Business Suite

Sort by:
This article explains how you can collect an MBR rootkit sample for F-Secure Labs to analyse.
View full article
The following steps describe Policy Manager Proxy node installation for both Windows and Linux.
View full article
Next-gen proxy is a role of Policy Manager Server, in which it proxies certain requests to Master Server while serving BackWeb and software updates...
View full article
There are several ways to get the Hardware ID for a device for the Device Control rules; Using Device Control statistics or Windows Device Manager.
View full article
When deploying cloned virtual machines from a template, Policy Manager identifies them as identical machines even when each machine is configured to...
View full article
This article describes what logic Automatic Update Agent (AUA) uses to prioritize its updates fetch.
View full article
This article explains how the Launch Scan After Update functionality works for the Anti-Virus component.
View full article
This article provides you with information about the Ilauncher command line parameters.
View full article
This article describes how you can configure the MyNetwork rule in F-Secure Policy Manager.
View full article
This article contains some pointers about installing F-Secure Client Security and F-Secure Policy Manager. It is intended for use by technical staff...
View full article
There are various malware monitoring opportunities available provided both by F-Secure and the operating system.
View full article
Policies are product configurations created on F-Secure Policy Manager and automatically picked up by the client machines. They define the settings of...
View full article
This article explains how the intermediate server failover time setting found in F-Secure Automatic Update Agent (FSAUA) works.
View full article
This article describes how you can use ilauncher.exe with a limited user account to install the F-Secure software.
View full article
After having installed the F-Secure product on several workstations in the network, you notice that the Windows login is taking longer than usual,...
View full article
This article provides information on how you can exclude files from scanning by using wildcard characters in the F-Secure antivirus products.
View full article
Issue: We used to be able see in the Policy Manager Console Alerts list frequent alerts with the source being F-Secure Anti-Spyware. After upgrading to F-Secure Client Security 13 or newer such alerts are not being sent from the clients. Where can we see events from the F-Secure Anti-spyware module? Resolution: The F-Secure Anti-Spyware reporting has been integrated to F-Secure Anti-Virus in F-Secure Client Security 13 and newer versions. If you have for example F-Secure Client Security 14 installed on your clients, any Anti-Spyware alerts are reported to Policy Manager Console, the source will be shown as F-Secure Anti-Virus.   Article no: 000018481
View full article
Issue: How will F-Secure Server Security and Client Security clients receive virus definition updates, if the Policy Manager Server is temporarily unreachable? Resolution: The client can be set to automatically switch over to the F-Secure Update Server if the Policy Manager Server is unreachable. The client will try for at least one hour (default) or more to reach the designated Policy Manager Server or Policy Manager Proxy. If the client is not able to reach the Policy Manager Server or the Policy Manager Proxy, it will then try to connect to the F-Secure Update Server instead to download the updates. Important: The host on which the F-Secure Client Security or Server Security is installed, must be able to reach required F-Secure domain: http://guts2.sp.f-secure.com To change this setting, follow these steps: Log on to your F-Secure Policy Manager Console Select the Policy domain   or Host   /   where you want to edit the policy on Switch to the Advanced view Navigate to F-Secure Automatic Update Agent > Settings > Communication > Allow fetching updates from F-Secure Update Server = Yes To adjust the time until this failover is used, modify the setting here: F-Secure Automatic Update Agent > Settings > Communication > Intermediate Server failover time Distribute the policy  Note: The time setting for the failover must range between 1 hour and 256 days   Article no: 000004400
View full article
Issue: How to check what versions of virus definitions are currently installed on F-Secure Client Security 14 or Server Security 14 with the Windows Command line? Resolution: Follow these steps to run the fs_oneclient_info tool to print out product information sheet: 1. Open the Command Prompt (cmd) as an Administrator 2. Depending on the product, navigate to: Server Security 14: C:\Program Files (x86)\F-Secure\Server Security Client Security 14: C:\Program Files (x86)\F-Secure\Client Security 3. Run command: fs_oneclient_info.exe This will print the following statuses: License status: license validity and expiration date Update status: Update server info, last update date and list of latest installed updates Setting status   Article no: 000018421
View full article
