Business Suite

Sort by:
Issue: In Client Security 14, how do you activate the Offload Scanning functionality for virtual environments? Resolution: Starting from F-Secure Client Security version 14 onwards, the Offload Scanning Agent (OSA) is activated through the policy.  This policy setting may or may not be included in the installation package. Changing the setting In order to activate or deactivate the functionality, you can change it under the following setting using the Policy Manager Console: Standard view > Real-time scanning > Virtualization support Set the checkbox accordingly for the setting named Offload file scanning Article no: 000008176
View full article
Issue: How to disable Advanced Network Protection for Client Security 14 in Policy Manager 14? Resolution: Follow these steps to centrally disable Advanced Network Protection from the chosen clients: Open F-Secure Policy Manager Choose the target host or domain from the Domain Tree Go to the Settings tab and use Standard View Go to Web traffic scanning section Choose from HTTP Scanning HTTP scanning enabled and set the value as disabled Distribute the new policy with the Distribute policies button Now Advanced Network protection is disabled from the target hosts. Article no: 000008143
View full article
Issue: The F-Secure Client Security products started sending security alerts to F-Secure Policy Manager for every single blocked URL. This started when F-Secure Online Safety 2019-09-02_02 update was released. The security alerts have following details: Unknown alert: online_safety.page.block. Resolution: The fix was released in the F-Secure Online Safety 2019-09-10_01 update package. The update is installed automatically and does not require user or administrator actions.   Article no: 000015569
View full article
Issue: The Allow button to Restore files from quarantine is grayed out in Client Security 14.10 . How can I allow this from Policy Manager? Resolution: You can allow a local user to restore files sent to quarantine by following these steps: Log in to Policy Manager console. Select a host or domain from the Domain Tree. Go to the Settings tab. Go to the Real-time scanning page. Uncheck Prevent users from adding scanning exclusion. 6. Distribute the new policy to the hosts. Note: By default the "delete" option in Client User Interface is allowed, as the option "delete" does not contain any risk. Article no: 000012976
View full article
Issue: Unable to change Management Server Address on hosts. User needs Admin Key Replacer hotfix Resolution: If your Policy Manager ONLY manages clients running Client Security 14.00 or newer, you can create the keyreplacer yourself with a tool that can be provided to you by support.  The tool comes with instructions on how to create the keyreplacer-file. You will need to know the IP-address or hostname of the new Policy manager, the http- and https-ports that it uses, and depending on the situation, its admin.pub-file (see steps to download admin.pub below). To deploy the keyreplacer, see steps for "Instruction to deploy the Key Replacer fix" below. In case you are also managing other installations, kindly provide us with the following information from the new Policy Manager for assistance to create Key Replacer fix. Admin.pub file The Policy Manager management address The http- and https-ports used by the Policy Manager ( On Linux systems the port information can be found in the following log: /var/opt/f-secure/fspms/logs/fspms-stderrout.log ) To download admin.pub file, please follow these steps: Login to the PM console In the top menu, click Tools > Server Configuration > Keys Click Export to download admin.pub and admin.prv files Attach the admin.pub file to your e-mail reply and we will create the Key Replacer hotfix file for you. Instruction to deploy the Key Replacer fix Please close the Policy Manager Console and stop Policy Manager Server service in services.msc. You can also stop Policy Manager service by opening a command prompt with elevated mode and typing in the below command. net stop fsms Configure the registry on the Policy Manager Server. Locate this registry key: "HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Server 5" for - 32bits OS "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432node\Data Fellows\F-Secure\Management Server 5" for - 64bits OS Right-click on Management Server 5 Registry Key and add a new String Value with the following:   Name: additional_java_args Data field: -DallowUnsignedWithRiwsAndMibs=true Note: Please don't remove the -D on the beginning of the string or it will not work properly.   The same works for Linux, but you need to use config file /etc/opt/f-secure/fspms/fspms.conf instead of the registry. Create a new line with parameter additional_java_args and specify Java system properties in its value in quotes in the following format: -DpropertyName=value. Multiple properties can be specified using space as a delimiter. Property names and values are case sensitive. Example: additional_java_args=-DallowUnsignedWithRiwsAndMibs=true -Dh2ConsoleEnabled=true -DmaxSynchronousPackageRetrievalRequests=100   Start the Policy Manager Server service and open the Policy Manager Console Go to the Installation-tab and click Installation packages Click Import to import "KeyReplacer_unsigned.jar" file to the Policy Manager Console as an Installation package Deploy the KeyReplacer file to all clients, for example using a policy-based installation After the deployment is finished import the hosts in the Policy Manager Console by going to the Installation tab and clicking "Import new hosts". Article no: 000003212
