With F-Secure Client Security installed in the host, the Delphi debugger process does not work or crash
We recommend to do the following workaround:
Add the exclusion for the Delphi software executable (for example, C:\Program Files (x86)\Embarcadero\Studio\17.0\bin\bds.exe, etc.) in DeepGuard under the Advanced View in the Policy Manager Console:
F-Secure DeepGuard > Settings > Excluded Applications (using full file path of the Delphi software executable) F-Secure DeepGuard > Settings > Applications (using a SHA1 hash of the Delphi software executable)
If you are using Client Security 13.10 or older, you shall upgrade to the latest Client Security 13.11 and above to allow Excluded Applications to work. If you are using Client Security 14.00 - 14.02, we recommend you upgrade to the latest Client Security 14.10 to resolve the issue with exclusions.
Launch an elevated command prompt and type the following one after another:
net stop fsulhoster net stop "F-Secure gatekeeper"
Create the following entry below under the registry HKLM\SYSTEM\CurrentControlSet\Services\F-Secure Gatekeeper\Parameters:
DisableCompanionWait(DWORD) = 1
In the elevated command prompt, type the following one after another:
net start "F-Secure gatekeeper", and ensure that the Gatekeeper driver starts successfully. net start fsulhoster
The provided registry change disables a certain optimization in the F-Secure Gatekeeper driver, which are incompatible with software that tries to suspend processes (ie. Delphi debugger). This registry key does not alter the enabled features or other functionalities of the F-Secure product.
Article no: 000003035
Where do you change the settings about alerts and when virus definition updates are considered outdated (old)?
Note: This feature has not yet been implemented in Client Security version 14.x or Server Security 14.x. Client Security 13.x and Server Security 12.x support this feature. In order to change these parameters, do the following:
Log in to your Policy Manager Console Select the Policy domain or Host / where you want to edit the policy on Go to Settings / Advanced view Choose F-Secure Anti-Virus Click Settings Choose Virus Definitions Updates In oder to receive alerts, set Alert Administrator when Virus Definitions Are Old as activated Set the Number of Days for Virus Definitions to Become Old Distribute the policy
Article no: 000005209
When Web traffic scanning feature is enabled, some web applications and URLs are inaccessible or there are connectivity or performance issues. Java-based applications unable to connect to an internal server or there are connectivity issues. Issue started after client received the F-Secure Online Safety 2019-11-19_01 update.
Make sure ORSP Service (F-Secure Security Cloud) is enabled. You may find more information about the Security Cloud here
How to enable ORSP via Policy Manager console:
Log in to Policy Manager Console Select the host or domain from the Domain Tree Go to the Settings tab (Advanced view) Navigate to F-Secure Security Cloud Client > Settings Enable Allow deeper analysis and Client is enabled Distribute the policy (Ctrl+D)
You can ping the ORSP Service on your local client and see if its reachable: orsp.f-secure.com From Web Browser
Open http://orsp.f-secure.com/getc and browser must be able to download the certificate file from the URL. If it is reporting an error or the browser hangs for several minutes, then there is a problem.
Connectivity to DOORMAN service:
Open https://doorman.sc.fsapi.com/doorman/v1/healthcheck and the browser must reply 'OK'
You might have to check your firewall settings and allow *.f-secure.com and *.fsapi.com. More about URL addresses for F-Secure update services can be found here. Note: If ORSP is turned off, this means that our security cloud client can not access our remote services. This is the root cause of the slowness/hangs/interoperability etc.
You can add the server address as trusted. This will exclude the server from Web Traffic Scanning.
