Receiving the "Virus & Spyware Protection: Malfunction" error message after installing the product.
Follow the instructions below one at a time and check whether it solves the issue. Move on to the next step if issue is not resolved.
Check and ensure that the following services are up and running. Start the services manually, if they are not running:
F-Secure Automatic Update Agent F-Secure Management Agent F-Secure Network Request Broker F-Secure ORSP Client F-Secure WebUI Daemon FSGKHS
Download and run the FSAUA reset tool to reset the potentially corrupted definition updates. You can download the tool here: https://download.f-secure.com/support/tools/FSAUA-Reset/fsaua-reset.exe Download and run the fsdbupdate utility to install the definition updates manually. You can find the utility here: https://download.f-secure.com/latest/fsdbupdate9.exe Uninstall the product and then reinstall it using the F-Secure uninstaller tool. You can find the tool here: https://www.f-secure.com/en/business/support/support-tools Check on the IP configuration that your computer uses the correct subnet. For example, if it uses subnet /24 instead of /22, IP 10.X.240.X is not able to join Policy Manager in the 10.X.241.X destination.
Article no: 000002715
The administrator receives the following alert from a server running Server Security and Microsoft SQL Server: "F-Secure Management Agent failed in an internal operation. Setting the policy variable 18.104.22.168.4.1.222.214.171.124.20 (error=-510)" was not successful."
The server in question was hosting multiple instances for SQL Server 2016.
Due to a limitation in the current software, the internal table for storing "missing updates" cannot accept multiple identical rows and Software Updater was detecting a missing update on both instances for MS SQL Server. Consequently, adding the second missing patch to "missing updates" table failed with error -510: "Set result: your table contains multiple identical rows". A fix for this issue will be released later 2019 in Client Security version 14.20. Server Security will also inherit the fix, once F.Secure releases a new version.
Article no: 000016213
In Client Security 14, how do you activate the Offload Scanning functionality for virtual environments?
Starting from F-Secure Client Security version 14 onwards, the Offload Scanning Agent (OSA) is activated through the policy. This policy setting may or may not be included in the installation package.
Changing the setting In order to activate or deactivate the functionality, you can change it under the following setting using the Policy Manager Console: Standard view > Real-time scanning > Virtualization support Set the checkbox accordingly for the setting named Offload file scanning
Article no: 000008176
How to disable Advanced Network Protection for Client Security 14 in Policy Manager 14?
Follow these steps to centrally disable Advanced Network Protection from the chosen clients:
Open F-Secure Policy Manager Choose the target host or domain from the Domain Tree Go to the Settings tab and use Standard View Go to Web traffic scanning section Choose from HTTP Scanning HTTP scanning enabled and set the value as disabled Distribute the new policy with the Distribute policies button
Now Advanced Network protection is disabled from the target hosts.
Article no: 000008143
The F-Secure Client Security products started sending security alerts to F-Secure Policy Manager for every single blocked URL. This started when F-Secure Online Safety 2019-09-02_02 update was released. The security alerts have following details:
Unknown alert: online_safety.page.block.
The fix was released in the F-Secure Online Safety 2019-09-10_01 update package. The update is installed automatically and does not require user or administrator actions.
Article no: 000015569
I would like to register my F-Secure Policy Manager Server which is not connected to a network (offline), how do I proceed?
Contact F-Secure support by opening a support request (https://www.f-secure.com/en/web/business_global/support/support-request) Provide the following information for F-Secure technical support to create an offline registration file:
Account Name Customer ID Installation ID Business Suite license Expiry date
How to obtain Customer and Installation ID:
Open F-Secure Policy Manager console, and go to Help menu > Registration dialog, or; Find the information from the Policy Manager Server installation folder, ...\F-Secure\Management Server 5\Data (Windows) or /var/opt/f-secure/fspms/data (Linux), open the file called upstream-statistics.json using notepad. Customer ID is on line 5 and Installation ID is on line 6.
Once support has provided you with an offline registration file, use the following steps to activate it on your Policy Manager Server Windows:
Copy the offline registration file to the folder F-Secure\Management Server 5\data Restart the F-Secure Policy Manager Server services by typing the following command in an elevated command prompt (CMD):
net stop fsms net start fsms
Copy the offline registration file to the folder /var/opt/f-secure/fspms/data Restart the fspms daemon:
# /etc/init.d/fspms restart
F-Secure Policy Manager will be activated until the expiry of your current subscription. After renewing the subscription you need to request a new registration token from support. Make sure to do this some time in advance so that you don't end up with an expired Policy Manager Server.
Article no: 000001107
The Allow button to Restore files from quarantine is grayed out in Client Security 14.10 . How can I allow this from Policy Manager?
You can allow a local user to restore files sent to quarantine by following these steps:
Log in to Policy Manager console. Select a host or domain from the Domain Tree. Go to the Settings tab. Go to the Real-time scanning page. Uncheck Prevent users from adding scanning exclusion.