View full article
Issue: F-Secure scheduled scan causes high CPU usage. How can I reduce this? Resolution: Follow the steps below to change the priority of the scan from "Normal" to "Background" to improve the host performance during scheduled scanning: Open F-Secure Policy Manager console. Click on the Settings tab. Select Advanced view. Click F-Secure Anti-Virus. Click Settings. Click Settings for Manual Scanning. Click Scanning Options. Change the Priority value to Background. Article no: 000001585
View full article
Issue: How to migrate from Client Security to Computer Protection using Policy Manager? Resolution: Kindly follow the steps explained here on migrating from Client Security to Computer Protection using Policy Manager Console. NOTE: The bs2cp_psb*.jar file that needs to be downloaded is dependable on which F-Secure PSB portal you have your F-Secure PSB Computer Protection subscription in and not the region where you are located. EMEA: https://emea.psb.f-secure.com/ AMER: https://amer.psb.f-secure.com/ APAC: https://apac.psb.f-secure.com/ EMEA2: https://emea2.psb.f-secure.com/ EMEA3: https://emea3.psb.f-secure.com/ Your login credentials will only be applicable to one of these portals, therefore, the bs2cp_psb*.jar file is dependent on this. Article no: 000007334
View full article
Issue: When I try to create Offline MSI installer via the FSMSI tool I get the error "FsMsiTool is not recognized as an internal or external command."  Resolution: You have to execute the FSMSI tool command from the directory where the tool is copied to or else you will get the error.  Article no: 000014777
View full article
Issue: New updates for some software such as Citrix Receiver appear on the Software Updates list in Policy Manager console Software Updater. Whenever I try to download and install them, I receive the following status message: The update package must be downloaded manually. What does it mean and how can I install the newest updates? Resolution: The message means that the updates must be downloaded directly from the Citrix Receiver official website. After downloading the updates, install them manually as it is not possible to do it via the Policy Manager console or by using Software Updater.  The reason why it is not possible is that more and more sites require authentication (e.g. "I'm not a robot" captcha).  In those cases where Software Updater cannot download the updates, it advises that an update is available and can be installed manually to ensure security. Article no: 000014817
View full article
Issue: I am trying to activate Client Security 14.xx with the License key we used for 13.xx but it is not recognized. Resolution: Please check that you are using a valid license key. License keys differ between versions. Contact your reseller to obtain your updated license keys and certificates Article no: 000012137
View full article
Issue: DNS resolution for certain sites are blocked with the product installed. How to avoid this from happening? Resolution: Most likely the DNS resolution is blocked by the Botnet Blocker feature. The site is rated as unsafe and hence blocked by the feature. You need to do the following: 1. Share the URL with the Labs team, for further investigation. The Labs team will whitelist the URL if the site is not malicious: https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-url 2. Whitelist the blocked site or the IP address of the blocked site via the Advanced View in the PM Console at: ======================================================================== * F-Secure Browsing Protection > Settings > Reputation Based Protection > Trusted Hosts * F-Secure Browsing Protection > Settings > Reputation Based Protection > Trusted Sites ======================================================================== Article no: 000003887
View full article
Issue: After the file SHA-1 hash and file path is excluded in F-Secure Client Security 13.x/14.x, Deepguard continues to block the application. Resolution: If you are using F-Secure Policy Manager version 14, in Real-time scanning the option "Do not scan the following files and applications" is only applicable for F-Secure Client Security 14 and newer. In order to exclude an application path from Deepguard for F-Secure Client Security 13.x, do the following: Log in to Policy Manager Console. Click on the Settings tab. Click Advanced View. Click F-Secure DeepGuard. Click Settings. Click Excluded applications. Enter the full path of the application. Distribute the policies. Note: If you are using F-Secure Client Security 13.10, kindly upgrade to 13.11 since the latest version has improvements for Deepguard. Wildcard exclusions are only applicable for Real-time scanning. For Deepguard exclusion, kindly use file or folder path. F-Secure Security Cloud (ORSP) has a higher priority compared to SHA-1 exclusions. Only file or folder path exclusion has higher priority over ORSP. If the exclusions were done for F-Secure Client Security 14.10 and the application is still being blocked, kindly contact F-Secure Customer Care here for assistance. Article no: 000009628
View full article
Issue: Universal CRT is not installed therefore Client Security 14.x/Server Security 14.00 installation fails Resolution: The latest version of Client Security 14.x/Server Security 14.00 requires Windows Universal C Runtime. Download and install Windows Universal C Runtime from the link here before installing F-Secure Client Security 14.x/Server Security 14.00.   Article no: 000008994
View full article
The product uses Windows Firewall to protect your computer.