Issue: When Web traffic scanning feature is enabled, some web applications and URLs are inaccessible or there are connectivity or performance issues. Java-based applications unable to connect to an internal server or there are connectivity issues. Issue started after client received the F-Secure Online Safety 2019-11-19_01 update. Resolution: 1. Make sure ORSP Service (F-Secure Security Cloud) is enabled. You may find more information about the Security Cloud here How to enable ORSP via Policy Manager console: Log in to Policy Manager Console Select the host or domain from the Domain Tree Go to the Settings tab (Advanced view) Navigate to F-Secure Security Cloud Client > Settings Enable Allow deeper analysis and Client is enabled Distribute the policy (Ctrl+D) You can ping the ORSP Service on your local client and see if its reachable:  orsp.f-secure.com  From Web Browser  Open   http://orsp.f-secure.com/getc  and browser must be able to download certificate file from the URL. If it is reporting an error or hangs for several minutes, then there is a problem. Connectivity to DOORMAN service: Browse to  https://doorman.sc.fsapi.com/doorman/v1/healthcheck  browser must reply 'OK'   You might have to check your firewall settings and allow *.f-secure.com and *.fsapi.com. More about URL addresses for F-Secure update services can be found here. Note: If ORSP is off, this means that our security cloud client can not access our remote services. This is the root of the slowness/hangs/interoperability etc. 2. You can add the server address as trusted. This will exclude the server from Web Traffic Scanning. How to add the server address as trusted differs between F-Secure Client Security versions: For F-Secure Client Security 13.x: Log in to F-Secure Policy Manager Console Select the host or domain from the Domain Tree Go to the Settings tab and select Advanced view Navigate to F-Secure Anti-Virus -> Settings -> Settings for Web Traffic Scanning -> Trusted Servers Click Add and enter the server address  Distribute the policy (Ctrl+D) With Client Security 13.x clients the address needs to have the /* wildcard added after the server address, for example: http://193.110.109.55/* http://sql-server-2008:8080/* SAMPLESERVER:8080/* For F-Secure Client Security 14.x: Log in to F-Secure Policy Manager Console Select the host or domain from the Domain Tree Go to the Settings tab and select Standard view Go to the Web content control page Click Add on the right side of the Trusted sites list Enter the server address in the Address column Distribute the policy (Ctrl+D) With Client Security 14.x clients no wildcard is needed in the address, for example: http://193.110.109.55 http://sql-server-2008:8080 SAMPLESERVER:8080 If the steps above did not solve your problem, please try to disable Botnet Blocker and/or DeepGuard How to disable Botnet blocker: Log in to F-Secure Policy Manager Console Select the host or domain from the Domain Tree Go to the Settings tab and select Standard view Navigate to Web traffic scanning and select Botnet Blocker Set the DNS query filtering to Allow all queries Distribute the policy (Ctrl+D) Article no: 000004728
View full article
Issue: Windows Firewall status is red with error message: "Windows Defender firewall is not using the recommended settings to protect your computer" The Windows Firewall state is set to: ON Incoming connection is set to: Allow all connections to apps that are not on the list of blocked apps Resolution: If Windows Firewall is showing its status as red with message: "Windows Defender Firewall is not using the recommended settings to protect your computer", this is most likely due to the settings of the Unknown inbound and outbound connections from the F-Secure Client Security 14 firewall profile. In order to resolve the issue follow these steps: Open the Policy Manager console Select the host or domain from the Domain Tree Go to the Settings tab Browse to the Firewall menu Ensure the value under  "Profile being edited" is the correct profile Set the value of the Unknown inbound connections and Unknown outbound connections to Block Distribute the profile (ctrl +D) Once the host receives the new profile, the firewall should stop displaying the message and the status should turn to green.  Article no: 000018337
View full article
Issue: Offload Scanning connection is down during a system restart. After system restarted, the connection is restored after few seconds. Resolution: This is expected product behavior if the Offload Scanning connection is established after few seconds during system restart. During system startup, the Offload Scanning Agent (OSA) service will attempt to establish a connection with the Scanning & Reputation Server (SRS). If the connection to SRS is unreachable due to some reason (e.g. Internal network congestion), the service will re-attempt to establish the connection. Article no: 000018019
View full article
Issue: How can we configure a scheduled manual scan to only alert on detections (report only)? Resolution: This is currently not supported, but we are planning to improve this in upcoming versions of both Client Security 14.20 and Server Security 14.10. Both versions are expected to be released during the first half of 2020. Article no: 000017966
View full article
Issue: After upgrading Server Security to version 14.00, the NTUSER.DAT file is often corrupted when loading server-based profiles Same issue with upgrade to Client Security 14.10  Resolution: Avdaemon.dll is doing multiple service tasks. One of tasks is the setting conversion and resolving paths environment profiles e.g. %desktop% using user profile and loads each profile into memory. In this case Windows cannot find the local profile and is logging the user with a temporary profile. Changes you make to this profile will be lost when you log off. Ransomware loads user profile aka ntuser.dat to resolve protected path. It seems that it is doing it, even if anti-Ransomware is off. This issue will be fixed in the next versions of the products.  Currently we have hotfix FSCS1410-HF11 that fixes the issue, but before applying the hotfix, which contains a new avdaemon.dll file, make sure the steps below help you resolve the issue: Contact F-Secure support and we will provide you with the hotfix FSCS1410-HF11 and the new avdaemon.dll file Rename avdaemon.dll on one of the affected hosts and restart fshoster service to see if this helps. The avdaemon.dll is located here: C:\Program Files (x86)\F-Secure\Client Security and C:\Program Files (x86)\F-Secure\Server Security If the renaming avdaemon.dll solves the issue, replace the avdaemon.dll file with the fixed version and restart the fshoster service If the replacement helped, you can apply hotfix FSCS1410-HF11 on all of your affected clients Follow these steps to install the hotfix to centrally managed computers: Log into F-Secure Policy Manager Console  Select Installation tab Click Installation packages  Import the hotfix jar file Select appropriate domain or host from the Domain Tree press Install  Select this hotfix FSCS1410-HF11 Distribute policies Article no: 000012303
