Business Suite

Sort by:
Issue: F-Secure Software Updater (SWUP) does not install any updates on my computers installed with Client Security Premium 14.02. The status on Policy Manager Console (PMC) is displaying software installation status as "Starting Installation..."    Resolution: This is due to a bug with Software Updater for F-Secure Client Security Premium 14.02. To fix this, you can download the F-Secure Client Security Premium 14.0X Software Updater Hotfix listed in Hotfixes under F-Secure Client Security 14.02. Alternatively, you can upgrade to F-Secure Client Security Premium 14.10 as the fix is already included in the latest version.   Article no: 000017345
View full article
Issue: Universal CRT is not installed therefore Client Security 14.x/Server Security 14.00 installation fails. In Policy Manger Console, push installations result in the status error message: "Installation failed. MSI error code is 1603." The following error can be seen in Windows Application Event Logs: "Product: F-Secure Client Security [Premium] 14.XX/F-Secure Server Security [Premium] 14.XX -- Universal CRT is not installed" Resolution: The latest version of Client Security 14.x and Server Security 14.00 require Windows Universal C Runtime to be installed on the system. Download and install Windows Universal C Runtime from the link here before installing F-Secure Client Security 14.x or Server Security 14.x. Here is also an alternate link from where to download Windows Universal C Runtime.   Article no: 000008994
View full article
Issue: With F-Secure Client Security installed in the host, the Delphi debugger process does not work or crash Resolution: We recommend to do the following workaround: Add the exclusion for the Delphi software executable (for example, C:\Program Files (x86)\Embarcadero\Studio\17.0\bin\bds.exe, etc.) in DeepGuard under the Advanced View in the Policy Manager Console: F-Secure DeepGuard > Settings > Excluded Applications (using full file path of the Delphi software executable) F-Secure DeepGuard > Settings > Applications (using a SHA1 hash of the Delphi software executable) NOTE: If you are using Client Security 13.10 or older, you shall upgrade to the latest Client Security 13.11 and above to allow Excluded Applications to work. If you are using Client Security 14.00 - 14.02, we recommend you upgrade to the latest Client Security 14.10 to resolve the issue with exclusions. Launch an elevated command prompt and type the following one after another: net stop fsulhoster net stop "F-Secure gatekeeper" Create the following entry below under the registry HKLM\SYSTEM\CurrentControlSet\Services\F-Secure Gatekeeper\Parameters: DisableCompanionWait(DWORD) = 1 In the elevated command prompt, type the following one after another: net start "F-Secure gatekeeper", and ensure that the Gatekeeper driver starts successfully. net start fsulhoster NOTE: The provided registry change disables a certain optimization in the F-Secure Gatekeeper driver, which are incompatible with software that tries to suspend processes (ie. Delphi debugger). This registry key does not alter the enabled features or other functionalities of the F-Secure product. Article no: 000003035
View full article
Issue: What will happen to Anti-Spyware settings when F-Secure Client Security is upgraded from version 13.x to 14.x? Will F-Secure Client Security 14.x have any spyware scanning?  Resolution: F-Secure Client Security 14.x does not have a separate Anti-Spyware module, it is instead included with the normal Anti-Virus module as part of Real-Time Scanning.  F-Secure Client Security versions 14 and newer do not support the spyware scanning settings included in distributed policies. Any spyware exclusions need to be done as Real-Time Scanning file or process exclusions.    A spyware detection will appear in on the F-Secure Policy Manager Alerts list with the description "Spyware found in file. The file was blocked." and the source is "File Scanning".    Article no: 000019954
View full article
This article provides information on how to exclude files from real-time scanning in F-Secure Anti-virus products using wildcard characters.
View full article
This article provides information on how to exclude files from manual scanning in F-Secure Anti-virus products using wildcard characters.
