Updating malware definitions on isolated Client Security hosts

This discussion has a more recent version.
Jali Posts: 1,769 F-Secure Employee

If you have installed Client Security on hosts that do not have a network connection, you can update the malware definitions using the tool provided with Policy Manager.

Note: This procedure applies to Client Security versions 13 and newer.

The tool for downloading updates is bundled with Policy Manager and can be extracted with the provided scripts. When you run it on any machine with internet access, the tool downloads the latest updates and required diffs to generate an all-in-one archive.

By default, the tool uses the data\updates folder to store the downloaded update binaries. It also stores the update history to use as a reference for downloading the relevant diffs to the latest version.

In addition to the update binaries, you also need the fsaua-update tool to import the prepared updates. This tool is included in the Client Security installation package: C:\Program Files (x86)\F-Secure\Client Security\fsaua-update.exe

To update the malware definitions:

  1. Run the following command on the Policy Manager machine to prepare the tool:
    • Windows: <F-Secure installation folder>\Management Server 5\bin\prepare-fspm-definitions-update-tool.bat <destination folder>
    • Linux: /opt/f-secure/fspms/bin/prepare-fspm-definitions-update-tool <destination folder>
  2. Transfer the prepared binaries to a machine that has internet access, if necessary.
  3. Modify the tool configuration, if necessary:
    • conf\channels.json: this contains a list of the channels to be updated. By default, it includes updates for all the supported clients managed by Policy Manager, so we recommend that you leave only the Client Security versions necessary for your environment.
  4. Run the tool:
    • Windows: fspm-definitions-update-tool.bat
    • Linux: fspm-definitions-update-tool
    The resulting archive contains the full set of the latest definitions and diffs to this version. If all data is up to date, no archive is generated.
  5. Transfer the prepared archive (data\f-secure-updates.zip by default) to the C:\Program Files (x86)\F-Secure\Client Security directory on the isolated Client Security host.
  6. Run C:\Program Files (x86)\F-Secure\Client Security\fsaua-update.exe with administrator privileges.

Note: If you are using version 13.11, you can find the tool from here: https://download.f-secure.com/corpro/cs/cs13.11/fsaua-update.exe.