View full article
Issue: How does the firewall automatic selection in Policy Manager work? How to set up the automatic selection profile? Resolution: To set the firewall automatic selection profile changes to work, create the auto select rule based on conditions such as gateway IP, DNS, etc. As an example, when the Windows Firewall profile is changed to different networks (public, private, domain), there is network change happening too. This can be used as the condition for firewall automatic selection rule to trigger. When a host is connected to Domain network, it will use default firewall profile "Office, file and printer sharing". When a host is connected to Public network and assign to DHCP IP address, it will switch to firewall profile "Server". When a host is connected to Private network that communicate to gateway IP (Example: 192.168.1.103), it will switch to firewall profile "My test firewall profile". Note: The firewall automatic selection is based on rules priority. The rule consists of two conditions: Method1/Argument1 and Method2/Argument2.  When both conditions are met, the profile specified in the rule is selected. The rules are evaluated whenever changes in the network interfaces are detected, and the rule with the highest priority is applied in case there are more than one matching rule.  If none of the rules match, the profile will remain unchanged. Therefore a fallback rule, with both methods set to Always, is usually put at the bottom of the rule set. Supported methods and arguments: Never: Never true (argument ignored) Always: Always true (argument ignored) DNS Server IP Address: IP address given as the argument matches with a DNS server DHCP Server IP Address: IP address given as the argument matches with a DHCP server Default Gateway IP Address: IP address given as the argument matches with the default gateway My Network: IP address given as the argument falls within the LAN subnet of the host Dialup: A dial-up connection is open (argument ignored) In IP address arguments, the asterisk (*) may be used as a wildcard, but only in place of whole pieces of the address. For instance 172.16.*.*, but not 172.16.*10.* or 172.16.*. Example: Method1 = Default Gateway IP Address Argument1 = 123.12.0.1 Note: The Argument value is irrelevant for Always, Never and Dialup methods. How to configure My Network rule in Policy Manager autoselect: https://community.f-secure.com/t5/Business-Suite/How-to-configure-MyNetwork-rule/ta-p/20670 Article no: 000013127
View full article
Issue: FSMAUTIL is no longer available for F-Secure Server Security/Client Security 14.x, how do I reset the host UID? Resolution: In F-Secure Server Security/Client Security 14.x, there is a new tool introduced called resetuid.exe to reset the host identity. This tool will replace FSMAUTIL (F-Secure Management Agent Utility) for both the products. The tool can be found in C:\Program Files (x86)\F-Secure\Client Security\BusinessSuite\ (Client Security 14.x) or  C:\Program Files (x86)\F-Secure\Server Security\BusinessSuite (Server Security 14.x). Check the Help page for the procedure. Usage: RESETUID SHOWUID  Shows the host Unique Identity currently in use. RESETUID RESETUID {SMBIOSGUID | RANDOMGUID | WINS | MAC} [APPLYNOW] Schedules regeneration of the host Unique Identity using one of the specified methods: SMBIOSGUID        - uses SMBIOS GUID RANDOMGUID      - uses randomly generated GUID WINS                      - uses WINS (NetBIOS) name MAC                       - uses MAC (ethernet card) address APPLYNOW           - If the product is running, requests to apply new Unique Identity immediately. Otherwise, it is applied to the next start of the product. Article no: 000008416
View full article
Issue: During installation of Client Security 14.x we are receiving a notification saying Overlapped I/O operation is in progress. Running the uninstallation tool between attempts has no impact. Resolution: This points towards a Microsoft-related issue which can be remedied by renaming a Microsoft folder, running our uninstallation tool and reinstalling Client Security. To verify this, look for events with ID 997 within the Windows Event Viewer. Steps to resolve: Rename the following folder C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 to C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18_BAK Run the F-Secure uninstallation tool: https://download.sp.f-secure.com/uninstallationtool/FsUninstallationTool.exe Remove any F-Secure folders and files from C:\Program Files (x86), C:\Program Files and C:\ProgramData Delete all F-Secure registry entries from the Registry Editor: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Data Fellows Re-install F-Secure Client Security onto the host Article no: 000016801
View full article
