Business Suite

Sort by:
Issue: F-Secure Policy Manager informs on the Software updates tab that a update package is required to be downloaded manually, how does this work in Software Updater? Resolution: F-Secure Policy Manager 14.30 or later now allows manually downloading software updates that cannot be downloaded automatically from vendors' sites, e.g. Oracle Java updates. Hosts report such updates as requiring manual downloading and the admin is able to download and import those using the Manual downloads feature found on the Software updates tab in Policy Manager Console. The end-points supporting these manually downloaded packages are: F-Secure Client Security 14.20 and later Email and Server Security 14.00 and later Server Security 14.10 and later (to be released) Article no: 000020467
View full article
Issue: A website (URL) is blocked by F-Secure Client Security Web Content Control feature. Where in the Policy Manager Console can I see a detailed explanation on why the site is blocked? Resolution: If a website (URL) is blocked by Web Content Control, no alert will be sent to the Policy Manager alerts page. To send this information to Policy Manager would be a violation of the user's privacy. The reason why a website has been blocked is shown for the local user in the browser. In the notification the user can see the content category which has been blocked.    If the website should not belong to the category, the user can click on the Report this website button to send a sample URL to F-Secure Labs to have the category corrected. If the end-user didn't see the reason why the website was blocked, verify that the F-Secure Browsing Protection extension is installed and enabled.    Article no: 000020769
View full article
Issue: After installation we noticed spam scanning was not working due to missing components. After a reboot of the ESS server downloads components from the Policy Manager Server and starts working as expected again Spam filter is not working Resolution: If you are experiencing any kind of Anti Spam related issues, first thing we advise is to troubleshoot the connectivity. You can refer to this article for troubleshooting the connectivity. If the troubleshooting was positive, and you still have issues with the filter, please follow the steps below to fix the problem. You can verify the problem by opening the TransportAgent.log and check if you see errors like this: 2020-02-12 15:16:21.374 [8350.0111] *E: FSecure.AntiVirus.Exchange.Transport.FSItemScanner: Scan() Failed System.IO.FileNotFoundException: Cannot load dll 'nif2_api64.dll' Dateiname: "nif2_api64.dll" bei FSecure.Utils.DllLoader..ctor(String dll32, String dll64, UInt32 familyId) bei FSecure.Api.AntiSpamApi.Nif2AntiSpamApi..ctor() bei FSecure.AntiVirus.Exchange.Transport.FSSpamScanner.Scan(ManualResetEvent stopEvent) Note: TransportAgent.log can be found from C:\Windows\ServiceProfiles\NetworkService\AppData\Local\F-Secure\Log\ess  To solve the problem, clear the setting Notify administrator.  To apply this change, you need to use F-Secure Policy Manager Console: Open F-Secure Policy Manager Console Highlight a host or policy domain from the Domain Tree Go to the Settings tab and select Standard view Expand the Microsoft Exchange settings and go to Incoming email Scroll down to the Archive scanning section and disable the option Notify administrator Distribute the policy (Ctrl + D) After you have distributed the policy, try to stimulate a "spam email" to see how the filter handles the spam now. Open the Web GUI and navigate to Spam Control and check the statistics "number of processed message and number of spam messages". If the statistics are still 0, open TransportAgent.log again and check if you see similar errors:  2020-02-18 15:38:09.213 [35d0.0079] .W: FSecure.AntiVirus.Exchange.Transport.FSMessageScanner: SpamFiltering turned OFF, size:2401, max:1000  2020-02-18 15:48:11.736 [35d0.0108] .W: FSecure.AntiVirus.Exchange.Transport.FSMessageScanner: SpamFiltering turned OFF, size:1831, max:1000 FSMessageScanner: SpamFiltering turned OFF, size:A, max:B " meaning: message will not be scanned for spam cause it's size (A kb) exceeds maximum allowed message size (B Kb) to be scanned for SPAM. windows.microsoft.exchange.transport_protection.inbound.spam_control.max_message_size: 222, this means  messages larger then 222Kb will not be scanned for SPAM. Appropriate setting could be changed. The Transport Agent detects "X-MS-Exchange-Organization-SCL: -1" message header. "A -1 SCL would apply to email messages sent between recipients of the same Exchange organization, or messages from external senders that have been whitelisted in some way." Also "X-MS-Exchange-Organization-SCL" header field is removed when a message enters some organisation. More information can be found here: https://social.technet.microsoft.com/Forums/ie/en-US/27bd3904-45b4-450a-a806-9c753f23753b/xmsexchangeorganizationscl-1?forum=exchangesvradminlegacy Article no: 000020676
View full article
Issue: Windows Firewall status is red with error message: "Windows Defender firewall is not using the recommended settings to protect your computer" The Windows Firewall state is set to: ON Incoming connections setting is set to: Allow all connections to apps that are not on the list of blocked apps Resolution: If Windows Firewall is showing its status as red with message: "Windows Defender Firewall is not using the recommended settings to protect your computer". This is due to the settings of the Unknown inbound and outbound connections from the F-Secure Client Security 14 firewall profile. In order to resolve the issue follow these steps: Open the Policy Manager console Select the host or domain from the Domain Tree Go to the Settings tab Browse to the Firewall menu Ensure the value under  "Profile being edited" is the correct profile Set the value of the Unknown inbound connections and Unknown outbound connections to Block Distribute the profile (ctrl +D) Once the host receives the new profile the firewall should stop displaying the message and the status should turn to green.  Article no: 000018337
View full article
