F-Secure Computer Protection: Main differences compared to Workstation Security 12
Protection Service for Business’s latest generation of endpoint security client is F-Secure Computer Protection. This product is replacing Workstation Security 12 clients that will be End of Life on 31st of March, 2019.
F-Secure Computer Protection has been in production for a year.
F-Secure has now introduced a migration tool that allows the Solution Provider to migrate easily to Computer Protection clients.
Both security clients can be used with the same license key, no change in subscription is required.
Major changes in Computer Protection
- Significantly revised scanning architecture using the latest technology from the F-Secure Lab, including native support for 64-bit technology.
- Unifies behavior of security components and brings the possibility to add new security features more easily in the future.
- Remotely managed Microsoft Firewall.
- Our security experts updated the default Firewall profiles to handle the most significant threats.
- Silent Computer Protection upgrades without the need to reboot the computer allowing regular updates of the client.
- Completely revised update technology, bringing significant reduction in network bandwidth usage.
- MSI package available (see the article Remote Installation of Computer Protection article)
- Uninstallation can be protected by a password configured in PSB Portal
- Many performance and stability improvements.
- Extensible client architecture, allowing easier integration of new features. For example, the premium features and Rapid Detection and Response (RDR) can easily be activated..
- Remote change of subscription key (without client re-installation) from PSB portal. The computer automatically take into use the new product associated with the key (e.g. Computer Protection Premium and RDR). That replaces the ability to change the key from the client.
- Remote isolation of a computer
- Device Control:
- To restrict the usage of USB devices, such as a memory stick or web cam
- Provide visibility to the USB devices of a computer
- F-Secure Endpoint Proxy: It reduces the bandwith usage by caching malware database updates
- Improved visibility in device details view:
- Scan report in portal: If an admin suspect an issue with a Windows computer, he will be able to check the latest scan report (it might be a scan triggered from portal, or scheduled or manual) remotely.
- Active Directory information: Active Directory name, Organizational unit, Domain Components and GUID are visible.
- Domain and Windows name are visible
Active Directory (AD) filtering: By searching an AD domain in the device list view, only the computers using this domain are displayed. A new category for Active Directory is also available
- Remote diagnostic file (fsdiag): In case of problem with a computer, the PSB administrator can select the computer and request a diagnostic file to be uploaded to F-Secure. The administrator should then provide the reference number (available from the device operations tab, or the view fsdiag operation in support page) to F-Secure in a support ticket.
- RMM Support (Remote Management and Monitoring) as described in the article: Computer Protection integration with RMM software
Computer Protection Premium:
The Premium offer can simply be activated by upgrading the subscription or remotely changing the key without any action required on the client. It includes:
- Application Control: Providing fine grain rules to control the applications running on a computer.
- Default security rules to block the most common threats providing yet another layer of defense
- Configurable rules to block or allow applications and scripts
- White and black list
- Monitoring mode to evaluate rules before enforcing them
- DataGuard: Protecting specific folder to block for example ransomware from modifying them
Rapid Detection and Response (RDR)
RDR can simply be activated by upgrading the subscription or remotely changing the subscription key without any action required on the client.
RDR is an automatic advanced threat identification, that allows an IT team or managed service provider can detect and stop targeted attacks quickly and efficiently. It consists of:
- Lightweight sensors monitor your endpoint users' behaviour and stream the events to F-Secure cloud in real-time.
- F-Secure's real-time behavioural analytics and Broad Context Detection™ distinguish malicious behaviour patterns and identify real attacks.
- Visualised broad context and descriptive attack information make confirming a detection easy. F-Secure Partner or your own IT team manages the alerts, and there's an option to elevate tough investigations to F-Secure.
- Following a confirmed detection, our solution provides advice and recommendations to guide you through the necessary steps to contain and remediate the threat.
- Support for Windows Vista: They account for less than 0,2% of our installed base.
- Email and Spam scanning: This is removed due to the generalization of end to end encryption for email and of widespread use of cloud emails.