Issue: Visible effects: Windows Server operating system with Server Security 14.00 installed is hanging Windows Desktop operating system with Client Security 13.00 or newer installed is hanging Resolution: UPDATE: The issue related to F-Secure Ultralight Core Update 2019-10-01_01 has now been fixed in the latest Ultralight Core Update, which is available as an automatic update by name  F-Secure Ultralight Core Update 2019-10-22_01. However, if you are still facing similar issues after the update fix, this may happen if F-Secure product have F-Secure Security Cloud Client enabled, but don't have access allowed to fsapi.com address. To resolve this issue, make sure that you have allowed access to fsapi.com from your environment. In case you have isolated environment, or otherwise cannot allow access to fsapi.com, disable F-Secure Security Cloud Client via Policy Manager Console: Log in to Policy Manager Console. Go to Settings tab. Select Advanced view. Navigate to: F-Security Security Cloud Client > Settings > Client is enabled. Select No from the drop-down menu. Make sure that the setting is locked. Distribute policies (CTRL-D). In case you should not have restricted network access, or if above steps didn't help, contact F-Secure support for further assistance. Article no: 000016583
View full article
Issue: Currently we are using F-Secure Client Security 13.xx and F-Secure Policy Manager 13.xx and before we upgrade to Version 14.00 we would like to know what happens to the current F-Secure Firewall configurations? We upgraded from Client Security 13.11 to 14.10 and Windows firewall profile changes, when F-Secure Firewall is enabled/disabled After upgrading to 14.02 and 14.02 Clients are having different issues, like: Internet is breaking, Internet Explorer and other application that run in Production are freezing F-Secure firewall is deactivated from Policy Manager, but there are still rules  Windows firewall under outbound rules Resolution: F-Secure firewall is replaced with the Windows firewall engine. It is automatically turned on after installing Client Security 14.00, unless explicitly disabled in the policies. You may find more information about the new firewall engine here:https://help.f-secure.com/product.html#business/releasenotes-business/latest/en/fscs_14_02-latest-en Support for the new firewall engine Centralized configuration experience remains unchanged as much as possible. The main difference in the configuration logic is the introduction of profiles, which compared to Security levels do not use a policy inheritance model, but use a copy-on-modify approach instead. In addition to a set of firewall rules, the profiles contain a number of related settings. Network services list is now treated as a global dictionary, which is the same for all Policy Manager administrators. Internet Shield's Application control feature is no longer supported in Client Security 14.00 and is superseded by a new version of Application control. To better reflect the nature of the old Application Control, it is renamed to Network Access Control. Why F-Secure dropped its own Firewall? The main reason is the unification of clients based on "Oneclient" that doesn't have F-Secure firewall. Do we have to configure rules and services for Version 14.00? Yes Does this mean, we have to redo all our rules when we Upgrade to 14.00? Yes Does the automatic switching of the firewall profiles (Office/ Mobile) continue to work according to certain criteria? Yes Does the quarantine function work with the 14.00 version? Yes If the virus signature is outdated, the device will be quarantined and only the connection to the update server will still work and update after successful signatures, the firewall will be activated according to the profile? Yes, if quarantine is activated I still see F-Secure Services in "Allowed Applications and features" in Windows Firewall, though I have disabled F-Secure firewall. It remains there,  because our plugin has been loaded once and it will be removed on uninstallation. It won't work in any case as you have deactivated the firewall. How do I disable F-Secure firewall? Note: In the next release, we will get back the previous behavior, where you can uncheck Firewall component during msi deployment from Policy Manager. In the current Client Security Version 14.xx, you can export msi with custom policy that has a disabled firewall. Windows Firewall won't be affected by F-Secure firewall plugin, it will stay at the same state as it was before our installation. F-Secure plugin allows managing of Windows firewall from Policy Manager. We add our default rules for our own services and administrator can add their custom rules from Policy Manager. If administrator does not want to use our firewall, then you can either disable it by regular means described in the above line or : a. Use GPO to enable Windows firewall + disable our firewall from Policy Mnaager b. Rename fs_manageable_win_firewall_32.dll in CS installation directory and restart the client. This way our plugin will be broken and won't be able to start. Article no: 000008510
View full article
Issue: How to create a custom firewall rule (service)? Resolution: To create a custom firewall rule over the Policy Manager Console: For Client Security 14 Open the Policy Manager Console and go to the Settings-tab Go to Firewall, using Standard view (changeable in the upper right corner) Make sure the 14.X clients-tab is selected Select the profile you want to edit from the Profile being edited-dropdown menu (if the list only contains the default profiles, clone the one you want to use as a base as the defaults can't be modified) Click Add rule on the right of the firewall rules list and create the rule as needed (see step 6 if the service required is missing) If the service you want to add is missing, click on Configure network services below the firewall rule list. Click Add and follow the steps to add a new firewall service Check the Enabled-checkbox to the left of the rule name to make sure that it is in use Distribute the new policy by clicking the symbol in the upper left corner of the interface, or by pressing Ctrl+D For Client Security 13 Open the Policy Manager Console and go to the Settings-tab  Go to the Advanced view Select F-Secure Internet Shield  Go to Settings and select Services Press Add and create a custom rule Go to Rules and select the firewall Security Level you want to work with Press Add before/Add after and select the rule you have created Distribute the new policy by clicking the symbol in the upper left corner of the interface, or by pressing Ctrl+D Note: Make sure, that the correct Security Level is assigned to the workstations: <F-Secure Internet Shield>Security Level> Active Security Level>. To create a custom firewall rule locally on the workstation: In Client Security 14 In versions 14.00 and later, rules are added through the Windows firewall settings. You can reach them through the Client Security user interface: Open F-Secure Client Security Click on Tools Click on Firewall settings Click on the Change Windows Firewall settings...