App Review F-Secure Internet Security 2026

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra
Shadowra

Shadowra

Level 41
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
High Reputation
Forum Veteran
Sep 2, 2021
3,035
38,983
3,980
29
France
Content source
https://odysee.com/@Shadowra:f/F-Secure-Internet-Security-2026:d
F-Secure is a Finnish antivirus program.
Well-known in the world of computer security and once a pioneer in the field, the company has somewhat abandoned its original approach to become a clone of Avira Pro.
And that’s exactly what happened! F-Secure 2026 no longer includes its previous modules and has outright integrated processes from Avira!
Nevertheless, let’s put it to the test.



Interface :

The interface remains the same as before: the big change is under the hood!
The antivirus no longer has its own modules: DeepGuard and others are gone, replaced by Sentry (Avira’s defensive module), full Avira detection (and a few from the well-known Avast).
Worse than that, in the processes, we even see... 2 processes belonging to Avira!
F-Secure is indeed a clone...

Web protection: 8/9
1 URL is dead.
1 file was missed.
The rest were blocked.

Fake crack : N/A
The sample is too old and the site that distributed it was down.
Skipped.

Malware Pack : 43 out of 126 threats remain
There are some positives: F-Secure blocks the payloads that the scripts install (you can see the detections from Avira).
Aside from that, it’s pretty mediocre.
First: F-Secure gets tricked by a worm that replicates in memory and floods the RAM.
I reboot the machine without the video.

Later in the test, F-Secure will block several programs, some of which trigger detections from Sentry, but without being able to kill the infections: The RAT (FatalRAT) has already patched a process...

Final scan :
F-Secure : 0
NPE : 2
KVRT : 16 (Infection Memory ! )

Final opinion:

F-Secure has let me down and isn't the antivirus I used to know.
The company seems to be clearly abandoning its consumer version in favor of its Enterprise version, which still has its own modules.

Right now, F-Secure feels more like Avira 2 than an antivirus with its own unique features...
Too bad—it was better before.
 
  • +Reputation
  • Thanks
  • Sad
Reactions: Behold Eck, Szellem, micasayyo and 18 others
Shadowra said:
F-Secure is a Finnish antivirus program.
Well-known in the world of computer security and once a pioneer in the field, the company has somewhat abandoned its original approach to become a clone of Avira Pro.
And that’s exactly what happened! F-Secure 2026 no longer includes its previous modules and has outright integrated processes from Avira!
Nevertheless, let’s put it to the test.



Interface :

The interface remains the same as before: the big change is under the hood!
The antivirus no longer has its own modules: DeepGuard and others are gone, replaced by Sentry (Avira’s defensive module), full Avira detection (and a few from the well-known Avast).
Worse than that, in the processes, we even see... 2 processes belonging to Avira!
F-Secure is indeed a clone...

Web protection: 8/9
1 URL is dead.
1 file was missed.
The rest were blocked.

Fake crack : N/A
The sample is too old and the site that distributed it was down.
Skipped.

Malware Pack : 43 out of 126 threats remain
There are some positives: F-Secure blocks the payloads that the scripts install (you can see the detections from Avira).
Aside from that, it’s pretty mediocre.
First: F-Secure gets tricked by a worm that replicates in memory and floods the RAM.
I reboot the machine without the video.

Later in the test, F-Secure will block several programs, some of which trigger detections from Sentry, but without being able to kill the infections: The RAT (FatalRAT) has already patched a process...

Final scan :
F-Secure : 0
NPE : 2
KVRT : 16 (Infection Memory ! )

Final opinion:

F-Secure has let me down and isn't the antivirus I used to know.
The company seems to be clearly abandoning its consumer version in favor of its Enterprise version, which still has its own modules.

Right now, F-Secure feels more like Avira 2 than an antivirus with its own unique features...
Too bad—it was better before.
Click to expand...

A cautious take on this:

Your test result is valid as one observed result on one sample set, but I would be careful with the stronger conclusions such as “F-Secure is a clone of Avira” or that it has “abandoned” its consumer product unless F-Secure has officially documented that architecture change.

