User Feedback F-Secure Quick Review

Software
F-Secure Safe
Installation
5.00 star(s)
Installation Feedback
See bellow
Interface (UI)
5.00 star(s)
Interface Feedback
See bellow
Usability
5.00 star(s)
Usability Feedback
See bellow
Performance and System Impact
5.00 star(s)
Performance and System Impact Feedback
See bellow
Protection
4.00 star(s)
Protection Feedback
See bellow
Real-time file system protection
4.00 star(s)
Internet Surf protection
5.00 star(s)
Pros
  1. Easy to use
  2. Simple and non-intrusive
  3. Ransomware protection
  4. Accurate and reliable antivirus engine
  5. Effective malicious URL blocking
Cons
  1. Not as many features as some competitors
  2. Scans can be rather slow
Software installed on computer
Less than 30 days
Computer specs
See configuration
Recommended for
  1. All types of users
Overall Rating
4.00 star(s)
Disclaimer
  1. Any views or opinions expressed are that of the member giving the information and may be subjective.
    This software may behave differently on your device.

    We encourage you to compare these opinions with others and take informed decisions on what security products to use.
    Before buying a product you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

MacDefender

Level 14
Verified
Oct 13, 2019
639
Nice review! Your experience matches mine with F-Secure.... In terms of its strengths, it's very good at executable and most PowerShell malware, including custom attacks (true zero days). It's pretty weak against batch, Python, and JS scripting, and Java can be very hit or miss (it strongly relies on Avira's cloud scanning which is decent at analyzing Java exploits but if Avira says it's okay, DeepGuard doesn't seem to offer much protection).

As you noted, cleaning is not F-Secure's strong suit. It often leaves things dangling, like startup entries resulting in a block every reboot. I would not suggest F-Secure as a way to clean up an already infected system, it's best for avoiding infection in the first place.

But yeah overall, it's so lightweight and has such a simple installation/uninstallation process that it's a no brainer alternative for something like Windows Defender -- it offers great protection and gets out of your way.
 

McMcbrad

Level 23
Oct 16, 2020
1,252
Nice review! Your experience matches mine with F-Secure.... In terms of its strengths, it's very good at executable and most PowerShell malware, including custom attacks (true zero days). It's pretty weak against batch, Python, and JS scripting, and Java can be very hit or miss (it strongly relies on Avira's cloud scanning which is decent at analyzing Java exploits but if Avira says it's okay, DeepGuard doesn't seem to offer much protection).

As you noted, cleaning is not F-Secure's strong suit. It often leaves things dangling, like startup entries resulting in a block every reboot. I would not suggest F-Secure as a way to clean up an already infected system, it's best for avoiding infection in the first place.

But yeah overall, it's so lightweight and has such a simple installation/uninstallation process that it's a no brainer alternative for something like Windows Defender -- it offers great protection and gets out of your way.
Unfortunately, some infection vectors seem to have been overlooked totally by F-Secure. They are probably minor and won't affect many users, but still can't be ignored.
 

MacDefender

Level 14
Verified
Oct 13, 2019
639
Unfortunately, some infection vectors seem to have been overlooked totally by F-Secure. They are probably minor and won't affect many users, but still can't be ignored.
Hopefully they improve this. AMSI was a recent addition as was more trigger points for DeepGuard inspection. I think they need to come up with a solution to deal with scriptors as one of their highest priorities. Full blown suites also tend to do better with secondary payload blocking at the networking level but F-Secure is also limited in that manner.
 

McMcbrad

Level 23
Oct 16, 2020
1,252
Hopefully they improve this. AMSI was a recent addition as was more trigger points for DeepGuard inspection. I think they need to come up with a solution to deal with scriptors as one of their highest priorities. Full blown suites also tend to do better with secondary payload blocking at the networking level but F-Secure is also limited in that manner.
I understood from the UI that network protection works for all processes (and due to the fact that it works in browsers even without the extension), but it looks like it works only in-browser? Am I right?

By reading the help files, it looks like it works only on browser level. The review has been updated to reflect that and the overall rating has been decreased from 5 stars to 4.
 
Last edited:

Gandalf_The_Grey

Level 43
Verified
Trusted
Content Creator
Apr 24, 2016
3,240
This is what happens if the tool is used:
View attachment 249843
This is from the SRP Log:
Access to C:\Users\***\Desktop\FedEx_AWB_1988380371_NOV. 22_2020.jar has been restricted by your Administrator by the default software restriction policy level.
Great, thanks (y)
Can you to try the same with @NoVirusThanks SysHardener with the default settings (Apply Selected)?
Still curious about the result... 🤔
 

McMcbrad

Level 23
Oct 16, 2020
1,252
Thanks for testing.(y) That means that Simple Windows Hardening from @Andy Ful would be a great companion for F-Secure Safe.
Simple Windows Hardening from @Andy Ful is a lot easier to deploy/deactivate and more effective than the NoVirusThanks hardener (in this particular test). It also didn't require a reboot, but only log-off. Overall it was a better experience.
 

MacDefender

Level 14
Verified
Oct 13, 2019
639
I understood from the UI that network protection works for all processes (and due to the fact that it works in browsers even without the extension), but it looks like it works only in-browser? Am I right?

