When I run the command fsav [path/file] the command returns "ERROR: Password protected file"
"Treat password-protected files as safe" setting on WEBUI has been disabled. This means that a message of "Password protected file" will be output every time such files are being scanned. By default, the setting is enabled which means that any password protected files are considered to be safe and the scan result will always show as "clean". To revert;
Login to WEBUI Click on "Advanced mode" Go to "Virus Protection" > "Real-time Scanning" Enable the "Treat password protected archives as safe" setting Click on the "Save" button at the right bottom of the page. For Manual Scans, go to "Virus Protection" > "Manual Scanning" Enable the "Treat password protected archives as safe" Click on "Save" button
Article no: 000017212
F-Secure Software Updater (SWUP) does not install any updates on my computers installed with Client Security Premium 14.02. The status on Policy Manager Console (PMC) is displaying software installation status as "Starting Installation..."
This is due to a bug with Software Updater for F-Secure Client Security Premium 14.02. To fix this, you can download the F-Secure Client Security Premium 14.0X Software Updater Hotfix listed in Hotfixes under F-Secure Client Security 14.02. Alternatively, you can upgrade to F-Secure Client Security Premium 14.10 as the fix is already included in the latest version.
Article no: 000017345
Why is the right-click contextual menu to force value or show domain values is missing for the Windows Real-time scanning setting "Prevent users from adding scanning exclusions" in Policy Manager Console 14.30 (Standard View)?
In Policy Manager Console (Standard View) Real-time scanning, the setting in question works as the "final flag" for the above Files and applications excluded from scanning table (comparable to the lock icon for other settings). As tables don't have a right-click contextual menu, this also applies to the table final flag. Forcing the table itself also sets the "Prevent users from adding scanning exclusions" settings according to the parent domain from where the table was forced.
Article no: 000020059
I installed Policy Manager Server for Linux v14.20 on CentOS v7.7. I have installed the same Policy Manager console version. I cannot connect to Policy Manager Server using Policy Manager console. The F-Secure Policy Manager Server service is running.
Check if your Policy Manager console is started from a non-graphic terminal. You might want to try this setting if you use the main display: export DISPLAY=:0.0
Article no: 000017046
How do you set up the Policy Manager Server to communicate via an http-proxy?
An http-proxy can be set by modifying the relevant configuration file and restarting the Policy Manager Server. Follow the instructions below:
On the Policy Manager Server, navigate to <installation path>\F-Secure\Management Server 5\data\ Open the file fspms.proxy.config Add your http-proxy according to the examples included in the file and save the changes, remember to include any necessary access credentials Restart the Policy Manager Server service
Article no: 000004324
After upgrading F-Secure Email and Server Security from Version 12.12 to 14.00 which is managed via Policy Manager Console, the changes we make via Policy Manager Console are not applied on the target servers. Attachments are filtered using the incoming policy route rule, and we want each email route to use their ow filter rules.
The issue is caused by the list of internal domains and senders getting corrupted during the upgrade. Please open a support ticket and ask Customer Care to provide you the hotfix FSESS1400-HF01 Follow the steps bellow to apply the Hotfix to centrally managed computers:
In F-Secure Policy Manager Console, select Installation tab, import the downloaded jar file Select appropriate domain or host and press Install button. Select this hotfix FSESS1400-HF01 and distribute policies Reset internal domains and internal sender from Policy Manager and distribute policies.
The hotfix does not require a restart of the server.
Article no: 000019741
Universal CRT is not installed therefore Client Security 14.x/Server Security 14.00 installation fails. In Policy Manger Console, push installations result in the status error message: "Installation failed. MSI error code is 1603." The following error can be seen in Windows Application Event Logs: "Product: F-Secure Client Security [Premium] 14.XX/F-Secure Server Security [Premium] 14.XX -- Universal CRT is not installed"
The latest version of Client Security 14.x and Server Security 14.00 require Windows Universal C Runtime to be installed on the system. Download and install Windows Universal C Runtime from the link here before installing F-Secure Client Security 14.x or Server Security 14.x. Here is also an alternate link from where to download Windows Universal C Runtime.
Article no: 000008994
F-Secure Policy Manager is warning on the Server events for the last 24H event list that the latest virus definition update is several days old.