Issue: ESS 14.00 Microsoft Exchange transport agent can not be started after upgrading to Email and Server Security 14.00 Web Console shows "Transport Agent status is not available. Check the configuration of F-Secure Email and Server Security services and try again." Resolution: After you install F-Secure Email and Server Security 14.00 on your server, and you get the error message "Transport Agent status is not available". Check the configuration of F-Secure Email and Server Security services and try again." from Web Console. run  Get-TransportAgent in Exchange management shell: If for F-Secure Transport Agent is "Enabled" = "True" then the following notes should be taken into account: This happens if you have clicked CANCEL in login prompt or hit OK too many times. You couldn't log in properly because a browser is not running with admin rights. To fix the problem, you need to open a browser with "run as administrator" option, enter admin credentials and then log in with the same user. Note: By default using a link from the start menu or typing IP in the address bar, means that the browser is still running with user-level rights. Even if it was launched by admin's double click. And we could not ask for elevation after the login prompt is shown. Double click will work if UAC is off and in policies and approval mode is disabled, otherwise you need to start browser as admin. Article no: 000018909
View full article
Issue: Anti Spam module does not report any email detected as spam. Anti Spam module does not work. Resolution: Anti-Spam troubleshoot checklist for Email and Server Security 14.00 Check that Anti-Spam updates are downloaded. Open F-Secure Server Security GUI and go to Tools. Click on Check for updates, and see if the target server has installed the latest F-Secure AntiSpam Update. This will be visible under Update History.  Open a browser from your target server and enter this URL:https://aspam.sp.f-secure.com/bdnc/config If the connectivity works, it will show:{"benchmarkInterval":3600,"benchmark":1,"servers":["aspam.sp.f-secure.com"],"statsInterval":1800,"enforceSSL":true,"benchmarkThreshold":5,"disableThreshold":10} If the connectivity does not work, you need to enable  *.f-secure.com and *.fsapi.com on your Firewall If your environment uses http proxy, then the anti-spam engine needs to be configured to use the same proxy. This can be done using Policy Manager Console. Note: Anti-spam engine is a cloud-based solution, so it will simply not work if it doesn't have a working connection to the detection center https://aspam.sp.f-secure.com as F-Secure Emal and Server Security sends request to  https://aspam.sp.f-secure.com/ Article no: 000020710
View full article
Issue: Do DeepGuard exclusions accept Windows environment variables or wildcards when the exclusion is created through F-Secure Policy Manager? Resolution: DeepGuard exclusions for F-Secure Client Security 13.11 do not support support wildcards or Windows environment variables. The full path and name of the file is required. A DeepGuard exclusion for F-Secure Client Security 13.11 can be created by following these steps: Log in to Policy Manager Console Highlight a host or policy domain from the domain tree Go to the the Settings tab and select Advanced View Navigate to F-Secure DeepGuard > Settings > Excluded applications Enter the full path of the application, for example: C:\Program Files\Application\app1.exe Distribute the policy DeepGuard exclusions for F-Secure Client Security 14 and later support both wildcards and Windows environment variables. Follow these steps to create an exclusion using a wildcard: Log into Policy Manager Console Highlight a host or policy domain from the domain tree Go to the Settings tab and select Standard view Go to Real-time scanning  Scroll down and enable Do not scan the following files and applications  Click Add and select Folder path Enter the folder path, for example: *\examplefolder\subfolder\* and click OK Distribute the policy  Article no: 000007234
View full article
Issue: F-Secure Client Security 14.00-14.10 and Server Security 14.00 do not apply firewall policy settings configured in the Policy Manager Console 14.30-14.40. This causes the F-Secure firewall features to get deactivated. Windows firewall keeps working as F-Secure does not disable it, so in practice the Windows firewall is up without F-Secure rules.   Resolution: As a permanent fix, we have released Policy Manager 14.41 and a hotfix for Policy Manager 14.30 on Thursday 13 February 2020. At the same time, we have released Client Security 14.21 on Thursday 13 February 2020. Importing the Client Security 14.21 JAR installation package into Policy Manager Console 14.30 and 14.40 will also solve the issue. You can find the latest versions and hotfixes from our downloads page. Article no: 000020578
View full article
Issue: Real-Time scan feature "Prevent User from Adding Scanning Exclusions" is enabled in Policy Manager, but from the client GUI the Add New button is not greyed out and exclusions can still be added.  Resolution: A fix for this issue has been released in F-Secure Client Security 14.21. You may refer to the Release Notes for more information.  Article no: 000020613
View full article
Issue: I've Installed  F-Secure Email and Server Security but Windows Defender Real-time Protection is still on. Should I deactivate it when I'm using the F-Secure product? Resolution: Yes, Windows Defender should be deactivated when using F-Secure Email and Server Security. Multiple Anti-Virus products running at the same time may cause conflicts. On Windows Server 2016/2019, Windows Defender will not enter passive or disabled mode if you install a third-party antivirus. After installing a third-party antivirus you should uninstall Windows Defender AV on Windows Server 2016 to prevent problems caused by having multiple antivirus products installed on a machine. If you are Using Windows Server, version 1803 and Windows 2019, you can enable passive mode by setting this registry key: Path: HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection Name: ForceDefenderPassiveMode Value: 1 Article no: 000002236
View full article