By reading the help files, it looks like it works only on browser level. The review has been updated to reflect that and the overall rating has been decreased from 5 stars to 4.
Yeah that's my understanding too -- it seems like it's mainly a browser-only feature. I have tried using the shell and Python scripts to download even simple things like EICAR and it doesn't trip. This isn't like ESET's network filter which is an always-on AV that scans all network traffic.
 

McMcbrad

Level 23
Oct 16, 2020
1,252
Yeah that's my understanding too -- it seems like it's mainly a browser-only feature. I have tried using the shell and Python scripts to download even simple things like EICAR and it doesn't trip. This isn't like ESET's network filter which is an always-on AV that scans all network traffic.
And it isn't like Avast/AVG either. They block connections in all apps and once you download malware, in 2-3 minutes the link is blacklisted.
I was browsing some pages about STOP/DJVU ransomware with Eset before and it found malware in my browser cache (it recognised the ransomware note). Next day these webpages were blocked, due to the malware discovered (unfortunately this is more of an FP, but shows their reaction).
 

MacDefender

Level 14
Verified
Oct 13, 2019
639
And it isn't like Avast/AVG either. They block connections in all apps and once you download malware, in 2-3 minutes the link is blacklisted.
I was browsing some pages about STOP/DJVU ransomware with Eset before and it found malware in my browser cache (it recognised the ransomware note). Next day these webpages were blocked, due to the malware discovered (unfortunately this is more of an FP, but shows their reaction).
Yeah Kaspersky does a good job with that too. But again, F-Secure is really privacy sensitive and arguably, phoning home with links you visit in realtime is not very privacy-friendly. That's always a difficult tradeoff.
 

McMcbrad

Level 23
Oct 16, 2020
1,252
Yeah Kaspersky does a good job with that too. But again, F-Secure is really privacy sensitive and arguably, phoning home with links you visit in realtime is not very privacy-friendly. That's always a difficult tradeoff.
Well they do in the browser, where all user data is, but they don't do in apps (connecting mainly their official domains). It doesn't look like privacy is the reason behind it.
 

MacDefender

Level 14
Verified
Oct 13, 2019
639
Norton 360 didn't do great on my last test and that wasn't too long ago. It missed pretty much everything I downloaded.
I can retest it soon, but it will be only a very quick one, as I have no interest in this product.
I find their signatures to be pretty okay, though there's recently more reliance on the generic AdvML.* detections, which are a mixed bag. Back in an enterprise setting I had a lot of trouble with PowerShell logon scripts being incorrectly detected as malware. SONAR's reputation database is pretty decent but SONAR's behavior blocker is not very good frankly. It's gotten a lot better at ransomware with the new "data protector" feature (which is basically specialized protection against certain folders and file extensions), but for how much that product reports back to Norton, it's nowhere near as effective as Kaspersky System Watcher.
 

MacDefender

Level 14
Verified
Oct 13, 2019
639
Well they do in the browser, where all user data is, but they don't do in apps (connecting mainly their official domains). It doesn't look like privacy is the reason behind it.
I packet dumped it and it did not phone home per URL. It seems like it uses a Google Safe Browsing style design where it downloads a pack of reputation data covering many sites, triggered by visiting one. And it definitely has no feature where it reports malicious infected URLs back to their servers, which is pretty popular in a lot of AV products.
 

McMcbrad

Level 23
Oct 16, 2020
1,252
I find their signatures to be pretty okay, though there's recently more reliance on the generic AdvML.* detections, which are a mixed bag. Back in an enterprise setting I had a lot of trouble with PowerShell logon scripts being incorrectly detected as malware. SONAR's reputation database is pretty decent but SONAR's behavior blocker is not very good frankly. It's gotten a lot better at ransomware with the new "data protector" feature (which is basically specialized protection against certain folders and file extensions), but for how much that product reports back to Norton, it's nowhere near as effective as Kaspersky System Watcher.
I was told by Tim Lopez, who was Norton Support and Community Manager before, that Data Protector is discontinued... And frankly I didn't see that feature on my last test. Norton centres everything around the Norton Insight reputation system and a code injector would easily bypass their Data Protector, even it it was present.
SONAR is not really a true behavioural blocker, it's also built around the Insight system mainly. It works great on *.exe files, where reputation can be applied, but it typically fails on everything else.
The way Norton reports data back is a total nonsense. It collects data, it waits for your system to be idle (on, but without using keyboard and mouse) and then it kicks in. Norton then has a very slow reaction time.
The ADVML heuristic is great, but again, mainly on *.exe files.

As for F-Secure, they could use the same data they use to block malicious URLs in browser to block them in other apps.
 

MacDefender

Level 14
Verified
Oct 13, 2019
639
I was told by Tim Lopez, who was Norton Support and Community Manager before, that Data Protector is discontinued... And frankly I didn't see that feature on my last test. Norton centres everything around the Norton Insight reputation system and a code injector would easily bypass their Data Protector, even it it was present.
SONAR is not really a true behavioural blocker, it's also built around the Insight system mainly. It works great on *.exe files, where reputation can be applied, but it typically fails on everything else.
The way Norton reports data back is a total nonsense. It collects data, it waits for your system to be idle (on, but without using keyboard and mouse) and then it kicks in. Norton then has a very slow reaction time.
The ADVML heuristic is great, but again, mainly on *.exe files.
Wow. SONAR did really poorly on basically all of my simulated ransomware tests except when Data Protector was active. Oh well, Norton is one of those products, they've gone through a lot of ups and downs in terms of being so-so, being amazing again, and then back to so-so.
 
Top