View full article
Issue: I have installed F-Secure Client Security 14.x and the host is unable to communicate with Policy Manager to download updates. I have re-installed F-Secure Client Security in the host and the issue persists. Resolution: This  issue is related to missing F-Secure Ultralight services. Proceed to verify if the following F-Secure services are running in services.msc: F-Secure Device Control F-Secure Hoster F-Secure Hoster (Restricted) F-Secure Ultralight Hoster F-Secure Ultralight Network Hoster F-Secure Ultralight ORSP Client F-Secure Ultralight Protected Hoster If F-Secure Utralight services are missing from the list, the issue is most likely due to the Ultralight not installed properly because of the older version of Client Security. Run the F-Secure uninstallation tool to clean up what was left from the previous installation. Next, remove F-Secure folders and files from Program Files and ProgramData including the F-Secure registry entries from the Registry Editor: HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows - 32bit HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Data Fellows - 64bit Once the uninstallation process completes, proceed to re-install F-Secure Client Security 14.10 on the host to resolve the issue.   Article no: 000019644
View full article
Issue: F-Secure Client Security v14.10 MSI installation fails and shows the error message: Error 1335. The cabinet file '_DBEE06267B6C806BE1ED16F60A63E29E' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package. Resolution: This error is shown due to corruption of the MSI package when it was exported from the Policy Manager. You need to export a new MSI package from the Policy Manager server and run the installation once again using the new MSI installer.   Article no: 000019642
View full article
Issue: How does the Protect the hosts file security feature work with F-Secure Client Security 14 on a Windows host?  What happens to an already modified hosts file when F-Secure Client Security is installed?  Resolution: The Protect the Hosts file security feature monitors if there have been any changes made to the hosts file in a Windows system. If the feature detects a non-default hosts file, it will alert of a redirected hosts file and replace it with a hosts file with the following content: # # Copyright (c) 2007 F-Secure Corporation  #  # This is a HOSTS file created during malware removal.  # # Your original HOSTS file was infected and it was replaced  # by this file containing only clean default entries.  # The original HOSTS file may be restored from the product's # quarantine feature. # 127.0.0.1    localhost ::1            localhost If a hosts file has been modified before the installation of F-Secure Client Security, the modified hosts file will be detected during the first system scan. If the hosts file is modified during a time when the Protect the hosts file feature has been disabled, the modified hosts file will be detected when the feature is turned back on.  Follow these steps to turn off the Protect the hosts file feature: Log in to Policy Manager Console Select the policy domain or host from the Domain Tree Go to the Settings tab and select Advanced view  Navigate to: F-Secure Anti-Spyware > Settings > Anti-Spyware Scanner > Real-Time Scanning > Real-Time Scanning Options > Protect the "hosts" File  Disable the setting  Distribute the policy (Ctrl + D) Article no: 000019105
View full article
Issue: How to create an Application control rule in F-Secure Policy Manager Console which blocks an application? What 'condition' should be used for example to block Microsoft Office using Application Control? Resolution: The F-Secure Application Control feature is included in F-Secure Client Security 14 Premium and newer versions.  Follow the example below to block Microsoft Office using Application Control: Log in to Policy Manager Console Select a Policy domain or host from from the Domain Tree Go to the Settings tab Go to Application control Click 'Add Rule' Conditions: Event : Run Application Action : Block Target product name : Contains Microsoft Office Article no: 000017426
View full article
Issue: Issues are appearing on isolated Client Security 14 hosts after performing offline malware definition updates (as documented here) Malware scan won't start. It is waiting for malware definition updates to install List of updates is showing Aquarius as Not installed Resolution: The offline updates package needs to be prepared from a Policy Manager Server running the same major version as the client software. If a package for a 14-series client is prepared using a 13-series Policy Manager, there will be update packages missing which will result in these issues.  To resolve, update the Policy Manager Server to the latest version and repeat the update process on the client(s). Article no: 000018917
View full article