6. Distribute the new policy to the hosts. Note: By default the "delete" option in Client User Interface is allowed, as the option "delete" does not contain any risk.
Article no: 000012976
Unable to change Management Server Address on hosts. User needs Admin Key Replacer hotfix
If your Policy Manager ONLY manages clients running Client Security 14.00 or newer, you can create the keyreplacer yourself with a tool that can be provided to you by support. The tool comes with instructions on how to create the keyreplacer-file. You will need to know the IP-address or hostname of the new Policy manager, the http- and https-ports that it uses, and depending on the situation, its admin.pub-file (see steps to download admin.pub below). To deploy the keyreplacer, see steps for "Instruction to deploy the Key Replacer fix" below. In case you are also managing other installations, kindly provide us with the following information from the new Policy Manager for assistance to create Key Replacer fix.
Admin.pub file The Policy Manager management address The http- and https-ports used by the Policy Manager
( On Linux systems the port information can be found in the following log: /var/opt/f-secure/fspms/logs/fspms-stderrout.log ) To download admin.pub file, please follow these steps:
Login to the PM console In the top menu, click Tools > Server Configuration > Keys Click Export to download admin.pub and admin.prv files
Attach the admin.pub file to your e-mail reply and we will create the Key Replacer hotfix file for you.
Instruction to deploy the Key Replacer fix
Please close the Policy Manager Console and stop Policy Manager Server service in services.msc.
You can also stop Policy Manager service by opening a command prompt with elevated mode and typing in the below command. net stop fsms
Configure the registry on the Policy Manager Server.
Locate this registry key: "HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Server 5" for - 32bits OS "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432node\Data Fellows\F-Secure\Management Server 5" for - 64bits OS
Right-click on Management Server 5 Registry Key and add a new String Value with the following:
Name: additional_java_args Data field: -DallowUnsignedWithRiwsAndMibs=true Note: Please don't remove the -D on the beginning of the string or it will not work properly.
The same works for Linux, but you need to use config file /etc/opt/f-secure/fspms/fspms.conf instead of the registry. Create a new line with parameter additional_java_args and specify Java system properties in its value in quotes in the following format: -DpropertyName=value. Multiple properties can be specified using space as a delimiter. Property names and values are case sensitive.
Example: additional_java_args=-DallowUnsignedWithRiwsAndMibs=true -Dh2ConsoleEnabled=true -DmaxSynchronousPackageRetrievalRequests=100
Start the Policy Manager Server service and open the Policy Manager Console Go to the Installation-tab and click Installation packages Click Import to import "KeyReplacer_unsigned.jar" file to the Policy Manager Console as an Installation package Deploy the KeyReplacer file to all clients, for example using a policy-based installation
After the deployment is finished import the hosts in the Policy Manager Console by going to the Installation tab and clicking "Import new hosts".
Article no: 000003212
F-Secure scheduled scan causes high CPU usage. How can I reduce this?
Follow the steps below to change the priority of the scan from "Normal" to "Background" to improve the host performance during scheduled scanning:
Open F-Secure Policy Manager console. Click on the Settings tab. Select Advanced view. Click F-Secure Anti-Virus. Click Settings. Click Settings for Manual Scanning. Click Scanning Options. Change the Priority value to Background.
Article no: 000001585
How to migrate from Client Security to Computer Protection using Policy Manager?
Kindly follow the steps explained here on migrating from Client Security to Computer Protection using Policy Manager Console. NOTE: The bs2cp_psb*.jar file that needs to be downloaded is dependable on which F-Secure PSB portal you have your F-Secure PSB Computer Protection subscription in and not the region where you are located. EMEA: https://emea.psb.f-secure.com/ AMER: https://amer.psb.f-secure.com/ APAC: https://apac.psb.f-secure.com/ EMEA2: https://emea2.psb.f-secure.com/ EMEA3: https://emea3.psb.f-secure.com/ Your login credentials will only be applicable to one of these portals, therefore, the bs2cp_psb*.jar file is dependent on this.
Article no: 000007334
When I try to create Offline MSI installer via the FSMSI tool I get the error "FsMsiTool is not recognized as an internal or external command."
You have to execute the FSMSI tool command from the directory where the tool is copied to or else you will get the error.
Article no: 000014777
New updates for some software such as Citrix Receiver appear on the Software Updates list in Policy Manager console Software Updater. Whenever I try to download and install them, I receive the following status message: The update package must be downloaded manually. What does it mean and how can I install the newest updates?
The message means that the updates must be downloaded directly from the Citrix Receiver official website. After downloading the updates, install them manually as it is not possible to do it via the Policy Manager console or by using Software Updater. The reason why it is not possible is that more and more sites require authentication (e.g. "I'm not a robot" captcha). In those cases where Software Updater cannot download the updates, it advises that an update is available and can be installed manually to ensure security.
