Business Suite

Sort by:
Issue: After upgrading from version F-Secure Server Security 12.12 to 14.00 on terminal servers, these servers have freezing, hanging and performance issues.  Unable to access the server, remote logins are only possible if all F-Secure services are disabled. Resolution: In such scenarios, there is most likely a hang in ORSP Client, which prevents ulcore from updating. This can be seen in the lynx.log: 2019-09-29 09:36:35.468 [09e8.3330] .W: fs::rs::WinSocket::Impl::connect: Cannot resolve address doorman.sc.fsapi.com 2019-09-29 15:38:08.728 [09e8.2428] .W: fs::rs::WinSocket::Impl::connect: Cannot resolve address doorman.sc.fsapi.com 2019-09-29 21:41:59.136 [09e8.3410] .W: fs::rs::WinSocket::Impl::connect: Cannot resolve address doorman.sc.fsapi.com 2019-09-30 03:44:05.294 [09e8.2a0c] .W: fs::rs::WinSocket::Impl::connect: Cannot resolve address doorman.sc.fsapi.com 2019-10-01 10:04:33.890 [09e8.2670] .W: fs::rs::WinSocket::Impl::connect: Cannot resolve address doorman.sc.fsapi.com When a new object, such as a file or URL, is encountered on one client, the product communicates with the Security Cloud using the strongly encrypted Object Reputation Service Protocol (ORSP) to query for the object's reputation details. Anonymous metadata about the object, such as file size and anonymized path, are sent to the Security Cloud.  In this case, the reason of this hang is that queries to doorman.sc.fsapi.com, one of our back-ends, is blocked. To solve the issue, follow these steps: You need to allow f-secure.com and fsapi.com in your Firewall or External Proxy An other option is, to setup a HTTP Proxy instead of trying to allow fsapi.com, which would be allowed to connect and client will be configured to use the Proxy.  After you have set your Proxy, make sure you configure the HTTP Proxy address in the Policy Manager Console. Please refer to the screenshot below where to add the HTTP Proxy address. If the HTTP Proxy is not an option for you, you can switch OFF security cloud in the settings, as currently the connection to Security Cloud is blocked.  You may find more information about the Security Cloud here. Article no: 000017219
View full article
Issue: During mailbox indexation Exchange service becomes abnormally slow if F-Secure Email and Server Security is installed  Disabling the security features fixes the slowness issue Resolution: In the event that you are facing slowness during mailbox indexation, we suggest that you verify that you are following this Microsoft article about exclusions here. Article no: 000017943
View full article
Issue: How does the firewall automatic selection in Policy Manager work? How to set up the automatic selection profile? Resolution: To set the firewall automatic selection profile changes to work, create the auto select rule based on conditions such as gateway IP, DNS, etc. As an example, when the Windows Firewall profile is changed to different networks (public, private, domain), there is network change happening too. This can be used as the condition for firewall automatic selection rule to trigger. When a host is connected to Domain network, it will use default firewall profile "Office, file and printer sharing". When a host is connected to Public network and assign to DHCP IP address, it will switch to firewall profile "Server". When a host is connected to Private network that communicate to gateway IP (Example: 192.168.1.103), it will switch to firewall profile "My test firewall profile". Note: The firewall automatic selection is based on rules priority. The rule consists of two conditions: Method1/Argument1 and Method2/Argument2.  When both conditions are met, the profile specified in the rule is selected. The rules are evaluated whenever changes in the network interfaces are detected, and the rule with the highest priority is applied in case there are more than one matching rule.  If none of the rules match, the profile will remain unchanged. Therefore a fallback rule, with both methods set to Always, is usually put at the bottom of the rule set. Supported methods and arguments: Never: Never true (argument ignored) Always: Always true (argument ignored) DNS Server IP Address: IP address given as the argument matches with a DNS server DHCP Server IP Address: IP address given as the argument matches with a DHCP server Default Gateway IP Address: IP address given as the argument matches with the default gateway My Network: IP address given as the argument falls within the LAN subnet of the host Dialup: A dial-up connection is open (argument ignored) In IP address arguments, the asterisk (*) may be used as a wildcard, but only in place of whole pieces of the address. For instance 172.16.*.*, but not 172.16.*10.* or 172.16.*. Example: Method1 = Default Gateway IP Address Argument1 = 123.12.0.1 Note: The Argument value is irrelevant for Always, Never and Dialup methods. Article no: 000013127
View full article
Issue: User wants to exclude a specific software update from F-Secure Software Updater automatic installation. Resolution: You can create a rule to exclude a certain software update from Software Updater automatic installation in Policy Manager Console by following these steps: Log in to Policy Manager Console  Select the host or domain from the Domain tree  Select the Settings tab Go to the Software Updater page Click Add from the right side of Exclude software from automatic installation table Enter software name and/or bulletin ID  Distribute policy to the hosts  Now the selected domain or hosts will have an exclusion for the software updates you have created a rule for.  Article no: 000002779
View full article
Issue: When will a newer version of F-Secure Client Security for Mac be released that supports MacOS Catalina (10.15)? Resolution: A new version of F-Secure Client Security for Mac 13.12 was released on 29th of October. It has support for MacOS Catalina 10.15. Client Security for Mac 13.12  installation file is available on our downloads page.   Article no: 000016301
View full article
Issue: Does Policy Manager Proxy also proxy Software Update installation packages? Resolution: Yes, Policy Manager Proxy also proxies Software Updater installation packages. You can find more information, here.  Article no: 000017850
View full article