View full article
If you have installed Client Security on hosts that do not have a network connection, you can update the malware definitions using the tool provided...
View full article
The following steps describe Policy Manager Proxy node installation for both Windows and Linux.
View full article
F-Secure has released a new generation engine for one of our core scanning engines, which, at F-Secure, we call Capricorn. The engine change brings...
View full article
To be able to combat the more adaptive and targeted attackers of the future even better, F-Secure has made a significant engine update.
View full article
This article describes how you can configure the MyNetwork rule in F-Secure Policy Manager.
View full article
This article explains how you can collect an MBR rootkit sample for F-Secure Labs to analyse.
View full article
There are several ways to get the Hardware ID for a device for the Device Control rules; Using Device Control statistics or Windows Device Manager.
View full article
After having installed the F-Secure product on several workstations in the network, you notice that the Windows login is taking longer than usual,...
View full article
When deploying cloned virtual machines from a template, Policy Manager identifies them as identical machines even when each machine is configured to...
View full article
Next-gen proxy is a role of Policy Manager Server, in which it proxies certain requests to Master Server while serving BackWeb and software updates...
View full article
This article provides you with information about the Ilauncher command line parameters.
View full article
Policies are product configurations created on F-Secure Policy Manager and automatically picked up by the client machines. They define the settings of...
View full article
This article provides information on how you can exclude files from scanning by using wildcard characters in the F-Secure antivirus products.
View full article
This article explains how the Launch Scan After Update functionality works for the Anti-Virus component.
View full article
This article explains how the intermediate server failover time setting found in F-Secure Automatic Update Agent (FSAUA) works.
View full article
This article describes how you can use ilauncher.exe with a limited user account to install the F-Secure software.
View full article
This article applies to Client Security 14.x and later Server Security 14.x and later
View full article
There are various malware monitoring opportunities available provided both by F-Secure and the operating system.
View full article
This article describes what logic Automatic Update Agent (AUA) uses to prioritize its updates fetch.
View full article
This article contains some pointers about installing F-Secure Client Security and F-Secure Policy Manager. It is intended for use by technical staff...
View full article
Issue: The DeepGuard status of a F-Secure Client Security 14.0x client in Policy Manager in the Overall Protection section, the status is shown as "Unknown".   Resolution: This is a known issue and an upgrade to F-Secure Client Security version 14.10 or newer fixes the issue. The older Client Security 14 do not have the upload of DeepGuard module version to Policy Manager enabled.   Article no: 000012983
View full article
Issue: The firewall rules pushed from Policy Manager 14.x to Client Security 14.x clients do not appear in the Windows firewall. Resolution: Check that you have edited the same profile that is in use on the client. This can be done by following these steps: Open F-Secure Policy Manager. Select the host from the Domain tree. Go to the Settings tab. Go to the Firewall page. Check that Host profile and Profile being edited match. If they match, the reason why the rule is not applied on the client is because it is an invalid rule. If the rule has many IP addresses in it, make sure that you have used a comma (,) in between each IP range as a value separator. Using a space or semicolon (;) in between the IP ranges will invalidate the rule and it will not be visible in the Windows Firewall.  Article no: 000011310
View full article
Issue: After upgrading to F-Secure Client Security 14.10 or F-Secure Server Security 14 Client keeps asking for restart with notification "restart required F-Secure product received a critical update. To keep your protection up to date, restart your computer. Remember to save your work" After a restart the same notification is shown again F-Secure Ultralight services are not listed in the Windows services list Capricorn update is missing from Updates list in the local user interface Note: If you click on the view log file button in the Updates view, it will bring you to the aua.log, where you can see similar entries:  I: Installation of 'F-Secure Ultralight Core Update 2019-08-22_01' : Processing  I: Installation of 'F-Secure Ultralight Core Update 2019-08-22_01' : Retry at restart  I: Installation of 'F-Secure Hydra Update 2019-08-28_04' : Processing  I: Update check completed successfully  I: Installation of 'F-Secure Hydra Update 2019-08-28_04' : Retry at restart Resolution: This issue is related to Ultralight not installing or updating correctly. You can install one of the hotfixes bellow to solve the problem: FSCS1410-HF01 FSCS1410-HF02 FSCS1410-HF07 Note: All these Hotfixes are applicable for Server Security 14.00 and Client Security 14.10 These hotfixes are not publicly available from our homepage. Open a support request and our customer service team can send you the hotfixes.   Article no: 000014676
