F-Secure: left hand doesn't know what the right hand is doing? (PSB remote FSDIAG confusion)

etomcat
etomcat W/ Alumni Posts: 1,172 Firewall Master

Dear Sirs,

 

A few months ago it became possible to initiate FSDIAG remote diagnostic collection for F-Secure PSB protected endpoint computers, through the PSB webportal account. As the admin assigns the task, a long unique FSDIAG identifier is displayed in the portal.

 

I have since experienced several cases, where I contact F-Secure Virus Lab to inquire about this or that particular PSB endpoint computer, which seems to have suffered a complicated infection incident. The FSC virus lab responds by asking for an FSDIAG result and I tell them the unique ID (in fact the unique ID was part of my original submission).

 

Yet they respond they have no access to FSDIAG and want me to submit the TAR.GZ or ZIP package as attachment. But I have no access to the FSDAIG result, in fact the very reason centrally-remotely initiated FSDIAG capability was introduced to PSB system to make effective support possible.

 

Please quickly sort out why one branch of F-Secure doesn't know about or doesn't know how to use a feature developed by another F-Secure branch and fix the problem.

 

Thanks in advance, Yours Sincerely: Tamas Feher, Hungary.

Comments

  • MonikaL
    MonikaL W/ Alumni Posts: 206 W/ Former Staff

    Hi Tamas,

     

    Thank you for bringing this to our notice. Please be informed that we are currently checking on this with the respective team.

     

    I will update you on the progress.

    Thanks.

  • MonikaL
    MonikaL W/ Alumni Posts: 206 W/ Former Staff

    Hi Tamas,

     

    The F-Secure Labs Team will consider about using the remote FSDIAG feature after checking on the possible GDPR constrains of granting the access to the team.

     

    For the meantime, please take note that for malware and false positive incidents, we do still require the file samples to be submitted at the first stage.

     

    While FSDIAG may be useful at a later stage during an ongoing case investigation, FSDIAG doesn’t contain the actual detected samples that we require to fix a detection. In most cases it is often sufficient to submit the affected file samples without requiring an FSDIAG to resolve the case.

     

    Thank You.

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    Dear MonikaL,

     

    > In most cases it is often sufficient to submit the affected file samples

     

    In most F-Secure PSB related false virus alert cases, it is simply impossible for us to obtain binary file samples!

     

    The essence of PSB is that there is no IT Security infrastructure on-site: the customer has no competent person on location and we don't have remote desktop access to them and most often haven't ever been to the town the customer is located and have no contract or even contact with them (e.g. many dozens of primary and secondary schools in the countryside in our case). How I am supposed to provide the lab with binary samples then?

     

    I have been begging F-Secure to implement remote sample submission capability in the PSB SoP / SeP webportal accounts, but they always blame some kind of a bureaucratic obstacle. Without that capability and considering the relatively frequent occurance of Capricorn and DeepGuard scan engine false malware alarms, it is difficult to operate PSB effectively. The pattern I see is that whenever a false alarm occurs, PSB tends to get locally uninstalled from the particular endpoint.

     

    Thanks for your kind attention, Sincerely:

    Tamas Feher, Hungary.

  • MikaArasola
    MikaArasola W/ Partner, W/ Staff, W/ Product Leadership Posts: 68 W/ Staff

    Regarding the comment about sample submission from the PSB portal, this feature request has been added to the backlog (as a possible future feature under consideration) when you suggested it so it has not been ignored. 

This discussion has been closed.