Issue: Universal CRT is not installed therefore Client Security 14.x/Server Security 14.00 installation fails. Resolution: The latest version of Client Security 14.x/Server Security 14.00 requires Windows Universal C Runtime. Download and install Windows Universal C Runtime from the link here before installing F-Secure Client Security 14.x/Server Security 14.00.   Article no: 000008994
View full article
Issue: I would like to register my F-Secure Policy Manager Server which is not connected to a network (offline), how do I proceed? Resolution: Contact F-Secure support by opening a support request (https://www.f-secure.com/en/web/business_global/support/support-request) Provide the following information for F-Secure technical support to create an offline registration file: Account Name Customer ID Installation ID  Business Suite license Expiry date How to obtain Customer and Installation ID: Open F-Secure Policy Manager console, and go to Help menu > Registration dialog, or; Find the information from the Policy Manager Server installation folder, ...\F-Secure\Management Server 5\Data (Windows) or /var/opt/f-secure/fspms/data (Linux), open the file called upstream-statistics.json using notepad. Customer ID is on line 5 and Installation ID is on line 6. Once support has provided you with an offline registration file, use the following steps to activate it on your Policy Manager Server Windows: Copy the offline registration file to the folder F-Secure\Management Server 5\data Restart the F-Secure Policy Manager Server services by typing the following command in an elevated command prompt (CMD):   net stop fsms   net start fsms Linux: Copy the offline registration file to the folder /var/opt/f-secure/fspms/data  Restart the fspms daemon:  # /etc/init.d/fspms restart F-Secure Policy Manager will be activated until the expiry of your current subscription. After renewing the subscription you need to request a new registration token from support. Make sure to do this some time in advance so that you don't end up with an expired Policy Manager Server. Article no: 000001107
View full article
Issue: Error or issue related to F-Secure components (e.g. Gatekeeper, Firewall, Network Interceptor Framework, Internet Shield) Resolution: Follow the steps below to collect F-Secure debug logs. Download and run the F-Secure debug tool Click Update Debug Files Online Select the components you want to debug (e.g Firewall, Gatekeeper driver) Click Apply Changes Reproduce the issue that was reported and take note of the time Disable debugging by deselecting the components and click Apply Changes Click Collect Logs once the issue is reproduced Locate the FSDIAG on the desktop Send the newly generated FSDIAG log files for investigation and report when the issue was reproduced   Article no: 000002782
View full article
Issue: Server Security has scanning errors and causing performance and hanging issues on virtual servers. Application event log shows error: "The description for Event ID 301 from source FSecure-FSecure Application-F-Secure Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer." Issue has started on one or more virtual servers at the same time. Lynx.log shows following error: W: ComTransaction::GetResult: Exception: Type: fs::BaseException, Reason: invalid status code 500, Function: fs::rs::AbstractTransaction<class fs::rs::Icap>::getResult, File: "c:\\workspace\\workspace\\spt_lynx\\src\\fsciapi\\svce_common\\transaction.h", Line: 235 F: ComTransaction::GetResult: Creating a new transaction failed. Resolution: On virtual servers the scanning is often offloaded to a Scanning and Reputation Server (SRS) to minimize the performance impact. If you have an Scanning and Reputation Server in use, the Event ID 301 error on the client side can be caused by an Scanning and Reputation Server that is having issues. Restart the Scanning and Reputation Server to see if it helps: Open the virtual machine console Log in to go to the Admin menu Select 6 to reboot or shut down the appliance The Power management menu opens Choose: Select 1 to restart the server If a restart of the Scanning and Reputation Server does not fix the issue, follow these steps to install a new one: https://help.f-secure.com/product.html#business/fsvs/latest/en/concept_FAA8187341EF42DA8264EAF45CF42B6B-fsvs-latest-en If a new installation of the Scanning and Reputation Server does not fix the issue, troubleshoot issues on the server where you have installed the Scanning and Reputation Server.  Article no: 000017702
View full article
Issue: F-Secure scan modules for Server Security Premium 12.11 Build 103 are not loaded on the terminal servers. The FSAUA reset tool has already been already executed without success. The server is running on Windows Server 2012 R2. When performing a manual scan the error "No scan modules loaded" appears. Resolution: First make sure you are able to ping your F-Secure Scanning and Reputation Server. If the ping results are ok, then the Agent is most likely down "Reason: Transport is down, Function: fs::rs::Library::newTransaction, File: "library.cpp", Line: 222, Error Code : 34" due to some changes made possibly in Policy Manager Server, like new installation, migration, settings removed. To make sure your clients are connecting to F-Secure Scanning and Reputation Server, open Policy Manager Console and check the settings bellow: For Clients 12.xx and 13.xx Open Policy Manager Server/ Console in advanced view and navigate to Offload Scanning Agent: Specifies the primary F-Secure Scanning and Reputation Server(s) that are used for remote content inspection and reputation services.  The server is defined as <host>[:<port>], where <host> is IP address or FQDN of the server and <port> is the port number the server accepts incoming connections from the client. If the port is not defined, then the default one is used. Use the comma separated list if multiple servers are used. For example, "192.168.1.10, 192.168.1.12:4344". Object identifier: 1.3.6.1.4.1.2213.74.1.10.10 For Clients 14.xx Open Policy Manager Server/ Console in Standard view and navigate to Real-time scanning and make sure your F-Secure Scanning and Reputation Server addresses are correct configured and the check box is selected. Article no: 000014714
View full article
