Business Suite

Sort by:
Issue: Message: Scanning 'message' by F-Secure Spam Scanner was unsuccessful. Reason: SSL certificate issue: X.509 error value Host: <example> (192.168.101.150, fe80::5c55:4250:d46d:3d83%10) Computer name: EX-EXCH01 User account: EXAMPLE\EX Product: F-Secure Content Scanner Server (OID: 1.3.6.1.4.1.2213.18) Severity: error (3) Message: Scanning 'message' by F-Secure Spam Scanner was unsuccessful. Reason: SSL certificate issue: X.509 error value. 56 similar errors occurred in last 10 minutes.   Resolution: F-Secure Spam Scanner connects to the detection center address https://aspam.sp.f-secure.com/ which has an Amazon certificate that expires on Tuesday, June 30, 2020. Ensure that you have trusted this certificate. You may also try running Windows Update to install the latest updates and certificates. The F-Secure Spam Scanner needs to be able to query aspam.sp.f-secure.com in order for it to work. It's hosted in the Amazon Web Services (AWS) Cloud and as a result does not have a static range of IP addresses.  Verify that you are able to access the following URL: https://aspam.sp.f-secure.com/bdnc/config Open the browser on the host where you have installed  F-Secure Email and Server Security and enter https://aspam.sp.f-secure.com/bdnc/config. You should get the following response: {"benchmarkInterval":3600,"benchmark":1,"servers":["aspam.sp.f-secure.com"],"statsInterval":1800,"enforceSSL":true,"benchmarkThreshold":5,"disableThreshold":10} If you do not get a similar response as above, verify that *.f-secure.com and *.fsapi.com are allowed in your firewall  If you require a proxy to connect to this address with your browser, then the anti-spam engine needs to be configured to use the same proxy. How to setup proxy server locally from your F-Secure Email and Server Security: Open the F-Secure Email and Server Security Web Console and navigate to Settings  Expand the Setting and under Engines expand the Use proxy server Activate it by moving the use proxy icon and provide the proxy server information Article no: 000017979
View full article
Issue: Our current license certificate does not contain the most recent subscription information or license keys. How can I get an updated license certificate which includes the license keycodes required for when installing or updating to the newest product versions?  Resolution: To get a new license certificate, proceed to contact your local reseller or F-Secure sales contact. If you are uncertain of who this contact is, kindly create a support ticket here. Article no: 000001527
View full article
Issue: Error or issue related to F-Secure components (e.g. Gatekeeper, Firewall, Network Interceptor Framework, Internet Shield) and more advanced debug logs are required to investigate the issue. How to enable advanced debug logging for F-Secure Client Security 13.x and F-Secure (Email and) Server Security 12.x clients? Resolution: Note: These instructions are applicable for Client Security 13.x and (Email and) Server Security 12.x clients. Newer products use a different tool to enable debug logging.  Follow the steps below to collect F-Secure debug logs. Download and run the F-Secure debug tool Click Update Debug Files Online Select the components you want to debug (e.g Firewall, Gatekeeper driver) Click Apply Changes Reproduce the issue that was reported and take note of the time Disable debugging by deselecting the components and click Apply Changes Click Collect Logs once the issue is reproduced Locate the FSDIAG on the desktop Send the newly generated FSDIAG log files for investigation and report when the issue was reproduced   Article no: 000002782
View full article
Issue: F-Secure Client Security 13.x or (Email and) Server Security 12.x installation using MSI Package failed due to "Setup Wizard ended prematurely" error. Resolution: The installation error "Setup Wizard ended prematurely because of an error" when running the F-Secure Client Security 13.x or (Email and) Server Security 12.x installation MSI file can be caused by the following: Ensure the subscription key used during the export of the MSI installation file is correct. Contact your local F-Secure reseller partner to obtain the license certificate with latest subscription key for F-Secure products Verify if there is any conflicting 3rd party software installed in the host If none of the above helped with the installation issue, proceed to contact F-Secure Customer Support here for assistance. Article no: 000001448
View full article
Issue: Can F-Secure Email and Server Security 12.12, which includes the Content Scanner Server module, be upgraded to F-Secure Server Security 14.x?   Resolution: F-Secure Email and Server Security and F-Secure Server Security are considered two different products, since Email And Server Security includes the Content Scanner Server module. This means that the upgrade feature in Policy Manager Console cannot be used to upgrade from Email and Server Security 12.12 to Server Security 14.x.   However, a policy-based installation via F-Secure Policy Manager Console can be used to install Server Security 14.x on the target host. The previous F-Secure Email and Server Security 12.12 installation will be sidegraded (uninstalled) by the F-Secure Server Security 14.x installation.  Follow these steps to install F-Secure Server Security 14.x on a host with F-Secure Email and Server Security 12.12: Log in to Policy Manager Console Select the target host or domain from the Domain Tree Go to the Installation tab Click on the Install button on the bottom of Installation tab  Choose the F-Secure Server Security 14.x installation package (import jar file if needed) and click OK Configure the installation package with the help of the installation wizard Distribute the policy  After the policy has been distributed to the host or domain, F-Secure Email and Server Security will be removed and Server Security will be installed.  Article no: 000018150