If the F-Secure Policy Manager Server is showing this event on the dashboard:
Verify that the server is able to connect to the F-Secure Update server guts2.sp.f-secure.com Verify that the server has more than 2GB of free disk space and that there are no low disk space alerts shown on the server events list. If the server has less than 2GB, the Policy Manager Server will automatically stop downloading new virus definition updates
Article no: 000002308
With F-Secure Client Security installed in the host, the Delphi debugger process does not work or crash
We recommend to do the following workaround:
Add the exclusion for the Delphi software executable (for example, C:\Program Files (x86)\Embarcadero\Studio\17.0\bin\bds.exe, etc.) in DeepGuard under the Advanced View in the Policy Manager Console:
F-Secure DeepGuard > Settings > Excluded Applications (using full file path of the Delphi software executable) F-Secure DeepGuard > Settings > Applications (using a SHA1 hash of the Delphi software executable)
If you are using Client Security 13.10 or older, you shall upgrade to the latest Client Security 13.11 and above to allow Excluded Applications to work. If you are using Client Security 14.00 - 14.02, we recommend you upgrade to the latest Client Security 14.10 to resolve the issue with exclusions.
Launch an elevated command prompt and type the following one after another:
net stop fsulhoster net stop "F-Secure gatekeeper"
Create the following entry below under the registry HKLM\SYSTEM\CurrentControlSet\Services\F-Secure Gatekeeper\Parameters:
DisableCompanionWait(DWORD) = 1
In the elevated command prompt, type the following one after another:
net start "F-Secure gatekeeper", and ensure that the Gatekeeper driver starts successfully. net start fsulhoster
The provided registry change disables a certain optimization in the F-Secure Gatekeeper driver, which are incompatible with software that tries to suspend processes (ie. Delphi debugger). This registry key does not alter the enabled features or other functionalities of the F-Secure product.
Article no: 000003035
How do I uninstall / remove F-Secure Linux Security 11.xx?
Follow these steps to fully remove F-Secure Linux Security 11.xx:
Execute the following script as root: # /opt/f-secure/fsav/bin/uninstall-fsav Check, if any of the following three directories remain: # /etc/opt/f-secure # /opt/f-secure # /var/opt/f-secure If any of those directories still exists, manually remove them: # rm -rf/etc/opt/f-secure # rm -rf/opt/f-secure # rm -rf/var/opt/f-secure This will remove all parts of the Linux Security 11.xx product
Article no: 000006007
What will happen to Anti-Spyware settings when F-Secure Client Security is upgraded from version 13.x to 14.x? Will F-Secure Client Security 14.x have any spyware scanning?
F-Secure Client Security 14.x does not have a separate Anti-Spyware module, it is instead included with the normal Anti-Virus module as part of Real-Time Scanning. F-Secure Client Security versions 14 and newer do not support the spyware scanning settings included in distributed policies. Any spyware exclusions need to be done as Real-Time Scanning file or process exclusions. A spyware detection will appear in on the F-Secure Policy Manager Alerts list with the description "Spyware found in file. The file was blocked." and the source is "File Scanning".
Article no: 000019954
Malware.ACAD/HighLight.C and Malware.ACAD/Burste.K detected infecting Autocad related files with extension .fas and .lsp F-Secure Antivirus is able to detect, but unable to remove the malware.
These files need to be removed manually as per official article from Autocad :- https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/How-to-remove-fas-and-lsp-virus-from-a-server.html
Article no: 000019918
After upgrading to F-Secure Email and Server Security 14.00 stripped attachments are not quarantined Quarantine folder is empty and nothing to query Items can not be deleted from Quarantine, action fails
Make sure you have correct permissions set locally on the target server The "Microsoft Exchange Transport" service runs under "NETWORK SERVICE". Therefore, "NETWORK SERVICE" should have read / execute rights to FQM.EXE and FqmAssembly.dll. These rights should be set during installation for the F-Secure folder "C:\Program Files (x86)\F-Secure". 1. Open F-Secure Email and Server Security console and navigate to Email Quarantine
Click on option and Test database connection to verify if SQL server is accessible. If not, please follow the next troubleshooting steps.
2. Open SQL management studio and troubleshoot the following:
instance is running Mixed authentication mode is enabled db is existing FQM user have rights to write in db (db owner, db creator security admin)
3. Open Windows Explorer from target server and make sure that FQM service is be running under Local System account
Check permissions locally:
"Microsoft Exchange Transport" service and hence our Transport Agent are running under "NETWORK SERVICE" "NETWORK SERVICE" should have read/execute rights on "...Anti-Virus For Microsoft Services/" folder C:\ProgramData\F-Secure\EssTemp\" folder rights: 'LocalSystem' - FULL 'administrators' - FULL "NETWORK SERVICE" - read/write/delete C:\ProgramData\F-Secure\EssLimited\ folder rights: 'LocalSystem' - FULL 'administrators' - FULL 'NETWORK SERVICE' - read/delete Quarantine folder: C:\ProgramData\F-Secure\EssQuarantine\ folder permissions: 'LocalSystem' - FULL 'administrators' - FULL Check permissions for network share if centralized mode used:
FQM account (SYSTEM by default) should have 'read'/'write'/'change' access rights to remote centralized quarantine (share & folder security tabs). "Exchange Servers" or specific Exchange computers/hosts should have 'read'/'write'/'delete' access rights on "Security" and "share" pages
Article no: 000019827
I have upgraded Policy Manager to the latest 14.30 but I am unable to download the installer for both Java update 212 and 231 using the download package link given in the Software Updater Manual Downloads window. I receive the following error while opening the download package link after logging on with Oracle credentials:
A fix has been released on the automatic update channel to fix the Download Package link for Java update 231. We do not plan to fix the Download Package link for Java update 212. Java update 212 is the last non-security update for Java and indirectly superseded by Java update 231. We strongly recommend to always upgrade to the latest version available, in this case Java update 231. Java update 212 shall no longer show up as missing update once the latest Java update is installed.
