Using archives to update malware definitions

This discussion has a more recent version.
Khairul_A Posts: 272 F-Secure Employee

The tool for downloading updates is bundled with Policy Manager and can be extracted with the provided scripts. When you run it on any machine with Internet access, the tool downloads the latest updates and required diffs to generate an all-in-one archive.

You can import the generated archive to a Policy Manager Server that is configured to not connect to the Internet for requested definitions updates, but to instead distribute only updates that are imported from the archive.

By default, the tool uses the data\updates folder to store the downloaded update binaries. It also stores the update history to use as a reference for downloading the relevant diffs to the latest version.

The versions history is important for the tool, as it defines the number of diffs to provide to Policy Manager and then serve to managed clients. The default history depth is 10 and is modified using the update_diffs_count property. The longer the history, the more time it takes to download diffs from F-Secure Cloud, because it takes time to generate the diffs from older versions. You can configure the number of download attempts and the time between them in

The process can be automated by scheduling the download and subsequent import operations. You can customize the path to the updates archive to make it easier to transfer, for example using a shared network drive.

Note: Make sure that Policy Manager Server has permission to delete the updates archive, as it removes it after completing the import.

To update the malware definitions:

  1. Configure Policy Manager Server to run in isolated mode.
    1. Open the additional Java arguments configuration:
      • On Windows, open the registry and go to HKLM\SOFTWARE\Wow6432Node\Data Fellows\F-Secure\Management Server 5\additional_java_args.
      • On Linux, open the fspms.conf configuration file and look for the additional_java_args parameter.
    2. Edit or add the string value additional_java_args with the following value: -DisolatedMode=true.
  2. Restart Policy Manager Server to switch it to isolated mode.
  3. Run the following command to prepare the tool:
    • Windows: <F-Secure installation folder>\Management Server 5\bin\prepare-fspm-definitions-update-tool.bat <destination folder>
    • Linux: /opt/f-secure/fspms/bin/prepare-fspm-definitions-update-tool <destination folder>
  4. Transfer the prepared binaries to a machine that has Internet access.
  5. Modify the tool configuration, if necessary:
    • conf\channels.json: this contains a list of the channels to be updated. By default, it includes updates for all the supported clients managed by Policy Manager, so we recommend that you leave only those that are necessary for your environment.
    • conf\ among other settings, you can specify a HTTP proxy here, if needed.
  6. Run the tool:
    • Windows: fspm-definitions-update-tool.bat
    • Linux: fspm-definitions-update-tool
    The resulting archive contains the full set of the latest definitions and diffs to this version. If all data is up to date, no archive is generated.
  7. Transfer the prepared archive (data\ by default) to the Policy Manager Server machine:

    Note: Do not change the archive file name or destination path, as they are hardcoded.

    • Windows: <F-Secure installation folder>\Management Server 5\data\
    • Linux: /var/opt/f-secure/fspms/data/
  8. Run the following command to import the prepared updates:
    • Windows: <F-Secure installation folder>\Management Server 5\bin\import-f-secure-updates.bat
    • Linux: /opt/f-secure/fspms/bin/import-f-secure-updates