What can be said more safely

  • It is plausible that F-Secure is using more third-party engine components or cloud/backend technology than before.
  • Seeing Avira-related process names or detections can suggest OEM/licensing/integration, but by itself it does not fully prove the product is simply a rebranded clone.
  • A poor result in a malware pack test shows weakness against that specific set and execution chain, but it does not automatically describe overall protection in every real-world scenario.

Important testing caveats

Malware pack tests are useful, but they have limits:

  • Results can vary a lot depending on sample age, prevalence, internet connectivity, cloud lookups, and execution order.
  • If a RAT already injected into or patched a trusted process, remediation can become much harder for many products, not only F-Secure.
  • A final scan showing “0” in the product itself does not always mean the system is clean, especially after active compromise. Memory-only artifacts, scripts, scheduled tasks, WMI persistence, and patched processes may remain.

On the engine question

Security vendors have mixed engines, licensed components, shared cloud intelligence, and third-party modules for years. That is not unusual by itself.

What matters more in practice is:

  • Pre-execution blocking
  • Behavior monitoring
  • Remediation quality
  • False-positive handling
  • Performance impact
  • Consistency across fresh and prevalent threats

If your video shows repeated misses, weak cleanup, and delayed behavioral blocking, that is a fair criticism. That point stands even without calling it a full “clone.”

A more defensible conclusion

Based on your test, the safer conclusion would be:

  • This F-Secure build appears to rely heavily on third-party protection components.
  • In this particular malware pack, prevention and remediation looked weaker than expected.
  • The product may no longer feel as differentiated as older F-Secure versions did.

That keeps the criticism strong, but avoids overstating what cannot be confirmed from process names alone.

Bottom line

Your disappointment is understandable if older F-Secure builds performed better in your experience. The weak remediation in the pack is the bigger issue than whether the internals come from Avira, because from a user perspective the real question is simple: did it stop the attack and clean the system reliably? In your test, it appears the answer was often no.
 
  • Love
Reactions: Behold Eck
Bot said:
A cautious take on this:

Your test result is valid as one observed result on one sample set, but I would be careful with the stronger conclusions such as “F-Secure is a clone of Avira” or that it has “abandoned” its consumer product unless F-Secure has officially documented that architecture change.

What can be said more safely

  • It is plausible that F-Secure is using more third-party engine components or cloud/backend technology than before.
  • Seeing Avira-related process names or detections can suggest OEM/licensing/integration, but by itself it does not fully prove the product is simply a rebranded clone.
  • A poor result in a malware pack test shows weakness against that specific set and execution chain, but it does not automatically describe overall protection in every real-world scenario.

Important testing caveats

Malware pack tests are useful, but they have limits:

  • Results can vary a lot depending on sample age, prevalence, internet connectivity, cloud lookups, and execution order.
  • If a RAT already injected into or patched a trusted process, remediation can become much harder for many products, not only F-Secure.
  • A final scan showing “0” in the product itself does not always mean the system is clean, especially after active compromise. Memory-only artifacts, scripts, scheduled tasks, WMI persistence, and patched processes may remain.

On the engine question

Security vendors have mixed engines, licensed components, shared cloud intelligence, and third-party modules for years. That is not unusual by itself.

What matters more in practice is:

  • Pre-execution blocking
  • Behavior monitoring
  • Remediation quality
  • False-positive handling
  • Performance impact
  • Consistency across fresh and prevalent threats

If your video shows repeated misses, weak cleanup, and delayed behavioral blocking, that is a fair criticism. That point stands even without calling it a full “clone.”

A more defensible conclusion

Based on your test, the safer conclusion would be:

  • This F-Secure build appears to rely heavily on third-party protection components.
  • In this particular malware pack, prevention and remediation looked weaker than expected.
  • The product may no longer feel as differentiated as older F-Secure versions did.

That keeps the criticism strong, but avoids overstating what cannot be confirmed from process names alone.

Bottom line

Your disappointment is understandable if older F-Secure builds performed better in your experience. The weak remediation in the pack is the bigger issue than whether the internals come from Avira, because from a user perspective the real question is simple: did it stop the attack and clean the system reliably? In your test, it appears the answer was often no.
Click to expand...

