App Review F-Secure SAFE 18.2

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Product name
F-Secure SAFE 18.2
Installation (rating)
5.00 star(s)
User interface (rating)
4.00 star(s)
Accessibility notes
The UI is streamlined and well-organized. But no advanced settings (heuristic sensitivity) are available and some pro users may be disappointed at this. Adding the capability to submit samples within the product would be nice.
- One star deducted for the lack of advanced settings.
Performance (rating)
5.00 star(s)
Core Protection (rating)
4.00 star(s)
Proactive protection (rating)
4.00 star(s)
Additional Protection notes
Generally good. Like many AVs using Avira engine, F-Secure is not so good at detecting script malware. Unable to remove and repair threats within archive (zip, rar....). See below for comments on DeepGuard and F-Secure Security Cloud.

Banking protection is very cool.

Internet Surf protection is so-so. The plug-in failed to block many phising sites, not as good as McAfee.

No bulit-in firewall.
Browser protection (rating)
3.00 star(s)
Positives
    • Minimal setup required
    • Low impact on system resources
    • Lightning fast scans
    • Easy to use
    • Simple and non-intrusive
    • Ransomware protection
    • Detects or blocks in the wild malware
    • Virus signatures are updated daily
    • Well designed, clear and easy to use interface
    • Multi-layer protection approach
Negatives
    • Advanced users may want more control
    • Short on configuration options
    • Limited web protection
    • Not as many features as some competitors
Time spent using product
Reviewed over a 30-day period
Computer specs
ThinkPad X1 Carbon (6th Gen)
Recommended for
  1. Inexperienced users
  2. Financial banking or trading
  3. High-end or medium spec PCs
  4. Low spec PCs
Overall rating
4.00 star(s)

L0ckJaw

Level 19
Verified
Content Creator
Well-known
Feb 17, 2018
870
Yesterday on a brand new laptop with Windows 11, F-secure failed to load / update the Capricorn engine.
After reinstall and try again, same issue. Uninstalled it and gave her one of my licenses from my used AV.
So bad, she bought F-Secure. Thinking to ask for refund.
 

Sorrento

Level 9
Verified
Well-known
Dec 7, 2021
404
Yesterday on a brand new laptop with Windows 11, F-secure failed to load / update the Capricorn engine.
After reinstall and try again, same issue. Uninstalled it and gave her one of my licenses from my used AV.
So bad, she bought F-Secure. Thinking to ask for refund.
Have you contacted support? Or maybe the forum? :rolleyes:
 
  • Like
Reactions: Trooper and L0ckJaw

Anthony Qian

Level 10
Thread author
Verified
Well-known
Apr 17, 2021
450
There is always going to be some lag time between when Avira releases a new signature and F-Secure deploy it since they need to process it.

The lag time doesn't seem to bad Avira VDF History got 3 updates at the moment for 3rd May, F-Secure Capricorn (Avria) F-Secure Latest Database Updates for F-Secure Capricorn is also showing 3 updates for today.
Yeah. Sometimes, F-Secure Capricorn engine will only be updated 2-3 times a day. I noticed in April that the F-Secure Capricorn database engine numbers were not consecutive, meaning that F-Secure seemed to skip several virus database updates.
 

Razza

Level 4
Verified
Well-known
Aug 12, 2014
163
Sometimes, F-Secure Capricorn engine will only be updated 2-3 times a day. I noticed in April that the F-Secure Capricorn database engine numbers were not consecutive, meaning that F-Secure seemed to skip several virus database updates.
I see I only had a quick look at the versions, I wonder if other vendors that use also use Avira skips databases as well.
 

Anthony Qian

Level 10
Thread author
Verified
Well-known
Apr 17, 2021
450
Doesn’t F-Secure also license the Acura cloud? Which means a local database isn’t the only layer of signature protection.
You mean APC? If so, yes. But the priority of APC for Avira Antivirus pro and F-Secure seems to be different. Avira's own paid products have higher priority.
Also, Avira engine isn't a pure cloud-based detection engine. Detection database matters. That being said, F-Secure has its own cloud but I am not sure if it can close the gap between databased updates.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
784
You mean APC? If so, yes. But the priority of APC for Avira Antivirus pro and F-Secure seems to be different. Avira's own paid products have higher priority.
Also, Avira engine isn't a pure cloud-based detection engine. Detection database matters. That being said, F-Secure has its own cloud but I am not sure if it can close the gap between databased updates.
This has gotten really hard to test in the last few weeks. The "fsmind" online signatures have started adding automatic signatures for the popular malware analysis sandboxes under the ".abch" (abuse.ch?) suffix. You can trivially change the hash of the binary to bypass this online detection to test how the other engines react but this isn't easy to do with all obfuscated PE malware.
 