How to add the server address as trusted differs between F-Secure Client Security versions: For F-Secure Client Security 13.x:
Log in to F-Secure Policy Manager Console Select the host or domain from the Domain Tree Go to the Settings tab and select Advanced view Navigate to F-Secure Anti-Virus -> Settings -> Settings for Web Traffic Scanning -> Trusted Servers Click Add and enter the server address Distribute the policy (Ctrl+D)
With Client Security 13.x clients the address needs to have the /* wildcard added after the server address, for example:
http://18.104.22.168/* http://sql-server-2008:8080/* SAMPLESERVER:8080/*
For F-Secure Client Security 14.x:
Log in to F-Secure Policy Manager Console Select the host or domain from the Domain Tree Go to the Settings tab and select Standard view Go to the Web content control page Click Add on the right side of the Trusted sites list Enter the server address in the Address column Distribute the policy (Ctrl+D)
With Client Security 14.x clients no wildcard is needed in the address, for example:
http://22.214.171.124 http://sql-server-2008:8080 SAMPLESERVER:8080
If the steps above did not solve your problem, please try to disable Botnet Blocker and/or DeepGuard How to disable Botnet blocker:
Log in to F-Secure Policy Manager Console Select the host or domain from the Domain Tree Go to the Settings tab and select Standard view Navigate to Web traffic scanning and select Botnet Blocker Set the DNS query filtering to Allow all queries Distribute the policy (Ctrl+D)
Article no: 000004728
Is it possible to choose a custom location (installation path) for the F-Secure Client Security installation on a Windows or Mac host?
It is not possible to change the installation directory of F-Secure Client Security.
Article no: 000018950
We used to be able see in the Policy Manager Console Alerts list frequent alerts with the source being F-Secure Anti-Spyware. After upgrading to F-Secure Client Security 13 or newer such alerts are not being sent from the clients. Where can we see events from the F-Secure Anti-spyware module?
The F-Secure Anti-Spyware reporting has been integrated to F-Secure Anti-Virus in F-Secure Client Security 13 and newer versions. If you have for example F-Secure Client Security 14 installed on your clients, any Anti-Spyware alerts are reported to Policy Manager Console, the source will be shown as F-Secure Anti-Virus.
Article no: 000018481
How will F-Secure Server Security and Client Security clients receive virus definition updates, if the Policy Manager Server is temporarily unreachable?
The client can be set to automatically switch over to the F-Secure Update Server if the Policy Manager Server is unreachable. The client will try for at least one hour (default) or more to reach the designated Policy Manager Server or Policy Manager Proxy. If the client is not able to reach the Policy Manager Server or the Policy Manager Proxy, it will then try to connect to the F-Secure Update Server instead to download the updates. Important: The host on which the F-Secure Client Security or Server Security is installed, must be able to reach required F-Secure domain: http://guts2.sp.f-secure.com
To change this setting, follow these steps:
Log on to your F-Secure Policy Manager Console Select the Policy domain or Host / where you want to edit the policy on Switch to the Advanced view Navigate to F-Secure Automatic Update Agent > Settings > Communication > Allow fetching updates from F-Secure Update Server = Yes To adjust the time until this failover is used, modify the setting here: F-Secure Automatic Update Agent > Settings > Communication > Intermediate Server failover time Distribute the policy
Note: The time setting for the failover must range between 1 hour and 256 days
Article no: 000004400
Error or issue related to F-Secure components (e.g. Gatekeeper, Firewall, Network Interceptor Framework, Internet Shield) and more advanced debug logs are required to investigate the issue. How to enable advanced debug logging for F-Secure Client Security 13.x and F-Secure (Email and) Server Security 12.x clients?
Note: These instructions are applicable for Client Security 13.x and (Email and) Server Security 12.x clients. Newer products use a different tool to enable debug logging. Follow the steps below to collect F-Secure debug logs.
Download and run the F-Secure debug tool Click Update Debug Files Online Select the components you want to debug (e.g Firewall, Gatekeeper driver) Click Apply Changes Reproduce the issue that was reported and take note of the time Disable debugging by deselecting the components and click Apply Changes Click Collect Logs once the issue is reproduced Locate the FSDIAG on the desktop Send the newly generated FSDIAG log files for investigation and report when the issue was reproduced
Article no: 000002782
F-Secure Client Security 13.x or (Email and) Server Security 12.x installation using MSI Package failed due to "Setup Wizard ended prematurely" error.