Issue: We are using the policy-based installation option to upgrade our clients, from which we receive status "Failed: download interrupted"  Resolution: By default F-Secure Policy Manager Server can handle a maximum of 50 simultaneous package download requests. If the network cannot handle the bandwidth required for 50 simultaneous downloads, the policy-based installation or upgrade operation might fail. This error can also be the result of, if you have a sub-network with low bandwidth, which tries to fetch packages for several minutes. For a network with low bandwidth, that can not handle such a high network load, we recommend to use the  F-Secure Policy Manager Proxy as an option. Policy Manager Proxy offers a solution to bandwidth problems in distributed installations of Client Security and Server Security by significantly reducing load on the networks. More about this topic can be found here.  Another solution, which can decrease the network load, is to use the additional_java_args setting: -DmaxSynchronousPackageRetrievalRequests=25 This settings changes the maximum number of simultaneously handled package download requests for policy-based installations.  You can apply this change on your F-Secure Policy Manager Server by following these steps: Open the Command Prompt as an administrator and use the command net stop fsms (This command stops the F-Secure Policy Manager Server service) Open regedit and navigate to HKEY_LOCAL_MACHINE > SOFTWARE > Wow6432Node > Data Fellows > F-Secure > Management Server 5 Select additional_java_args and double-click it Enter the following string to Value Data: -DmaxSynchronousPackageRetrievalRequests=25  Use net start fsms command to start the F-Secure Policy Manager Server service Note: If there is no existing additional_java_args registry entry, you can create one. Set the type as REG_SZ.   Article no: 000020477
View full article
Issue: How to update F-Secure Linux Security 11.x virus databases manually in an isolated or offline environment with no internet connection? Is the update package self-contained, meaning it contains all signature updates, or is it an incremental update?   Resolution: Note: This article assumes deep technical understanding of both F-Secure's products and the relevant operating system. If you are unsure, contact F-Secure support for assistance. To update the virus definition databases for F-Secure Linux Security 11.x manually from the command line: Download the fsdbupdate9.run file from https://download.f-secure.com/latest/fsdbupdate9.run. The file is a self-extracting file that stops the AUA daemon, updates the databases and restarts the AUA. As a root user, run the  dbupdate fsdbupdate9.run  command where fsdbupdate9.run is the absolute or relative path to the fsdbupdate9.run file. The update package is self-contained and contains all necessary updates. Article no: 000011352
View full article
Issue: How to create a targeted scheduled scan in Policy Manager for F-Secure Client Security 14 clients? Resolution: You can create a targeted scheduled scan by following these steps: Log in to Policy Manager Console Select the host or domain from the Domain Tree  Go to the Settings tab (Standard view) Go to the Manual scanning page  Click Add on the right side of the Scheduled scanning list Enter the Scheduling parameters (Example: /t08:30 /rweekly /s4 - this scan will be run each Thursday at 08:30) Select Generic as the Task Type Enter in the Task Type Specific Parameters: "C:\Program Files (x86)\F-Secure\Client Security\fsscan.exe" -s -t C:\Examplefolder  Distribute the policy  This will scan the target folder C:\Examplefolder and sub-folders within it with the current scan settings shown in Policy Manager Console in the File scanning section on the Manual scanning page.  Fsscan.exe does not support several target folders. You will need to create a separate scheduled scan for each target. Several targeted scans can run concurrently.  Article no: 000016858
View full article
Issue: How to allow a local user to unload / disable / turn off all security features of F-Secure Client Security through Policy Manager? Resolution: Follow these steps to allow users to unload / disable F-Secure Client Security on their computer: Log in to F-Secure Policy Manager Console Go to Settings tab and select Advanced view Select F-Secure Management Agent -> Settings -> User Interface -> Allow user to unload products = Allowed always Now the users can unload / disable / turn off F-Secure Client Security security features locally on their computers. How to disable locally on Client Security 13.x clients: Right-click the F-Secure Client Security icon in the system tray  Click Unload Select either Unload and continue with current firewall profile or Unload and allow all network traffic How to disable locally on Client Security 14.00-14.10 clients: Open the F-Secure Client Security 14 local user interface Go to Tools  Click Turn off all security features How to disable locally on Client Security 14.20 and later clients: Open the F-Secure Client Security local user interface Click on the More options icon Click Turn off all security features   Article no: 000006262
View full article
Issue: After upgrade from F-Secure Client Security 13 to version 14, the Powershell function "get-wmiobject Win32_Product" was still returning information for the old Client Security 13 version. Resolution: An upgrade to the sidegrade module was released on Febuary 4th, 2020 (version 12.43391.52). This fixed the issue with the upgrade not removing the MSI-registration data. If you have installed F-Secure Client Security 14 before the release of the upgraded sidegrade module, a reinstallation of the product will solve the issue.  Article no: 000020519
View full article
