User Feedback F-Secure SAFE 18.2

Software
F-Secure SAFE 18.2
Installation
5.00 star(s)
Installation Feedback
Very fast. Very simple.
Interface (UI)
4.00 star(s)
Interface Feedback
The UI is streamlined and well-organized. But no advanced settings (heuristic sensitivity) are available and some pro users may be disappointed at this. Adding the capability to submit samples within the product would be nice.
- One star deducted for the lack of advanced settings.
Usability
5.00 star(s)
Usability Feedback
Not quite configurable, and pro users may be disappointed at this.
Performance and System Impact
5.00 star(s)
Performance and System Impact Feedback
One of the lightest AVs I've ever tested.
Protection
4.00 star(s)
Protection Feedback
Generally good. Like many AVs using Avira engine, F-Secure is not so good at detecting script malware. Unable to remove and repair threats within archive (zip, rar....). See below for comments on DeepGuard and F-Secure Security Cloud.

Banking protection is very cool.

Internet Surf protection is so-so. The plug-in failed to block many phising sites, not as good as McAfee.

No bulit-in firewall.
Real-time file system protection
4.00 star(s)
Internet Surf protection
3.00 star(s)
Proactive Intrusion protection
4.00 star(s)
Pros
  1. No setup required
  2. Low impact on system resources
  3. Lightning fast scans
  4. Easy to use
  5. Simple and non-intrusive
  6. Ransomware protection
  7. Blocks even brand new malware
  8. Virus signatures are updated very often
  9. Well designed, clear interface
  10. Multiple layers of protection
Cons
  1. Advanced users may want more control
  2. Short on configuration options
  3. Limited web protection
  4. Not as many features as some competitors
Software installed on computer
Less than 30 days
Computer specs
ThinkPad X1 Carbon (6th Gen)
Recommended for
  1. Inexperienced users
  2. Banking or other financial activity
  3. Gamers
  4. Low specs device
Overall Rating
4.00 star(s)
Disclaimer
  1. Any views or opinions expressed are that of the member giving the information and may be subjective.
    This software may behave differently on your device.

    We encourage you to compare these opinions with others and take informed decisions on what security products to use.
    Before buying a product you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

L0ckJaw

Level 19
Content Creator
Well-known
Feb 17, 2018
909
Yesterday on a brand new laptop with Windows 11, F-secure failed to load / update the Capricorn engine.
After reinstall and try again, same issue. Uninstalled it and gave her one of my licenses from my used AV.
So bad, she bought F-Secure. Thinking to ask for refund.
 

Sorrento

Level 5
Dec 7, 2021
219
Yesterday on a brand new laptop with Windows 11, F-secure failed to load / update the Capricorn engine.
After reinstall and try again, same issue. Uninstalled it and gave her one of my licenses from my used AV.
So bad, she bought F-Secure. Thinking to ask for refund.
Have you contacted support? Or maybe the forum? :rolleyes:
 
  • Like
Reactions: Trooper and L0ckJaw

Anthony Qian

Level 7
Thread author
Verified
Well-known
Apr 17, 2021
343
There is always going to be some lag time between when Avira releases a new signature and F-Secure deploy it since they need to process it.

The lag time doesn't seem to bad Avira VDF History got 3 updates at the moment for 3rd May, F-Secure Capricorn (Avria) F-Secure Latest Database Updates for F-Secure Capricorn is also showing 3 updates for today.
Yeah. Sometimes, F-Secure Capricorn engine will only be updated 2-3 times a day. I noticed in April that the F-Secure Capricorn database engine numbers were not consecutive, meaning that F-Secure seemed to skip several virus database updates.
 

Razza

Level 3
Aug 12, 2014
103
Sometimes, F-Secure Capricorn engine will only be updated 2-3 times a day. I noticed in April that the F-Secure Capricorn database engine numbers were not consecutive, meaning that F-Secure seemed to skip several virus database updates.
I see I only had a quick look at the versions, I wonder if other vendors that use also use Avira skips databases as well.
 

Anthony Qian

Level 7
Thread author
Verified
Well-known
Apr 17, 2021
343
Doesn’t F-Secure also license the Acura cloud? Which means a local database isn’t the only layer of signature protection.
You mean APC? If so, yes. But the priority of APC for Avira Antivirus pro and F-Secure seems to be different. Avira's own paid products have higher priority.
Also, Avira engine isn't a pure cloud-based detection engine. Detection database matters. That being said, F-Secure has its own cloud but I am not sure if it can close the gap between databased updates.
 

MacDefender

Level 16
Verified
Top poster
Oct 13, 2019
789
You mean APC? If so, yes. But the priority of APC for Avira Antivirus pro and F-Secure seems to be different. Avira's own paid products have higher priority.
Also, Avira engine isn't a pure cloud-based detection engine. Detection database matters. That being said, F-Secure has its own cloud but I am not sure if it can close the gap between databased updates.
This has gotten really hard to test in the last few weeks. The "fsmind" online signatures have started adding automatic signatures for the popular malware analysis sandboxes under the ".abch" (abuse.ch?) suffix. You can trivially change the hash of the binary to bypass this online detection to test how the other engines react but this isn't easy to do with all obfuscated PE malware.
 