The installation error "Setup Wizard ended prematurely because of an error" when running the F-Secure Client Security 13.x or (Email and) Server Security 12.x installation MSI file can be caused by the following:
Ensure the subscription key used during the export of the MSI installation file is correct. Contact your local F-Secure reseller partner to obtain the license certificate with latest subscription key for F-Secure products Verify if there is any conflicting 3rd party software installed in the host
If none of the above helped with the installation issue, proceed to contact F-Secure Customer Support here for assistance.
Article no: 000001448
Offload Scanning connection is down during a system restart. After system restarted, the connection is restored after few seconds.
This is expected product behavior if the Offload Scanning connection is established after few seconds during system restart. During system startup, the Offload Scanning Agent (OSA) service will attempt to establish a connection with the Scanning & Reputation Server (SRS). If the connection to SRS is unreachable due to some reason (e.g. Internal network congestion), the service will re-attempt to establish the connection.
Article no: 000018019
When will a newer version of F-Secure Client Security for Mac be released that supports MacOS Catalina (10.15)?
A new version of F-Secure Client Security for Mac 13.12 was released on 29th of October. It has support for MacOS Catalina 10.15. Client Security for Mac 13.12 installation file is available on our downloads page.
Article no: 000016301
Policy Manager Console is unable to import Client Security for Mac 13.12 jar file. Error "Cannot import 'fscsmac-13.12-rtm.jar": 'ClassPath' entry in section(s) 'InstallationWizard' and 'UninstallationWizard' does not point to wizard entities" is shown when importing.
You have to upgrade your F-Secure Policy Manager to version 14.20 before importing Client Security for Mac 13.12 installation package. You can find all the latest installers from our Support and downloads page. For more information refer to the help guide.
Article no: 000017540
Configured Application Control for Client Security 13.x hosts in Policy Manager 14.x but it does not stop the applications from launching
F-Secure Client Security 13 version does not support the Application control feature which is the reason why applications are still able to be launched after configuring the feature through F-Secure Policy Manager 14. The Application control feature is supported by F-Secure Client Security version 14 and newer. You will need to upgrade the hosts if you wish to use this feature. F-Secure Client Security 13 supports the Network Access Control feature which prevents unauthorized applications from gaining network access.
Article no: 000016529
Unable to change Management Server Address on Client Security or Server Security hosts because the public and private admin keys do not match. Need to migrate hosts between two Policy Manager Servers without having to do a re-installation of the software client side.
If your Policy Manager ONLY manages clients running Client Security 14.00 or newer, you can create a Keyreplacer yourself with a tool that can be provided to you by support. The tool comes with instructions on how to create the keyreplacer-file. You will need to know the IP-address or hostname of the new Policy manager, the http- and https-ports that it uses, and depending on the situation, its admin.pub-file (see steps to download admin.pub below). To deploy the keyreplacer, see steps for "Instruction to deploy the Key Replacer fix" below. In case you are also managing other installations, kindly provide us with the following information from the new Policy Manager for assistance to create Key Replacer fix.
Admin.pub file The Policy Manager management address The http- and https-ports used by the Policy Manager
( On Linux systems the port information can be found in the following log: /var/opt/f-secure/fspms/logs/fspms-stderrout.log ) To download admin.pub file, please follow these steps:
Login to the PM console In the top menu, click Tools > Server Configuration > Keys Click Export to download admin.pub and admin.prv files
Attach the admin.pub file to your e-mail reply and we will create the Key Replacer hotfix file for you.