Article no: 000018819
How to skip sidegrade when installing F-Secure Email and Server Security 14 so that it will not uninstall conflicting software?
There is a section called Conflicting software when exporting the F-Secure Email and Server Security 14 MSI installation file from Policy Manager. On the Conflicting software section of the export process, you can uncheck Uninstall conflicting software (recommended). If that setting has been unchecked, the installer will not check for any conflicting software during installation.
Article no: 000019789
An F-Secure Email and Server Security 12.12 is sending the following alerts to Policy Manager Alerts list: Product: F-Secure Anti-Virus for Microsoft Exchange (OID: 18.104.22.168.4.1.2213.20) Severity: error (3) Message: The policy variable 22.214.171.124.4.1.2126.96.36.199.40.45 (Number of Grayware Messages) could not be set due to error: Policy API error -2080374783. Unknown error. Product: F-Secure Anti-Virus for Microsoft Exchange (OID: 188.8.131.52.4.1.2213.20) Severity: error (3) Message: The policy variable 184.108.40.206.4.1.2220.127.116.11.40.40 (Number of Medium Virus Risk Messages) could not be set due to error: Policy API error -2080374783. Unknown error.
These errors can appear due to temporary performance related issues on the Exchange server. The product was not able to read or write status information resulting to an alert being sent to the Policy Manager. If you receive similar error from time to time, you do not need to do anything since the product is able to recover itself in such situation. With the default alerting settings, alerts which have the severity as "Error (3)" do not get sent to the Policy Manager alerts list since the product is able to recover itself without any user interaction.
Article no: 000019602
I've Installed F-Secure Email and Server Security but Windows Defender Real-time Protection is still on. Should I deactivate this when I'm using the F-Secure product?
Yes, Windows Defender should be deactivated when using F-Secure Email and Server Security. Multiple Anti-Virus products running at the same time may cause conflicts. On Windows Server 2016/2019, Windows Defender will not enter passive or disabled mode if you install a third-party antivirus. After installing a third-party antivirus you should uninstall Windows Defender AV on Windows Server 2016 to prevent problems caused by having multiple antivirus products installed on a machine.
Article no: 000002236
I have installed F-Secure Client Security 14.x and the host is unable to communicate with Policy Manager to download updates. I have re-installed F-Secure Client Security in the host and the issue persists.
This issue is related to missing F-Secure Ultralight services. Proceed to verify if the following F-Secure services are running in services.msc:
F-Secure Device Control F-Secure Hoster F-Secure Hoster (Restricted) F-Secure Ultralight Hoster F-Secure Ultralight Network Hoster F-Secure Ultralight ORSP Client F-Secure Ultralight Protected Hoster
If F-Secure Utralight services are missing from the list, the issue is most likely due to the Ultralight not installed properly because of the older version of Client Security. Run the F-Secure uninstallation tool to clean up what was left from the previous installation. Next, remove F-Secure folders and files from Program Files and ProgramData including the F-Secure registry entries from the Registry Editor:
HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows - 32bit HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Data Fellows - 64bit
Once the uninstallation process completes, proceed to re-install F-Secure Client Security 14.10 on the host to resolve the issue.
Article no: 000019644
F-Secure Client Security v14.10 MSI installation fails and shows the error message: Error 1335. The cabinet file '_DBEE06267B6C806BE1ED16F60A63E29E' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.
This error is shown due to corruption of the MSI package when it was exported from the Policy Manager. You need to export a new MSI package from the Policy Manager server and run the installation once again using the new MSI installer.
Article no: 000019642
Question 1: What user account should I provide for the web user interface access when executing command /opt/f-secure/fsav/fsav-config on Linux Security 11.x? Question 2: Are there any commands to run before and create a user? Question 3: Is there a default user created by F-Secure?
Answer 1: The user provided when running fsav-config should be an existing non-root user on the system. Answer 2: If the user account was only created after executing fsav-config, rerun the script /opt/f-secure/fsav/fsav-config and provide the user account. Answer 3: F-Secure does not create a user account at installation time, this needs to be created and provided by the administrator.