Dear bot, I’ll answer you :)

For the test, the malware samples are obviously up-to-date (only the malware marked “Virussign” is older, to test the lab’s responsiveness).

Also, yes, F-Secure has indeed discontinued its consumer version—that’s a fact. F-Secure no longer offers DeepGuard, its AMSI scanners, or its Cloud service.
It’s all Avira with Sentry—you can even see two processes with the Avira logo and signatures ;)
 
  • Like
  • Wow
  • Applause
Reactions: Behold Eck, Sorrento, Miraculix and 4 others
Shadowra said:
Dear bot, I’ll answer you :)

For the test, the malware samples are obviously up-to-date (only the malware marked “Virussign” is older, to test the lab’s responsiveness).

Also, yes, F-Secure has indeed discontinued its consumer version—that’s a fact. F-Secure no longer offers DeepGuard, its AMSI scanners, or its Cloud service.
It’s all Avira with Sentry—you can even see two processes with the Avira logo and signatures ;)
Click to expand...
Thanks for the clarification.

If those changes are directly observable in the current build, then it is fair to say the consumer product has changed substantially compared with older F-Secure versions.

What still seems safe to conclude

  • If DeepGuard, AMSI-related components, and the previous cloud-backed layers are no longer present in the consumer build, that is a major architectural change.
  • If Avira-branded or Avira-signed processes are present, that is strong evidence of third-party engine/component integration rather than only shared signatures.
  • From a practical user perspective, a product that replaces most of its legacy layers with another vendor’s stack will understandably feel like a very different product.

Where I would still stay careful

There is still a difference between:

  • “F-Secure consumer now relies heavily on Avira technology”
  • and
  • “F-Secure is nothing more than an Avira clone”

The first statement can be supported if the binaries, modules, and protection flow clearly show it.

The second is more absolute, because UI, policy logic, cloud reputation, update orchestration, web filtering, firewall integration, remediation workflow, and vendor-side tuning can still differ even when the core engine is outsourced.

About the protection result itself

What stands out more than the branding issue is the outcome of the live execution test:

  • A memory-flooding worm was able to disrupt the system badly enough to require a reboot.
  • Behavioral blocking appears to have triggered too late in several cases.
  • FatalRAT or related post-compromise activity was not remediated cleanly.
  • Independent cleanup tools still found leftovers, including memory-related detections.

That is a meaningful criticism, because it points to weak prevention and weak remediation in the tested scenario.

A balanced way to frame it

A strong but more precise summary would be:

  • The current F-Secure consumer product appears to have lost much of the identity of older F-Secure builds.
  • It seems to rely heavily on Avira components, including visible Avira-linked processes and Sentry-based behavioral protection.
  • In this test, that new approach did not deliver strong prevention or cleanup.

Bottom line

So yes, if the old F-Secure-specific layers are gone and Avira-linked components are plainly visible, your criticism is understandable. The key point for users is not only whose engine it is, but that the product did not handle the malware set well in your test. That is the most relevant takeaway.
 
  • Like
Reactions: Shadowra
So it sounds like in true reality, I may want to re-consider my "love affair" for F-Secure. Before I even saw this video on my Surface 5 Laptop, today I uninstalled F-Secure in favor of ESET Internet Security (I have a active subscription), as F-Secure's slow loading of Brave and Chrome was enough to make me switch. Besides IVPN is a better VPN all around than F-Secure's.

Thank you @Shadowra as it seems to be time, no matter how many beta's and versions they put out, that really haven't included anything profound security wise.

Screenshot 2026-05-14 162859.png
 
  • Like
  • Sad
  • Thanks
Reactions: Behold Eck, Szellem, Sorrento and 6 others
Jonny Quest said:
So it sounds like in true reality, I may want to re-consider my "love affair" for F-Secure. Before I even saw this video on my Surface 5 Laptop, today I uninstalled F-Secure in favor of ESET Internet Security (I have a active subscription), as F-Secure's slow loading of Brave and Chrome was enough to make me switch. Besides IVPN is a better VPN all around than F-Secure's.

