well documented and has plenty of examples how to do concrete things with it in the Internet.

etomcat

Dear Sirs,

 

I wish to ask if a fixed date has already been set by F-Secure Corp. for the centralized replacement of existing FSAV PSB WKS 12 installations with the new CP 17.x product?

 

Thanks in advance, Yours Sincerely:

Tamas Feher, Hungary.

PetriKuikka

Hi @etomcat,

 

date has not yet been set. We are hoping to get first pilots running in a month or so and depending how they go then enable it for all partners.

 

For this upgrade each partner (solution provider level) can decide when the upgrade is run and F-Secure will only run the forced upgrades later this year. We will have lot more information available on this once we are done with the development work and ready to go live.

 

Petri

etomcat

Dear Petri,

Thanks for the quick response!

> We are hoping to get first pilots running in a month or so and depending how they go then enable it for all partners.

- Would you recommend waiting that long or jump to CP17 now?

(I think the main appeal of waiting passively until auto-conversion time is that it puts all responsibility on F-Secure Corp. If a customer performs the transition to CP now, on their own initiative, they are at least partially responsible, if things go upside down.)

- If you recommend upgrading to CP17 now, is there a scripted methodology (knowledge base article) which the brave can follow to make the transition on their own, on a fleet of a few hundred PSB WKS 12 computers?

Thanks in advance, Yours Sincerely:
Tamas Feher, 2F 2000 Kft., Budapest, Hungary.

PetriKuikka

Hi @etomcat,

 

I see no reason to wait for F-Secure profile migration and channel upgrade if you have means to handle following 2 things:

1. Deployments for the upgrades. We don't have yet the full solution for being able to rollout installations and upgrades to 100s of computers, but we already have this solution that has been used by several of our customer successfully.

2. You don't have problem manually creating the needed profiles for the new CP 17 installations.

 

We are working hard on getting the profile migrations and channel upgrade available for all of you.

 

Petri

rivernet

Is there a way to backup any settings in F-Secure Workstation Security so I can reconfigure any of those settings (blocking programs, etc) in the new version of F-Secure?  I know it uses the Windows Firewall instead of it's own and I want to make sure my settings are the same.

AndyRD

Hi,

 

There is no way for you to save the settings from Workstation Security to bring them to Computer Protection.

 

We are currently working on Migration scripts which will convert your existing profiles to the correct format used by Computer Protection, and we anticipate that it will be ready during the spring time.

 

Best Regards,

 

Andy

 

etomcat

Dear Sirs,

 

Would it be possible for F-Secure to release a short formal statement (maybe a single-page PDF document) which says the totality of information security protection capabilities in "F-Secure PSB Computer Protection 18.3" software is not less than the capability of the outgoing "FSAV PSB 12.01 for Workstations" software?

 

Some customers need it for auditing purposes, since the independent auditor only sees the roster of features and notes some are missing, like firewall and starts to nitpick about the acceptability of conversion. Thus a plainly worded vendor's statemernt about "PSB Computer Security 18" being the worthy successor would go a long way towards disarming reservations.

 

Thanks in advance, Yours Sincerely:

Tamas Feher, Hungary.

AndyRD

Hi Tamas,

 

I will take this request forward within our team, to see what we can do.

 

Best Regards,

 

Andy

 

NinjaLee

What's taking so long to release a .msi offline installer?

fedool

---

@NinjaLee wrote:

What's taking so long to release a .msi offline installer?

---

Hi,

 

I could go into details but they are not that important.

I can only say that we are doing it and like it often happens in Software Development - one thing requires changes in another and another requires rearchitecturing third and changing third not possible without full rewriting etc.

But when we finish - Computer Protection will become even lighter, faster and more reliable.

We will have single installable .msi file which would install very fast (or online/offline  exe if you prefer that) and you should see lower memory footprint and that it works faster.

 

But it takes time to do...

linck_tello

Hi F-Secure

 

Some things.

 

1. The new Computer Protection have only 16 categories to block the browsing protection when the usual is that the new versions have more functions. The workstation version have more categories, why?

 

2. The Application control soulbe renamed because this is more a malware prevention/execution from critical paths. (used by malware and payloads). One Application Control module is used to block/permit the application execution or installation, for example, P2P apps, Remote Control Apps, Games Apps, etc.

