Real-time Protection Network
This document describes Real-time Protection Network, an online service from F-Secure Corporation that identifies clean applications and web sites while providing protection against malware and web site exploits.
What is Real-time Protection Network
Real-time Protection Network is an online service which provides rapid response against the latest Internet-based threats.
As a contributor to Real-time Protection Network, you can help us to strengthen the protection against new and emerging threats. Real-time Protection Network collects statistics of certain unknown, malicious or suspicious applications and what they do on your device. This information is anonymous and sent to F-Secure Corporation for combined data analysis. We use the analyzed information to improve the security on your device against the latest threats and malicious files.
How Real-time Protection Network works
As a contributor to Real-time Protection Network, you can provide information on unknown applications and web sites and on malicious applications and exploits on web sites. Real-time Protection Network does not track your web activity or collect information on web sites that have been analyzed already, and it does not collect information on clean applications that are installed on your computer.
If you do not want to contribute this data, Real-time Protection Network does not collect information of installed applications or visited web sites. However, the product needs to query F-Secure servers for the reputation of applications, web sites, messages and other objects. The query is done using a cryptographic checksum where the queried object itself is not sent to F-Secure. We do not track data per user; only the hit counter of the file or web site is increased.
It is not possible to completely stop all network traffic to Real-time Protection Network, as it is integral part of the protection provided by the product.
Real-time Protection Network benefits
With Real-time Protection Network, you will have faster and more accurate protection against the latest threats and you will not receive unnecessary alerts for suspicious applications which are not malicious.
As a contributor to Real-time Protection Network, you can help us to find new and undetected malware and remove possible false positives from our virus definition database.
All participants in Real-time Protection Network help each other. When Real-time Protection Network finds a suspicious application on your device, you benefit from the analysis results when the same application has been found on other devices already. Real-time Protection Network improves the overall performance of your device, as the installed security product does not need to scan any applications that Real-time Protection Network has already analyzed and found clean. Similarly, information about malicious websites and unsolicited bulk messages is shared through Real-time Protection Network, and we are able to provide you with more accurate protection against web site exploits and spam messages.
The more people that contribute to Real-time Protection Network, the better individual participants are protected.
What data you contribute
As a contributor to Real-time Protection Network, you provide information on applications stored on your device and the web sites that you visit so that Real-time Protection Network can provide the protection against the latest malicious applications and suspicious web sites.
Analyzing the file reputation
Real-time Protection Network collects information only on applications that do not have a known reputation and on files that are suspicious or known to be malware.
Real-time Protection Network collects anonymous information of clean and suspicious applications on your device. Real-time Protection Network collects information of executable files only (such as Portable Executable files on the Windows platform, which have .cpl, .exe, .dll, .ocx, .sys, .scr, and .drv file extensions).
Collected information includes:
- the file path where the application is in your device,
- the size of the file and when it was created or modified,
- file attributes and privileges,
- file signature information,
- the current version of the file and the company that created it,
- the file origin or its download URL,
- F-Secure DeepGuard and anti-virus analysis results of scanned files, and
- other similar information.
Real-time Protection Network never collects any information of your personal documents, unless they have found to be infected. For any type of malicious file, it collects the name of the infection and the disinfection status of the file.
With Real-time Protection Network, you can also submit suspicious applications for analysis. Applications that you submit include Portable Executable files only. Real-time Protection Network never collects any information of your personal documents and they are never automatically uploaded for analysis.
Submitting files for analysis
With Real-time Protection Network, you can also submit suspicious applications for analysis. You can only submit Portable Executable files.
You can either submit individual suspicious applications manually when the product prompts you to do so, or you can turn on the automatic upload of suspicious applications in the product settings.
Real-time Protection Network never automatically uploads your personal documents.
Analyzing the web site reputation
Real-time Protection Network does not track your web activity or collect information on web sites that have been analyzed already. It makes sure that visited web sites are safe as you browse the web. When you visit a web site, Real-time Protection Network checks its safety and notifies you if the site is rated as suspicious or harmful.
If the web site that you visit contains malicious or suspicious content or a known exploit, Real-time Protection Network collects the whole URL of the site so that the web page content can be analyzed.
If you visit a site that has not been rated yet, Real-time Protection Network collects domain and subdomain names, and in some cases the path to the visited page, so that the site can be analyzed and rated. All the URL parameters that are likely to contain information that can be linked to you in a personally identifiable format are removed to protect your privacy.
Note: Real-time Protection Network does not rate or analyze web pages in private networks, so it never collects any information on private IP network addresses (for example, corporate intranets).
Analyzing the system information
Real-time Protection Network collects the name and version of your operating system, information about the Internet connection and the Real-time Protection Network usage statistics (for example, the number of times web site reputation has been queried and the average time for the query to return a result) so that we can monitor and improve the service.
How we protect your privacy
We transfer the information securely and automatically remove any personal information that the data may contain.
Real-time Protection Network removes identifying data before sending it to F-Secure and it encrypts all collected information during the transfer to protect it from unauthorized access. The collected information is not processed individually; it is grouped with information from other Real-time Protection Network contributors. All data is analyzed statistically and anonymously, which means that no data will be connected to you in any way.
Any information that might identify you personally is not included in the collected data. Real-time Protection Network does not collect IP addresses or other private information, such as e-mail addresses, user names and passwords. While we make every effort to remove all personally identifiable data, it is possible that some identifying data remains in the collected information. In such cases, we will not seek to use such unintentionally collected data to identify you.
We apply strict security measures and physical, administrative and technical safeguards to protect the collected information when it is transferred, stored and processed. Information is stored in secured locations and on servers that are controlled by us, located either at our offices or at the offices of our subcontractors. Only authorized personnel can access the collected information.
F-Secure may share the collected data with its affiliates, sub-contractors, distributors and partners, but always in a non-identifiable, anonymous format.
Becoming a Real-time Protection Network contributor
You help us to improve the Real-time Protection Network protection by contributing information of malicious programs and web sites.
You can choose to be participate in Real-time Protection Network during the installation. With the default installation settings, you contribute data to Real-time Protection Network. You can change this setting later in the product.
Follow these instructions to change Real-time Protection Network settings:
- On the launch pad, right-click the right-most icon. A pop-up menu appears.
- Select Open common settings.
- Select Other > Privacy.
- Check the participation check box to become a Real-time Protection Network contributor.
- If you want to submit suspicious applications for analysis automatically, follow these instructions:
- Select Other settings > Privacy
- Turn on Automatic file upstream.
Questions about Real-time Protection Network
Contact information for any questions about Real-time Protection Network.
If you have any further questions about Real-time Protection Network, please contact:
F-Secure Corporation
Tammasaarenkatu 7
PL 24
00181 Helsinki
Finland
http://www.f-secure.com/en/web/home_global/support/contact
The latest version of this policy is always available on our web site.