Issue:
After upgrading to F-Secure Email and Server Security 14.x, I notice stripped attachments are not quarantined. The quarantine folder is empty and nothing to query. The Items can not be deleted from the quarantine folder as the action fails.
Resolution:
You would need to make sure that correct permissions are set locally on the target server.
The "Microsoft Exchange Transport" service runs under "NETWORK SERVICE". Therefore, "NETWORK SERVICE" should have read/execute rights to FQM.EXE and FqmAssembly.dll. These rights should be set during installation for the F-Secure folder "C:\Program Files (x86)\F-Secure".
1. Open F-Secure Email and Server Security console and navigate to Email Quarantine
- Click on option and Test database connection to verify if SQL server is accessible. If not, follow the next troubleshooting steps.
2. Open SQL management studio and troubleshoot the following:
- Ensure the instance is running
- Mixed authentication mode is enabled
- The DB is exist
- FQM user have rights to write in DB (DB owner, DB creator security admin)
3. Open Windows Explorer from target server and make sure that FQM service is be running under Local System account
Proceed to check the permissions locally:
- "Microsoft Exchange Transport" service and hence our Transport Agent are running under "NETWORK SERVICE"
- "NETWORK SERVICE" should have read/execute rights on "...Anti-Virus For Microsoft Services/" folder
- C:\ProgramData\F-Secure\EssTemp\" folder rights:
- 'LocalSystem' - FULL
- 'administrators' - FULL
- "NETWORK SERVICE" - read/write/delete
- C:\ProgramData\F-Secure\EssLimited\ folder rights:
- 'LocalSystem' - FULL
- 'administrators' - FULL
- 'NETWORK SERVICE' - read/delete
- Quarantine folder:
- C:\ProgramData\F-Secure\EssQuarantine\ folder permissions:
- 'LocalSystem' - FULL
- 'administrators' - FULL
- Check permissions for network share if centralized mode used:
- FQM account (SYSTEM by default) should have 'read'/'write'/'change' access rights to remote centralized quarantine (share & folder security tabs).
- "Exchange Servers" or specific Exchange computers/hosts should have 'read'/'write'/'delete' access rights on "Security" and "share" pages
Article no: 000019827