Instruction to deploy the Key Replacer fix
Please close the Policy Manager Console and stop Policy Manager Server service in services.msc
You can also stop Policy Manager service by opening a command prompt with elevated mode and typing in the below command. net stop fsms
Configure the registry on the Policy Manager Server
Locate this registry key: "HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Server 5" for - 32bits OS "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432node\Data Fellows\F-Secure\Management Server 5" for - 64bits OS
Right-click on Management Server 5 Registry Key and add a new String Value with the following:
Name: additional_java_args Data field: -DallowUnsignedWithRiwsAndMibs=true Note: Please don't remove the -D on the beginning of the string or it will not work properly.
The same works for Linux, but you need to use config file /etc/opt/f-secure/fspms/fspms.conf instead of the registry. Create a new line with parameter additional_java_args and specify Java system properties in its value in quotes in the following format: -DpropertyName=value. Multiple properties can be specified using space as a delimiter. Property names and values are case sensitive.
Example: additional_java_args=-DallowUnsignedWithRiwsAndMibs=true -Dh2ConsoleEnabled=true -DmaxSynchronousPackageRetrievalRequests=100
Start the Policy Manager Server service and open the Policy Manager Console Go to the Installation-tab and click Installation packages Click Import to import "KeyReplacer_unsigned.jar" file to the Policy Manager Console as an Installation package Deploy the KeyReplacer file to all clients, for example using a policy-based installation
After the deployment is finished import the hosts in the Policy Manager Console by going to the Installation tab and clicking "Import new hosts".
Article no: 000003212
Windows Server operating system with Server Security 14.00 installed is hanging Windows Desktop operating system with Client Security 13.00 or newer installed is hanging
UPDATE: The issue related to F-Secure Ultralight Core Update 2019-10-01_01 has now been fixed in the latest Ultralight Core Update, which is available as an automatic update by name F-Secure Ultralight Core Update 2019-10-22_01. However, if you are still facing similar issues after the update fix, this may happen if F-Secure product have F-Secure Security Cloud Client enabled, but don't have access allowed to fsapi.com address. To resolve this issue, make sure that you have allowed access to fsapi.com from your environment. In case you have isolated environment, or otherwise cannot allow access to fsapi.com, disable F-Secure Security Cloud Client via Policy Manager Console:
Log in to Policy Manager Console. Go to Settings tab. Select Advanced view. Navigate to: F-Security Security Cloud Client > Settings > Client is enabled. Select No from the drop-down menu. Make sure that the setting is locked. Distribute policies (CTRL-D).
In case you should not have restricted network access, or if above steps didn't help, contact F-Secure support for further assistance.
Article no: 000016583
Via proxy or direct connection, F-Secure Client Security is not receiving updates from Policy Manager. The following errors are visible in C:\ProgramData\F-Secure\Log\AUA\AUA.log: [ 8068]Thu Aug 30 11:15:32 2018(3): Connecting to http://<Policy Manager IP address>/guts2/ via http proxy <Proxy IP address> [ 3488]Thu Aug 30 11:15:32 2018(3): Update check failed. There was an error connecting http://<Policy Manager IP address>/guts2/ via http proxy Proxy IP address (Server error) Thu Aug 30 11:15:32 2018(3): Connecting to http://Policy Manager IP address/guts2/ (no http proxy) [ 3488]Thu Aug 30 11:15:32 2018(2): Update check failed. There was an error connecting http://<Policy Manager IP address>/guts2. (Unspecified error) Thu Aug 30 11:17:41 2018(3): Connecting to http://Policy Manager IP address/ via http proxy Proxy IP address [ 3488]Thu Aug 30 11:17:41 2018(3): Update check failed. There was an error connecting http://Policy Manager IP address/guts2/ via http proxy Proxy IP address (Server error)
Test the connectivity from the host to Policy Manager Server by using the HTTP and HTTPS protocol:
Open any web browser on the host that has F-Secure Client Security installed. Enter the IP address of the Policy Manager and press Enter. Repeat the test, only this time by using the HTTPS protocol (for example https://192.168.0.10:443/).