Issue: Is it possible to choose a custom location (installation path) for the F-Secure Client Security installation on a Windows or Mac host?   Resolution: It is not possible to change the installation directory of F-Secure Client Security. Article no: 000018950
View full article
Issue: How to check what versions of virus definitions are currently installed on F-Secure Client Security 14 or Server Security 14 with the Windows Command line? Resolution: Follow these steps to run the fs_oneclient_info tool to print out product information sheet: 1. Open the Command Prompt (cmd) as an Administrator 2. Depending on the product, navigate to: Server Security 14: C:\Program Files (x86)\F-Secure\Server Security Client Security 14: C:\Program Files (x86)\F-Secure\Client Security 3. Run command: fs_oneclient_info.exe This will print the following statuses: License status: license validity and expiration date Update status: Update server info, last update date and list of latest installed updates Setting status   Article no: 000018421
View full article
Issue: Our current license certificate does not contain the most recent subscription information or license keys. How can I get an updated license certificate which includes the license keycodes required for when installing or updating to the newest product versions?  Resolution: To get a new license certificate, proceed to contact your local reseller or F-Secure sales contact. If you are uncertain of who this contact is, kindly create a support ticket here. Article no: 000001527
View full article
Issue: FSMAUTIL is no longer available for F-Secure Server Security/Client Security 14.x, how do I reset the host UID? Resolution: In F-Secure Server Security/Client Security 14.x, there is a new tool introduced called resetuid.exe to reset the host identity. This tool will replace FSMAUTIL (F-Secure Management Agent Utility) for both the products. The tool can be found in C:\Program Files (x86)\F-Secure\Client Security\BusinessSuite\ (Client Security 14.x) or  C:\Program Files (x86)\F-Secure\Server Security\BusinessSuite (Server Security 14.x). Check the Help page for the procedure. Usage: RESETUID SHOWUID  Shows the host Unique Identity currently in use. RESETUID RESETUID {SMBIOSGUID | RANDOMGUID | WINS | MAC} [APPLYNOW] Schedules regeneration of the host Unique Identity using one of the specified methods: SMBIOSGUID        - uses SMBIOS GUID RANDOMGUID      - uses randomly generated GUID WINS                      - uses WINS (NetBIOS) name MAC                       - uses MAC (ethernet card) address APPLYNOW           - If the product is running, requests to apply new Unique Identity immediately. Otherwise, it is applied to the next start of the product. Article no: 000008416
View full article
Issue: Windows Firewall status is red with error message: "Windows Defender firewall is not using the recommended settings to protect your computer" The Windows Firewall state is set to: ON Incoming connection is set to: Allow all connections to apps that are not on the list of blocked apps Resolution: If Windows Firewall is showing its status as red with message: "Windows Defender Firewall is not using the recommended settings to protect your computer", this is most likely due to the settings of the Unknown inbound and outbound connections from the F-Secure Client Security 14 firewall profile. In order to resolve the issue follow these steps: Open the Policy Manager console Select the host or domain from the Domain Tree Go to the Settings tab Browse to the Firewall menu Ensure the value under  "Profile being edited" is the correct profile Set the value of the Unknown inbound connections and Unknown outbound connections to Block Distribute the profile (ctrl +D) Once the host receives the new profile, the firewall should stop displaying the message and the status should turn to green.  Article no: 000018337
View full article
Issue: How can we configure a scheduled manual scan to only alert on detections (report only)? Resolution: This is currently not supported, but we are planning to improve this in upcoming versions of both Client Security 14.20 and Server Security 14.10. Both versions are expected to be released during the first half of 2020. Article no: 000017966
View full article
Issue: Firewall rules made with Policy Manager 14.x are not operational on Client Security 14.x clients. Firewall rules pushed from Policy Manager 14.x to Client Security 14.x clients do not appear in the Windows firewall. Resolution: Check that you have edited the same firewall profile that is in use on the client. This can be done by following these steps: Open F-Secure Policy Manager Console Select the host or domain from the Domain tree Go to the Settings tab Go to the Firewall page Check that Host profile and Profile being edited match If they match, the reason why the rule is not applied on the client is because it is an invalid rule. If the rule has many IP addresses in it, make sure that you have used a comma ( , ) in between each IP range as a value separator. Using a space or semicolon ( ; ) in between the IP ranges will invalidate the rule and it will not be visible in the Windows Firewall.  Article no: 000011310