Article no: 000019640
Where can I get the license key to use for the latest Email and Server Security version?
You can contact your reseller or your F-Secure sales contact, depending on how you ordered the product. They can deliver an updated license certificate to you. Take note that license keys are valid within the major versions they are linked to. For example Server Security 14 license key is valid for versions 14, 14.02,14.10 and so on.
Article no: 000019305
Firewall services created using a sub-domain admin account in Policy Manager are not showing correctly when viewed using a root-level admin account. Firewall rules using these services are shown in red, with the custom services being marked as "Unknown network service"
This can be mitigated by upgrading to the latest version of Policy Manager. You can find the download link here.
Article no: 000019559
When an infection is found on the terminal server installed with F-Secure Server Security 14.x, alerts are not displaying in logical user interface (LUI)
The root cause is due to some settings in the Windows system which prevent F-Secure notification flyers from being shown, it will be best to start checking from Start > Settings > System > Notifications & actions. Refer to the screenshot below: The fs_toaster.log has the following entry related to the reported issue: 2019-12-11 09:45:41.172 [1898.259c] *E: ToasterInternal::CreateManager: Failed to create Toast manager, Error:803E0105 2019-12-11 11:32:05.445 [1898.034c] *E: ToasterInternal::OnToastFailed: error: 803E0111 Note:
The error 803E0105 is "The notification platform is unavailable" The error 803E0111 is "Settings prevent the notification from being delivered"
Article no: 000018822
Solarwind script unable to receive WMI Queries from Namespace "root\SecurityCenter" or "root\SecurityCenter2" after upgrading from F-Secure Server Security 12.xx to 14.xx. With F-Secure Server Security 12.xx the queries work.
The namespace "root\SecurityCenter" is available on Windows client systems of version Windows XP and below. The namespace "root\SecurityCenter*2*" is available starting from Windows Vista and above. Neither "root\SecurityCenter" nor "root\SecurityCenter*2*" is available on Windows server systems. Both namespaces belong to Microsoft and are not documented by them. That means no one can reliably use (read/write to) them except Microsoft's products. F-Secure products never read or write to "root\SecurityCenter" or "root\SecurityCenter*2*" directly and thus don't guarantee anything about the contents of these namespaces. The F-Secure product register itself in the system and Windows client (not server) systems reflect this information in "root\SecurityCenter" and "root\SecurityCenter*2*" (depending on Windows version) namespace. Why F-Secure Server Security is available via "root\SecurityCenter" then? This happens because a third-party product (Solarwinds client) creates and fills this namespace on Windows server systems.
To resolve the issue:
Use the namespace "root\fsecure". The namespace belongs to F-Secure and therefore is supported by F-Secure. F-Secure is unable to make guarantees when using other namespace to run WMI queries on F-Secure products.
Article no: 000019431
I have a syslog server, how can I forward alerts from F-Secure Policy Manager Server?
You can set Policy Manager to forward alerts to a third-party syslog server. Currently, both TCP and UDP transport protocols are supported. To configure syslog alert forwarding:
Select Tools > Server configuration from the menu. Click Syslog. Select Forward alerts to syslog and enter the server address.
By default, alerts are forwarded to syslog using UDP port number 514. If you want to use a different port, enter the port number after the server address, for example, test.com:8080.
Select the message format.
Both Syslog (RFC 3614) and Common Event Format messages are supported.
Next to configure Syslog alert forwarding:
Launch Policy Manager Console Select Settings tab Switch to Advance View Under F-Secure Management Agent, select Settings Select Alerting > Alert Forwarding Select System logger, syslog checkbox
Article no: 000002577
When trying to deploy F-Secure Client Security or Server Security installation from the Policy Manager Console via Push Installation method , user receives error code 5.
Error code 5 means that the host was reachable, but the access from the instructing system / account was denied. Verify these points, to ensure the push installation can be instructed and executed on the remote host:
The installation account has appropriate permission on the host (has to be local or domain administrator) Enable the remote registry service on the host: Control Panel -> Administrative Tools -> Services -> Remote registry Administrator share is enabled on the target host (this share is utilized by the push installation procedure) Both Policy Manager Server and workstation are on the same network Certain inbound traffic needs to be allowed to the host, such as RPC (TCP 135 Port), NetBios (137-139) and SMB (TCP 445 port)
In case the target host is running on Windows 8 or newer, the following registry should be set on the remote host to enable access to the admin share
Article no: 000002086
Windows Management Instrumentation (WMI) Integration with F-Secure Policy Manager for Windows
F-Secure Policy Manager supports Windows Management Instrumentation (WMI) Integration. Policy Manager 13.xx Refer to the F-Secure Policy Manager admin guide Chapter 18, page 113 for more information. Policy Manager 14.xx Refer to the F-Secure Policy Manager admin guide Chapter 10, page 97 for more information. Instructions on how to obtain properties via WMI:
For PSB, check the following link: https://help.f-secure.com/product.html#business/psb-portal/latest/en/task_D863946C3247471F948CD82785CC1A3A-psb-portal-latest-en For Business Suite, check the following link: https://help.f-secure.com/product.html#business/policy-manager/14.20/en/concept_E55FFF0187A54B79B30637C7983BDCC8-14.20-en
Article no: 000002821
How does the Protect the hosts file security feature work with F-Secure Client Security 14 on a Windows host? What happens to an already modified hosts file when F-Secure Client Security is installed?
