Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
F-Secure
On the topic of terminating F-Secure processes....
Message
<blockquote data-quote="MacDefender" data-source="post: 947228" data-attributes="member: 83059"><p>Often times, users are unsettled that with F-Secure, you can "kill" F-Secure in Task Manager by terminating the F-Secure/Ultralight Hoster processes. This is definitely true, but it doesn't necessarily mean malware can do the same.</p><p></p><p></p><p>Here's some tests. At the conclusion of each test, I tried to execute a script that downloads an EICAR test file and executes it, instead of trusting the Windows Security Center status:</p><p></p><p><strong>Test #1: Kill in Task Manager</strong>: F-Secure Killed</p><p><strong>Test #2: Use Services.msc, stop the F-Secure related services: </strong>F-Secure killed.</p><p><strong>Test #3: Use .NET executable, kill "fshoster" and "fshoster64" processes:</strong> Protected. DeepGuard triggered, "Tried to change another application"</p><p></p><p></p><p>[ATTACH=full]259068[/ATTACH]</p><p><strong>Test #4: Use .NET executable, stop F-Secure services</strong>: Protected, DeepGuard triggered, "Tried to change another application"</p><p>[ATTACH=full]259069[/ATTACH]</p><p></p><p><strong>Test #5: Use Batch file and taskkill or net stop to do the same thing as test 3 and 4: </strong>F-secure terminated, protection lost</p><p><strong><strong>Test #6: Use Python script (and Python from the Windows Store) and shell out to taskkill or net stop to do the same thing as test 3 and 4: </strong>F-secure terminated, protection lost</strong></p><p><strong></strong></p><p><strong></strong></p><p><strong></strong></p><p><strong>Conclusion:</strong></p><p>DeepGuard stops certain methods of killing F-Secure but not others, pretty consistent with DeepGuard's strengths and weaknesses. This protection is relatively weak and can easily be defeated by use of trusted binaries to do the dirty work.</p></blockquote><p></p>
[QUOTE="MacDefender, post: 947228, member: 83059"] Often times, users are unsettled that with F-Secure, you can "kill" F-Secure in Task Manager by terminating the F-Secure/Ultralight Hoster processes. This is definitely true, but it doesn't necessarily mean malware can do the same. Here's some tests. At the conclusion of each test, I tried to execute a script that downloads an EICAR test file and executes it, instead of trusting the Windows Security Center status: [B]Test #1: Kill in Task Manager[/B]: F-Secure Killed [B]Test #2: Use Services.msc, stop the F-Secure related services: [/B]F-Secure killed. [B]Test #3: Use .NET executable, kill "fshoster" and "fshoster64" processes:[/B] Protected. DeepGuard triggered, "Tried to change another application" [ATTACH type="full"]259068[/ATTACH] [B]Test #4: Use .NET executable, stop F-Secure services[/B]: Protected, DeepGuard triggered, "Tried to change another application" [ATTACH type="full"]259069[/ATTACH] [B]Test #5: Use Batch file and taskkill or net stop to do the same thing as test 3 and 4: [/B]F-secure terminated, protection lost [B][B]Test #6: Use Python script (and Python from the Windows Store) and shell out to taskkill or net stop to do the same thing as test 3 and 4: [/B]F-secure terminated, protection lost Conclusion:[/B] DeepGuard stops certain methods of killing F-Secure but not others, pretty consistent with DeepGuard's strengths and weaknesses. This protection is relatively weak and can easily be defeated by use of trusted binaries to do the dirty work. [/QUOTE]
Insert quotes…
Verification
Post reply
Top