View full article
Issue: How to disable Advanced Network Protection for Client Security 14 in Policy Manager 14? Resolution: To centrally disable Advanced Network Protection from target hosts in Policy Manager 14, follow these steps: Open F-Secure Policy Manager Choose the target host or domain from the Domain Tree Go to the Settings tab and use Standard View Go to Web traffic scanning section Choose from HTTP Scanning HTTP scanning enabled and set the value as disabled Distribute the new policy with the Distribute policies button Now Advanced Network protection is disabled from the target hosts. Article no: 000008143
View full article
Issue: After updating to Server Security Premium 14.00, a group of Servers are not getting Virus Definitions After upgrading to Client Security 14.10, Clients are not getting updates from Policy Manager Server Resolution: You can apply the hotfix FSCS1410-HF07 to resolve the problem. If the problem persists, make you are experiencing the same problem, by opening the following logs from affected Client and investigate them. Logs are usually located in the following path: C:\ProgramData\F-Secure  Open the C:\ProgramData\F-Secure\Log\AUA.log and scroll down to the latest event to see if you have a similar error: 2019-09-23 15:17:09.502 [0e50.1388] I: Connecting to updateserver:80/guts2 (proxy proxy.demo.com:8888) 2019-09-23 15:17:09.517 [0e50.1388] I: Update check failed, error=115 (operation in progress) Open the C:\ProgramData\F-Secure\Log\CCF\Guts2Plugin.log  and scroll down to the latest event to see if you have a similar error: 2019-10-01 09:54:30.351 [1284.1258] I: Guts2Client::UpdateCurrentProxyForRootServer: Save successful proxy 'proxy.demo.com:8888' 2019-10-01 09:54:30.352 [1284.1258] I: Guts2Client::CheckForUpdatesFromServer: Check from server 'fsms:80/guts2' 2019-10-01 09:54:30.365 [1284.1258] I: Guts2Client::RefreshAvailablePackages: Trying with proxy 'proxy.demo.com:8888' 2019-10-01 09:54:30.581 [1284.1258] I: [fslib] server returned HTTP status code 503 (try again later) 2019-10-01 09:54:30.581 [1284.1258] *E: [fslib] unable to fetch update information from the server, error 115 (operation in progress) 2019-10-01 09:54:30.581 [1284.1258] I: Guts2Client::RefreshAvailablePackagesProxyConfigured: Failed to refresh available packages, error=115 2019-10-01 09:54:30.581 [1284.1258] *E: Guts2Client::CheckForUpdatesFromServer: Failed to refresh available updates list 2019-10-01 09:54:30.587 [1284.1258] I: CCFGuts2Plugin::ScheduleCheck: Scheduling next check in 156 seconds As you can see, proxy.demo.com:8888' can answer 503 without forwarding a request to the Policy Manager Server/guts2 server. In this case, you could troubleshoot the HTTP-Proxy by checking the following: Retry the URL from the address bar again by clicking the reload/refresh button, or pressing F5 or Ctrl+R. Restart your router and/or your device, especially if you're seeing the "Service Unavailable - DNS Failure" error. As an option, you could disable the HTTP proxy for AUA, to see if the connection issue is caused by AUA. You can do this from the Policy Manager Console: 3.1  Under the F-Secure Automatic Updates Agent > HTTP  Settings > Use HTTP Proxy and set it to No. Deploy the policy.  If the changes you made now worked, make sure to enable your HTTP-Proxy to updateserver:80 (:443) Note:  When upgrading from Client Security 13.xx series: GUTS2 updates were already available, so the behavior didn't change  When upgrading from  Client Security 12.10-12.3x: Everything in the Client Security > Policy Manager communication was changed. If you are upgrading from 12.00 or older - also the protocol was changed from HTTP to HTTPS (but guts2 are still downloaded via HTTP). In the event that a proxy is/must be used ensure that no filtering for port 443 is enabled. Client Security 13.x already used GUTS2, where 503 was the "good answer", which means they would come back later, and that didn't cause fallback to the Internet.   Article no: 000015249
View full article
The product uses Windows Firewall to protect your computer.
View full article
If you have installed Client Security on hosts that do not have a network connection, you can update the malware definitions using the tool provided...
View full article
The following steps describe Policy Manager Proxy node installation for both Windows and Linux.
View full article
F-Secure has released a new generation engine for one of our core scanning engines, which, at F-Secure, we call Capricorn. The engine change brings...
View full article
To be able to combat the more adaptive and targeted attackers of the future even better, F-Secure has made a significant engine update.
View full article
This article describes how you can configure the MyNetwork rule in F-Secure Policy Manager.