-link to be brought to the Windows firewall settings In Client Security 13 Open F-Secure Client Security Go to Settings and select Internet Connection Go to Firewall and select Services Press Add and create a custom rule Go back to Firewall and select Rules Select the firewall Security Level you want to work with Press Add and select the rule you have created Press OK Additional information can be found here: https://community.f-secure.com/t5/Business-Suite/How-do-I-create-a-custom/ta-p/116212 https://community.f-secure.com/t5/Business-Suite/How-do-I-create-a-custom/ta-p/116213 Article no: 000002698
View full article
Issue: How do I run a manual scan using the command line on F-Secure Server Security 14.x or Client Security 14.x? Resolution: The command line option to execute a manual scan can be either used to run a scan on-demand. Additionally the command and the arguments can be used to fill the "Generic" scheduled scan task specific parameters. To run the task locally via command line: Press the Windows button Search for cmd.exe and press Enter Navigate to your F-Secure client's installation directory (for example: cd C:\Program Files (x86)\F-Secure\) For Client Security, navigate further to the Client Security directory. For Server Security, navigate to the Server Security directory. Type in fsscan.exe and add any of the below arguments/options, then press Enter The scan will be executed and further details will be returned in the command window Example 1 Retrieving information on available options: C:\Program Files (x86)\F-Secure\Client Security>fsscan -?   Usage: fsscan [options] Options: --sched, -s     Runs a scan optimized for scheduled scanning --target, -t <target> Scans the given <target> --report, -r <report> Writes an unformatted report to <report> file (only with -c) --delete, -d Deletes all harmful files found --collection, -c Runs a scan optimized for large collections of harmful files --noflyer, -f Skip showing scheduled scanning flyer -?, -h, --help Displays this help Example 2 Scanning a specific directory ( downloads directory of the user Foo) : C:\Program Files (x86)\F-Secure\Client Security>fsscan.exe -t C:\Users\Foo\Downloads\   Setting up a scheduled scan on a specific directory via Policy Manager Console: Log on to your F-Secure Policy Manager Console. Select the Policy domain   or Host   /   where you want to edit the policy on. In the Settings, select the Manual Scan item Go to the table under Scheduled scanning Add a new row Choose Task Type = Generic Edit the Task Type Specific Parameters, for example to scan the downloads directory of the user Foo: C:\Program Files (x86)\F-Secure\Server Security\fsscan.exe -t C:\Users\Foo\Downloads Exit the table Distribute the policy  Article no: 000011456
View full article
Issue: Security Cloud Client is not connected on Server Security 14.x / Client Security 14.x Resolution: Make sure that the affected F-Secure host is allowed to connect to the URL orsp.f-secure.com. If this host requires a connection via HTTP proxy to access this URL, you have to configure these settings via the F-Secure Policy Manager Console: Log on to your F-Secure Policy Manager Console. Select the Policy domain   or Host   /   where you want to edit the policy on. Switch to the Advanced view. Go to F-Secure Security Cloud Client > Settings > HTTP Proxy. Modify the value to suit your HTTP proxy requirements: 'http://server:port', e.g. 'http://my.domain.com:1234' Distribute the policy  . Note: If there is no parameter set under F-Secure Security Cloud Client > Settings > HTTP Proxy, the F-Secure Security Cloud Client will use the proxy configuration from the F-Secure Automatic Update Agent (AUA) by default: F-Secure Automatic Update Agent > Settings > Communications > HTTP settings > Use HTTP proxy Note: Server Security 14.00 and Client Security 14.x do not support proxy authentication. Article no: 000014893
View full article
Issue: Unable to change Management Server Address on Client Security or Server Security hosts because the public and private admin keys do not match. Need to migrate hosts between two Policy Manager Servers without having to do a re-installation of the software client side.  Resolution: If your Policy Manager ONLY manages clients running Client Security 14.00 or newer, you can create a Keyreplacer yourself with a tool that can be provided to you by support.  