Anthony Qian

Level 7
Thread author
Verified
Well-known
Apr 17, 2021
343
This has gotten really hard to test in the last few weeks. The "fsmind" online signatures have started adding automatic signatures for the popular malware analysis sandboxes under the ".abch" (abuse.ch?) suffix. You can trivially change the hash of the binary to bypass this online detection to test how the other engines react but this isn't easy to do with all obfuscated PE malware.
Haha. Interesting.
I've always been curious about the meaning of ".abch." "abch = abuse.ch" is a good guess. Btw, I've seen ESET's detection name (GenCBL) became part of fsmind detection name in the past. As far as I know, GenCBL is ESET's unique detection name, which means Generic Certificate BlackList.
 

MacDefender

Level 16
Verified
Top poster
Oct 13, 2019
789
Haha. Interesting.
I've always been curious about the meaning of ".abch." "abch = abuse.ch" is a good guess. Btw, I've seen ESET's detection name (GenCBL) became part of fsmind detection name in the past. As far as I know, GenCBL is ESET's unique detection name, which means Generic Certificate BlackList.
It's just a guess for me. All of the easy-to-get samples off of the Malware Bazaar seem to trigger this detection as soon as they render a verdict so it just feels to me like F-Secure is scraping these malware submission sites and automatically adding known bad hashes. It's not a terrible idea for zero-day detection but it does make a product look stronger than it is. Not very different from the vendors that used to watch Kaspersky on VirusTotal.
 

MacDefender

Level 16
Verified
Top poster
Oct 13, 2019
789
BTW does anyone have a license of WithSecure or know where to purchase it from? I'm more curious to see if we will have more deviations between their enterprise and consumer product. So far IMO the indications are weak that F-Secure consumer has gotten worse since the de-merger, but it will be more telling if WithSecure starts getting better production while F-Secure waits in a holding pattern.
 

Anthony Qian

Level 7
Thread author
Verified
Well-known
Apr 17, 2021
343
It's just a guess for me. All of the easy-to-get samples off of the Malware Bazaar seem to trigger this detection as soon as they render a verdict so it just feels to me like F-Secure is scraping these malware submission sites and automatically adding known bad hashes. It's not a terrible idea for zero-day detection but it does make a product look stronger than it is. Not very different from the vendors that used to watch Kaspersky on VirusTotal.
Not very different from the vendors that used to watch Kaspersky on VirusTotal.
You mean McAfee? :ROFLMAO: McAfee seems to constantly monitor VirusTotal and when ESET and/or Kaspersky add detection for a sample, it will too.
 

Trooper

Level 16
Well-known
Aug 28, 2015
755
BTW does anyone have a license of WithSecure or know where to purchase it from? I'm more curious to see if we will have more deviations between their enterprise and consumer product. So far IMO the indications are weak that F-Secure consumer has gotten worse since the de-merger, but it will be more telling if WithSecure starts getting better production while F-Secure waits in a holding pattern.
No but I wish I did. Being that it is geared towards Enterprise I am not sure we can get our hand on it. Kind of like CrowdStrike.
 

MacDefender

Level 16
Verified
Top poster
Oct 13, 2019
789
No but I wish I did. Being that it is geared towards Enterprise I am not sure we can get our hand on it. Kind of like CrowdStrike.
Yeah, same boat. I use a lot of enterprise products (Ruckus wifi, Fortinet firewalls/filtering, etc) but the last time I tried to buy F-Secure PSB it was really hard to give them money without being on calls with a sales person who didn't provide a clear path to how to simply buy a single seat of the software. I gave up.
 

Trooper

Level 16
Well-known
Aug 28, 2015
755
Yeah, same boat. I use a lot of enterprise products (Ruckus wifi, Fortinet firewalls/filtering, etc) but the last time I tried to buy F-Secure PSB it was really hard to give them money without being on calls with a sales person who didn't provide a clear path to how to simply buy a single seat of the software. I gave up.

That is nice you are able to use some enterprise products personally. I tried here and there over the years but ended up like you, stuck with a sales person who had zero interest in selling to me. What is your av of choice then? A Fortinet endpoint client?
 

MacDefender

Level 16
Verified
Top poster
Oct 13, 2019
789
That is nice you are able to use some enterprise products personally. I tried here and there over the years but ended up like you, stuck with a sales person who had zero interest in selling to me. What is your av of choice then? A Fortinet endpoint client?
I currently like F-Secure SAFE and ESET. I don't find myself needing the functionality of Fortinet or other endpoint managed AV.
 

Asterixpl

Level 10
Verified
Mar 19, 2022
472
It's just a guess for me. All of the easy-to-get samples off of the Malware Bazaar seem to trigger this detection as soon as they render a verdict so it just feels to me like F-Secure is scraping these malware submission sites and automatically adding known bad hashes. It's not a terrible idea for zero-day detection but it does make a product look stronger than it is. Not very different from the vendors that used to watch Kaspersky on VirusTotal.

A similar practice is used by Arcabit / MKS_Vir to block such sites. Apparently it's better to block access to the site right away than get infected by taking samples.
With Arcabit I couldn't access Malware Bazaar with the program running. To download samples I had to turn off the software completely - which is not a good idea.