View full article
This article explains how you can collect an MBR rootkit sample for F-Secure Labs to analyse.
View full article
There are several ways to get the Hardware ID for a device for the Device Control rules; Using Device Control statistics or Windows Device Manager.
View full article
If your corporate network is behind a proxy or a firewall that has strict deny rules, Software Updater may be unable to download patches from some...
View full article
Some updates, for example Notepad++, WinZip, and 7-Zip, are released unsigned. Software Updater does not automatically install unsigned updates and...
View full article
After having installed the F-Secure product on several workstations in the network, you notice that the Windows login is taking longer than usual,...
View full article
When deploying cloned virtual machines from a template, Policy Manager identifies them as identical machines even when each machine is configured to...
View full article
F-Secure Software Updater scans computers for missing software updates, and keeps Windows and third-party applications up to date and patched from...
View full article
Next-gen proxy is a role of Policy Manager Server, in which it proxies certain requests to Master Server while serving BackWeb and software updates...
View full article
This article provides you with information about the Ilauncher command line parameters.
View full article
Software Updater only installs security-related updates automatically. The installation of non-security-related updates and service packs is required...
View full article
Software Updater is a feature that ensures the operating systems and applications used in your organization are always up-to-date. This lowers the...
View full article
Policies are product configurations created on F-Secure Policy Manager and automatically picked up by the client machines. They define the settings of...
View full article
This article explains how the Launch Scan After Update functionality works for the Anti-Virus component.
View full article
This article explains how the intermediate server failover time setting found in F-Secure Automatic Update Agent (FSAUA) works.
View full article
This article describes how you can use ilauncher.exe with a limited user account to install the F-Secure software.
View full article
This article applies to Client Security 14.x and later Server Security 14.x and later
View full article
There are various malware monitoring opportunities available provided both by F-Secure and the operating system.
View full article
This article describes what logic Automatic Update Agent (AUA) uses to prioritize its updates fetch.
View full article
This article contains some pointers about installing F-Secure Client Security and F-Secure Policy Manager. It is intended for use by technical staff...
View full article
Issue: Via proxy or direct connection, F-Secure Client Security is not receiving updates from Policy Manager. The following errors are visible in C:\ProgramData\F-Secure\Log\AUA\AUA.log: [ 8068]Thu Aug 30 11:15:32 2018(3):  Connecting to http://<Policy Manager IP address>/guts2/ via http proxy <Proxy IP address> [ 3488]Thu Aug 30 11:15:32 2018(3):  Update check failed. There was an error connecting http://<Policy Manager IP address>/guts2/ via http proxy Proxy IP address (Server error) [12232]Thu Aug 30 11:15:32 2018(3):  Connecting to http://Policy Manager IP address/guts2/ (no http proxy) [ 3488]Thu Aug 30 11:15:32 2018(2):  Update check failed. There was an error connecting http://<Policy Manager IP address>/guts2. (Unspecified error) [10736]Thu Aug 30 11:17:41 2018(3):  Connecting to http://Policy Manager IP address/ via http proxy Proxy IP address [ 3488]Thu Aug 30 11:17:41 2018(3):  Update check failed. There was an error connecting http://Policy Manager IP address/guts2/ via http proxy Proxy IP address (Server error) Resolution: Test the connectivity from the host to Policy Manager Server by using the HTTP and HTTPS protocol: Open any web browser on the host that has F-Secure Client Security installed. Enter the IP address of the Policy Manager and press Enter. Repeat the test, only this time by using the HTTPS protocol (for example https://192.168.0.10:443/). If the HTTP (automatic updates) and HTTPS (management agent) connections are working, the web page should display the following information: If the connection fails, troubleshoot the network connectivity between the host and Policy Manager at your end. Verify whether the host and the server have permission to connect to each and other (for example corporate firewall, proxy). If the intermediate proxy is a PMP instance and the clients are unable to download updates via it, ensure that PMP can connect to the internet directly as the default configuration for the proxy is forward mode. In this mode, updates are downloaded via PMP but from the internet and not from Policy Manager Server. This configuration is controlled by changing the proxy mode to either reverse or forward.  