Issue: I have blocked  a domain via Anti Spam "Blocked list",  but we still receive mails from this domain. What can be set here to prevent such mails from getting through? Resolution: Note: Spam control settings allow you to configure how the product scans incoming mail for spam. The threat detection engine can identify spam and virus patterns from the message envelope, headers and body during the first minutes of the new spam or virus outbreak. Check incoming email messages for spam: Specify whether incoming mails are scanned for spam Specify the spam filtering level: All messages with the spam filtering level lower than the specified value can pass through. Spam filtering level Decreasing the level allows less spam to pass, but more regular mails may be falsely identified as spam. Increasing the level allows more spam to pass, but a smaller number of regular email messages are falsely identified as spam. For example, if the spam filtering level is set to 3,more spam is filtered, but also more regular mails may be falsely identified as spam. If the spam filtering level is set to 7, more spam may pass undetected, but a smaller number of regular mails will be falsely identified as spam. You can set the spam filtering level according to your needs and preferences, however the advise is to set it to 5. If you want to block a domain or email address using Spam filter module, you can do that by creating black or block list. This can be done using Email and Server Security Web Console or Policy Manager Console. How to set the blacklist using Email and Server Security Web Console: Go to Spam Control and navigate to Safe / blocked senders or recipients  By the Blocked section, edit your existing list or create new list for blocked senders and blocked recipients Enter the domain or emails you wish to block and safe the changes   The match list can be found also under Settings > List. There you will find the global list for all type of filters you have set. For more about Spam filter, you can refer to the admin guide. Article no: 000020510
View full article
Issue: Where are the settings for content filtering inbound/outbound/internal email located in the policy settings standard view? In advanced view they can be found under F-Secure Anti-Virus for Microsoft Exchange -> Settings -> Transport Protection -> Inbound Mail/Outbound Mail/Internal Mail -> Content Filtering but they are missing in Standard view. Resolution: The standard settings view is built and optimized for the management of Email and Server Security (ESS) version 14.00 and later. This version of the product dropped the ability to filter messages by keyword content, therefore the related settings were also not included in the standard settings view. Configuring this and any other settings for older versions of ESS can, and should, still be done normally using the advanced settings view. Article no: 000020479
View full article
Issue: After F-Secure Policy Manager Server and Proxy upgrade to version 14, Client Security 13.x hosts are unable to connect. Logfile log (...\F-Secure\common folder) in AV CS 13.xx shows similar errors: 1 2020-02-06 09:15:05+01:00 SENC5078N SYSTEM F-Secure Management Agent 1.3.6.1.4.1.2213.11.1.14 F-Secure Management Agent konnte keine Verbindung zum Server herstellen und arbeitet nun im Offline-Modus. (Fehlernummer 0: No valid server certificates.) 1 2020-02-06 09:16:36+01:00 SENC5078N SYSTEM F-Secure Management Agent 1.3.6.1.4.1.2213.11.1.14 F-Secure Management Agent konnte keine Verbindung zum Server herstellen und arbeitet nun im Offline-Modus. (Fehlernummer 0: No valid server certificates.) Running  fspmp-enroll-tls-certificate.bat doesn't help. Resolution: Check nrb.log (C:\ProgramData\F-Secure\Logs\fspmsupport), to see if there are similar log entries: Server returned 582097 bytes, whereas limitation is 409600 bytes Failed to get certificates from server "https://xxxxx/fsms/fsmsh.dll": Type: fs::BaseException, Reason: Too much data returned from server This means that there are too many certificates or certificate size exceeds the limit. Client Security 13.xx limits are: Maximum certificate size is limited for 409600 bytes Maximum certificates count is limited for 100 Client Security 14.xx only has size limit, which is: Maximum certificate size is limited for total file size ~ 96000000 bytes Steps how to resolve the issue: Enable H2 console in Policy Manager Server. Instructions found here. Delete all old certificates, which were generated before Policy Manager upgrade. Use this SQL statement: DELETE FROM ISSUED_CERTIFICATES where TYPE = 'TLS' and ISSUED_ON < date as unix timestamp Article no: 000020475
View full article
Issue: After upgrading the Policy Manager Server for Linux to version 14.40 as an administrator, I am unable to log in to Policy Manager Console. I am getting an error regarding wrong credentials, but I can access web reporting without any problem. I tried resetting Policy Manager Console admin password but the issue persists. Resolution: This issue can occur when the Policy Manager Server upgrade has failed but the Policy Manager Console upgrade was successful. Both the Policy Manager Server and Policy Manager Console have to be on the same version. You can proceed to run the Policy Manager Server upgrade again on top of the current installation: Run the following command to upgrade Policy Manager Server: Debian, Ubuntu: # dpkg -i fspms_14.40._amd64.deb Before starting the Policy Manager Console, run the database maintenance tool first: /opt/f-secure/fspms/bin/fspms-db-maintenance-tool Article no: 000020439
View full article
Issue: How to exclude a domain or specific website from Web Content Control disallowed site categories? The site belongs to a blocked category but users need to be able to access it.  Resolution: If a website or domain has been assigned a category that the administrator wants to have as disallowed, the Trusted sites exception list can be used to allow users to access the site.  The administrator can add the site as trusted by following these steps: Log in to Policy Manager Console Highlight a host or policy domain from the Domain Tree Go to the Settings tab Go to Web content control settings Click Add from the right side of the Trusted sites list Add the site or domain URL in the address field Distribute the policy Once the policy has been distributed, users will be able to access the site even though it belongs to a disallowed site category.   Article no: 000020443
View full article
Issue: The ability to switch between f-secure firewall profiles in Client Security 14.10 local user interface is missing. Disabling final flag for the workstation firewall profile in the Policy Manager Console has no effect.   Resolution: A fix for this is included in Client Security 14.20 which has been released on the 6th of February 2020. Affected systems should be updated to resolve this issue. Observe that this version of Client Security requires Policy Manager to be running version 14.40 or later. Article no: 000020339
