Advice Request Anybody seen a block like this before?

Please provide comments and solutions that are helpful to the author of this topic.

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
I had run a scan about 40 minutes earlier…late cloud response? That’d be a pretty big delay.
Agree, so it raise a few extra questions. One can perhaps track something from their official database that might help:

That was a bit weird. Capricorn is the Avira engine and I see that todays date for some reason is missing out several versions. 1-6 is not there. It starts with " 2023-01-19_07 ".

2023-01-20_00-09-48.jpg


1674157374073.png
 

blackice

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
I ignored something like this earlier today, but since you posted... I got a warning from ESET that it detected a variant of win32.exe (IIRC) in E:\\kerish.rar file that I was holding AND that ESET could not clean. That file was just in miscellaneous storage and of no use to me, so I just deleted /wiped it. I did not manually scan E;\\ I did pause long enough to scratch my head but then got busy with something else. Curious!!?? :unsure:
I know ESET does some file system scanning when the system is idle. I wonder if F-Secure does something similar? I didn’t think it would be going through secondary drives.
 

blackice

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
Glad to see you stay curious, instead of as some simply un-install the AV no matter what brand/vendor and gets satisfied because now the new AV don't warn for infections! 🙄🤦‍♂️

Since you already submitted this, you will sooner or later get an answer, but personal I wonder not on exact what gets blocked because I have no doubt it's legit, but the warning message mention parts I can't see been said/asked in this thread.


F: , is that a external drive or USB?
It’s really funny. I’m actually suppressing the urge to reinstall windows and wipe the game drive and starting from scratch so I just don’t have to bother with it. If I didn’t have kids to pick up from school and dinner to cook them I probably would have.:ROFLMAO:
 

blackice

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
I'm not expecting a quick reply from F-Secure as I submitted as sample over a week ago for their opinion and still haven't heard back. So it could be a while. I'm thinking the signatures messed up some sort of suppression of that old Burnout Paradise detection. But, we will see.

In the meantime:
Kaspersky Threat Intelligence: Clean (and documented that it is the game file from 2018)
VT: Still Clean

Second Opinion:
ESET Online Scanner: No detection on full system scan and scan of File
Hitman Pro: No detection on system scan
Norton Power Eraser: No detection on full system scan and scan of File
Malwarebytes: No detection on full system scan and scan of File
EEK: No detection on full system scan and scan of File

File submitted to multiple vendors for analysis, as well as the only other new exe I've run in the last few months.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
I'm not expecting a quick reply from F-Secure as I submitted as sample over a week ago for their opinion and still haven't heard back. So it could be a while.
Yeah I was thinking the same because their official support for home users only works during the weeks ( business hours ), weekends are closed. But I can advice you to try call them next week if you haven't heard anything back. It's a good option that normally works and personal I enjoy it when I can speak in my native language, even if English works.
 

Andrezj

Level 6
Nov 21, 2022
248
I'm not expecting a quick reply from F-Secure as I submitted as sample over a week ago for their opinion and still haven't heard back. So it could be a while. I'm thinking the signatures messed up some sort of suppression of that old Burnout Paradise detection. But, we will see.

In the meantime:
Kaspersky Threat Intelligence: Clean (and documented that it is the game file from 2018)
VT: Still Clean

Second Opinion:
ESET Online Scanner: No detection on full system scan and scan of File
Hitman Pro: No detection on system scan
Norton Power Eraser: No detection on full system scan and scan of File
Malwarebytes: No detection on full system scan and scan of File
EEK: No detection on full system scan and scan of File

File submitted to multiple vendors for analysis, as well as the only other new exe I've run in the last few months.
sometimes it is not as simple as submitting a sample for analysis and a verdict
this case of burnoutpr.exe requires event trace logs to be submitted so that developer can identify the triggering event
the issue is not a signature (false positive) problem, if it was, then you would see brunoutpr.exe detected in virus total
the problem is a detection one, which is not a black-and-white one based on signature alone
it could be a bug in the security software
 

blackice

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
sometimes it is not as simple as submitting a sample for analysis and a verdict
this case of burnoutpr.exe requires event trace logs to be submitted so that developer can identify the triggering event
the issue is not a signature (false positive) problem, if it was, then you would see brunoutpr.exe detected in virus total
the problem is a detection one, which is not a black-and-white one based on signature alone
it could be a bug in the security software
Yep, which is why I contacted F-Secure with screenshots as well as the file and a description of the event.

I'm not the type of person to blow off a detection. Like I said, usually I'd just wipe the C: and the drive with the detection and start from scratch. But I'm waiting to see what they say.
 

