Policy Manager & CS 11.5

boboboi

Hello

 

Sometimes I need to install the CS on offline machines on  the network, I need someone to let me understand exactly what happen when I go to Policy Manager -> Installation tab -> Installation Packages -> Import button "here I imported CS V11.5-309". Then there is Export button so the package will be exported as .msi so I can send it to the offline machines  on the network by any media storage like a usb flash disk or a CD. now  what I need to know  is:

- is the exported msi package include my exact custumized domain policy ? if it included then can I update its policy from time to time with an easy method rather than compile a new msi then install again?

- is the exported msi package include the latest definitions database ?  if  not then how to include it or update that offline machine.

 

Thanks

Vad

Hello boboboi,

 

- is the exported msi package include my exact custumized domain policy ?

Yes, if you included it in the package during export process on the "Policy" page of export wizard..

 

- if it included then can I update its policy from time to time with an easy method rather than compile a new msi then install again?

It is possible to export policy file in Policy Manager Console (File ->Export host pollicy file), and then import it on the client side (Main GUI -> Tasks->Central Management-> Import policy file manually)

 

- is the exported msi package include the latest definitions database ?

No

- if  not then how to include it or update that offline machine?

if this machine has internet connection, it will download the updates from F-Secure backweb server automatically. If it doesn't have internet connection, you can use fsdbupdate9 util, which contains the updates and can be downloaded from F-Secure website: http://download.f-secure.com/latest/fsdbupdate9.exe

Unfortunately, CS 11.50 is not supported by this tool yet. This support will be added in the nearest future.

 

Best regards,

Vad

 

tle

Why isn't the lack of fsdbupdate9.exe mentioned in the release notes!?

 

This is a major issue for some.

boboboi

Yea true, plus if you used the fsdbupdate9 then your av will be malfunctioned.

 

Siltanen

Hello boboboi,

 

Client Security 11.50 is not currently working properly together with fsdbupdate9.exe. We'll currently working on making them work together properly. I'll let you know once we have more details regarding the issue.

Gall

Is this related to changed path or the problem is more complicated? How can I update CS 11.5 (and policy manager 11.10) manually?

boboboi

I tried to import the policy file on the client as you told me but I got this message:

F-Secure Management Agent: The file C:\Windows\TEMP\~avtemp.bpf did not pass signature verification.

 

Oh I searched on Google and someone mentioned that might happen if the policy manager server got altered.

Yes that's right I have uninstalled it completely then reinstalled it because I wanted to revert back to default root policy.

So now what is the solution?

 

Siltanen

>I tried to import the policy file on the client as you told me but I got this message:

>F-Secure Management Agent: The file C:\Windows\TEMP\~avtemp.bpf did not pass signature verification.

 

The message basically means that the host policy file has been signed with a different admin keypair than what the client expects. Therefore the client refuses to take the new settings into use and the error message is displayed. This is intended (security) feature.

 

>Yes that's right I have uninstalled it completely then reinstalled it because I wanted to revert back to default root policy.

>So now what is the solution?

 

It looks like the hosts you have currently deployed in your environment are essentially unmanaged hosts, because they do not trust the new admin keypair of the (reinstalled) Policy Manager Server.

 

However, luckily there are still means to recover from this situation.

 

At this stage I would suggest you contact our support either via phone or via filling a support ticket through our website.

http://www.f-secure.com/en/web/business_global/support/contact

etomcat

Hello,

 

> Sometimes I need to install the CS on offline machines on  the network

 

Generally speaking, I don't think that's a good idea. You should either set up a VPN to let the clients see the FSPM box all the time or use the FSAV PSB alternative, with its public web cloud based management. (I think a part of the FS CS license fleet can be converted to PSB / Protection Service for Business seats, if you ask hard enough.)

 

Anyhow, sending out antivirus packages, which the end users will surely turn off or disable at the first occasion and you never learn about that, is not really useful. It kind of defeats the very purpose of centralized management!

 

Sincerely: Tamas Feher, Hungary.

Vad

Hello all,

 

Fixed version of fsdbupdate9.exe is available now. It supports PM 11.10, CS 11.50 and SS/ESS 10.50.

 

Best regards,

Vad

boboboi

even i used fsdbupdate9.exe  still FCS dowloands many updates afterwards !

 

Vad

Hello boboboi,

 

Note that F-Secure is publishing several new DB updates every day. So fsdbupdate9.exe will have not latest updates (become outdated) in a few hours. This is normal, that the product will continue downloading newer updates if they are available already after fsdbupdate9.exe installation.

 

Best regards,

Vad