View full article
Issue: F-Secure Client Security or Server Security Offload Scanning connection to the Scanning and Reputation Server (SRS) is down during a system restart. After system restarted, the connection is restored after few seconds. Resolution: This is expected product behavior if the Offload Scanning connection is established after few seconds after a system restart. During system startup, the Offload Scanning Agent (OSA) service will attempt to establish a connection with the Scanning and Reputation Server (SRS). If the connection to SRS is unreachable due to some reason (e.g. Internal network congestion), the service will re-attempt to establish the connection. Another option is to increase "Connection timeout" and/or "Restore connection interval" in Policy Manager for those devices generating alerts: Log in to Policy Manager Console Highlight a host or policy domain from the Domain Tree Go to the Settings and select Advanced view Navigate to F-Secure Offload Scanning Agent > Settings > Connection  Here you can change the Connection timeout and Restore connection interval settings.   Article no: 000018019
View full article
Issue: How to install F-Secure Email and Server Security 14.00 using policy based option? Resolution: Follow these steps to install the product using policy based option: Log in to F-Secure Policy Manager Console Go to the Installation tab Click Installation packages If you haven't imported the Jar file, please go to our Web Page first and download the Jar file. Click Import  Import the F-Secure Email and Server Security 14.00 Jar file After you have imprted the Jar file, select your target Host from the domain tree to install the product Go to the Installation tab and choose policy-based installations, like shown on the screenshot bellow: 6.Follow the installation wizard instructions and ditribute the policy when you are done with the wizard   Article no: 000020411
View full article
Issue: How to disable TLS1.0 and TLS1.0 in Policy Manager Server ? Resolution: The Java system properties for Policy Manager Server (PMS) can be specified via the Windows registry: Run Regedit as administrator. Create the following string registry key:  HKEY_LOCAL_MACHINE\SOFTWARE(Wow6432Node)\Data Fellows\F-Secure\Management Server 5\additional_java_args Specify the Java system properties in the following format: -DforbidDownloadingPublicKey=t rue - DenableVistaInteroperability=false Restart the Policy Manager Server service to make the new configuration take effect. Reference : https://community.f-secure.com/t5/Business-Suite/Policy-Manager-advanced/ta-p/11869 Article no: 000020383
View full article
Issue: I notice there is a high CPU usage by F-Secure Firewall Daemon service (fsdfwd.exe) when I enable firewall rules. When the firewall rules are disabled, the CPU usage goes back to normal. How can I fix this issue? Resolution: The root cause was because of too small DNS cache in F-Secure Firewall Daemon services and was fixed by increasing it. We have prepared a hotfix to replace the problematic firewall binaries. Proceed to contact F-Secure Support to obtain the hotfix. Article no: 000018452
View full article
Issue: How to change the default installation path of F-Secure Client Security or Server Security using an MSI -package Resolution: F-Secure Client Security 14.10 and Server Security 14.00 and later versions include the support for changing the default installation path for the product.  This can be accomplished using the MSI-startup parameter FORCED_TARGETDIR To set it, use the parameters when launching the MSI or using a transform file i.e. msiexec /i FORCED_TARGETDIR="C:\111"    Article no: 000015031
View full article
Issue: How do you set up the F-Secure Policy Manager Server to communicate via HTTP proxy? Resolution: How to enable: Navigate to folder C:\Program Files (x86)\F-Secure\Management Server 5\data on the Policy Manager server Open the fspms.proxy.config file Remove the # before the http_proxy line and add your password and proxy address Save the config file Restart the Policy Manager Server -service How to disable: Navigate to folder C:\Program Files (x86)\F-Secure\Management Server 5\data on the Policy Manager server Open the fspms.proxy.config file Add a # before the http_proxy line. The # means that the line is a comment and the setting will not be taken into use Article no: 000004324
View full article
Issue: The F-Secure Policy Manager registration does not work and it returns a "Customer number is invalid" error. How to fix this? Resolution: Check the following items: Make sure that the customer number entered during registration is a correct one (the number is visible in the license certificate). Make sure that the license is still valid (the information is visible in the license certificate). Make sure you have valid F-Secure Client Security and Policy Manager versions: 11.xx and 12.xx are no longer supported. Policy Manager 12.x and earlier cannot connect to the registration server.  Article no: 000015351
View full article
Issue: I am trying to push a Client Security installation from the Policy Manager, but the installation fails with error code 53. Resolution: Error code 53 means that the network path was not found: ERROR_BAD_NETPATH 53 (0x35) The network path was not found. System Error Codes (Windows) Make sure, that: The installation account have enough rights (has to be local or domain administrator). Enable the Remote registry service on the clients (To enable remote registry service go to Control Panel -> Administrative Tools -> Services -> Remote registry). Admin$ shares is enable on the client as well as the PMS, please try to access the admin$ share drive on the client from PMS and vice versa to confirm on this. Windows Firewall is disable in the service on both clients and PMS, to avoid blocking the network traffic from getting through. Both Policy manager and workstation are in the same network. Certain Inbound traffic need to be allowed for the workstation such as RPC(TCP 135 Port), NetBios (137-139) and SMB (TCP 445 port) on your firewall (if there's any) On the client, go to Control Panel->Administrative tools->Local security policy->Local policies-> Security Options - Network Access: sharing and security model for local accounts, check that setting. Make sure is Classic - local users authenticate as themselves"  Otherwise you can create an .msi package and run the installation locally on the client, you can find more information about that here: https://help.f-secure.com/product.html#business/policy-manager/14.00/en/concept_9D7CDF206A8E47759637EB2B3AC09B93-14.00-en Article no: 000001685