Issue: How to setup the silent installation for Policy Manager Proxy 14.20 User is creating a policy-based upgrade and needs to export installer msi for rollout via group policies Resolution: Clean installations: For Windows Open Policy Manager Console and create temporary user with full access permissions for the root domain Download Policy Manager Proxy installer: fspm-14.10.88509.exe as an example Extract Policy Manager Proxy setup executable content. For 14.00 and older - via any archive manager, for 14.10 start the executable and grab all the content from temporary directory at root level of system drive Transfer admin.pub from Policy Manager to the extracted content Edit prodsett.ini in the same directory: uncomment and specify values for all properties in the section "F-Secure PM Proxy" Use user credentials created at first step for UpstreamPmUserName and UpstreamPmUserPwd properties Run "setup.exe /silent" at target host for 14.00 and older, starting from 14.10 executable is called like fspmp-14.10.88509-rtm.exe, so have to run "fspmp-14.10.88509-rtm.exe /silent" Remove user created at first step For Linux Open Policy Manager Console and create temporary user with full access permissions for the root domain Download installer: fspmp-14.10.88509-1.x86_64.rpm as an example Put admin.pub from PM to the dir with installer Create shell script with name like pmp.sh and following content: yum -y update libstdc++ yum -y install libstdc++.i686 rpm -i fspmp-14.10.88509-1.x86_64.rpm /opt/f-secure/fspms/bin/fspms-config << PMPCONFIG PM address PM port (usually 443) ./admin.pub PMP http port to be used (usually 80) PMP httpS port to be used (usually 443) PM admin username (created at first step) PM admin password (created at first step) PMPCONFIG Run the script: “./pmp.sh”. Remove user created at first step. Same things with Debian/Ubuntu, but use apt and dpkg instead, so sh script will look like: apt -y upgrade libstdc++6: apt -y install libstdc++6:i386 dpkg -i fspmp_14.10.88509_amd64.deb /opt/f-secure/fspms/bin/fspms-config << PMPCONFIG PM address PM port (usually 443) ./admin.pub PMP http port to be used (usually 80) PMP httpS port to be used (usually 443) PM admin username (created at first step) PM admin password (created at first step) PMPCONFIG After the script run, if everything is ok, PMP host should appear in PMC.   Policy Manager Proxy upgrades: For upgrades, as there is not need to configure PMP and generate certificates enough to just upgrade the build. For Windows: Extract PMP executable content via any archive manager Run "setup.exe /silent" For Linux: rpm -U fspmp-14.10.88509-1.x86_64.rpm dpkg -i fspmp_14.10.88509_amd64.deb Article no: 000016979
View full article
Issue:  I distributed an invalid policy to multiple hosts using Policy Manager Console. How can I troubleshoot this or identify what settings was changed and to which hosts it was distributed? Resolution: To locate this information, you can use available logfiles from the server running Policy Manager. fspms-domain-tree-audit.log Below is an example of this this logfile: 10.10.2019 13:21:59,139 INFO [audit.domainTree] - User 'admin' deleted host with identity 79fee1c5-e85b-4a90-b462-09354abb56fd (id=3) 10.10.2019 13:22:06,519 INFO [audit.domainTree] - User 'admin' moved host with identity b8a4bb94-2a9a-4830-b45b-8e45a531279c (id=36) to domain CS 14 hosts (id=4) 22.10.2019 14:14:12,929 INFO [audit.domainTree] - User 'admin' deleted host with identity f4ef246e-61c2-4ac1-949b-f0d3d3be4aa3 (id=35) 28.10.2019 10:54:20,208 INFO [audit.domainTree] - User 'admin' added domain test domain (id=39) to domain Root (id=1) This logfile allows us to understand host- and domain.operations (including the root-domain). Operations include the following: add, remove, rename, move. In our example, the last line, the user ADMIN added a new sub-domain "test domain" with id=39. Another file we are interested in called: fspms-policy-audit.log Below is an example of this this logfile: 23.10.2019 12:22:02,929 INFO [audit.policy] - type="lockedOnClient", domainId="36", OID="1.3.6.1.4.1.2213.12.1.111.2.100.100.60", oldValue="false", newValue="true" 23.10.2019 12:22:02,929 INFO [audit.policy] - type="lockedOnClient", domainId="36", OID="1.3.6.1.4.1.2213.12.1.111.2.100.100.61", oldValue="false", newValue="true" 23.10.2019 12:22:52,528 INFO [audit.policy] - User="admin" applied the following policy changes: 23.10.2019 12:22:52,528 INFO [audit.policy] - type="setting", domainId="36", OID="1.3.6.1.4.1.2213.12.1.111.2.100.100.61", oldValue="null", newValue="c:\test\printfile_release.exe" 23.10.2019 12:23:19,545 INFO [audit.policy] - User="admin" applied the following policy changes: 23.10.2019 12:23:19,545 INFO [audit.policy] - type="setting", domainId="36", OID="1.3.6.1.4.1.2213.12.1.111.2.100.100.61", oldValue="c:\test\printfile_release.exe", newValue="" 23.10.2019 12:34:32,557 INFO [audit.policy] - User="admin" applied the following policy changes: This logfile provides an audit trail for setting changes meaning (what setting was changed and how). The sub-domain in Policy Manager Console is reflected by DomainId. The actual settings is referred to by the OID:   23.10.2019 12:22:52,528 INFO [audit.policy] - type="setting", domainId="36", OID="1.3.6.1.4.1.2213.12.1.111.2.100.100.61", oldValue="null", newValue="c:\test\printfile_release.exe" How do we find the setting 1.3.6.1.4.1.2213.12.1.111.2.100.100.61 in Policy Manager Console? This is perhaps the trickiest part, because we do not have a list of settings available. However, you can find the settings by using Policy Manager. The part of the address that identifies the F-Secure company in the OID is 1.3.6.1.4.1.2213. The latter part identifies the application and the specific setting in the application. Here we have  12.1.111.2.100.100.61 See screenshot capture1.pnn: by selecting "F-Secure Anti-Virus" in Policy Manager Console, you can se that the application is "F-Secure Anti-virus" -> "Object identifier" = 1.3.6.1.4.1.2213.12 When we go further inside the settings in "F-Secure Anti-Virus", we can locate the relevant setting here: - F-Secure Anti-virus    -> Settings     -> Settings for real-time protection        -> Scanning options           -> File scanning               -> Inclusions and exclusions                 -> Excluded processes. To give you an example using syntax we saw in fspms-policy-audit.log: 23.10.2019 12:22:52,528 INFO [audit.policy] - User="admin" applied the following policy changes: 23.10.2019 12:22:52,528 INFO [audit.policy] - type="setting", domainId="39", OID="1.3.6.1.4.1.2213.12.1.111.2.100.100.61", oldValue="null", newValue="c:\test\printfile_release.exe" Based on the information we learned, this entry translates to: Policy Manager Console User=Admin, applied the process exlusion "c:\test\printfile_release.exe" exclusion for domain "test domain" (DomainID was available in fspsm-domain-tree-audit.log) . Article no: 000017432