The Protect the Hosts file security feature monitors if there have been any changes made to the hosts file in a Windows system. If the feature detects a non-default hosts file, it will alert of a redirected hosts file and replace it with a hosts file with the following content: # # Copyright (c) 2007 F-Secure Corporation # # This is a HOSTS file created during malware removal. # # Your original HOSTS file was infected and it was replaced # by this file containing only clean default entries. # The original HOSTS file may be restored from the product's # quarantine feature. # 127.0.0.1 localhost ::1 localhost If a hosts file has been modified before the installation of F-Secure Client Security, the modified hosts file will be detected during the first system scan. If the hosts file is modified during a time when the Protect the hosts file feature has been disabled, the modified hosts file will be detected when the feature is turned back on. Follow these steps to turn off the Protect the hosts file feature:
Log in to Policy Manager Console Select the policy domain or host from the Domain Tree Go to the Settings tab and select Advanced view Navigate to: F-Secure Anti-Spyware > Settings > Anti-Spyware Scanner > Real-Time Scanning > Real-Time Scanning Options > Protect the "hosts" File Disable the setting Distribute the policy (Ctrl + D)
Article no: 000019105
How to create an Application control rule in F-Secure Policy Manager Console which blocks an application? What 'condition' should be used for example to block Microsoft Office using Application Control?
The F-Secure Application Control feature is included in F-Secure Client Security 14 Premium and newer versions. Follow the example below to block Microsoft Office using Application Control:
Log in to Policy Manager Console Select a Policy domain or host from from the Domain Tree Go to the Settings tab Go to Application control Click 'Add Rule' Conditions:
Event : Run Application Action : Block Target product name : Contains Microsoft Office
Article no: 000017426
When Web traffic scanning feature is enabled, some web applications and URLs are inaccessible or there are connectivity or performance issues. Java-based applications unable to connect to an internal server or there are connectivity issues. Issue started after client received the F-Secure Online Safety 2019-11-19_01 update.
Make sure ORSP Service (F-Secure Security Cloud) is enabled. You may find more information about the Security Cloud here
How to enable ORSP via Policy Manager console:
Log in to Policy Manager Console Select the host or domain from the Domain Tree Go to the Settings tab (Advanced view) Navigate to F-Secure Security Cloud Client > Settings Enable Allow deeper analysis and Client is enabled Distribute the policy (Ctrl+D)
You can ping the ORSP Service on your local client and see if its reachable: orsp.f-secure.com From Web Browser
Open http://orsp.f-secure.com/getc and browser must be able to download the certificate file from the URL. If it is reporting an error or the browser hangs for several minutes, then there is a problem.
Connectivity to DOORMAN service:
Open https://doorman.sc.fsapi.com/doorman/v1/healthcheck and the browser must reply 'OK'
You might have to check your firewall settings and allow *.f-secure.com and *.fsapi.com. More about URL addresses for F-Secure update services can be found here. Note: If ORSP is turned off, this means that our security cloud client can not access our remote services. This is the root cause of the slowness/hangs/interoperability etc.
You can add the server address as trusted. This will exclude the server from Web Traffic Scanning.
How to add the server address as trusted differs between F-Secure Client Security versions: For F-Secure Client Security 13.x:
Log in to F-Secure Policy Manager Console Select the host or domain from the Domain Tree Go to the Settings tab and select Advanced view Navigate to F-Secure Anti-Virus -> Settings -> Settings for Web Traffic Scanning -> Trusted Servers Click Add and enter the server address Distribute the policy (Ctrl+D)
With Client Security 13.x clients the address needs to have the /* wildcard added after the server address, for example:
http://18.104.22.168/* http://sql-server-2008:8080/* SAMPLESERVER:8080/*
For F-Secure Client Security 14.x:
Log in to F-Secure Policy Manager Console Select the host or domain from the Domain Tree Go to the Settings tab and select Standard view Go to the Web content control page Click Add on the right side of the Trusted sites list Enter the server address in the Address column Distribute the policy (Ctrl+D)
With Client Security 14.x clients no wildcard is needed in the address, for example:
http://22.214.171.124 http://sql-server-2008:8080 SAMPLESERVER:8080
If the steps above did not solve your problem, please try to disable Botnet Blocker and/or DeepGuard How to disable Botnet blocker:
Log in to F-Secure Policy Manager Console Select the host or domain from the Domain Tree Go to the Settings tab and select Standard view Navigate to Web traffic scanning and select Botnet Blocker Set the DNS query filtering to Allow all queries Distribute the policy (Ctrl+D)
Article no: 000004728
How to upgrade F-Secure Policy Manager to a newer version on a Windows Server?