View full article
Issue: Our current license certificate does not contain the most recent subscription info and/or license keys. How can I get an updated license certificate?  Resolution: To get a new license certificate, proceed to contact your local reseller or F-Secure sales contact. If you are uncertain of who this contact is, kindly create a support ticket here. Article no: 000001527
View full article
Issue: How can I manually isolate hosts from the network with Policy Manager? Resolution: You can isolate one or more hosts from the network. Note: Use network isolation with caution and only in case of a network attack. To isolate a host from the network: Select the target host in the policy domain tree Go to the Operations tab Click Isolate under Network isolation. This isolates the selected host from the network To reconnect an isolated host to the network, click Release on the Operations tab. Isolated hosts are shown on the Host issues section of the dashboard. This feature is only available in Policy Manager 14.10 and newer. Article no: 000015929
View full article
Issue: After upgrading or installing Client Security 14.x, you encounter issues with communication. Symptoms include: the host is unable to connect to F-Secure Policy Manager Server the host is not visible on the Import host list in Policy Manager Console. However, the hosts might be able to download updates. Resolution: Note: Make sure that the F-Secure Policy Manager address is correct and that the host communication ports (TCP/UDP default 80 and 443) are available and open. Test the connectivity between the clients and Policy Manager: Open the Policy Manager address in a browser from a client: http://pms-server.local:80 and https://pm-server.local:443. If you get an "F-Secure Welcome page", the connection is working. If not, check that the host communication TCP/UDP ports to the Policy Manager Server are allowed in your firewall. Make sure that you have configured the Policy Manager IP address and/or hostname correctly and that the ports configured for host modules are correct. Default ports after installations are 80 for HTTP and 443 for HTTPS. On the computer running Client Security, the following log contains details on the connectivity with Policy Manager Server. Use it to troubleshoot connection issues: C:\ProgramData\F-Secure\Log\BusinessSuite\PmpSelectorPlugin.log Below is an example of a failed connection:   2019-03-04 14:11:50.150 [10d8.1588] I: Connecting to wait.pmp-selector.local 2019-03-04 14:11:50.150 [10d8.1588] I: Update check failed, error=210 (unable to resolve host) 2019-03-04 14:11:50.150 [10d8.1588] I: Connection failed 2019-03-04 14:12:50.871 [10d8.15a0] .W: ServerFinder::Ping: Ping to {host: 10.10.10.10, http: 82, https: 443} aborted. There are no valid certificates 2019-03-04 14:12:50.871 [10d8.15a0] I: UpdatablePmCertVerifier::RenewCertificates: Renewing certificates from 10.10.10.10 2019-03-04 14:13:11.908 [10d8.15a0] *E: UpdatablePmCertVerifier::RenewCertificates: Failed to download certificate bodies. AsyncSendRequest failed: 12002 2019-03-04 14:13:11.908 [10d8.15a0] .W: CosmosUpdater::Run: No servers responded. Policy Manager unavailable. Error 12002 means ERROR_WINHTTP_TIMEOUT > Client Security cannot connect to Policy Manager to fetch this list. A complete list of Microsoft Windows HTTP Services errors is available here.  Below is an example of a working connection: 2019-09-05 09:00:19.789 [0fd0.136c] I: UpdatablePmCertVerifier::RenewCertificates: Renewing certificates from 10 .11 .10.10 2019-09-05 09:00:19.839 [0fd0.136c] I: UpdatablePmCertVerifier::RenewCertificates: 2 certificate(s) renewed successfully; expire in 86170 seconds Article no: 000010321
View full article
Issue: I am unable to have connectivity for my computer running a Business Suite product. We are using WPAD (Web Proxy Auto-Discovery protocol) to deploy http proxy server settings. Does Business Suite support WPAD for http proxy setting deployment? Resolution: WPAD is not officially tested nor supported by the Business Suite products, including Policy Manager. Article no: 000010593
View full article