View full article
Issue: Does the server need to be rebooted after installing upgrade from (Email and) Server Security version 12.11 to 12.12? Resolution: When upgrading F-Secure Server Security 12.11 to 12.12, a reboot is not required for these upgrades to take effect. When creating the installer you will be given the choice between rebooting or not. For F-Secure Email and Server Security, if a restart is required cannot be reliably predicted. In general it does not require a reboot of the server. Therefore we recommend to perform the upgrade within a service window.   Article no: 000003204
View full article
Issue: Why are the setting changes for "Email Alert Forwarding" reverted automatically after changing the configuration in the F-Secure Email and Server Security 12.x Web Console? Resolution: Most likely Email and Server Security 12.x  has been installed to be centrally managed by a F-Secure Policy Manager Server. By default local user changes are disallowed for email alert forwarding. You can allow local users to change email alert forwarding through the Policy Manager Console: Log in to the Policy Manager Console Select the host or domain from the Domain tree  Go to the Settings tab Select the Alert sending page Untick the checkbox under Alert forwarding  Distribute the policy Now the local user is allowed to change email alert forwarding settings through the Email and Server Security Web Console.  Article no: 000018060
View full article
Issue: Strip attachments for internal emails are being filter by F-Secure Email and Server Security, though the strip attachments option is turned off. Resolution: Th email direction is based on the Internal Domains and Internal SMTP senders settings and it is determined as follows: Email messages are considered internal if they come from internal SMTP sender hosts and mail recipients belong to one of the specified internal domains (internal recipients). Email messages are considered outgoing if they come from internal SMTP sender hosts and mail recipients do not belong to the specified internal domains (external recipients). Email messages that come from hosts that are not defined as internal SMTP sender hosts are considered incoming.  Email messages submitted via MAPI or Pickup Folder are treated as if they are sent from the internal SMTP sender host. Note: If email messages come from internal SMTP sender hosts and contain both internal and external recipients, messages are split and processed as internal and outgoing respectively. Internal Domains Specify internal domains. Messages coming to internal domains are considered to be inbound mail unless they come from internal SMTP sender hosts. Internal Domains Separate each domain name with a space. You can use an asterisk (*) as a wildcard. For example, *example.com internal.example.net Internal SMTP Senders Specify the IP addresses of hosts that belong to your organization. Specify all hosts within the organization that Internal SMTP Senders send messages to Exchange Edge or Hub servers via SMTP as Internal SMTP Senders. Separate each IP address with a space. An IP address range can be defined as: • a network/netmask pair (for example, 10.1.0.0/255.255.0.0), Note: There is also virus scanning, where mb infections are blocked • a network/nnn CIDR specification (for example, 10.1.0.0/16), or • IPv6 address (for example, 1::, 2001::765d 2001::0-5, 2001:db8:abcd:0012::0/64, 2001:db8:abcd:abcd::/52, ::1). You can use an asterisk (*)to match any number or dash (-) to define a range of numbers. For example, 172.16.4.4 172.16.*.1 172.16.4.0-16 172.16.250-255.* Note: If end-users in the organization use other than Microsoft Outlook email client to send and receive email, it is recommended to specify all end-user workstations as Internal SMTP Senders. Note: If the organization has Exchange Edge and Hub servers,the server with the Hub role installed should be added to the Internal SMTP Sender on the server where the Edge role is installed. Important: Do not specify the server where the Edge role is installed as Internal SMTP Sender. You can make these changes on the Web GUI. To do so, open F-Secure Email and Server Security Web Console and navigate  to settings. Open the Administration from menu and navigate to Network Expend the Network section and enter the list of the Internal domains as explained above Enter the Internal SMTP senders as explained above Note: Network internal domains and internal smtp senders - determine email direction (inbound, outbound, internal) and then apply corresponding filters Article no: 000018032
View full article