View full article
Issue: After upgrading Server Security to version 14.00, the NTUSER.DAT file is often corrupted when loading server-based profiles Same issue with upgrade to Client Security 14.10  Resolution: Avdaemon.dll is doing multiple service tasks. One of tasks is the setting conversion and resolving paths environment profiles e.g. %desktop% using user profile and loads each profile into memory. In this case Windows cannot find the local profile and is logging the user with a temporary profile. Changes you make to this profile will be lost when you log off. Ransomware loads user profile aka ntuser.dat to resolve protected path. It seems that it is doing it, even if anti-Ransomware is off. This issue will be fixed in the next versions of the products.  Currently we have hotfix FSCS1410-HF11 that fixes the issue, but before applying the hotfix, which contains a new avdaemon.dll file, make sure the steps below help you resolve the issue: Contact F-Secure support and we will provide you with the hotfix FSCS1410-HF11 and the new avdaemon.dll file Rename avdaemon.dll on one of the affected hosts and restart fshoster service to see if this helps. The avdaemon.dll is located here: C:\Program Files (x86)\F-Secure\Client Security and C:\Program Files (x86)\F-Secure\Server Security If the renaming avdaemon.dll solves the issue, replace the avdaemon.dll file with the fixed version and restart the fshoster service If the replacement helped, you can apply hotfix FSCS1410-HF11 on all of your affected clients Follow these steps to install the hotfix to centrally managed computers: Log into F-Secure Policy Manager Console  Select Installation tab Click Installation packages  Import the hotfix jar file Select appropriate domain or host from the Domain Tree press Install  Select this hotfix FSCS1410-HF11 Distribute policies Article no: 000012303
View full article
Issue: Policy Manager Console is unable to import Client Security for Mac 13.12 jar file. Error "Cannot import 'fscsmac-13.12-rtm.jar": 'ClassPath' entry in section(s) 'InstallationWizard' and 'UninstallationWizard' does not point to wizard entities" is shown when importing. Resolution: You have to upgrade your F-Secure Policy Manager to version 14.20 before importing Client Security for Mac 13.12 installation package. You can find all the latest installers from our Support and downloads page. For more information refer to the help guide.   Article no: 000017540
View full article
Issue: How can i find out what was the last policy issued to a host in Policy Manager Console? Resolution: Check the screenshot below. This shows the field Policy file timestamp, which reflects when the policy file for this host was created. The same screen also indicates, whether the host has this latest policy in use as the column Policy in use states Latest. However, some of these fields are not visible by default (e.g. Policy in use). To enable or disable them, right-click the column header and left-click to enable or disable different fields. Article no: 000017386
View full article
Issue: I need to enable or disable the Browsing Protection feature on some client, how can I do it centrally using Policy Manager Console? Resolution: Open F-Secure Policy Manager: Settings [Standard view] F-Secure Browsing Protection Uncheck the box to Disable or Enable Browsing Protection After you have chosen your setting, make sure that the padlock is closed, after that you can distribute the policies (Ctrl+D) Note:  F-Secure Browser Protection is an integrated Module within the package, that can be only deactivated via Policy Manager or locally from the Client. If you have disabled Browsing Protection for your Clients, and you want to hide the browser plugin deactivated message in main local UI Please ask customer support to provide you the file  FSCS1410-HF03-signed.jar when you submit a ticket.  This  specific hotfix removes notification about disabled BP from UI, while it is disabled. Distribution details for centrally managed hosts: Log in to F-Secure Policy Manager Console  select the Installation tab  Click Installation packages and select import to import the downloaded hotfix jar file Select appropriate domain or host and press Install Select the hotfix Distribute policies Article no: 000004715
View full article
Issue: Firewall rules made with Policy Manager 14.x are not operational on Client Security 14.x clients. Firewall rules pushed from Policy Manager 14.x to Client Security 14.x clients do not appear in the Windows firewall. Resolution: Check that you have edited the same firewall profile that is in use on the client. This can be done by following these steps: Open F-Secure Policy Manager Console Select the host or domain from the Domain tree Go to the Settings tab Go to the Firewall page Check that Host profile and Profile being edited match If they match, the reason why the rule is not applied on the client is because it is an invalid rule. If the rule has many IP addresses in it, make sure that you have used a comma ( , ) in between each IP range as a value separator. Using a space or semicolon ( ; ) in between the IP ranges will invalidate the rule and it will not be visible in the Windows Firewall.  Article no: 000011310
View full article
Issue: Configured Application Control for Client Security 13.x hosts in Policy Manager 14.x but it does not stop the applications from launching Resolution: F-Secure Client Security 13 version does not support the Application control feature which is the reason why applications are still able to be launched after configuring the feature through F-Secure Policy Manager 14. The Application control feature is supported by F-Secure Client Security version 14 and newer. You will need to upgrade the hosts if you wish to use this feature.  F-Secure Client Security 13 supports the Network Access Control feature which prevents unauthorized applications from gaining network access.   Article no: 000016529
View full article