Reverse vs. forward modes define whether the virus definitions and software updates are retrieved directly from the internet or from the configured upstream Policy Manager Server or other proxy. Forward proxy is used to minimize traffic between networks, for example between a branch office and HQ. Reverse proxy is used for example in environments where the proxy has no direct connection to the internet, or to minimize the load on the master server (or other forward proxy). By default the proxy is installed in forward mode. Set "-DreverseProxy=true" additional Java argument to switch it to the 'reverse' mode. You can verify whether PMP can download updates by checking the c:\program files (x86)\Management Server 5\logs\fspms-download-updates.log file. The following message is an example of downloading updates failing: 26.03.2019 14:47:44,034 ERROR [c.f.f.s.g.d.DownloadUpdatesService] - Error while checking latest updates org.apache.http.conn.ConnectTimeoutException: Connect to guts2.sp.f-secure.com:80 [guts2.sp.f-secure.com/2.21.76.146, guts2.sp.f-secure.com/2.21.76.152] failed: connect timed out. Article no: 000006708
View full article
Issue: Clients are not able to get updates from the Policy Manager server Virus definitions shows later than the Policy Manager is Serving Update server is shown as wait.pmp-selector.local Policy Manager shows that Client Security is still in the old version even though on the client it is the newer version Resolution: The update server is shown as wait.pmp-selector.local until the client has successfully connected to the Policy Manager Server for the first time after the upgrade or installation. This is an indication that there is a connectivity issue between the clients and the Policy Manager server. First, check that you have set the correct Policy Manager Server address when exporting the installation file. You can check if the address is correct and if the HTTP connection works by opening a web browser on a client and then entering the Policy Manager Server address and the HTTP port in the address field.  Example: 10.132.2.19:80  Client Security 13 and earlier versions supported fallback to using HTTP connection if HTTPS did not work. Please check that both the HTTP and HTTPS ports are open in the firewall on the Policy Manager Server. By default Policy Manager listens to HTTP port 80 and HTTPS port 443, but these can be changed during installation.  Check that you have entered the correct Policy Manager Server address, HTTP port and HTTPS port when creating the installation file. If you have used the wrong address or ports when creating the installation file, you will need to reinstall the product with a new installation file with the correct settings.    If you are using Policy Manager Proxy in your environment, try these steps: Make sure that Policy Manager proxy servers are updated to 14 versions For Client Security 14 clients HTTPS connection support is required and for versions 13 and earlier it was not "Allow fallback" is not mandatory if everything is configured properly If you are not sure if it is configured properly, allow the option Fall back to Policy Manager Proxy which can be found under Automatic Update Agent in Policy Manager Console. If you cannot find an issue with your configuration, open a support request and submit an FSDiag diagnostic file from the Policy Manager Server and one of the affected client for further analysis and troubleshooting. Article no: 000009396
View full article
Issue: How can I manually isolate hosts from the network with Policy Manager? Resolution: You can isolate one or more hosts from the network. Note: Use network isolation with caution and only in case of a network attack. To isolate a host from the network: Select the target host in the policy domain tree Go to the Operations tab Click Isolate under Network isolation. This isolates the selected host from the network To reconnect an isolated host to the network, click Release on the Operations tab. Isolated hosts are shown on the Host issues section of the dashboard. This feature is only available in Policy Manager 14.10 and newer. Article no: 000015929
View full article
Issue: The DeepGuard status of a F-Secure Client Security 14.0x client in Policy Manager in the Overall Protection section, the status is shown as "Unknown".   Resolution: This is a known issue and an upgrade to F-Secure Client Security version 14.10 or newer fixes the issue. The older Client Security 14 do not have the upload of DeepGuard module version to Policy Manager enabled.   Article no: 000012983
View full article
Issue: In Client Security 14, how do you activate the Offload Scanning functionality for virtual environments? Resolution: Starting from F-Secure Client Security version 14 onwards, the Offload Scanning Agent (OSA) is activated through the policy.  This policy setting may or may not be included in the installation package. Changing the setting In order to activate or deactivate the functionality, you can change it under the following setting using the Policy Manager Console: Standard view > Real-time scanning > Virtualization support Set the checkbox accordingly for the setting named Offload file scanning Article no: 000008176
View full article