Issue: Why is F-Secure Email and Server Security dropping password protected attachments? Resolution: If password protected attachments are being dropped from emails, you should review actions that are taken when emails include archived files. You can review and change the settings by following these steps: Log in to the Email and Server Security Web Console Select Email traffic scanning from the menu  Select Incoming mail On this page you will find the following settings for archived files: Action on archives with disallowed files Action on max nested archives Action on password protected archives Make sure that password protected archives are allowed to pass through if you do not want them to be dropped. The archived attachments can also be dropped if you have active match lists that are triggered for your email route as you have configured. If inbound archived attachments are dropped, they are most likely triggering the 'Disallowed Inbound Files' match list. You can from the above mentioned Incoming mail settings page check the setting for list of files to scan inside archives. This setting shows which match list it currently uses. The match list can be found in F-Secure Email and Server Security Web GUI: Go to the Settings page  Select List and templates When a match list is active for incoming email traffic, when a user sends an attachment file that is included in this list, the rule will be triggered and the file is dropped. If a file is being dropped, you can verify it from the logfile.log. Here are two example entries from the logfile log: Example 1: conditionReason: Attachment 'password_protected_example.docx' matches 'Disallowed Files Internal' stripping condition; Real type: application/msword; description: Microsoft Compound Document;Microsoft Word Document; password protected; extensions: DOC DOT  Example2: Attachment '2019-04-18_examplefile.pptx' matches  'Disallowed Inbound Files' stripping condition; Real type: application/msword; description: Microsoft Compound Document;Microsoft Word Document; password protected; extensions: DOC DOT  Action: Message stopped   To allow the files in the examples, you would need to remove the *.doc extension from the disallowed files match list. Article no: 000011451
View full article
Issue: During mailbox indexation Exchange service becomes abnormally slow if F-Secure Email and Server Security is installed  Disabling the security features fixes the slowness issue Resolution: In the event that you are facing slowness during mailbox indexation, we suggest that you verify that you are following this Microsoft article about exclusions here. Article no: 000017943
View full article
Issue: Unable to change Management Server Address on Client Security or Server Security hosts because the public and private admin keys do not match. Need to migrate hosts between two Policy Manager Servers without having to do a re-installation of the software client side.  Resolution: If your Policy Manager ONLY manages clients running Client Security 14.00 or newer, you can create a Keyreplacer yourself with a tool that can be provided to you by support.  The tool comes with instructions on how to create the keyreplacer-file. You will need to know the IP-address or hostname of the new Policy manager, the http- and https-ports that it uses, and depending on the situation, its admin.pub-file (see steps to download admin.pub below). To deploy the keyreplacer, see steps for "Instruction to deploy the Key Replacer fix" below. In case you are also managing other installations, kindly provide us with the following information from the new Policy Manager for assistance to create Key Replacer fix. Admin.pub file The Policy Manager management address The http- and https-ports used by the Policy Manager ( On Linux systems the port information can be found in the following log: /var/opt/f-secure/fspms/logs/fspms-stderrout.log ) To download admin.pub file, please follow these steps: Login to the PM console In the top menu, click Tools > Server Configuration > Keys Click Export to download admin.pub and admin.prv files Attach the admin.pub file to your e-mail reply and we will create the Key Replacer hotfix file for you. Instruction to deploy the Key Replacer fix Please close the Policy Manager Console and stop Policy Manager Server service in services.msc You can also stop Policy Manager service by opening a command prompt with elevated mode and typing in the below command. net stop fsms Configure the registry on the Policy Manager Server Locate this registry key: "HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Server 5" for - 32bits OS "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432node\Data Fellows\F-Secure\Management Server 5" for - 64bits OS Right-click on Management Server 5 Registry Key and add a new String Value with the following: Name: additional_java_args Data field: -DallowUnsignedWithRiwsAndMibs=true Note: Please don't remove the -D on the beginning of the string or it will not work properly.   The same works for Linux, but you need to use config file /etc/opt/f-secure/fspms/fspms.conf instead of the registry. Create a new line with parameter additional_java_args and specify Java system properties in its value in quotes in the following format: -DpropertyName=value. Multiple properties can be specified using space as a delimiter. Property names and values are case sensitive. Example: additional_java_args=-DallowUnsignedWithRiwsAndMibs=true -Dh2ConsoleEnabled=true -DmaxSynchronousPackageRetrievalRequests=100   Start the Policy Manager Server service and open the Policy Manager Console Go to the Installation-tab and click Installation packages Click Import to import "KeyReplacer_unsigned.jar" file to the Policy Manager Console as an Installation package Deploy the KeyReplacer file to all clients, for example using a policy-based installation After the deployment is finished import the hosts in the Policy Manager Console by going to the Installation tab and clicking "Import new hosts". Article no: 000003212
View full article
When faced with large Downadup potential, it may be useful to disable autorun or USB sticks completely. This article refers extensively to two...