The tool comes with instructions on how to create the keyreplacer-file. You will need to know the IP-address or hostname of the new Policy manager, the http- and https-ports that it uses, and depending on the situation, its admin.pub-file (see steps to download admin.pub below). To deploy the keyreplacer, see steps for "Instruction to deploy the Key Replacer fix" below. In case you are also managing other installations, kindly provide us with the following information from the new Policy Manager for assistance to create Key Replacer fix. Admin.pub file The Policy Manager management address The http- and https-ports used by the Policy Manager ( On Linux systems the port information can be found in the following log: /var/opt/f-secure/fspms/logs/fspms-stderrout.log ) To download admin.pub file, please follow these steps: Login to the PM console In the top menu, click Tools > Server Configuration > Keys Click Export to download admin.pub and admin.prv files Attach the admin.pub file to your e-mail reply and we will create the Key Replacer hotfix file for you. Instruction to deploy the Key Replacer fix Please close the Policy Manager Console and stop Policy Manager Server service in services.msc You can also stop Policy Manager service by opening a command prompt with elevated mode and typing in the below command. net stop fsms Configure the registry on the Policy Manager Server Locate this registry key: "HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Server 5" for - 32bits OS "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432node\Data Fellows\F-Secure\Management Server 5" for - 64bits OS Right-click on Management Server 5 Registry Key and add a new String Value with the following: Name: additional_java_args Data field: -DallowUnsignedWithRiwsAndMibs=true Note: Please don't remove the -D on the beginning of the string or it will not work properly.   The same works for Linux, but you need to use config file /etc/opt/f-secure/fspms/fspms.conf instead of the registry. Create a new line with parameter additional_java_args and specify Java system properties in its value in quotes in the following format: -DpropertyName=value. Multiple properties can be specified using space as a delimiter. Property names and values are case sensitive. Example: additional_java_args=-DallowUnsignedWithRiwsAndMibs=true -Dh2ConsoleEnabled=true -DmaxSynchronousPackageRetrievalRequests=100   Start the Policy Manager Server service and open the Policy Manager Console Go to the Installation-tab and click Installation packages Click Import to import "KeyReplacer_unsigned.jar" file to the Policy Manager Console as an Installation package Deploy the KeyReplacer file to all clients, for example using a policy-based installation After the deployment is finished import the hosts in the Policy Manager Console by going to the Installation tab and clicking "Import new hosts". Article no: 000003212
View full article
Issue: F-Secure scheduled scan causes high CPU usage. How can I reduce this? Resolution: Follow the steps below to change the priority of the scan from "Normal" to "Background" to improve the host performance during scheduled scanning: Open F-Secure Policy Manager console. Click on the Settings tab. Select Advanced view. Click F-Secure Anti-Virus. Click Settings. Click Settings for Manual Scanning. Click Scanning Options. Change the Priority value to Background. Article no: 000001585
View full article
Issue: How to migrate from Client Security to Computer Protection using Policy Manager? Resolution: Kindly follow the steps explained here on migrating from Client Security to Computer Protection using Policy Manager Console. NOTE: The bs2cp_psb*.jar file that needs to be downloaded is dependable on which F-Secure PSB portal you have your F-Secure PSB Computer Protection subscription in and not the region where you are located. EMEA: https://emea.psb.f-secure.com/ AMER: https://amer.psb.f-secure.com/ APAC: https://apac.psb.f-secure.com/ EMEA2: https://emea2.psb.f-secure.com/ EMEA3: https://emea3.psb.f-secure.com/ Your login credentials will only be applicable to one of these portals, therefore, the bs2cp_psb*.jar file is dependent on this. Article no: 000007334
View full article
Issue: New updates for some software such as Citrix Receiver appear on the Software Updates list in Policy Manager console Software Updater. Whenever I try to download and install them, I receive the following status message: The update package must be downloaded manually. What does it mean and how can I install the newest updates? Resolution: The message means that the updates must be downloaded directly from the Citrix Receiver official website. After downloading the updates, install them manually as it is not possible to do it via the Policy Manager console or by using Software Updater.  The reason why it is not possible is that more and more sites require authentication (e.g. "I'm not a robot" captcha).  In those cases where Software Updater cannot download the updates, it advises that an update is available and can be installed manually to ensure security. Article no: 000014817
View full article
Issue: I am trying to activate Client Security 14.xx with the License key we used for 13.xx but it is not recognized. Resolution: Please check that you are using a valid license key. License keys differ between versions. Contact your reseller to obtain your updated license keys and certificates Article no: 000012137
View full article
Issue: How to disable Advanced Network Protection for Client Security 14 in Policy Manager 14? Resolution: To centrally disable Advanced Network Protection from target hosts in Policy Manager 14, follow these steps: Open F-Secure Policy Manager Choose the target host or domain from the Domain Tree Go to the Settings tab and use Standard View Go to Web traffic scanning section Choose from HTTP Scanning HTTP scanning enabled and set the value as disabled Distribute the new policy with the Distribute policies button Now Advanced Network protection is disabled from the target hosts. Article no: 000008143
View full article