Issue: Unable to change Management Server Address on Client Security or Server Security hosts because the public and private admin keys do not match. Need to migrate hosts between two Policy Manager Servers without having to do a re-installation of the software client side.  Resolution: If your Policy Manager ONLY manages clients running Client Security 14.00 or newer, you can create a Keyreplacer yourself with a tool that can be provided to you by support.  The tool comes with instructions on how to create the keyreplacer-file. You will need to know the IP-address or hostname of the new Policy manager, the http- and https-ports that it uses, and depending on the situation, its admin.pub-file (see steps to download admin.pub below). To deploy the keyreplacer, see steps for "Instruction to deploy the Key Replacer fix" below. In case you are also managing other installations, kindly provide us with the following information from the new Policy Manager for assistance to create Key Replacer fix. Admin.pub file The Policy Manager management address The http- and https-ports used by the Policy Manager ( On Linux systems the port information can be found in the following log: /var/opt/f-secure/fspms/logs/fspms-stderrout.log ) To download admin.pub file, please follow these steps: Login to the PM console In the top menu, click Tools > Server Configuration > Keys Click Export to download admin.pub and admin.prv files Attach the admin.pub file to your e-mail reply and we will create the Key Replacer hotfix file for you. Instruction to deploy the Key Replacer fix Please close the Policy Manager Console and stop Policy Manager Server service in services.msc You can also stop Policy Manager service by opening a command prompt with elevated mode and typing in the below command. net stop fsms Configure the registry on the Policy Manager Server Locate this registry key: "HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Server 5" for - 32bits OS "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432node\Data Fellows\F-Secure\Management Server 5" for - 64bits OS Right-click on Management Server 5 Registry Key and add a new String Value with the following: Name: additional_java_args Data field: -DallowUnsignedWithRiwsAndMibs=true Note: Please don't remove the -D on the beginning of the string or it will not work properly.   The same works for Linux, but you need to use config file /etc/opt/f-secure/fspms/fspms.conf instead of the registry. Create a new line with parameter additional_java_args and specify Java system properties in its value in quotes in the following format: -DpropertyName=value. Multiple properties can be specified using space as a delimiter. Property names and values are case sensitive. Example: additional_java_args=-DallowUnsignedWithRiwsAndMibs=true -Dh2ConsoleEnabled=true -DmaxSynchronousPackageRetrievalRequests=100   Start the Policy Manager Server service and open the Policy Manager Console Go to the Installation-tab and click Installation packages Click Import to import "KeyReplacer_unsigned.jar" file to the Policy Manager Console as an Installation package Deploy the KeyReplacer file to all clients, for example using a policy-based installation After the deployment is finished import the hosts in the Policy Manager Console by going to the Installation tab and clicking "Import new hosts". Article no: 000003212
View full article
Issue: This is the list with descriptions of the services installed for F-Secure Linux Security 64. Resolution: This information can be changed without notice.(06/Aug/2019) f-secure-baseguard-accd.service Responsible for receiving access permission requests from the kernel through the fanotify API. It can grant access autonomously, but for malware analysis, it uses f-secure-baseguard-icap.service.   f-secure-baseguard-as.service BaseGuard facility for email spam scanning. In LS64, the service is inactive.   f-secure-baseguard-av.service A relic from the early days of BaseGuard. For full backward-compatibility reasons, the service cannot be removed, but it serves no purpose in any product.   f-secure-baseguard-cleanup.service Makes sure channel updates don't accumulate on the disk without limit.   f-secure-baseguard-icap.service The malware analysis service used for realtime, scheduled and manual scanning.   f-secure-baseguard-orspgw.service A local proxy for F-Secure's Online Reputation Service. It is used by f-secure-baseguard-icap.service.   f-secure-baseguard-update.service Monitors F-Secure's GUTS2 service for channel updates and sends notifications to fsbg-updated.service.   f-secure-linuxsecurity-fsicd.service Maintains the file integrity checker baseline.   f-secure-linuxsecurity-lspmd.service Locally distributes policy settings to LS64 services.   f-secure-linuxsecurity-scand.service Manages manual and scheduled scans.   f-secure-linuxsecurity-statusd.service Collects status and statistics information from LS64 services and relays them to the policy agent (fsma2)   fsbg-statusd.service Collects status and statistics information from BaseGuard services and relays them to the policy agent (fsma2)   fsbg-updated.service Schedules the installation of online channel updates.   fsbg.service Locally distributes policy settings to BaseGuard services. Article no: 000014984
View full article
Issue: After installation, user is unable to launch Policy Manager Console and they receive error: "The item referred by this shortcut cannot be accessed. You may not have the appropriate permissions". Resolution: The setup wizard creates the user group FSPM users. The user who was logged in and ran the installer is automatically added to this group. To allow another user to run Policy Manager Console you must manually add this user to the FSPM users user group. To add users to a group, use the following instructions: Click on the Server Manager icon on the bottom left of the Windows desktop  Select the Tools menu in the upper right, then select Computer Management Expand Local Users and Groups Expand Groups Double-click on the group to which you want to add users Select Add Enter the name of the user you wish to add to the group, then select Check Names You can separate names with a semicolon if you want to add more than one user Press OK when complete, then OK again to finish Article no: 000017207
View full article