View full article
F-Secure has released a new generation engine for one of our core scanning engines, which, at F-Secure, we call Capricorn. The engine change brings...
View full article
The user receives the below error on a regular basis on his Microsoft Exchange 2007 Server with SP1. The user has F-Secure Anti-Virus for Microsoft...
View full article
In all of the supported F-Secure Anti-Virus for Microsoft Exchange versions, the SA account is used during installation. This article explains why...
View full article
You are not able to access F-Secure Web Console. Instead, the following error message is displayed: https://127.0.0.1:25023/common/main.php: The page...
View full article
You have installed and configured F-Secure Anti-Virus for MS Exchange. E-mail scanning is working well since it is blocking e-mails, quarantining them...
View full article
It might occasionally happen that the quarantine database is not available, e.g. due to a network problem or it may have run out of space. It is...
View full article
You notice that the amount of spam messages remains the same even though it should grow steadily. This indicates a problem in the Network...
View full article
When administrators make changes to the match list content at the below locations in F-Secure Web Console, they are not prompted to save the changes....
View full article
After initialing a manual scan, the server/system experiences noticeable degradation in performance causing the server/system to hang.
View full article
This article describes an issue in F-Secure Anti-Virus for Microsoft Exchange where database cannot be accessed.
View full article
The F-Secure Anti-Virus for Windows Servers Web Console access is, by default, restricted to the local host only. You need to modify the webui.cnf...
View full article
After having installed the F-Secure product on several workstations in the network, you notice that the Windows login is taking longer than usual,...
View full article
To find out the latest information about these releases (both Standard and Premium), read carefully the Release Notes for these products.
View full article
To find out the latest information about the F-Secure E-mail and Server Security 12.x and Server Security 12.x, read carefully the Release Notes for...
View full article
This article describes how you can export Internet headers and message body properly in Microsoft Outlook 2003 and 2007.
View full article
This article describes the circumstances under which disclaimers may not be added to outgoing e-mails.
View full article
This article describes how you can disable or enable the content management features of Microsoft Exchange 2007 Transport Agent.
View full article
This article provides information on how you can exclude files from scanning by using wildcard characters in the F-Secure antivirus products.
View full article
This article explains how the Launch Scan After Update functionality works for the Anti-Virus component.
View full article
This article describes how you can use ilauncher.exe with a limited user account to install the F-Secure software.
View full article
This article describes what logic Automatic Update Agent (AUA) uses to prioritize its updates fetch.