If the HTTP (automatic updates) and HTTPS (management agent) connections are working, the web page should display the following information:
If the connection fails, troubleshoot the network connectivity between the host and Policy Manager at your end. Verify whether the host and the server have permission to connect to each and other (for example corporate firewall, proxy). If the intermediate proxy is a PMP instance and the clients are unable to download updates via it, ensure that PMP can connect to the internet directly as the default configuration for the proxy is forward mode. In this mode, updates are downloaded via PMP but from the internet and not from Policy Manager Server. This configuration is controlled by changing the proxy mode to either reverse or forward. Reverse vs. forward modes define whether the virus definitions and software updates are retrieved directly from the internet or from the configured upstream Policy Manager Server or other proxy. Forward proxy is used to minimize traffic between networks, for example between a branch office and HQ. Reverse proxy is used for example in environments where the proxy has no direct connection to the internet, or to minimize the load on the master server (or other forward proxy). By default the proxy is installed in forward mode. Set "-DreverseProxy=true" additional Java argument to switch it to the 'reverse' mode. You can verify whether PMP can download updates by checking the c:\program files (x86)\Management Server 5\logs\fspms-download-updates.log file. The following message is an example of downloading updates failing: 26.03.2019 14:47:44,034 ERROR [c.f.f.s.g.d.DownloadUpdatesService] - Error while checking latest updates org.apache.http.conn.ConnectTimeoutException: Connect to guts2.sp.f-secure.com:80 [guts2.sp.f-secure.com/126.96.36.199, guts2.sp.f-secure.com/188.8.131.52] failed: connect timed out.
Article no: 000006708
DNS resolution for certain sites are blocked with the product installed. How to avoid this from happening?
Most likely the DNS resolution is blocked by the Botnet Blocker feature. The site is rated as unsafe and hence blocked by the feature. You need to do the following: 1. Share the URL with the Labs team, for further investigation. The Labs team will whitelist the URL if the site is not malicious: https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-url 2. Whitelist the blocked site or the IP address of the blocked site via the Advanced View in the PM Console at: ======================================================================== * F-Secure Browsing Protection > Settings > Reputation Based Protection > Trusted Hosts * F-Secure Browsing Protection > Settings > Reputation Based Protection > Trusted Sites ========================================================================
Article no: 000003887
How to migrate from Client Security to Computer Protection using Policy Manager?
Kindly follow the steps explained here on migrating from Client Security to Computer Protection using Policy Manager Console. NOTE: The bs2cp_psb*.jar file that needs to be downloaded is dependable on which F-Secure PSB portal you have your F-Secure PSB Computer Protection subscription in and not the region where you are located. EMEA: https://emea.psb.f-secure.com/ AMER: https://amer.psb.f-secure.com/ APAC: https://apac.psb.f-secure.com/ EMEA2: https://emea2.psb.f-secure.com/ EMEA3: https://emea3.psb.f-secure.com/ Your login credentials will only be applicable to one of these portals, therefore, the bs2cp_psb*.jar file is dependent on this.
Article no: 000007334
The F-Secure Client Security reports that a suspiciously small datagram fragment has been blocked How to get rid of the warning if it is a false positive?
This type of alerts might be related to a DDoS attack. If they appear on a network, they might also be a sign of a broken or wrongly configured router or device in the network, for example a printer. Proceed to investigate the issue on a network level before applying the modification below. In practice packet with a size below 128 bytes are normally considered inefficient (ratio data/data+headers). To get rid of the alert, you can change what the F-Secure firewall considers as the minimum size for a fragment. In Policy Manager, this setting has to be changed by using the Advanced view. Follow these steps:
Log into Policy Manager Console. Select the host or domain from the Domain tree. Go to the Settings tab and select the Advanced view. Navigate to F-Secure Internet Shield > Settings > Firewall Engine > Minimum fragment size. Set the Minimum Fragment Size to 0. Distribute the policy to the hosts.
Article no: 000001900