Database maintenance is automatically started as part of any Policy Manager upgrade or re-installation to ensure that the database structure is compatible with the latest version. The maintenance tool creates a backup of your database, after which it verifies the database integrity and then applies the updated schema to the contents of the database. It also cleans up any invalid data to optimize the size and performance of the database. To upgrade from a previous version of F-Secure Policy Manager, we recommend that you first back up your existing Policy Manager data:
Create a full backup of the Policy Manager data (H2 database, preferences and other files). The backups are stored in the <F-Secure installation folder>\Management Server 5\data\backup folder. For more information about how to do a full backup, consult Policy Manager Administrator Guide. Download the newest F-Secure Policy Manager installation file from the downloads page Run the F-Secure Policy Manager setup on a computer that has the Policy Manager components installed The Policy Manager setup recommends that you upgrade the components that are installed on the computer. Continue with the default options to upgrade the installed components while keeping the existing configuration
Article no: 000010751
I have accidentally upgraded my F-Secure Email and Server Security Premium 12.12 to F-Secure Server Security Premium 14.00, can I roll back?
F-Secure Email and Server Security and F-Secure Server Security are considered two different products since Email And Server Security includes the Content Scanner Server module, and thus you cannot revert back to the previous product without an uninstallation. Proceed to uninstall the current F-Secure Server Security Premium 14.00 in the server and proceed to install F-Secure Email and Server Security Premium 12.12 locally in the server. Since it is considered as first time installation again, you would need to install F-Secure Email and Server Security Premium 12.12 locally using the .exe installer instead of push installation via Policy Manager or MSI installation package.
Article no: 000018569
I noticed Email and Server Security 14.00 installed in my Microsoft Exchange 2016 server is not filtering emails after I upgraded my Policy Manager 14.30 beta to the final version
This is related to the policy issue when you perform an upgrade from Policy Manager version 14.30 beta to the final release version. The following errors are visible in the transportAgent.log: 2019-12-12 11:38:47.853 [53bc.0019] *E: FSecure.AntiVirus.Exchange.Transport.CosmosSupport: GetSettings Failed Newtonsoft.Json.JsonReaderException: Could not convert string to boolean: security. Path 'transport_protection.inbound.archive_processing.notify_administrator', line 1, position 14061. To fix this, you need to clear the setting "Notify administrator" shown in the attached screenshot below and distribute the policy.
Article no: 000018854
Policy Manager Server is rejecting Policy Manager Console connections from a remote host. When trying to connect to Policy Manager Server running on Linux using a Windows machine, the following error is displayed: "Cannot connect to server 172.16.0.6:8080. Check that the host name and port number are correct. Port number 8080 is used by default". When checking netstat output on a Windows server running the Policy Manager Server, the administration module (default port 8080) is listening on Local address 127.0.0.1
By default F-Secure Policy Manager Server is set up to only accept connections from localhost. Follow the steps below to allow remote connections and then test the connectivity from the remote Policy Manager Console. If Policy Manager Server is installed on a Windows OS:
Stop F-Secure Policy Manager Server services Open registry Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Data Fellows\F-Secure\Management Server 5 Edit the value of [REG_DWORD] RestrictLocalhost to 0 Start F-Secure Policy Manager Server services
If Policy Manager Server is installed on a Linux OS:
Stop the Policy Manager Server daemon (/etc/init.d/fspms stop) Open the file /etc/opt/f-secure/fspms/fspms.conf Check the line adminExtensionLocalhostRestricted value and make sure the value is set to false Save the file and restart the Policy Manager Server daemon (/etc/init.d/fspms restart)
Once Policy Manager Server service has restarted, try to login from the remote Policy Manager Console. Please do check our other F-Secure Community KB article as well.