 

3. The computer details should be display more info as Last Loged User, Basic HW Inventory and SW Inventory.

 

4. The Portal should be permit create Groups for a best computer organization becase today is a large list of computers. 

 

5. PSB don't a have a Central Quarantine.

 

6. PSB don't permit execute a remote clean up of computer infected.

 

Regards

 

Linck Tello Flores

www.innovare.pe

 

 

fedool

---

@linck_tello wrote:

Hi F-Secure

 

Some things.

 

1. The new Computer Protection have only 16 categories to block the browsing protection when the usual is that the new versions have more functions. The workstation version have more categories, why?

 

2. The Application control soulbe renamed because this is more a malware prevention/execution from critical paths. (used by malware and payloads). One Application Control module is used to block/permit the application execution or installation, for example, P2P apps, Remote Control Apps, Games Apps, etc.

 

3. The computer details should be display more info as Last Loged User, Basic HW Inventory and SW Inventory.

 

4. The Portal should be permit create Groups for a best computer organization becase today is a large list of computers. 

 

5. PSB don't a have a Central Quarantine.

 

6. PSB don't permit execute a remote clean up of computer infected.

 

Regards

 

Linck Tello Flores

www.innovare.pe

 

 

---

 

Hello,

 

It is a good list of additional features and we have all of them in our backlog so they will appear in Computer Protection.

 

I only don't understand point 6. Can you elaborate what did you mean?

You can schedule remote computer scan operation from portal which will automatically clean infected machine. We always handle infections during scan and don't allow to "ignore" them.

 

etomcat

Hello,

 

> PSB don't a have a Central Quarantine

 

Regrettably F-Secure PSB webportal lacks the ability to click on a particular virus alert under the Reports / Infections list and select "submit binary sample to lab".

 

This missing feature makes it essentially impossible to use PSB WKS 12 and CP18 e.g. in school environments, where I see a LOT of obvious Deepguard false blocking alerts on Delphi and Basic language program code, as written by pupils during courses. Since there are so many schools with so many classroom computers, located all over the country and mostly lacking on-site system administrators, we just can't ask anybody to go there and fetch a sample via physical access. As the program code are one-off, having the Deepguard reported SHA-1 checksum means nothing. Thus, those false alarm incidents cannot be investigated for lack of a binary and never get fixed.

 

We desperately need remote file sample submit capability, I have been begging F-Secure Corp. for over a year to implement this skill in the PSB webportal, at least for Solution Provider accounts, but nothing happens. (F-Secure is probably afraid of the kind of legal / PR scandal which hit Kaspersky Lab when their auto-submission system downloaded an "under construction" new trojan malware sample from an NSA laptop...)

 

If we had the long-promised F-Secure PSB integrated remote desktop capability, that would be a passable alternative to collecting file samples manually to fix the DG false alarm problems, but remote access was also never implemented. I feel helpless stuck in this situation.

 

Yours Sincerely: Tamas Feher, Hungary.

fedool

Tamas, I think you will be pleased to hear that this feature is in our backlog. It will be added.

 

But I don't think it will help with false positives on fresh compiled samples - they are just too fresh. We have a lot of developers at F-Secure and we have the same problem - our own code gets blocked from time to time.

So, we try to improve it and remove false positives from locally built binaries but that's not trivial to do securelly (just because it can allow attacker an easy way into the system).

AndyRD

Hi Tamas,

 

Thankyou for your comments.

 

We will be adding remote quarantine support to Computer Protection, later this year. This will allow the admin to manage the quarantine contents from the portal, and we will look into the possibility for the admin to submit samples directly from the quarantine, remotely.

 

Quarantine does not work with DeepGuard at all, DG6 simply blocks access to the file if it is detected. We will look into possible solutions around this. For the moment, we would recommend the use of exclusions, and have the students generate their files to an excluded location.

 

Best Regards,

 

Andy

 

altmihai

Unfortunately, Computer Protection it works bad than Workstation Security 12.... (for me)

I scan several computers with both versions (Computer Protection and Workstation Security 12).

For every computer, Computer Protection version, scanning to full (with full protection settings), find much less number of files on every computer (than Workstation Security) and also, find much less infected files.

So, I will try for few times on another computers, maybe I made something wrong.

If the result is the same, I will reconsider my option for another antivirus program solution. For me, security for my clients, is not just "design", is not just words, is not just "fashion"...

I work with F-secure from year 2000.

