How to disable connections to F-Secure Servers on internet completly?
Just wondering how to disable connections to F-Secure servers on internet from PM / CS / Linux Security products completely?
Even if the settings on PM are made that do not participate in Real-Time protection network, checkbox still remains checked in CS 9.1
Also, computers are doing DNS queries against DNS servers for fsbwserver.f-secure.com and I'd like to stop this behaviour because internet connection is not available...
Regarding participation in Real-Time protection network. The settings made in PM Console works fine. There is a bug in GUI - it doesn't reflect the changes made from PM correctly. This bug is fixed in CS 9.20.
Don't know, if anything could be done with DNS queries.
To clarify, the checkbox in the local GUI affects whether the client provides/contributes additional anonymous information upstream which helps us develop the service (URLs visited etc).
It does not affect whether the Real-Time Protection Network Client is in use or not. In fact if you disable the setting, Real-Time Protection client still stays connected & active.
To check the status of the Real-time Protection Network:
- On the main page, click Settings
- select Other settings, Connection
Network status stays "Connected" even if you uncheck the checkbox in the GUI.
If you need to disable the client completely which is not recommended(!) but is an option in a completely closed network environment, use Policy Manager Console:
F-Secure Real-time Protection Network Client
Client is enabled = No
This disables the Real-time protection client.
With regards to the DNS queries, I do recollect a previous problem where if Automatic Update Agent fails to resolve fsbwserver.f-secure.com it will continuously retry the attempt, even if fallback to F-Secure Update Servers is disabled.
The issue is not fixed but there is a workaround: configure a local DNS server to resolve fsbwserver.f-secure.com to some dummy address.
Hope this helps!
would you mind to elaborate WHY you want to switch off communication with the F-Secure servers?
Maybe we can give you a better advise or justification to keep it on!
so you are complaining about connections to fsbwserver and not ORSP?!
If you have a PMS/AUS running inside you can disable "fallback to F-Secure" in the policy.
But that requires that the PMS gets regular updates (either automatically or via FSDBUPDATE.
Please keep in mind that when you install a fsdbupdate only once a day you will miss fixes for false positives too!
Stopping ORSP communication is possible as well as Peter wrote and he is very right to point out this is NOT RECOMMENDED.
All vendors use reputation services to
- speed up detection of new malware
- reduce the risk of false positives
- doublechecking a "possible infection"
The DBs have grown to 250 MB and keep growing at high rate. This can only be stopped if detections become more generic. More generic means higher risk for a false positive. And to avoid that the scanner needs to check the hash of the "possible" malware against the reputation servers.
My recommendation is to drill a hole into the firewall and allow communication to the well defined F-Secure servers only. The list of IPs is documented in the knowledgebase:
The concept of "no outside communicaton" is about 15 years old and does no longer fit todays IT reallity.
...All the settings regarding connections to F-Secure servers are disabled from the PM, still connections are made and I just want it to stop.
I'm aware that no internet connection is something old etc, that's not what I was asking.
Is it so that you cannot stop these products to connect or not?