Anthony Qian

Level 10
Thread author
Verified
Well-known
Apr 17, 2021
450
This has gotten really hard to test in the last few weeks. The "fsmind" online signatures have started adding automatic signatures for the popular malware analysis sandboxes under the ".abch" (abuse.ch?) suffix. You can trivially change the hash of the binary to bypass this online detection to test how the other engines react but this isn't easy to do with all obfuscated PE malware.
Haha. Interesting.
I've always been curious about the meaning of ".abch." "abch = abuse.ch" is a good guess. Btw, I've seen ESET's detection name (GenCBL) became part of fsmind detection name in the past. As far as I know, GenCBL is ESET's unique detection name, which means Generic Certificate BlackList.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
784
Haha. Interesting.
I've always been curious about the meaning of ".abch." "abch = abuse.ch" is a good guess. Btw, I've seen ESET's detection name (GenCBL) became part of fsmind detection name in the past. As far as I know, GenCBL is ESET's unique detection name, which means Generic Certificate BlackList.
It's just a guess for me. All of the easy-to-get samples off of the Malware Bazaar seem to trigger this detection as soon as they render a verdict so it just feels to me like F-Secure is scraping these malware submission sites and automatically adding known bad hashes. It's not a terrible idea for zero-day detection but it does make a product look stronger than it is. Not very different from the vendors that used to watch Kaspersky on VirusTotal.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
784
BTW does anyone have a license of WithSecure or know where to purchase it from? I'm more curious to see if we will have more deviations between their enterprise and consumer product. So far IMO the indications are weak that F-Secure consumer has gotten worse since the de-merger, but it will be more telling if WithSecure starts getting better production while F-Secure waits in a holding pattern.
 

Anthony Qian

Level 10
Thread author
Verified
Well-known
Apr 17, 2021
450
It's just a guess for me. All of the easy-to-get samples off of the Malware Bazaar seem to trigger this detection as soon as they render a verdict so it just feels to me like F-Secure is scraping these malware submission sites and automatically adding known bad hashes. It's not a terrible idea for zero-day detection but it does make a product look stronger than it is. Not very different from the vendors that used to watch Kaspersky on VirusTotal.
Not very different from the vendors that used to watch Kaspersky on VirusTotal.
You mean McAfee? :ROFLMAO: McAfee seems to constantly monitor VirusTotal and when ESET and/or Kaspersky add detection for a sample, it will too.
 

Trooper

Level 16
Verified
Top Poster
Well-known
Aug 28, 2015
775
BTW does anyone have a license of WithSecure or know where to purchase it from? I'm more curious to see if we will have more deviations between their enterprise and consumer product. So far IMO the indications are weak that F-Secure consumer has gotten worse since the de-merger, but it will be more telling if WithSecure starts getting better production while F-Secure waits in a holding pattern.
No but I wish I did. Being that it is geared towards Enterprise I am not sure we can get our hand on it. Kind of like CrowdStrike.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
784
No but I wish I did. Being that it is geared towards Enterprise I am not sure we can get our hand on it. Kind of like CrowdStrike.
Yeah, same boat. I use a lot of enterprise products (Ruckus wifi, Fortinet firewalls/filtering, etc) but the last time I tried to buy F-Secure PSB it was really hard to give them money without being on calls with a sales person who didn't provide a clear path to how to simply buy a single seat of the software. I gave up.
 

Trooper

Level 16
Verified
Top Poster
Well-known
Aug 28, 2015
775
Yeah, same boat. I use a lot of enterprise products (Ruckus wifi, Fortinet firewalls/filtering, etc) but the last time I tried to buy F-Secure PSB it was really hard to give them money without being on calls with a sales person who didn't provide a clear path to how to simply buy a single seat of the software. I gave up.

That is nice you are able to use some enterprise products personally. I tried here and there over the years but ended up like you, stuck with a sales person who had zero interest in selling to me. What is your av of choice then? A Fortinet endpoint client?
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
784
That is nice you are able to use some enterprise products personally. I tried here and there over the years but ended up like you, stuck with a sales person who had zero interest in selling to me. What is your av of choice then? A Fortinet endpoint client?
I currently like F-Secure SAFE and ESET. I don't find myself needing the functionality of Fortinet or other endpoint managed AV.
 

M4RT1NE2

Level 14
Verified
Top Poster
Well-known
Mar 19, 2022
650
It's just a guess for me. All of the easy-to-get samples off of the Malware Bazaar seem to trigger this detection as soon as they render a verdict so it just feels to me like F-Secure is scraping these malware submission sites and automatically adding known bad hashes. It's not a terrible idea for zero-day detection but it does make a product look stronger than it is. Not very different from the vendors that used to watch Kaspersky on VirusTotal.

A similar practice is used by Arcabit / MKS_Vir to block such sites. Apparently it's better to block access to the site right away than get infected by taking samples.
With Arcabit I couldn't access Malware Bazaar with the program running. To download samples I had to turn off the software completely - which is not a good idea.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top