View full article
Issue: After upgrading to F-Secure Email and Server Security 14.00, emails are no longer quarantined. Error message: 159 Access denied Resolution: Note: When you upgrade to F-Secure Email and Server Security 14.00, you can run the installer locally or using F-Secure Policy Manager "policy based upgrade" option. Read more about this topic. However, you still need to configure few sections, as the admin guide advises to do so. In this case, you can see the lack of permissions and configurations are not completed after the upgrade. You can identify this behavior, by checking the logs. The product writes all logs into C:\ProgramData\F-Secure\ If you open the quarantine.log, you may be able to see a similar line: Unable to download quarantine item because of access denied error in E-mail and Server Security 2020-01-31 17:21:06.585 [0a4c.0010] I: FQM: Deleting Qid 11518 from storage  2020-01-31 17:21:06.585 [0a4c.0010] *E: FQM: Failed to delete Qid 11518 from storage System.IO.DirectoryNotFoundException: A part of the path "C:\Program Files (x86)\F-Secure\Quarantine Manager\quarantine\XXXXXX\Q20190906_000001\Q20191209104816_11518.[eml]" could not be found.    for System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)    for System.IO.File.InternalDelete(String path, Boolean checkHost)    for FSecure.Ess.Fqm.Impl.QuarantineStorage.DeleteMail(String storagePath)    with FSecure.Ess.Fqm.Impl.QuarantineProcessor.Delete() Beside the permissions, the quarantine path was not found, so either it is not configured or it does not exist. If you check the TransportAgent.log, you will see another error which denies the access, so the Agent can not process the items. Exception rethrown at [0]:     for System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)    for System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)    at FSecure.Ess.FqmApi.IQuarantineManager.QuarantineMail(Mail mail)    for FSecure.AntiVirus.Exchange.Transport.QuarantineManager.QuarantineMail(Mail mail)    for FSecure.AntiVirus.Exchange.Transport.FSMessageScanner.QuarantineMail(String strPathToSavedMail, Int64 lSavedMailSize, QuarantineReason reason, String reasonDetails, Int64& resQuarantineId, String& resErrorDescription) 2020-01-31 17:20:39.958 [36f8.0007] *E: FSecure.AntiVirus.Exchange.Transport.FSMessageScanner: QuarantineMail() Failed System.ServiceModel.Security.SecurityAccessDeniedException: Access was denied. If you check the F-Secure.Ess.Config.log: FSecure.ESS_Installer.ViewModel.WizardPageViewModel: Could not set user 'fqmuser' as owner for db 'FSMSE_Quarantine'. Reason: The database principal owns a schema in the database, and cannot be dropped. 2020-01-31 17:20:05.929 [39d4.0001] I: FSecure.ESS_Installer.ViewModel.WizardPageViewModel: Setected quarantine method is 'Local To solve the issue, follow these steps:  Run F-Secure.Ess.Config.exe from the target server.  F-Secure.Ess.Config.exe is located at C:\Program Files (x86)\F-Secure\Email and Server Security\ui Configure the setup for an existing database or create a new database. For the database setup/deployment, please refer to the admin guide Make sure that permissions are set correctly. You can refer to this F-Secure Community article for more details After you have run/entered the configuration locally and the authorizations are checked as in the article. Open the Email and Server Security web console and test the connection to the quarantine database. Article no: 000020341
View full article
Issue: The F-Secure Policy Manager Console is showing a security alert saying that the "Software Updater Database is x days old" fspms-software-updater.log includes error: WARN [c.f.p.s.s.d.VersionCheckingFileDownloader] - Unexpected status="403 Forbidden" when connecting to url="https://content.ivanti.com/data/partner/manifestAlt/partner.manifest.xml" without a proxy Resolution: This security alert will be displayed if the Policy Manager Server has been unable to download the newest Software Updater database in a week.  If you are using F-Secure Policy Manager Server 13.12 or earlier, upgrade to version 13.13. If you are using F-Secure Policy Manager Server 14.00 or 14.01, upgrade to 14.10 or later. You can download the latest Policy Manager version from this page. If you are still encountering this issue after upgrading to the latest F-Secure Policy Manager Server version, make sure your server is able to access the following URL: https://content.ivanti.com/data/oem/FSecure/data/93/manifest/partner.manifest.xml   Article no: 000002071
View full article
Issue: Will the F-Secure Policy Manager autodiscovery feature work if hosts located in different subnets or domains? Resolution: There should be no issue for F-ecure Policy Manager to autodiscover NT Domains to detect the hosts as long as; 1. The hosts can communicate to the Policy Manager Server 2. There is no block between host and Policy Manager Server (eg: firewall, proxy etc.) 3. There is trust relationship between the different domains If there is an issue where the NT Domains are not showing the hosts, it is recommended to run the net view command to troubleshoot the issue. Article no: 000018280
View full article
Issue: Is Microsoft SQL 2017 supported for F-Secure Email and Server Security 14.00?  Resolution: Microsoft SQL 2017 is confirmed supported for F-Secure Email and Server Security 14.00.  Supported environments can be found in the release notes. You can find the release notes for F-Secure Email and Server Security 14.00 here. Article no: 000020277
View full article
Issue: Where to find the license key for version 14 of F-Secure Server Security? Resolution: If the license keys are not listed on your current license certificate, contact your reseller or F-Secure sales contact, depending on how you ordered the product. They can provide you with an updated license certificate that contains the license keys to all product versions that you have access to. Article no: 000011745