Issue: DNS resolution for certain sites are blocked with the product installed. How to avoid this from happening? Resolution: Most likely the DNS resolution is blocked by the Botnet Blocker feature. The site is rated as unsafe and hence blocked by the feature. You need to do the following: 1. Share the URL with the Labs team, for further investigation. The Labs team will whitelist the URL if the site is not malicious: https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-url 2. Whitelist the blocked site or the IP address of the blocked site via the Advanced View in the PM Console at: ======================================================================== * F-Secure Browsing Protection > Settings > Reputation Based Protection > Trusted Hosts * F-Secure Browsing Protection > Settings > Reputation Based Protection > Trusted Sites ======================================================================== Article no: 000003887
View full article
Issue: In Client Security 14, how do you activate the Offload Scanning functionality for virtual environments? Resolution: Starting from F-Secure Client Security version 14 onwards, the Offload Scanning Agent (OSA) is activated through the policy.  This policy setting may or may not be included in the installation package. Changing the setting In order to activate or deactivate the functionality, you can change it under the following setting using the Policy Manager Console: Standard view > Real-time scanning > Virtualization support Set the checkbox accordingly for the setting named Offload file scanning Article no: 000008176
View full article
Issue: After the file SHA-1 hash and file path is excluded in F-Secure Client Security 13.x/14.x, Deepguard continues to block the application. Resolution: If you are using F-Secure Policy Manager version 14, in Real-time scanning the option "Do not scan the following files and applications" is only applicable for F-Secure Client Security 14 and newer. In order to exclude an application path from Deepguard for F-Secure Client Security 13.x, do the following: Log in to Policy Manager Console. Click on the Settings tab. Click Advanced View. Click F-Secure DeepGuard. Click Settings. Click Excluded applications. Enter the full path of the application. Distribute the policies. Note: If you are using F-Secure Client Security 13.10, kindly upgrade to 13.11 since the latest version has improvements for Deepguard. Wildcard exclusions are only applicable for Real-time scanning. For Deepguard exclusion, kindly use file or folder path. F-Secure Security Cloud (ORSP) has a higher priority compared to SHA-1 exclusions. Only file or folder path exclusion has higher priority over ORSP. If the exclusions were done for F-Secure Client Security 14.10 and the application is still being blocked, kindly contact F-Secure Customer Care here for assistance. Article no: 000009628
View full article
Issue: Universal CRT is not installed therefore Client Security 14.x/Server Security 14.00 installation fails. In Policy Manger Console, push installations result in the error message Installation failed. MSI error code is 1603. The following error can be seen in Windows Application Event Logs: Product: F-Secure Client Security [Premium] 14.XX/F-Secure Server Security [Premium] 14.XX -- Universal CRT is not installed  Resolution: The latest version of Client Security 14.x/Server Security 14.00 requires Windows Universal C Runtime. Download and install Windows Universal C Runtime from the link here before installing F-Secure Client Security 14.x/Server Security 14.00.   Article no: 000008994
View full article
Issue: The Allow button to Restore files from quarantine is grayed out in Client Security 14.10 . How can I allow this from Policy Manager? Resolution: You can allow a local user to restore files sent to quarantine by following these steps: Log in to Policy Manager console. Select a host or domain from the Domain Tree. Go to the Settings tab. Go to the Real-time scanning page. Uncheck Prevent users from adding scanning exclusion. 6. Distribute the new policy to the hosts. Note: By default the "delete" option in Client User Interface is allowed, as the option "delete" does not contain any risk. Article no: 000012976
View full article
Issue: The DeepGuard status of a F-Secure Client Security 14.0x client in Policy Manager in the Overall Protection section, the status is shown as "Unknown".   Resolution: This is a known issue and an upgrade to F-Secure Client Security version 14.10 or newer fixes the issue. The older Client Security 14 do not have the upload of DeepGuard module version to Policy Manager enabled.   Article no: 000012983
View full article
Issue: Firewall rules made with Policy Manager 14.x are not operational on Client Security 14.x clients. Firewall rules pushed from Policy Manager 14.x to Client Security 14.x clients do not appear in the Windows firewall. Resolution: Check that you have edited the same firewall profile that is in use on the client. This can be done by following these steps: Open F-Secure Policy Manager Console Select the host or domain from the Domain tree Go to the Settings tab Go to the Firewall page Check that Host profile and Profile being edited match If they match, the reason why the rule is not applied on the client is because it is an invalid rule. If the rule has many IP addresses in it, make sure that you have used a comma ( , ) in between each IP range as a value separator. Using a space or semicolon ( ; ) in between the IP ranges will invalidate the rule and it will not be visible in the Windows Firewall.  Article no: 000011310
View full article