Issue: Visible effects: Windows Server operating system with Server Security 14.00 installed is hanging Windows Desktop operating system with Client Security 13.00 or newer installed is hanging Resolution: UPDATE: The issue related to F-Secure Ultralight Core Update 2019-10-01_01 has now been fixed in the latest Ultralight Core Update, which is available as an automatic update by name  F-Secure Ultralight Core Update 2019-10-22_01. However, if you are still facing similar issues after the update fix, this may happen if F-Secure product have F-Secure Security Cloud Client enabled, but don't have access allowed to fsapi.com address. To resolve this issue, make sure that you have allowed access to fsapi.com from your environment. In case you have isolated environment, or otherwise cannot allow access to fsapi.com, disable F-Secure Security Cloud Client via Policy Manager Console: Log in to Policy Manager Console. Go to Settings tab. Select Advanced view. Navigate to: F-Security Security Cloud Client > Settings > Client is enabled. Select No from the drop-down menu. Make sure that the setting is locked. Distribute policies (CTRL-D). In case you should not have restricted network access, or if above steps didn't help, contact F-Secure support for further assistance. Article no: 000016583
View full article
Issue: What are the main differences between F-Secure Linux Security 64 and F-Secure Linux Security 11.x?   Resolution: Linux Security 64 is a native 64-bit application, however there are some differences compared to the previous released version Linux Security 11.x, most notably: no support for standalone installation mode no support for Protection Service for Business (PSB) installation mode no firewall no web user interface (for remote management with browser) no support for F-Secure Policy Manager Proxies no support for unattended (scripted) installations The list of supported Linux distributions is also different with some legacy distributions only being supported by Linux Security 11.x.  Also note, that while the installer for LS 64 is created/exported in Policy Manager Console, neither Linux Security 11 nor Linux Security 64 can be deployed/pushed to hosts using Policy Manager Console. Article no: 000014897
View full article
Issue: The following errors are show during Linux Security 64 installation. 1:f-secure-linuxsecurity-12.0.6-1 ################################# [100%] 2019-10-21 11:15:03 net/fshttp.c:1662[7] idle timeout occurred 2019-10-21 11:15:03 fshttps.c:560[7] a timeout occurred 2019-10-21 11:15:03 fsguts2.c:1830[7] unable to perform the HTTP operation, error 201 (timed out) 2019-10-21 11:15:03 fsguts2.c:1062[7] unable to fetch update information from the server, error 201 (timed out) 2019-10-21 11:15:03 src/guts2download.c:148[7] unable to fetch the list of updates, error 201 (timed out) 2019-10-21 11:15:03 src/guts2download.c:84[7] downloading the channel content failed, error 201 (timed out) Failed to activate the product! Resolution: Make sure the Policy Manager Server is accessible by the Linux Security 64 installation target machine. Article no: 000017159
View full article
Issue: How to disable Advanced Network Protection for Client Security 14 in Policy Manager 14? Resolution: To centrally disable Advanced Network Protection from target hosts in Policy Manager 14, follow these steps: Open F-Secure Policy Manager Choose the target host or domain from the Domain Tree Go to the Settings tab and use Standard View Go to Web traffic scanning section Choose from HTTP Scanning HTTP scanning enabled and set the value as disabled Distribute the new policy with the Distribute policies button Now Advanced Network protection is disabled from the target hosts. Article no: 000008143
View full article
Issue: After upgrading to F-Secure Client Security 14.10 or F-Secure Server Security 14 Client keeps asking for restart with notification "restart required F-Secure product received a critical update. To keep your protection up to date, restart your computer. Remember to save your work" After a restart the same notification is shown again F-Secure Ultralight services are not listed in the Windows services list Capricorn update is missing from Updates list in the local user interface Note: If you click on the view log file button in the Updates view, it will bring you to the aua.log, where you can see similar entries:  I: Installation of 'F-Secure Ultralight Core Update 2019-08-22_01' : Processing  I: Installation of 'F-Secure Ultralight Core Update 2019-08-22_01' : Retry at restart  I: Installation of 'F-Secure Hydra Update 2019-08-28_04' : Processing  I: Update check completed successfully  I: Installation of 'F-Secure Hydra Update 2019-08-28_04' : Retry at restart Resolution: This issue is related to Ultralight not installing or updating correctly. You can install one of the hotfixes bellow to solve the problem: FSCS1410-HF01 FSCS1410-HF02 FSCS1410-HF07 Note: All these Hotfixes are applicable for Server Security 14.00 and Client Security 14.10 These hotfixes are not publicly available from our homepage. Open a support request and our customer service team can send you the hotfixes. If these hotfixes do not resolve the issue and Capricorn update is still missing from the Updates list, you can try removing the Capricorn update from your Policy Manager Server and re-download it. Follow these steps to re-download Capricorn update on your Policy Manager Server: Stop Policy Manager Server Service Delete the following folder: C:\Program Files (x86)\F-Secure\Management Server 5\data\guts2\updates\capricorn-win64 Start Policy Manager Server Service The Policy Manager Server will now re-download the missing Capricorn update. Wait for 30 minutes and check from the client if it has now been able to download and install Capricorn.   Article no: 000014676
View full article
Issue: Is SUSE Linux Enterprise Server 12 (SLES) a supported platform for F-Secure Linux Security 64? Resolution: SUSE Linux Enterprise Server 12 (SLES) has been added to the officially supported platforms for F-Secure Linux Security 64. For more details you can check the release notes on this link.   Article no: 000013134
View full article
Issue: Security Cloud Client is not connected on Server Security 14 / Client Security 14. Resolution: Make sure that the affected F-Secure host is allowed to connect to the URL orsp.f-secure.com. If this host requires a connection via HTTP proxy to access this URL, you have to configure these settings via the F-Secure Policy Manager Console: Log on to your F-Secure Policy Manager Console. Select the Policy domain   or Host   /   where you want to edit the policy on. Switch to the Advanced view. Go to F-Secure Security Cloud Client > Settings > HTTP Proxy. Modify the value to suit your HTTP proxy requirements: 'http://server:port', e.g. 'http://my.domain.com:1234' Distribute the policy  . Note: If there is no parameter set under F-Secure Security Cloud Client > Settings > HTTP Proxy, the F-Secure Security Cloud Client will use the proxy configuration from the F-Secure Automatic Update Agent (AUA) by default: F-Secure Automatic Update Agent > Settings > Communications > HTTP settings > Use HTTP proxy NOTE: Server Security 14.00 and Client Security 14.x do not officially support proxy authentication. Article no: 000014893