Issue: Clients are not able to get updates from the Policy Manager server Virus definitions shows later than the Policy Manager is Serving Update server is shown as wait.pmp-selector.local Policy Manager shows that Client Security is still in the old version even though on the client it is the newer version Resolution: The update server is shown as wait.pmp-selector.local until the client has successfully connected to the Policy Manager Server for the first time after the upgrade or installation. This is an indication that there is a connectivity issue between the clients and the Policy Manager server. First, check that you have set the correct Policy Manager Server address when exporting the installation file. You can check if the address is correct and if the HTTP connection works by opening a web browser on a client and then entering the Policy Manager Server address and the HTTP port in the address field.  Example: 10.132.2.19:80  Client Security 13 and earlier versions supported fallback to using HTTP connection if HTTPS did not work. Please check that both the HTTP and HTTPS ports are open in the firewall on the Policy Manager Server. By default Policy Manager listens to HTTP port 80 and HTTPS port 443, but these can be changed during installation.  Check that you have entered the correct Policy Manager Server address, HTTP port and HTTPS port when creating the installation file. If you have used the wrong address or ports when creating the installation file, you will need to reinstall the product with a new installation file with the correct settings.    If you are using Policy Manager Proxy in your environment, try these steps: Make sure that Policy Manager proxy servers are updated to 14 versions For Client Security 14 clients HTTPS connection support is required and for versions 13 and earlier it was not "Allow fallback" is not mandatory if everything is configured properly If you are not sure if it is configured properly, allow the option Fall back to Policy Manager Proxy which can be found under Automatic Update Agent in Policy Manager Console. If you cannot find an issue with your configuration, open a support request and submit an FSDiag diagnostic file from the Policy Manager Server and one of the affected client for further analysis and troubleshooting. Article no: 000009396
View full article
Issue: Via proxy or direct connection, F-Secure Client Security is not receiving updates from Policy Manager. The following errors are visible in C:\ProgramData\F-Secure\Log\AUA\AUA.log: [ 8068]Thu Aug 30 11:15:32 2018(3):  Connecting to http://<Policy Manager IP address>/guts2/ via http proxy <Proxy IP address> [ 3488]Thu Aug 30 11:15:32 2018(3):  Update check failed. There was an error connecting http://<Policy Manager IP address>/guts2/ via http proxy Proxy IP address (Server error) [12232]Thu Aug 30 11:15:32 2018(3):  Connecting to http://Policy Manager IP address/guts2/ (no http proxy) [ 3488]Thu Aug 30 11:15:32 2018(2):  Update check failed. There was an error connecting http://<Policy Manager IP address>/guts2. (Unspecified error) [10736]Thu Aug 30 11:17:41 2018(3):  Connecting to http://Policy Manager IP address/ via http proxy Proxy IP address [ 3488]Thu Aug 30 11:17:41 2018(3):  Update check failed. There was an error connecting http://Policy Manager IP address/guts2/ via http proxy Proxy IP address (Server error) Resolution: Test the connectivity from the host to Policy Manager Server by using the HTTP and HTTPS protocol: Open any web browser on the host that has F-Secure Client Security installed. Enter the IP address of the Policy Manager and press Enter. Repeat the test, only this time by using the HTTPS protocol (for example https://192.168.0.10:443/). If the HTTP (automatic updates) and HTTPS (management agent) connections are working, the web page should display the following information: If the connection fails, troubleshoot the network connectivity between the host and Policy Manager at your end. Verify whether the host and the server have permission to connect to each and other (for example corporate firewall, proxy). If the intermediate proxy is a PMP instance and the clients are unable to download updates via it, ensure that PMP can connect to the internet directly as the default configuration for the proxy is forward mode. In this mode, updates are downloaded via PMP but from the internet and not from Policy Manager Server. This configuration is controlled by changing the proxy mode to either reverse or forward.  Reverse vs. forward modes define whether the virus definitions and software updates are retrieved directly from the internet or from the configured upstream Policy Manager Server or other proxy. Forward proxy is used to minimize traffic between networks, for example between a branch office and HQ. Reverse proxy is used for example in environments where the proxy has no direct connection to the internet, or to minimize the load on the master server (or other forward proxy). By default the proxy is installed in forward mode. Set "-DreverseProxy=true" additional Java argument to switch it to the 'reverse' mode. You can verify whether PMP can download updates by checking the c:\program files (x86)\Management Server 5\logs\fspms-download-updates.log file. The following message is an example of downloading updates failing: 26.03.2019 14:47:44,034 ERROR [c.f.f.s.g.d.DownloadUpdatesService] - Error while checking latest updates org.apache.http.conn.ConnectTimeoutException: Connect to guts2.sp.f-secure.com:80 [guts2.sp.f-secure.com/2.21.76.146, guts2.sp.f-secure.com/2.21.76.152] failed: connect timed out. Article no: 000006708
View full article