Issue: After upgrading to F-Secure Client Security 14.10 or F-Secure Server Security 14 Client keeps asking for restart with notification "restart required F-Secure product received a critical update. To keep your protection up to date, restart your computer. Remember to save your work" After a restart the same notification is shown again F-Secure Ultralight services are not listed in the Windows services list Capricorn update is missing from Updates list in the local user interface Note: If you click on the view log file button in the Updates view, it will bring you to the aua.log, where you can see similar entries:  I: Installation of 'F-Secure Ultralight Core Update 2019-08-22_01' : Processing  I: Installation of 'F-Secure Ultralight Core Update 2019-08-22_01' : Retry at restart  I: Installation of 'F-Secure Hydra Update 2019-08-28_04' : Processing  I: Update check completed successfully  I: Installation of 'F-Secure Hydra Update 2019-08-28_04' : Retry at restart Resolution: This issue is related to Ultralight not installing or updating correctly. You can install one of the hotfixes bellow to solve the problem: FSCS1410-HF01 FSCS1410-HF02 FSCS1410-HF07 Note: All these Hotfixes are applicable for Server Security 14.00 and Client Security 14.10 These hotfixes are not publicly available from our homepage. Open a support request and our customer service team can send you the hotfixes. If these hotfixes do not resolve the issue and Capricorn update is still missing from the Updates list, you can try removing the Capricorn update from your Policy Manager Server and re-download it. Follow these steps to re-download Capricorn update on your Policy Manager Server: Stop Policy Manager Server Service Delete the following folder: C:\Program Files (x86)\F-Secure\Management Server 5\data\guts2\updates\capricorn-win64 Start Policy Manager Server Service The Policy Manager Server will now re-download the missing Capricorn update. Wait for 30 minutes and check from the client if it has now been able to download and install Capricorn.   Article no: 000014676
View full article
Issue: Our current license certificate does not contain the most recent subscription information or license keys. How can I get an updated license certificate which includes the license keycodes required for when installing or updating to the newest product versions?  Resolution: To get a new license certificate, proceed to contact your local reseller or F-Secure sales contact. If you are uncertain of who this contact is, kindly create a support ticket here. Article no: 000001527
View full article
Issue: How can I manually isolate hosts from the network with Policy Manager? Resolution: You can isolate one or more hosts from the network. Note: Use network isolation with caution and only in case of a network attack. To isolate a host from the network: Select the target host in the policy domain tree Go to the Operations tab Click Isolate under Network isolation. This isolates the selected host from the network To reconnect an isolated host to the network, click Release on the Operations tab. Isolated hosts are shown on the Host issues section of the dashboard. This feature is only available in Policy Manager 14.10 and newer. Article no: 000015929
View full article
Issue: After upgrading or installing F-Secure Client Security 14.x, you encounter issues with communication. Symptoms include: the host is unable to connect to F-Secure Policy Manager Server the host is not visible on the "Import host" list in F-Secure Policy Manager Console. However, the hosts might be able to download updates. Resolution: Note: Make sure that the F-Secure Policy Manager Server address is correct and that the host communication ports (default: TCP 80 and 443) are listening. Test the connectivity between the clients and Policy Manager: Try to connect to the F-Secure Policy Manager Server's address via a web browser from one of the hosts (http://pms-server.local:80 and https://pm-server.local:443). If the connection is set up correctly, you will receive a web page from the F-Secure Policy Manager Server indicating so. If there is no page loaded, check that the host communication ports to the Policy Manager Server are allowed in your firewall. Make sure that you have configured the F-Secure Policy Manager Server IP address and/or hostname correctly and that the ports configured for host modules are correct.  On the host running F-Secure Client Security, the following log contains details on the connection status with the F-Secure Policy Manager Server. You can use it to troubleshoot connection issues: C:\ProgramData\F-Secure\Log\BusinessSuite\PmpSelectorPlugin.log Below is an example of a failed connection:   2019-03-04 14:11:50.150 [10d8.1588] I: Connecting to wait.pmp-selector.local 2019-03-04 14:11:50.150 [10d8.1588] I: Update check failed, error=210 (unable to resolve host) 2019-03-04 14:11:50.150 [10d8.1588] I: Connection failed 2019-03-04 14:12:50.871 [10d8.15a0] .W: ServerFinder::Ping: Ping to {host: 10.10.10.10, http: 82, https: 443} aborted. There are no valid certificates 2019-03-04 14:12:50.871 [10d8.15a0] I: UpdatablePmCertVerifier::RenewCertificates: Renewing certificates from 10.10.10.10 2019-03-04 14:13:11.908 [10d8.15a0] *E: UpdatablePmCertVerifier::RenewCertificates: Failed to download certificate bodies. AsyncSendRequest failed: 12002 2019-03-04 14:13:11.908 [10d8.15a0] .W: CosmosUpdater::Run: No servers responded. Policy Manager unavailable. Error 12002 means ERROR_WINHTTP_TIMEOUT > Client Security cannot connect to Policy Manager to fetch this list. A complete list of Microsoft Windows HTTP Services errors is available here.  Below is an example of a working connection: 2019-09-05 09:00:19.789 [0fd0.136c] I: UpdatablePmCertVerifier::RenewCertificates: Renewing certificates from 10 .11 .10.10 2019-09-05 09:00:19.839 [0fd0.136c] I: UpdatablePmCertVerifier::RenewCertificates: 2 certificate(s) renewed successfully; expire in 86170 seconds Article no: 000010321
View full article
Issue: I am unable to have connectivity for my computer running a Business Suite product. We are using WPAD (Web Proxy Auto-Discovery protocol) to deploy http proxy server settings. Does Business Suite support WPAD for http proxy setting deployment? Resolution: WPAD is not officially tested nor supported by the Business Suite products, including Policy Manager. Article no: 000010593
View full article