View full article
Issue: F-Secure Linux Security 64 is not connecting to the Policy Manager Server and it is not visible in the "Import new hosts" tab in Policy Manager Console. Resolution: Verify the connection from F-Secure Linux Security 64 to the Policy Manager Server. If the issue persists, configure the address of Policy Manager Server using the server's IP address instead of hostname during the creation of the installation package. Article no: 000016582
View full article
Issue: How to update malware definitions for Policy Manager 13.x/14.x in an isolated network. Resolution: Policy Manager offers two options for updating virus definitions in isolated networks that have no direct connection to the Internet. If your network configuration allows Policy Manager to access internal resources with Internet access, we recommend that you use Policy Manager Proxy as the source for updates. For more details click here. If using Policy Manager Proxy is not an option, you can use a tool provided with Policy Manager to fetch the updates as an archive and copy that to the server where Policy Manager is installed. For more details click here. Article no: 000002697
View full article
Issue: When using image files to distribute product installations, how can I reset the host UID for Policy Manager Proxy to prevent duplicate hosts appearing in Policy Manager? Resolution: If you use image files to distribute product installations, you need to make sure that there are no unique ID conflicts. For Policy Manager Proxy this can be prevented by following the steps below: Stop F-Secure Policy Manager Server service:  Linux: [/etc/init.d/fspms stop] Windows: [net stop fsms] Remove following two files: Linux: /var/opt/f-secure/fspms/data/h2db/fspms.h2.db /var/opt/f-secure/fspms/data/fspms.jks Windows: <F-Secure Installation Folder>\Management Server 5\data\h2db\fspms.h2.db <F-Secure Installation Folder>\Management Server 5\data\fspms.jks Use fspmp-enroll-tls-certificate script to generate proxy node certificate. Run the script and authenticate yourself as root administrator of the Master Policy Manager: Linux: /opt/f-secure/fspms/bin/fspmp-enroll-tls-certificate Windows: <F-Secure Installation Folder>/Management Server 5/bin/fspmp-enroll-tls-certificate.bat Start F-Secure Policy Manager Server service: Linux: [/etc/init.d/fspms start] Windows: [net start fsms]   Article no: 000016987
View full article
Issue: How do I schedule reports on Policy Manager 14.x? Resolution: You can configure Web Reporting to send regular reports by email to one or more recipients. To send the reports by email, you need to enter the mail server details in Policy Manager Console. To do this: Select Tools > Server configuration and click the Mail tab. Enter the mail server address and authentication information. Enter the address that you want to display as the sender in the report emails. This does not have to be a valid email address. Click OK. To configure the report scheduling: Note: You cannot schedule reports for individual hosts, only for domains. You can use the root domain if you want the reports to cover all configured domains. Use semi-colons to separate multiple addresses. If you choose to send the reports on a monthly basis, the reports for each month are automatically sent on the first day of the following month. On the Web Reporting main page, select Scheduled reporting. On the policy domain tree, select the domain that you want to use for the reports. Note: You cannot schedule reports for individual hosts, only for domains. You can use the root domain if you want the reports to cover all configured domains. In the Recipient emails field, enter the email addresses that should receive the reports. Choose whether to send the reports daily, weekly or monthly. If you want to send the reports on a weekly basis, select the weekday. If you choose to send the reports on a monthly basis, the reports for each month are automatically sent on the first day of the following month. Select which reports you want to send. The listed recipients will receive the selected reports in HTML format according to your settings. If you want to check that the report emails are delivered correctly, click Send reports now.   For more information: https://help.f-secure.com/product.html#business/policy-manager/latest/en/task_4644F99989CB41A4BD5BBC5FE87919A2-latest-en Article no: 000003775
View full article
Issue: After updating to Server Security Premium 14.00, a group of Servers are not getting Virus Definitions After upgrading to Client Security 14.10, Clients are not getting updates from Policy Manager Server Resolution: You can apply the hotfix FSCS1410-HF07 to resolve the problem. If the problem persists, make you are experiencing the same problem, by opening the following logs from affected Client and investigate them. Logs are usually located in the following path: C:\ProgramData\F-Secure  Open the C:\ProgramData\F-Secure\Log\AUA.log and scroll down to the latest event to see if you have a similar error: 2019-09-23 15:17:09.502 [0e50.1388] I: Connecting to updateserver:80/guts2 (proxy proxy.demo.com:8888) 2019-09-23 15:17:09.517 [0e50.1388] I: Update check failed, error=115 (operation in progress) Open the C:\ProgramData\F-Secure\Log\CCF\Guts2Plugin.log  and scroll down to the latest event to see if you have a similar error: 2019-10-01 09:54:30.351 [1284.1258] I: Guts2Client::UpdateCurrentProxyForRootServer: Save successful proxy 'proxy.demo.com:8888' 2019-10-01 09:54:30.352 [1284.1258] I: Guts2Client::CheckForUpdatesFromServer: Check from server 'fsms:80/guts2' 2019-10-01 09:54:30.365 [1284.1258] I: Guts2Client::RefreshAvailablePackages: Trying with proxy 'proxy.demo.com:8888' 2019-10-01 09:54:30.581 [1284.1258] I: [fslib] server returned HTTP status code 503 (try again later) 2019-10-01 09:54:30.581 [1284.1258] *E: [fslib] unable to fetch update information from the server, error 115 (operation in progress) 2019-10-01 09:54:30.581 [1284.1258] I: Guts2Client::RefreshAvailablePackagesProxyConfigured: Failed to refresh available packages, error=115 2019-10-01 09:54:30.581 [1284.1258] *E: Guts2Client::CheckForUpdatesFromServer: Failed to refresh available updates list 2019-10-01 09:54:30.587 [1284.1258] I: CCFGuts2Plugin::ScheduleCheck: Scheduling next check in 156 seconds As you can see, proxy.demo.com:8888' can answer 503 without forwarding a request to the Policy Manager Server/guts2 server. In this case, you could troubleshoot the HTTP-Proxy by checking the following: Retry the URL from the address bar again by clicking the reload/refresh button, or pressing F5 or Ctrl+R. Restart your router and/or your device, especially if you're seeing the "Service Unavailable - DNS Failure" error. As an option, you could disable the HTTP proxy for AUA, to see if the connection issue is caused by AUA. You can do this from the Policy Manager Console: 3.1  Under the F-Secure Automatic Updates Agent > HTTP  Settings > Use HTTP Proxy and set it to No. Deploy the policy.  