View full article
Issue: Can you distribute Windows 7 Extended Security Updates via F-Secure Policy Manager? Resolution: No, unfortunately you can't distribute Windows 7 Extended Security Updates via Policy Manager to the clients. Article no: 000020121
View full article
Issue: When I run the command fsav [path/file] the command returns "ERROR: Password protected file"  Resolution: "Treat password-protected files as safe" setting on WEBUI has been disabled. This means that a message of "Password protected file" will be output every time such files are being scanned.  By default, the setting is enabled which means that any password protected files are considered to be safe and the scan result will always show as "clean". To revert; Login to WEBUI  Click on "Advanced mode" Go to "Virus Protection" > "Real-time Scanning"  Enable the "Treat password protected archives as safe" setting Click on the "Save" button at the right bottom of the page. For Manual Scans, go to  "Virus Protection" > "Manual Scanning"  Enable the "Treat password protected archives as safe"  Click on "Save" button Article no: 000017212
View full article
Issue: F-Secure Software Updater (SWUP) does not install any updates on my computers installed with Client Security Premium 14.02. The status on Policy Manager Console (PMC) is displaying software installation status as "Starting Installation..."    Resolution: This is due to a bug with Software Updater for F-Secure Client Security Premium 14.02. To fix this, you can download the F-Secure Client Security Premium 14.0X Software Updater Hotfix listed in Hotfixes under F-Secure Client Security 14.02. Alternatively, you can upgrade to F-Secure Client Security Premium 14.10 as the fix is already included in the latest version.   Article no: 000017345
View full article
Issue: Why is the right-click contextual menu to force value or show domain values is missing for the Windows Real-time scanning setting "Prevent users from adding scanning exclusions" in Policy Manager Console 14.30 (Standard View)? Resolution: In Policy Manager Console (Standard View) Real-time scanning, the setting in question works as the "final flag" for the above Files and applications excluded from scanning table (comparable to the lock icon for other settings). As tables don't have a right-click contextual menu, this also applies to the table final flag. Forcing the table itself also sets the "Prevent users from adding scanning exclusions" settings according to the parent domain from where the table was forced. Article no: 000020059
View full article
Issue: I installed Policy Manager Server for Linux v14.20 on CentOS v7.7. I have installed the same Policy Manager console version. I cannot connect to Policy Manager Server using Policy Manager console. The F-Secure Policy Manager Server service is running. Resolution: Check if your Policy Manager console is started from a non-graphic terminal. You might want to try this setting if you use the main display: export DISPLAY=:0.0 Article no: 000017046
View full article
Issue: After upgrading F-Secure Email and Server Security from Version 12.12 to 14.00 which is managed via Policy Manager Console, the changes we make via Policy Manager Console are not applied on the target servers. Attachments are filtered using the incoming policy route rule, and we want each email route to use their ow filter rules. Resolution: The issue is caused by the list of internal domains and senders getting corrupted during the upgrade. Please open a support ticket and ask Customer Care to provide you the hotfix FSESS1400-HF01 Follow the steps bellow to apply the Hotfix to centrally managed computers: In F-Secure Policy Manager Console, select Installation tab, import the downloaded jar file Select appropriate domain or host and press Install button. Select this hotfix FSESS1400-HF01 and distribute policies Reset internal domains and internal sender from Policy Manager and distribute policies. The hotfix does not require a restart of the server.   Article no: 000019741
View full article
Issue: Universal CRT is not installed therefore Client Security 14.x/Server Security 14.00 installation fails. In Policy Manger Console, push installations result in the status error message: "Installation failed. MSI error code is 1603." The following error can be seen in Windows Application Event Logs: "Product: F-Secure Client Security [Premium] 14.XX/F-Secure Server Security [Premium] 14.XX -- Universal CRT is not installed" Resolution: The latest version of Client Security 14.x and Server Security 14.00 require Windows Universal C Runtime to be installed on the system. Download and install Windows Universal C Runtime from the link here before installing F-Secure Client Security 14.x or Server Security 14.x. Here is also an alternate link from where to download Windows Universal C Runtime.   Article no: 000008994
View full article
Issue: F-Secure Policy Manager is warning on the Server events for the last 24H event list that the latest virus definition update is several days old.  Resolution: If the F-Secure Policy Manager Server is showing this event on the dashboard: Verify that the server is able to connect to the F-Secure Update server guts2.sp.f-secure.com Verify that the server has more than 2GB of free disk space and that there are no low disk space alerts shown on the server events list. If the server has less than 2GB, the Policy Manager Server will automatically stop downloading new virus definition updates Article no: 000002308
View full article