Article no: 000001368
Issues are appearing on isolated Client Security 14 hosts after performing offline malware definition updates (as documented here)
Malware scan won't start. It is waiting for malware definition updates to install List of updates is showing Aquarius as Not installed
The offline updates package needs to be prepared from a Policy Manager Server running the same major version as the client software. If a package for a 14-series client is prepared using a 13-series Policy Manager, there will be update packages missing which will result in these issues. To resolve, update the Policy Manager Server to the latest version and repeat the update process on the client(s).
Article no: 000018917
How to upgrade or install F-Secure Email and Server Security 14.00?
F-Secure Email and Server Security 14.00 is no longer distributed as an stand-alone executable installer. You can download the F-Secure Email and Server Security 14.00 jar file from our downloads page, import on the F-Secure Policy Manager installation tab and then export an MSI installation package. License keycode validation is performed in the remote installation wizard when exporting the MSI installation package.
Upgrade from F-Secure Email and Server Security 12.xx with AV4MSE (Microsoft Exchange) is supported for the following scenarios:
Local upgrade using MSI Local silent upgrade using MSI Policy-based upgrade from Policy Manager
Note: Always use upgrade feature in the Policy Manager installation tab to perform this operation
Upgrade from F-Secure Email and Server Security 12.xx with AV4SP (SharePoint) is supported for the following scenarios:
Local upgrade using MSI Local silent upgrade using MSI
Note: Policy-based upgrade from PM Console is not supported for AV4SP module. Local installation is required.
Follow these steps to export the MSI installation package:
Log in to F-Secure Policy Manager Console Go to the Installation tab Click Installation packages Click Import Import the F-Secure Email and Server Security 14.00 Jar file Select the imported Jar file from the Installation packages list and click Export Follow the installation wizard instructions
Article no: 000018961
Is it possible to choose a custom location (installation path) for the F-Secure Client Security installation on a Windows or Mac host?
It is not possible to change the installation directory of F-Secure Client Security.
Article no: 000018950
What are the default values for the F-Secure Anti-Virus for Microsoft SharePoint Content Scanner Server advanced settings?
The default values for the settings are:
Number of concurrent transactions = 5 Connection timeout = 900 Working directory = temp Error handling on download = Allow Error handling on upload = Allow
If the number of concurrent transactions value is increased, then the connection timeout value should also be increased. The optimal values depend on the hardware specifications of the server.
Article no: 000018953
How can I upgrade the F-Secure Scanning and Reputation Server (SRS) to the latest version?
The F-Secure Scanning and Reputation Server (SRS) updates the virus definitions automatically but does not update the server itself. Since the SRS is self contained, an upgrade is not possible. A new installation is required. If you wish to install the the latest version of the F-Secure Scanning and Reputation Server, follow these steps:
Install and configure the new Scanning and Reputation Server (SRS) instances (refer to the Deployment guide Virtual Security ) with different IP addresses than the existing instances. This is to ensure both the current and new instances can work simultaneously during the transitional period Once installed and configured, log into F-Secure Policy Manager Console, go to the settings tab and choose advanced view. Navigate to F-Secure > F-Secure Offload Scanning Agent > Settings > Connection > Primary servers and replace the IP addresses to the new addresses that you have set for the new instances, and distribute policies (CTRL + D) Allow all hosts to update to the new configuration. To verify, go to the Status tab in the Policy Manager Console and check whether the hosts are connected and having the latest policy in use (Centralized management) Once all hosts are updated and the new servers appear to work as should, you may shut down the old SRS instances and remove them from the Policy Manager Console
Article no: 000014810
After uninstalling F-Secure Server Security 12.12 on a Windows Server 2016 Operating System, the product F-Secure Server Security is still shown in the Apps & Features list Product sttatus is shown as Unavailable Product cannot be removed from the list since the Uninstall and Modify buttons are greyed out Running the F-Secure Uninstallation Tool does not remove the product from the Apps & Features list Product is not shown on the Programs and features list
This issue is only visual and does not affect any new installations of the product. You can remove the product from the list by manually removing the F-Secure Product 1001 registry key by following these steps:
Open Windows Registry editor Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall Right click on F-Secure Product 1001 registry key Select Delete
Article no: 000018904
Is there a way to block users from accessing or running a specific file with Business Suite products such as F-Secure Client Security and Server Security? Can you for example block C:\Temp\temp.do or even the F-Secure Uninstallation Tool?
Email and Server Security 14.00 introduces the 'File access' event type to the Application control feature. This lifts the Application control feature to the next level - from controlling events like starting processes, loading DLLs and running installers to blocking access to any file. Note: The 'File access' event type is not currently supported by F-Secure Client Security 14.10 and Server Security 14.00. The next versions of these products will add this feature. With the help of F-Secure Application Control file access rules, the admin can block the distribution and execution of a certain file in their environment. When creating the rule, providing only a file hash as a rule condition is enough but may result in performance degradation, because of the need to calculate new digests, especially for big files. To optimize rule performance it is recommended to supply a file size as an extra condition for file access rules.