If the changes you made now worked, make sure to enable your HTTP-Proxy to updateserver:80 (:443) Note:  When upgrading from Client Security 13.xx series: GUTS2 updates were already available, so the behavior didn't change  When upgrading from  Client Security 12.10-12.3x: Everything in the Client Security > Policy Manager communication was changed. If you are upgrading from 12.00 or older - also the protocol was changed from HTTP to HTTPS (but guts2 are still downloaded via HTTP). In the event that a proxy is/must be used ensure that no filtering for port 443 is enabled. Client Security 13.x already used GUTS2, where 503 was the "good answer", which means they would come back later, and that didn't cause fallback to the Internet.   Article no: 000015249
View full article
Issue: The symptoms include clients are unable to download updates from the Policy Manager Server clients are unable to upload status information to the Policy Manager Server and will eventually show up in Policy Manager Console as disconnected hosts However, clients might still be able to download updates because in the default configuration, fallback to F-Secure update servers is allowed. A couple of logfiles on the endpoont help to establish, if the client is having a connection problem due to the firewall blocking access on the server. Examples are for Client Security 14 but also apply for Server Security 14 and later. Policy Manager Server here is pms.acme.com listening on default ports 80 and 443. C:\ProgramData\F-Secure\Log\AUA\Aua.log 2019-10-02 12:07:25.311 [15d4.1d50]  I: Connecting to pms.acme.com:80/guts22019-10-02 12:07:46.349 [15d4.1d50]  I: Update check failed, error=110 (connection timed out) Same is also visible in this logfile: 2019-10-02 12:17:37.502 [15d4.1d68]  I: UpdatablePmCertVerifier::RenewCertificates: Renewing certificates from pms.acme.com:443 with HTTP proxy ''2019-10-02 12:17:58.535 [15d4.1d68] *E: UpdatablePmCertVerifier::RenewCertificates: Failed to download certificate bodies (FsHttpRequest::Error_Timeout, AsyncSendRequest failed: 12002)2019-10-02 12:18:07.536 [15d4.1d68]  I: UpdatablePmCertVerifier::RenewCertificates: Renewing certificates from pms.acme.com:443 with HTTP proxy '' Error 12002 translates to  12002 ERROR_INTERNET_TIMEOUT The request has timed out. Resolution: Server Security 14 uses the Windows Firewall. It is likely that the ports that the HTTP and HTTPS services are using are blocked in the firewall on the server where Policy Manager Server is installed in. This would cause the clients to be unable to be in contact with the Policy Manager Server.   To resolve the issue, create a firewall rule allowing inbound HTTP and HTTPS traffic to the server where Policy Manager Server is installed.  You can find instructions how to create firewall rules in Policy Manager 14 in this guide. Things to consider: Make sure, the firewall rule is enabled. This is the first checkbox in the Firewall rules table. Make sure, the Server profile containing the rule is assigned as the "Server host profile". In the example below, the profile is called Server (cloned). The other rules in the profiles in this screenshot are also activated but this is is not needed to meet client Policy Manager Server communication requirements. As this particular rule is only required for the server host running Policy Manager Server, we have selected the server before making the change (the server called here DC1-PETERF)   Article no: 000016843
View full article
This article describes the use of the database recovery tool available since PM version 12.10.
View full article
This article describes the use of the database recovery tool available since PM version 12.10. If you are running the Policy Manager version 12.00 or...
View full article
If your network setup does not allow Policy Manager to connect to the Internet, but allows connections to internal resources that can access the...
View full article
When you cannot use a connection to an intermediate proxy due to security policies, you can update the malware definitions using the tool provided...
View full article
This article describes how to upgrade from F-Secure Policy Manager 12 to version 13.
View full article
Policy Manager Console prompts an error message: "Cannot connect to the server: localhost:8080. Check that the host name and port number are correct....
View full article
This article describes how you can reset both F-Secure Automatic Update Agent (AUA) and F-Secure Automatic Update Server (AUS) database repositories...
View full article
F-Secure Policy Manager supports some advanced configuration using Java system properties. This article describes how you can specify the Java system...
View full article
This article describes how you can move Policy Manager Server (PMS) to a new server.
View full article
This article provides information on installing the F-Secure Linux Security 11 and Policy Manager for Linux 12 on the same server.
View full article
To register your F-Secure Policy Manager in an isolated or offline environment, you need to get an offline registration file (or token) from F-Secure...
View full article
The product uses Windows Firewall to protect your computer.
View full article
Your computer is protected with predefined firewall settings. Usually, you do not have to change them. However, you may have to change the settings,...
View full article
This article describes how you can set up the F-Secure firewall for Windows 7 DirectAccess from Policy Manager Console (PMC).
View full article
This article explains how you can update the F-Secure Linux Security virus databases manually.
View full article