Issue: With F-Secure Client Security installed in the host, the Delphi debugger process does not work or crash Resolution: We recommend to do the following workaround: Add the exclusion for the Delphi software executable (for example, C:\Program Files (x86)\Embarcadero\Studio\17.0\bin\bds.exe, etc.) in DeepGuard under the Advanced View in the Policy Manager Console: F-Secure DeepGuard > Settings > Excluded Applications (using full file path of the Delphi software executable) F-Secure DeepGuard > Settings > Applications (using a SHA1 hash of the Delphi software executable) NOTE: If you are using Client Security 13.10 or older, you shall upgrade to the latest Client Security 13.11 and above to allow Excluded Applications to work. If you are using Client Security 14.00 - 14.02, we recommend you upgrade to the latest Client Security 14.10 to resolve the issue with exclusions. Launch an elevated command prompt and type the following one after another: net stop fsulhoster net stop "F-Secure gatekeeper" Create the following entry below under the registry HKLM\SYSTEM\CurrentControlSet\Services\F-Secure Gatekeeper\Parameters: DisableCompanionWait(DWORD) = 1 In the elevated command prompt, type the following one after another: net start "F-Secure gatekeeper", and ensure that the Gatekeeper driver starts successfully. net start fsulhoster NOTE: The provided registry change disables a certain optimization in the F-Secure Gatekeeper driver, which are incompatible with software that tries to suspend processes (ie. Delphi debugger). This registry key does not alter the enabled features or other functionalities of the F-Secure product. Article no: 000003035
View full article
Issue: How do I uninstall / remove F-Secure Linux Security 11.xx? Resolution: Follow these steps to fully remove F-Secure Linux Security 11.xx:  Execute the following script as root:  # /opt/f-secure/fsav/bin/uninstall-fsav Check, if any of the following three directories remain: # /etc/opt/f-secure # /opt/f-secure # /var/opt/f-secure If any of those directories still exists, manually remove them: # rm -rf/etc/opt/f-secure # rm -rf/opt/f-secure # rm -rf/var/opt/f-secure This will remove all parts of the Linux Security 11.xx product Article no: 000006007
View full article
Issue: What will happen to Anti-Spyware settings when F-Secure Client Security is upgraded from version 13.x to 14.x? Will F-Secure Client Security 14.x have any spyware scanning?  Resolution: F-Secure Client Security 14.x does not have a separate Anti-Spyware module, it is instead included with the normal Anti-Virus module as part of Real-Time Scanning.  F-Secure Client Security versions 14 and newer do not support the spyware scanning settings included in distributed policies. Any spyware exclusions need to be done as Real-Time Scanning file or process exclusions.    A spyware detection will appear in on the F-Secure Policy Manager Alerts list with the description "Spyware found in file. The file was blocked." and the source is "File Scanning".    Article no: 000019954
View full article
Issue: Malware.ACAD/HighLight.C and Malware.ACAD/Burste.K detected infecting Autocad related files with extension .fas and .lsp F-Secure Antivirus is able to detect, but unable to remove the malware.  Resolution: These files need to be removed manually as per official article from Autocad :- https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/How-to-remove-fas-and-lsp-virus-from-a-server.html Article no: 000019918
View full article
Issue: After upgrading to F-Secure Email and Server Security 14.00 stripped attachments are not quarantined Quarantine folder is empty and nothing to query Items can not be deleted from Quarantine, action fails  Resolution: Make sure you have correct permissions set locally on the target server The "Microsoft Exchange Transport" service runs under "NETWORK SERVICE". Therefore, "NETWORK SERVICE" should have read / execute rights to FQM.EXE and FqmAssembly.dll. These rights should be set during installation for the F-Secure folder "C:\Program Files (x86)\F-Secure". 1. Open F-Secure Email and Server Security console and navigate to Email Quarantine Click on option and Test database connection to verify if SQL server is accessible. If not, please follow the next troubleshooting steps. 2. Open SQL management studio and troubleshoot the following: instance is running Mixed authentication mode is enabled db is existing FQM user have rights to write in db (db owner, db creator security admin) 3. Open Windows Explorer from target server and make sure that FQM service is be running under Local System account   Check permissions locally: "Microsoft Exchange Transport" service and hence our Transport Agent are running under "NETWORK SERVICE" "NETWORK SERVICE" should have read/execute rights on "...Anti-Virus For Microsoft Services/" folder  C:\ProgramData\F-Secure\EssTemp\" folder rights:  'LocalSystem' - FULL  'administrators' - FULL "NETWORK SERVICE" - read/write/delete     C:\ProgramData\F-Secure\EssLimited\ folder rights:     'LocalSystem' - FULL     'administrators' - FULL     'NETWORK SERVICE' - read/delete  Quarantine folder:     C:\ProgramData\F-Secure\EssQuarantine\ folder  permissions:     'LocalSystem' - FULL     'administrators' - FULL Check permissions for network share if centralized mode used: FQM account (SYSTEM by default) should have 'read'/'write'/'change' access rights to remote centralized quarantine (share & folder security tabs). "Exchange Servers" or specific Exchange computers/hosts should have 'read'/'write'/'delete' access rights on "Security" and "share" pages Article no: 000019827
View full article
This article provides information on how to exclude files from real-time scanning in F-Secure Anti-virus products using wildcard characters.
View full article
This article provides information on how to exclude files from manual scanning in F-Secure Anti-virus products using wildcard characters.
View full article
Issue: I have upgraded Policy Manager to the latest 14.30 but I am unable to download the installer for both Java update 212 and 231 using the download package link given in the Software Updater Manual Downloads window. I receive the following error while opening the download package link after logging on with Oracle credentials: Resolution: A fix has been released on the automatic update channel to fix the Download Package link for Java update 231. We do not plan to fix the Download Package link for Java update 212. Java update 212 is the last non-security update for Java and indirectly superseded by Java update 231. We strongly recommend to always upgrade to the latest version available, in this case Java update 231. Java update 212 shall no longer show up as missing update once the latest Java update is installed. Article no: 000018819
View full article