Log in to Policy Manager Console Select the host or domain from the Domain Tree Go to the Settings tab Go to the Application control page Click Clone to create a custom profile which can be edited Set the newly created profile as the Host profile Click Add rule Set Event as File access Set Action as Block Add condition: Target SHA1 - Equals - <file SHA1> Add condition: Target size - Equals - <file size> Click OK to save the rule Distribute the policy (Ctrl + D)
Note: To be able to add the target size condition, you need to have F-Secure Policy Manager 14.30 This screenshot shows an example how to configure this in Policy Manager Console. This blocks users from launching a "bad" PDF file containing an exploit.
Article no: 000001830
When installing F-Secure Policy Manager 14.x, user receives the following error after clicking Next on the Configure ports page: Error: "The Host Module HTTPS port number specified is already in use."
If the port you have chosen for F-Secure Policy Manager communication is in use by other services (e.g Microsoft webserver), thus causing a conflict, you can solve the issue by changing the port F-Secure Policy Manager will use or by deactivating the service causing the conflict or changing the port that service is using.
Article no: 000018483
How to export the Device Control hardware devices list in Policy Manager 14.x in CSV format?
Follow these instructions to export the Device Control hardware devices table as CSV:
Highlight the policy domain from the Domain Tree Go to the Settings tab and select Advanced View Navigate to F-Secure Device Control > Settings > Devices > Hardware Devices Right click table and choose Export table content
Article no: 000018777
What is considered "new infection" in the F-Secure Policy Manager Web Reporting view?
Log on to your F-Secure Policy Manager Console Select the Policy domain or Host / you want to edit Switch to the Alerts tab Every item in the list, which is not marked as "read" will be considered as "new" in the Web Reporting
Note: As long as an item in the Policy Manager Console Alerts list is not marked as "read", it will appear in the Web Reporting in the list for "New top 10" and "New infection details".
Article no: 000018681
When installing F-Secure Linux Security 11.10, the following error is shown after entering the license code: Invalid keycode. After that is requests the license code again: Please enter the keycode you have received with your purchase of F-Secure Linux Security.
Make sure that the license is typed correctly, and that you are entering a key belonging to the correct product. Trying to enter a code belonging to for example F-Secure Linux Security 64 would result in this error. The license key that you have received is to be used with Linux Security 64 bit server edition. Our licenses are dependent on the software version, meaning a license created for a software version 11 cannot be used on another version installation. If you don't have the correct license code you should contact your reseller and request the license for Linux Security 11.XX as that is the one required for this version.
Article no: 000018082
We have several F-Secure Scanning and Reputation Servers (SRS) to handle load balancing. How to check how many hosts are connected to each SRS server?
The amount of connected hosts can be checked through the F-Secure Policy Manager 14.x advanced status view:
Log in to Policy Manager Console Select the SRS server from the Domain Tree Go to the Status tab and select Advanced view Navigate to F-Secure Scanning and Reputation Server > Statistics > Server > Connected hosts
Here you can see how many hosts are connected to the selected SRS server.
Article no: 000018602
We used to be able see in the Policy Manager Console Alerts list frequent alerts with the source being F-Secure Anti-Spyware. After upgrading to F-Secure Client Security 13 or newer such alerts are not being sent from the clients. Where can we see events from the F-Secure Anti-spyware module?
The F-Secure Anti-Spyware reporting has been integrated to F-Secure Anti-Virus in F-Secure Client Security 13 and newer versions. If you have for example F-Secure Client Security 14 installed on your clients, any Anti-Spyware alerts are reported to Policy Manager Console, the source will be shown as F-Secure Anti-Virus.
Article no: 000018481
Does F-Secure Policy Manager create and maintain an audit log for user and admin activity? For example for these events:
User login / logoff Host deletion / add / rename events Policy sub-domain deletion / add / rename events Change of policy settings
The F-Secure Policy Manager server logs can be found in the following folder:
C:\Program Files (x86)\F-Secure\Management Server 5\logs
The user login actions are not recorded, but there are 2 logs that record actions made by the users while logged in to the console. Changes made to policy settings:
Changes made to the Policy domain computers/servers or specifically changes made to the policy domain structure:
Q: How to find out who deleted a policy sub-domain in Policy Manage Console? A: This information is available in the fspms-domain-tree-audit.logs. Below is an example, where a sub-domain called test was added and immediately deleted. 05.12.2019 09:44:17,785 INFO [audit.domainTree] - User 'admin' added domain test (id=76) to domain Root (id=1) 05.12.2019 09:44:23,615 INFO [audit.domainTree] - User 'admin' deleted domain test (id=76)
Article no: 000007129