F-Secure Mac Protection Technology Preview advisory 15.3.2011
We are sorry to say that we may have caused problems for your Mac.
Due to a broken anti-virus database update (2011-03-14_03), F-Secure Mac Protection Technology Preview produced several false positive alerts for our beta testers.
While real-time scanning affected mostly Safari, Firefox and Chrome files, running a manual scan caused several other clean files to be detected as malicious. This broken update caused several files to be erroneously sent to the trash bin.
As an immediate fix we released a new database update (2011-03-14_04). However, this update does not restore the files from the trash bin.
Questions and answers
How do I know if my Mac has been affected by this issue?
Please check your trash bin contents. If it contains files trashed on March 14 2011 that you have not trashed on purpose, you will need to run a special the tool below restore the files.
How do I fix the situation?
The best way to recover files is to restore them from Time Machine backup. If you do not have backup, below is an alternate method, using restore.pl tool that can be used to recover files. Please note that restore.pl may not be able to revcover all of files.
Note: If you have lost files that were stored on Dropbox, check "How do I undelete files orrecover old versions of files?" at https://www.dropbox.com/help
If you do not have Time machine or other backup you can try recovering files with a tool that tries to recover files from trash by using system log and the database of detected infections. For this you need to download restore.pl tool and run it:
Note: If you have already restored files manually or from a backup, do not run the utility as it will overwrite files.
To restore trashed files, you need to download a tool and execute it:
- You need to run the following as a user with administration rights. If you do not have administration rights you need to log out and log in as a user that has rights to administer this computer.
- Quit all applications, including web browsers.
- Open Applications folder, and locate Utilities, and from there open Terminal and key in the following to verify that you do not have the problematic anti-virus database:
If this prints out version “2011-03-14_03” you have the problematic database and you need to to stop real-time scanning by entering the command as below:
sudo launchctl unload /Library/LaunchDaemons/com.f-secure.fsavd.plist
- Download and run file restore utility:
curl --remote-name http://download.f-secure.com/beta/fsmac/restore.pl sudo /usr/bin/perl restore.pl doit
Note: You may run restore.pl without any arguments, then it will only display what it would to without actually restoring the files.
- If you had the problematic database version “2011-03-14_03” you need now to uninstall F-Secure Mac Protection Technology Preview, as you have a problem with getting updates through.
- Final step:
Restore.pl -tool recovers files that have been Trashed during March 14-15.2011
When it does not know where to restore them, (for example browser cookie files) it will create a folder called “Could Not Restore” on your desktop where it will move those files. You should manually verify the contents of this folder and Trash after running this tool.
Note: restore.pl will create a log file “restore.log” on Desktop.
Note: restore.pl will not empty your trash fully: It will only try to recover files trashed during March 14.-15.2011
We are sorry for the inconvenience this has caused, and want to thank several beta users for bringing this issue to our attention.
If you need any assistance in this issue, please contact us by e-email at this address:
Revision History: FSMACTP-01a,b,c,d 15032011;e 16032011