View full article
Issue: F-Secure scheduled scan causes high CPU usage. How can I reduce this? Resolution: Follow the steps below to change the priority of the scan from "Normal" to "Background" to improve the host performance during scheduled scanning: Open F-Secure Policy Manager console. Click on the Settings tab. Select Advanced view. Click F-Secure Anti-Virus. Click Settings. Click Settings for Manual Scanning. Click Scanning Options. Change the Priority value to Background. Article no: 000001585
View full article
Issue: Multiple issues observed: SPAM emails are coming through  Emails that are wrongly quarantined, cannot be released The usual SPAM emails in Quarantine are missing Cannot quarantine messages Resolution: You can use different approaches to troubleshot the problem. Here are few approaches how to make sure your SPAM engine is working properly: Make sure that Scanning 'message' by F-Secure Spam Scanner was successful. The anti-spam engine is a cloud-based solution, so it will simply not work if it doesn't have a working connection to the detection center https://aspam.sp.f-secure.com/. If you require a proxy to connect to this site with your browser, then the anti-spam engine needs to be configured to use the same proxy. Make sure that the Hydra and Gemini Engines are up-to-date.   Open the Web GUI  and navigate to Settings and Engines: Under the Server Statistics, you should see that F-Secure Hydra and F-Secure Gemini are up to date and the icon is green. 3. If the Icon of the two modules is Orange, contact F-Secure support to retrieve a file (fsavsd). Mention this article as reference. Once you have the file, do as follows: Stop F-Secure Content Scanner Server Daemon in services.msc. Go to C:\Program Files (x86)\F-Secure\Content Scanner Server. Rename fsavsd.exe to fsavsd.exe.OLD. Copy the new fsavsd file obtained from F-Secure support into the folder. Start F-Secure Content Scanner Server Daemon in services.msc. 4. If the SPAM filter is still not working properly, check the following rights: The service "Microsoft Exchange Transport" runs under "NETWORK SERVICE". Therefore "NETWORK SERVICE" should have read/execution rights on FQM.EXE and FqmAssembly.dll. These rights should be defined during installation and transferred from the "...Program Files (x86)\F-Secure" folder. This can be viewed on the 'Advanced Security' page of the 'F-Secure' folder. If none of the steps above helped, open a support ticket with F-Secure support for further assistance with this issue. To speed up the process, mention the following items when creating the support ticket: If Hydra and Gemini are being disabled, please inform. If quarantine is inaccessible, please inform.     Article no: 000011216
View full article
Issue: How to block specific extensions using “Disallowed Inbound Files“ for incoming, outgoing and Internal with F-Secure Email and server security. I want to block only these extensions " *.doc *.docx *.docm *.xlx *.xlsx *.xlsm" for Internal email only, but not Outgoing or Incoming   Resolution: Each mail route has its own settings. You need to individually define which match list to use. You can use Policy Manager Console to make these changes, if you are managing your F-Secure Email and Server Security via Policy Manager, or use the Web Console to login to your Email and Server Security locally. As you can see here, I am using a different Match list for each of my mail route, where I have defined the file types I want to block. On Actions, I have however selected "only drop the attachment", not the whole message. Now, I have activated each list for my Email traffic scanning accordingly, and each of them has their own list that contains the Extensions I want to be blocked from attachments.   Note: I did not use the default "Disallowed Files" from Lists and templates as I wanted to have my own customized lists. If you are using the default list on each email route, it means that the same rules will apply for all.   Article no: 000016592
View full article
Issue: Email messages are or were incorrectly classified by F-Secure spam scanner. Resolution: If your email messages were incorrectly classified by our spam scanner, we would like to receive a copy by email. Do note that the copy must be sent to the right channel, otherwise, it be rejected by our automated systems. Create a new message and address it to: spam-samples@email-samples.f-secure.com for spam messages which the spam scanner failed to filter ham-samples@email-samples.f-secure.com for legitimate, non-spam messages which were accidentally filtered as spam phishing-samples@email-samples.f-secure.com for spam that attempts to trick the recipient into disclosing personal, private, or sensitive information (e.g., online banking password) Add the spam sample as an attachment (multiple samples of the same type can be sent in a single submission) In Microsoft Outlook, drag the sample from your inbox into the composition pane so they appear as an attachment in the new message In other email program, refer to the product documentation for instructions on how to obtain the full header of an email message using your email program  Important! Sample should be submitted with its full header, and if possible, in the message/rfc822 format. For meaningful analysis, do not edit the original message in any way. In the message, provide the name of the F-Secure product used and its version number Submit the sample from a valid, live email address. In rare cases, we may need to reply to you if we have questions. Note: Submissions are primarily handled by automated systems; if you wish to include comments related to the submission, they should be communicated to your designated support contact to ensure proper attention. Mention the support ticket ID in the Subject header of the sample submission. Article no: 000008306
View full article