Article no: 000014817
I am trying to activate Client Security 14.xx with the License key we used for 13.xx but it is not recognized.
Please check that you are using a valid license key. License keys differ between versions. Contact your reseller to obtain your updated license keys and certificates
Article no: 000012137
DNS resolution for certain sites are blocked with the product installed. How to avoid this from happening?
Most likely the DNS resolution is blocked by the Botnet Blocker feature. The site is rated as unsafe and hence blocked by the feature. You need to do the following: 1. Share the URL with the Labs team, for further investigation. The Labs team will whitelist the URL if the site is not malicious: https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-url 2. Whitelist the blocked site or the IP address of the blocked site via the Advanced View in the PM Console at: ======================================================================== * F-Secure Browsing Protection > Settings > Reputation Based Protection > Trusted Hosts * F-Secure Browsing Protection > Settings > Reputation Based Protection > Trusted Sites ========================================================================
Article no: 000003887
After the file SHA-1 hash and file path is excluded in F-Secure Client Security 13.x/14.x, Deepguard continues to block the application.
If you are using F-Secure Policy Manager version 14, in Real-time scanning the option "Do not scan the following files and applications" is only applicable for F-Secure Client Security 14 and newer. In order to exclude an application path from Deepguard for F-Secure Client Security 13.x, do the following:
Log in to Policy Manager Console. Click on the Settings tab. Click Advanced View. Click F-Secure DeepGuard. Click Settings. Click Excluded applications. Enter the full path of the application. Distribute the policies.
If you are using F-Secure Client Security 13.10, kindly upgrade to 13.11 since the latest version has improvements for Deepguard. Wildcard exclusions are only applicable for Real-time scanning. For Deepguard exclusion, kindly use file or folder path. F-Secure Security Cloud (ORSP) has a higher priority compared to SHA-1 exclusions. Only file or folder path exclusion has higher priority over ORSP.
If the exclusions were done for F-Secure Client Security 14.10 and the application is still being blocked, kindly contact F-Secure Customer Care here for assistance.
Article no: 000009628
Universal CRT is not installed therefore Client Security 14.x/Server Security 14.00 installation fails
The latest version of Client Security 14.x/Server Security 14.00 requires Windows Universal C Runtime. Download and install Windows Universal C Runtime from the link here before installing F-Secure Client Security 14.x/Server Security 14.00.
Article no: 000008994
When launching Citrix sessions/applications, the F-Secure system tray icon will also appear on the end-users machine, and will remain on the machine after closing the Citrix application. The F-Secure process for the user needs to be closed separately from the Citrix side to fully terminate the session.
The icon appears due to Citrix Seamless Configuration Settings. More information is available from the following link from Citrix: https://support.citrix.com/article/CTX101644&searchID=26517783 One option to test is to disable the Citrix tray icon agent, which can be done by adding the following registry key to every VDA machine: HKEY_LOCAL_MACHINE/System/CurrentControlSet/Control/Citrix/wfshell/TWI SeamlessFlags:REG_DWORD = 0x20 It is strongly recommended to familiarize yourself with the information from Citrix before testing the solution, and to do a small-scale test before deploying any changes to production.
Article no: 000014850
Policy Manager Console runs slow and unable to connect to Policy Manager.
Make sure your Policy Manager and Policy Manager Console are the same version. Otherwise connection will not work. If both are the same version it could be due to having very high number of alerts, or very high volume of scanning reports being kept in Policy Manager Server. This would slow down the console.
You may remove some of the alerts, or scanning reports to improve the performance. If the above mentioned does not help, proceed to do the following:
Stop F-Secure Policy Manager Server service. Backup the H2DB (...\F-Secure\Management Server 5\data\h2db). DO NOT proceed further without having a working H2DB backup in place. Run the database maintenance tool (...\F-Secure\Management Server 5\bin\fspms-db-maintenance-tool.exe) and follow the on-screen instructions to optimize the database. Start F-Secure Policy Manager Server service. Log on to Policy Manager Console.
In case issue remain, you can execute the H2DB recovery tool (...\F-Secure\Management Server 5\bin\fspms-db-recover.bat) in the command prompt window, to repair the H2DB. Note: Do stop F-Secure Policy Manager Server service before running the tool. If necessary, you can refer to the read me file (..\F-Secure\Management Server 5\bin\README-recover-db.txt) on how to execute the H2DB recovery tool. Once you have finish repairing the H2DB using the tool, you can proceed to take the repaired H2DB into used, and start back F-Secure Policy Manager Server service. Try to logon to Policy Manager Console again after this.
Article no: 000010142
In Policy Manager, F-Secure Linux Security installed as clone image is not listed under the domain tree.
Follow the instructions in the F-Secure Linux Security administrator guide to clear the host UID after deploying Linux clone image. This is explained in page 9 section 2.3, Central Deployment Using Image Files here.
Article no: 000014351