Divine_Barakah

Level 29
Verified
Top Poster
Well-known
May 10, 2019
1,854
sometimes it is not as simple as submitting a sample for analysis and a verdict
this case of burnoutpr.exe requires event trace logs to be submitted so that developer can identify the triggering event
the issue is not a signature (false positive) problem, if it was, then you would see brunoutpr.exe detected in virus total
the problem is a detection one, which is not a black-and-white one based on signature alone
it could be a bug in the security software
Exactly. That was the case for Kerish Doctor. The detection was not based on signature but rather on behaviour analysis.

Since F-Secure uses Avira SDK including cloud access if I am not mistaken, it seems F-Secure consulted the cloud for it detected some sort of suspicious activity. Thus, it makes sense to send logs to support so that they can determine the reason of detection and whether it is a FP or not.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Yep, which is why I contacted F-Secure with screenshots as well as the file and a description of the event.
Did you send them the FSDIAG file? It's what F-Secure even have available local but called support tool. Start that will after a few minutes create a archive that is very important for the support as it automatic gives them a more fair chance.
 

Divine_Barakah

Level 29
Verified
Top Poster
Well-known
May 10, 2019
1,854
Yep, which is why I contacted F-Secure with screenshots as well as the file and a description of the event.

I'm not the type of person to blow off a detection. Like I said, usually I'd just wipe the C: and the drive with the detection and start from scratch. But I'm waiting to see what they say.
Good practice. Whenever sth is detected on my devices, I contact support and provide them with everything they request and then restore a clean system image.

I'm not expecting a quick reply from F-Secure as I submitted as sample over a week ago for their opinion and still haven't heard back. So it could be a while. I'm thinking the signatures messed up some sort of suppression of that old Burnout Paradise detection. But, we will see.

In the meantime:
Kaspersky Threat Intelligence: Clean (and documented that it is the game file from 2018)
VT: Still Clean

Second Opinion:
ESET Online Scanner: No detection on full system scan and scan of File
Hitman Pro: No detection on system scan
Norton Power Eraser: No detection on full system scan and scan of File
Malwarebytes: No detection on full system scan and scan of File
EEK: No detection on full system scan and scan of File

File submitted to multiple vendors for analysis, as well as the only other new exe I've run in the last few months.
I would not anything frim running all these second-opinion scanners as the detection was not based on signatures. The same goes for VT. The only thing that can sort this out is F-Secure support with the logs so that they can trace what exactly happened.
 
  • Like
Reactions: simmerskool

blackice

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
Good practice. Whenever sth is detected on my devices, I contact support and provide them with everything they request and then restore a clean system image.


I would not anything frim running all these second-opinion scanners as the detection was not based on signatures. The same goes for VT. The only thing that can sort this out is F-Secure support with the logs so that they can trace what exactly happened.
I'm not sure about that. There's no blocks in Deepguard, so either the detection is a hiccup or the block didn't work properly.

The second opinion scanners could pick up if something else was running that is acting maliciously and just happened to trigger F-Secure when accessing the file in question (which I'm certain is clean). What I'm not sure about is what accessed the file and caused the detection in the first place.
Did you send them the FSDIAG file? It's what F-Secure even have available local but called support tool. Start that will after a few minutes create a archive that is very important for the support as it automatic gives them a more fair chance.
I just did run it right before you asked, wish I had sent it with the submission. I have it ready to go when I hear from them.
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
I'm not expecting a quick reply from F-Secure as I submitted as sample over a week ago for their opinion and still haven't heard back. So it could be a while. I'm thinking the signatures messed up some sort of suppression of that old Burnout Paradise detection. But, we will see.

In the meantime:
Kaspersky Threat Intelligence: Clean (and documented that it is the game file from 2018)
VT: Still Clean

Second Opinion:
ESET Online Scanner: No detection on full system scan and scan of File
Hitman Pro: No detection on system scan
Norton Power Eraser: No detection on full system scan and scan of File
Malwarebytes: No detection on full system scan and scan of File
EEK: No detection on full system scan and scan of File

File submitted to multiple vendors for analysis, as well as the only other new exe I've run in the last few months.
fwiw, I have telephoned FS support, 2 times, and quickly answered and very knowledgeable.
 

Andrezj

Level 6
Nov 21, 2022
248
I just did run it right before you asked, wish I had sent it with the submission. I have it ready to go when I hear from them.
the kind of issue you are seeing is probably outside the scope of he fsdiag collection utility
typically to troubleshoot this kind of item on windows involves event trace log (threre are different kinds on windows) or even developer custom kernel tracing
event trace logging is similar to a procmon trace (capture) and is not performed by a utility like fsdiag
 
  • Like
Reactions: simmerskool

Divine_Barakah

Level 29
Verified
Top Poster
Well-known
May 10, 2019
1,854
Gotta love MalwareTips. Responses range from ‘shrug’ just a FP to OMG YOU COULD HAVE THE MOST DANGEROUS MALWARE EVER! I can wipe the drives at any time.
Since you provided support with everything they need, then I believe it is time to restore a system image or do a clean install to be in the safe side, at last this is what I would do.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top