After upgrading to F-Secure Email and Server Security 14.00 stripped attachments are not quarantined

Issue:

  • After upgrading to F-Secure Email and Server Security 14.00 stripped attachments are not quarantined
  • Quarantine folder is empty and nothing to query
  • Items can not be deleted from Quarantine, action fails 

Resolution:

Make sure you have correct permissions set locally on the target server

The "Microsoft Exchange Transport" service runs under "NETWORK SERVICE". Therefore, "NETWORK SERVICE" should have read / execute rights to FQM.EXE and FqmAssembly.dll. These rights should be set during installation for the F-Secure folder "C:\Program Files (x86)\F-Secure".

1. Open F-Secure Email and Server Security console and navigate to Email Quarantine

  • Click on option and Test database connection to verify if SQL server is accessible. If not, please follow the next troubleshooting steps.
2. Open SQL management studio and troubleshoot the following:
  • instance is running
  • Mixed authentication mode is enabled
  • db is existing
  • FQM user have rights to write in db (db owner, db creator security admin)
3. Open Windows Explorer from target server and make sure that FQM service is be running under Local System account
 
Check permissions locally:
  • "Microsoft Exchange Transport" service and hence our Transport Agent are running under "NETWORK SERVICE"
  • "NETWORK SERVICE" should have read/execute rights on "...Anti-Virus For Microsoft Services/" folder
  •  C:\ProgramData\F-Secure\EssTemp\" folder rights:
  •  'LocalSystem' - FULL
  •  'administrators' - FULL
  • "NETWORK SERVICE" - read/write/delete
  •     C:\ProgramData\F-Secure\EssLimited\ folder rights:
  •     'LocalSystem' - FULL
  •     'administrators' - FULL
  •     'NETWORK SERVICE' - read/delete
  •  Quarantine folder:
  •     C:\ProgramData\F-Secure\EssQuarantine\ folder  permissions:
  •     'LocalSystem' - FULL
  •     'administrators' - FULL
  • Check permissions for network share if centralized mode used:
    • FQM account (SYSTEM by default) should have 'read'/'write'/'change' access rights to remote centralized quarantine (share & folder security tabs).
    • "Exchange Servers" or specific Exchange computers/hosts should have 'read'/'write'/'delete' access rights on "Security" and "share" pages

Article no: 000019827

Sign In or Register to comment.