- Neighborcast: The introduction of F-Secure Endpoint Proxy and the reduction of overall bandwith usagereduces the need for complex solution such as neighborcast.
couple of clarifications to questions coming to our direction.
Q: Do I need a separate subscription for F-Secure Computer Protection than for Workstation Security 12?
A: No you don't. Both of these clients can be installed with same "F-Secure PSB Workstation Security" -subscription.
Q: Can I installs both "F-Secure Computer Protection" and "F-Secure PSB Workstation Security" to same company?
A: Yes you can. At the moment you can choose which product you want to use. Each installation uses one seat from the subscription and you cannot install both product to same computer.
Supposedly there is also "artificial intelligence" equipped DeepGuard included in F-Secure CP 17.1 (although I don't know what exactly that means).
Meanwhile, FSAV PSB 12 has only DG5.0, even though DG6 has been available in the home-user products for a long time and we were promised it is going to be adopted in the for-business product line as well.
Yours Sincerely: Tamas Feher, Hungary.
As I understood the Computer Protection client could be downloaded trough the Management Portal...
But on my/our portal, I can only see PSB 12 available for download...
How do I get the new client?
The power of deciding which companies see the new Computer Protection is with the Solution Providers, and thus not all companies have the download option yet visible. We are increasing visibility to all companies gradually, and with our launch in end of September, it will be available for all.
The email scanning and spam filtering in Workstation Security 12 had a too limited scope. It supports only non-encrypted POP3 emails.
There is less and less usage of non-encrypted POP3 emails, as many companies are using encryption to protect the connection to the email server. In addition, there is a rapid growth of cloud based email solution.
It is not really possible to analyze encrypted emails from a client. F-Secure Computer protection has multiple layers of security to prevent a malware from executing and propagating after it is received, whether it is received from an email or any other channels.
So we decided to remove email scanning from the new client.
There is definitively value in blocking threats as early as possible, and companies should consider deploying an extra layer of security by adding an email security solution such as F-Secure Internet Gatekeeper next to their email server. Using encryption between the email client and server is also a good security practice.
Actually we used only the silent install of FSB.... we need a standalone installer quickly to deploy the new version of Computer Protection. Please help us !
We are working on a significant change on the installations so that we could have those available. There is an open proposal on a intermediate silent installer that would hide the dialogs when all things go well would in case of problems would resolve to showing dialogs (not completely silent). Would an intermediate step like that be helpful / desired to you?
Removing of email scanning is not the right move. Many organisation uses cloud based email services which may not have proper spam guard. here you are forcing people to buy mail security gateway. 2ndly , I as a channel partner, has cloud based email and my people roam with laptops only. hence the email scanning for me is very essential. Even in near past around 2 months back, some of the spams/ malware mails penetrate my mail server and reached my mail box. But due to F-Secure email scanning it was blocked successfully. Hence email scanning should be included. Moreover encrypted Email services are costly. 2ndly, the device control in PSB should be available after this new upgrade, but I am not getting any hints of that.
Thank you for your feedback. Your proposal on email scanning has been noted but we cannot make any promises on adding it back - that is not a straightforward yes/no thing.
As for the device control, it is off by default which may be why you are not seeing hints on it. Go to portal and turn it on, and you will see more of its blocking functionalities.
Can we hope to see in the next upgrade, the capability to set the paramater "By-pass active connexions or not" on the Connexion control ?
Actually it is possible to fix it manually via the Computer Client but not via the Profil PSB...
On huge infrastructure with numerous clients, it will be appreciable.
