valvaris

Level 4
Verified
Hello F-Secure MalwareTips Community,

I am thinking to switch from Windows Defender on to F-Secure since I found Malware on my system with a Scan and Windows Defender did not... (Private PC) - It just needs to be a Scanner with Cloud AI support and not a Software Firewall since I got that covered by NetLimiter and Mikrotik RouterOS Firewall.

What was found?
By EmsiSoft EEK DeepScan!
02/09/2020 22:46:06
Scanner detected High risk Malware "Heur.BZC.WBO.Boxter.501.4B1E4D92 (B)" in "C:\Windows\System32\Tasks\Setup Script\Windows Cleanup -> (Exec)"

02/09/2020 22:46:06
Scanner detected High risk Malware "Heur.BZC.WBO.Boxter.501.4B1E4D92 (B)" in "C:\Windows\System32\Tasks\Setup Script\Windows Cleanup -> (Exec+)"

Scanned file with VirusTotal as well to confirm and 10 Engines had a hit it was Bad.

Under those 10 Engines that found the "Bad" file was F-Secure. Since the CVE News F-Secure has become very open about vulnerability and think that this is a very good approach.

So on that part Windows Defender failed me but nothing happened to my system. Went thru my Event Logs and Firewall Logs and nothing suspicious happened. (Phew!!!) It could also be a false positive I am not sure... I already deleted that file from the system so I do not have the HASH at hand.

Many thanks in advance
Val.
 
Last edited:
As it needs to be a scanner using Artificial Intelligence, it does not need a firewall .. everything is taking you to Sophos Home Premium, in addition to having protection against ransomware, although not the lightest antivirus
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Hello F-Secure MalwareTips Community,

I am thinking to switch from Windows Defender on to F-Secure since I found Malware on my system with a Scan and Windows Defender did not... (Private PC) - It just needs to be a Scanner with Cloud AI support and not a Software Firewall since I got that covered by NetLimiter and Mikrotik RouterOS Firewall.

Under those 10 Engines that found the "Bad" file was F-Secure. Since the CVE News F-Secure has become very open about vulnerability and think that this is a very good approach.

So on that part Windows Defender failed me but nothing happened to my system. Went thru my Event Logs and Firewall Logs and nothing suspicious happened. (Phew!!!) It could also be a false positive I am not sure... I already deleted that file from the system so I do not have the HASH at hand.
F-Secure has and utilize it's own cloud service, called " Security Cloud ". Nowadays also Aviras. F-Secure does not use it's own firewall, but instead as many other major vendors rely on Windows built-in. F-Secure does also have a feature that covers a possible attack and shutdown of Windows firewall as some malware specific targets Windows own firewall. Advanced network protection ( ANP ).

F-Secure very recently became a CVE Numbering Authority (CNA).
Windows Defender and even F-Secure gives users false positives from time to time. Not long ago F-Secure did struggle with a bit too high numbers in official tests, but been able to tweak that to a much better level. In this case the possible malicious file was deleted from the system and normally it's possible to backtrack the file either in the event messages or via the built-in support tool, but in any case of uncertainty simply submit the file as then one will get the file thoroughly investigated and also a correct answer. For faster replies on submissions is recommended to either call directly or use their chat function. That they talk in my own language ( Swedish ) is extra nice. Of course they also talk fluent English and Finnish. (y):coffee:

Today, Windows Defender ain't too shabby, but it still needs to be tweaked with other 3rd party tools or be fully implemented using ATP.
Microsoft Defender Advanced Threat Protection is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
It is not IMO as efficient " Out of the Box " as F-Secure.

With all that said, I still feel I haven't answered the main question in the topic/thread title. This might help :
As with all these versions one get 30 days to try.
 
Last edited: