F-Secure Linux Security 11.10 known issues This article lists down all the current known issues for F-Secure Linux Security 11.10. Updates to the operating system kernel may cause compiling issues or malfunction of the Dazuko kernel driver (either due to updates including backports from upstream kernel, or significant kernel version upgrades). The following operating systems are known to be affected by this issue: Ubuntu 12.04, where minor OS upgrades introduce new kernel versions, which are incompatible with the current Dazuko implementation. RHEL/CentOS 6, where minor OS upgrade can contain a backported kernel patch, incompatible with Dazuko. For deployments that include any of the above-mentioned OS versions, we highly recommend that you verify the on-access scanning functionality in a separate testing environment before upgrading the product on any production machine. Issue with Scheduled Scanning Tasks for the Scheduled Scanning that are configured via Web UI may sometimes not run at the given times. This behavior has been observed at least with Ubuntu 14.04 and is due to Unix "cron" service scheduling being inconsistent with the system time changes. To solve this issue, restart cron. Extending license of an expired PSB subscription Requires running convert_to_full_installation.sh; from the expired installation: Revert the installation to standalone: /opt/f-secure/fsav/sbin/convert_to_full_installation.sh Provide an empty key (press Enter on key request) Re-convert the installation to be PSB-managed via convert_to_full_installation.sh: /opt/f-secure/fsav/sbin/convert_to_full_installation.sh --fspsbs=<psb_server_here> --keycode=<Enter your_keycode> WebUI, Manual scanning: The maximum length of text in "Files and directories excluded from scanning" cannot exceed 4096 bytes. WebUI, Known Files: The "Protect" option is not effective under FANotify and has been deprecated; it might be removed from the WebUI in future releases. WebUI displays an error when entering Advanced mode > General > Communications and upgrading to PSB managed mode. The issue occurs only in the Web server and does not affect the upgrade operation. Reloading the Web page clears the error. Policy Manager's Policy Value 90 ("90. Scan on EXE") and "Scan on execution" will not trigger if both "scanning on open" and "scanning on close" options are disabled (FANotify only). Installer attempts to compile Dazuko kernel module on newer operating systems where FANotify should be used. This issue occurs only if a kernel version older than 3.8 has been left to the system by a distribution upgrade. For example, upgrading from Ubuntu 12.04 to 14.04 may leave 3.2 kernel installed while the system runs kernel 3.16 or newer. The solution is to uninstall the old kernel versions using the operating system package manager. Policy Manager / Linux Security: "Disallow user changes" setting can be set only globally under the Settings directory. Any "Disallow user changes" under individual policy setting has no effect. To solve this issue, disallow all local changes for specific hosts. From Policy Manager Console: Select the machine. Go to the Policy tab, and select F-Secure Linux Security 11.10. Click Settings. Select the first setting called Local settings changed. Set the value to Disallow. Creating new files on Common Internet File System (CIFS) mounted volumes may hang the system for 30 seconds. This is a bug in fanotify kernel module https://bugzilla.kernel.org/show_bug.cgi?id=62221. To work around this issue, add the mount point to the excluded directories list. WebUI, Scheduled scanning tasks: The validation error text, which is displayed upon saving incorrect input values, will not disappear until a logout is performed. Product fails on systems with very large disk partitions due to 32-bit stat() system call in 64-bit file system. The only workaround is to reduce the partition size to avoid having inode numbers larger than 2^32 - 1. In the PSB portal, the client IP address is "0.0.0.0". The workaround is to install "net-tools" package that provides the missing "ifconfig" tool. After installation in SUSE Linux Enterprise Server 12, stopping the FSAUA service with /etc/init.d/fsaua stop does not work properly. A workaround is to reboot once or execute systemctl daemon-reload && /etc/init.d/fsaua start once after installation. After this workaround, the FSAUA service can be controlled successfully with /etc/init.d/fsaua start|stop|restart. If this workaround is applied after installing a hotfix, make an additional FSAUA service restart with /etc/init.d/fsaua restart.