Thanks for your feedback.
in fact I would need a solution equivalent to the one previously used see this example:
fspsbwks.exe / SILENT / VARS: DISABLE_REBOOT = true / LANG: EN / K: xxxx-xxxx-xxxx-xxxx-xxxx
I will also need to have a variable to force the update after the installation or as a second solution, can Computer Protection perhaps launch from the command line with the update request?
en fait il me faudrait une solution équivalente a celle précédement utilisé voir cette exemple ci :
fspsbwks.exe /SILENT /VARSISABLE_REBOOT=true /LANG:FR /K:xxxx-xxxx-xxxx-xxxx-xxxx
j'aurai aussi besoin d'avoir une variable pour forcer l'update après l'installation ou en seconde solution, Computer Protection peut peut-être lancer en ligne de commande avec la demande de mise à jour ?
Since CP 17.2, it has been possible to run the installer with --silent switch that gives you possibility to install silently in basic case. Need to remove incompatible products (sidegrade) and need to provide subscription info would result in dialogs. Subscription info can be given as part of the installer name (installer_<subscription-code>_.exe).
We are currently preparing a script example for installing with GPO.
We hope this would unblock some people waiting for the installation changes that will take a while longer to be available.
merci je vais tester tout çà.
thank you I will test everything here.
even though I'm not Maaret here are the answers for your questions:
- Computer Protection uses only Windows firewall with additional F-Secure management and rules on top of it. There is no F-Secure own firewall in it.
- Current plan is to sell the F-Secure DataGuard only as part of the premium product without any standalone product of it.
hello everything is good for me.
I use an automatic batch that retrieves the serial from a text file to put it in a variable.
Then I rename with the move command the file automatically.
:: the variable that retrieves the serial
set FSECURESN = 1111-2222-3333-4444-5555
:: you have to put yourself in the right directory then
move PSBInstallerPSB1.exe install_% fsecuresn% _. exe
:: and to launch it
START / WAIT install_% fsecuresn% _. Exe --SILENT
salut tout est bon pour moi.
J'utilise un batch automatique qui récupère le serial venant d'un fichier texte pour le mettre dans une variable.
Ensuite je renome avec la commande move le fichier automatiquement.
:: la variable qui récupère le serial
:: il faut se placer dans le bon répertoire puis
move PSBInstallerPSB1.exe installer_%fsecuresn%_.exe
:: et pour le lancer
START /WAIT installer_%fsecuresn%_.exe --SILENT
ca marche merci à toute l'équipe
Hi asanka and ultimatebhatia,
here is the official statement for the F-Secure own firewall removal:
Our new security client, F-Secure Computer Protection, was released on September 27th and is growing fast in popularity. It will eventually replace the Workstation Security clients in our Protection Service for Business product family.
On top of the various architectural and performance improvements, the release includes an exciting set of new features, such as Device Control and the capability to deliver rebootless upgrades. Later, we will also release F-Secure DataGuard and Application Control 2.0.
Furthermore, we have improved our firewall protection capabilities.
Rather than executing firewall rules with a separate component, we now use the default Windows rule engine to execute F-Secure Firewall rules. This approach brings several considerable enhancements:
- It increases compatibility with appliances, such email, web, firewall, or VPN gateways, including UTMs.
- It increases compatibility with business applications, such as Salesforce, ServiceNow, etc.
- It increases compatibility with any SIEM, RMM, or any other 3rd party auditing, logging, or monitoring tool.
- It allows us to provide a broader set of configurable options, such as using the service name or application path. Additionally, we can provide better IPV6 support.
- It allows us to focus on building additional intelligence and value-added firewall security capabilities.
- It simplifies the network topology and reduces the amount of required configurations.
The F-Secure Expert ruleset, executed by the Windows rules engine, contains an extensive list of advanced rules created by our penetration testers. These provide increased protection against various threats, such as self-propagating ransomware like WannaCry and lateral movement from one client to another. The administrator can create or extend the rulesets to tackle company and context-specific threats.
I hope this answers your question fully for the firewall removal.
DataGuard is coming in next Client Security 13.10 release for the Business Suite customers.
it would be really nice if you called the program in add/remove programs "F-Secure Computer Protection" rather than "Computer Protection"
Microsoft and most other vendor put there name in front - heaps easier to find and sort that way.