Thank you @Shadowra as it seems to be time, no matter how many beta's and versions they put out, that really haven't included anything profound security wise.

View attachment 297644
Click to expand...
Don’t worry, something new is coming… soon 🔜
 
  • Like
  • HaHa
  • Applause
Reactions: Szellem, BigWrench, Sorrento and 7 others
Shadowra said:
F-Secure is a Finnish antivirus program.
Well-known in the world of computer security and once a pioneer in the field, the company has somewhat abandoned its original approach to become a clone of Avira Pro.
And that’s exactly what happened! F-Secure 2026 no longer includes its previous modules and has outright integrated processes from Avira!
Nevertheless, let’s put it to the test.



Interface :

The interface remains the same as before: the big change is under the hood!
The antivirus no longer has its own modules: DeepGuard and others are gone, replaced by Sentry (Avira’s defensive module), full Avira detection (and a few from the well-known Avast).
Worse than that, in the processes, we even see... 2 processes belonging to Avira!
F-Secure is indeed a clone...

Web protection: 8/9
1 URL is dead.
1 file was missed.
The rest were blocked.

Fake crack : N/A
The sample is too old and the site that distributed it was down.
Skipped.

Malware Pack : 43 out of 126 threats remain
There are some positives: F-Secure blocks the payloads that the scripts install (you can see the detections from Avira).
Aside from that, it’s pretty mediocre.
First: F-Secure gets tricked by a worm that replicates in memory and floods the RAM.
I reboot the machine without the video.

Later in the test, F-Secure will block several programs, some of which trigger detections from Sentry, but without being able to kill the infections: The RAT (FatalRAT) has already patched a process...

Final scan :
F-Secure : 0
NPE : 2
KVRT : 16 (Infection Memory ! )

Final opinion:

F-Secure has let me down and isn't the antivirus I used to know.
The company seems to be clearly abandoning its consumer version in favor of its Enterprise version, which still has its own modules.

Right now, F-Secure feels more like Avira 2 than an antivirus with its own unique features...
Too bad—it was better before.
Click to expand...

f-secure or f*** secure? Thanks for the test btw! Protection against zero days was never its strength.
 
  • Thanks
  • Like
Reactions: Shadowra and Sorrento
The_King said:
Even though NPE reached End-of-Life last month, it still flagged two detection's. but KVRT found 16.

Consider replacing NPE (EOL) with ESET Online Scanner or Emsisoft Emergency Kit (EEK)
Click to expand...
note that npe missed fatalrat but both detected screenconnect and kaspersky number was inflated because it doesn't group detections like npe.
 
  • Like
Reactions: Shadowra, Zero Knowledge, Sorrento and 1 other person
The_King said:
Even though NPE reached End-of-Life last month, it still flagged two detection's. but KVRT found 16.

Consider replacing NPE (EOL) with ESET Online Scanner or Emsisoft Emergency Kit (EEK)
Click to expand...

The video was filmed before NPE shut down; its replacement has already been chosen and will appear in the comparison video coming out next week ;)

(Same goes for Malwarebytes—the video was filmed before NPE shut down)
 
  • Like
  • Hundred Points
Reactions: Gandalf_The_Grey, Khushal, Miraculix and 3 others
Jonny Quest said:
So it sounds like in true reality, I may want to re-consider my "love affair" for F-Secure. Before I even saw this video on my Surface 5 Laptop, today I uninstalled F-Secure in favor of ESET Internet Security (I have a active subscription), as F-Secure's slow loading of Brave and Chrome was enough to make me switch. Besides IVPN is a better VPN all around than F-Secure's.

Thank you @Shadowra as it seems to be time, no matter how many beta's and versions they put out, that really haven't included anything profound security wise.

View attachment 297644
Click to expand...
That’s what I’ve come to realize, unfortunately. This isn’t cool. But I've always kept an eye on you and really appreciated your reports on the new beta versions.
 
  • Like
  • Thanks
Reactions: Zero Knowledge, Shadowra, Khushal and 1 other person

You may also like...