So, I want to Thank You for your products and services (even if not always was better)!

Kind regards,

Mihai 

 

P.S. - I'm sorry for my poor english!...

maaretp

Can you provide us more information on what do you have on those computers that you find on one and don't find on the other? We definitely want to understand how you get to this experience and improve whenever we can.

 

Our experience has not been the same, as per our understanding the detection capabilities are on par on the two products. Understanding your case would be a valuable opportunity for us to learn on your use case.

altmihai

Hello!

... how to start this discussion? ...

First of all I'm sorry for my poor english!...

... I am very disappointed at both the "qualitative" level of the new "business" product - Computer Protection and the way Workstation Security has replaced the new "solution" ...
I just woke up with the new Computer Protection software installed on my computer without giving my approval and permission!
And the same thing happened to my clients.
Some of them did not realize the change, they just remembered that they had to restart their computers (some restarted without the user taking the idea ...).
And other clients even showed dissatisfaction.
In connection with what I have said in the previous message, and according to your requests to come up with more information to support me, I can send you the scan reports I made; I first scanned a computer with Computer Protection, then I scanned the same computer with Workstation Security.
Both programs were set to "full scan", as much as each program allowed me to. (Computer Protection, although it's a "business" option, in the way it limits me to the program settings, it's more like a "home-use" option).
In Computer Protection - "full scan":
- The program lasted from 9:41:02 PM to 11:01:14 PM;
- Items scanned: 777419;
- Harmful items found: 499.
And he did not clean up anything!

 

In Workstation Security - all "full scan":
- The program lasted from 23:57:54 to 01:20:00;
- Result: 1544 malware found.
- Scanned:
• Files: 1361051
• Not scanned: 65
result:
• Viruses: 1534
• Spyware: 0
Suspicious items: 10
• Riskware: 0
Actions:
• Disinfected: 13
• Renamed: 0
• Deleted: 0
• Quarantined: 0
• Failed: 5
Boot Sectors:
• Scanned: 2
• Infected: 0
• Suspicious items: 0
• Disinfected: 0
;
Result of comparison:
- Workstation Security is faster than Computer Protection;
- Workstation Security scan more files than Computer Protection;
- Workstation Security dectect more infected files than Computer Protection;
- And Workstation Security has at least disinfected some files, while Computer Protection has not cleaned anything.

It's not just words. It's facts.

 

My conclusion:
- Computer Protection is not a real "business" antivirus program;
- Computer protection is under level of Workstation Security;
- F-secure Company install a program on my computer and change my protection program (with another whorst ...), and other computers too, without warning me and without my permission!

And I and my clients paid for the Workstation Security variant!

For the above, I decline my support for F-Secure products, and I will therefore recommend to my clients and those I interact with to focus on other protective products.

Kind/Best regards

Mihai

altmihai

I came back with a supplement:
- the computer that I scanned with F-Secure products, I finally cleaned it with other antivirus programs;
- and at this point my client uses Kaspersky's Endpoint Security solution on that computer...

PetriKuikka

Hi Mihai,

 

thank you for the more detailed report on what you are experiencing. It would have been really useful if you had run the support tool after these tests and sent us via support the fsdiag file, so we could have analysed this even more thoroughly.

 

Here is some analysis based on the data we can see from here:
- First of all the manual scan of a computer is not the most imporant protecting for modern viruses and Computer Protection has lot more new capabilities on other area compared to Workstation Security.

- The amount files being scanned is so different just because the set of file extensions we scan is different with default settings.

- Speed difference is just some minutes and I think WKS 12 was actually 2 minutes slower in the 1 hour 40 minutes times. If you would have tested the scan times for second time the time for CP should drop a lot, as the first scan caches lot of information on the clean files and optimizes the scan times that way.

- On the cleaup of the infection - based on the numbers from both the WKS12 and CP, it looks like most of the infected files are inside archives and we do not cleaup them. We are still wondering why you could not cleanup anything during the scan. It should not have worked like this.

- About the upgrade without permissing - are you a partner level user or company level users? With partners who do Security as a Service the partner actually decides when to do the upgrades and how to communicate to their customers. We haven't yet started any forced upgrade due to EOL for WKS 12, but those will start during this month.

 

Again, I'm really sorry for the bad experience with our product. If you could still send the fsdiag support file to our support with the scan results this would help a lot us.

 

Br,  Petri