The F-Secure Client Security products started sending security alerts to F-Secure Policy Manager for every single blocked URL. This started when F-Secure Online Safety 2019-09-02_02 update was released. The security alerts have following details:
Unknown alert: online_safety.page.block.
The fix was released in the F-Secure Online Safety 2019-09-10_01 update package. The update is installed automatically and does not require user or administrator actions.
Article no: 000015569
I would like to register my F-Secure Policy Manager Server which is not connected to a network (offline), how do I proceed?
Contact F-Secure support by opening a support request (https://www.f-secure.com/en/web/business_global/support/support-request) Provide the following information for F-Secure technical support to create an offline registration file:
Account Name Customer ID Installation ID Business Suite license Expiry date
How to obtain Customer and Installation ID:
Open F-Secure Policy Manager console, and go to Help menu > Registration dialog, or; Find the information from the Policy Manager Server installation folder, ...\F-Secure\Management Server 5\Data (Windows) or /var/opt/f-secure/fspms/data (Linux), open the file called upstream-statistics.json using notepad. Customer ID is on line 5 and Installation ID is on line 6.
Once support has provided you with an offline registration file, use the following steps to activate it on your Policy Manager Server Windows:
Copy the offline registration file to the folder F-Secure\Management Server 5\data Restart the F-Secure Policy Manager Server services by typing the following command in an elevated command prompt (CMD):
net stop fsms net start fsms
Copy the offline registration file to the folder /var/opt/f-secure/fspms/data Restart the fspms daemon:
# /etc/init.d/fspms restart
F-Secure Policy Manager will be activated until the expiry of your current subscription. After renewing the subscription you need to request a new registration token from support. Make sure to do this some time in advance so that you don't end up with an expired Policy Manager Server.
Article no: 000001107
Unable to change Management Server Address on hosts. User needs Admin Key Replacer hotfix
If your Policy Manager ONLY manages clients running Client Security 14.00 or newer, you can create the keyreplacer yourself with a tool that can be provided to you by support. The tool comes with instructions on how to create the keyreplacer-file. You will need to know the IP-address or hostname of the new Policy manager, the http- and https-ports that it uses, and depending on the situation, its admin.pub-file (see steps to download admin.pub below). To deploy the keyreplacer, see steps for "Instruction to deploy the Key Replacer fix" below. In case you are also managing other installations, kindly provide us with the following information from the new Policy Manager for assistance to create Key Replacer fix.
Admin.pub file The Policy Manager management address The http- and https-ports used by the Policy Manager
( On Linux systems the port information can be found in the following log: /var/opt/f-secure/fspms/logs/fspms-stderrout.log ) To download admin.pub file, please follow these steps:
Login to the PM console In the top menu, click Tools > Server Configuration > Keys Click Export to download admin.pub and admin.prv files
Attach the admin.pub file to your e-mail reply and we will create the Key Replacer hotfix file for you.
Instruction to deploy the Key Replacer fix
Please close the Policy Manager Console and stop Policy Manager Server service in services.msc.
You can also stop Policy Manager service by opening a command prompt with elevated mode and typing in the below command. net stop fsms
Configure the registry on the Policy Manager Server.
Locate this registry key: "HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Server 5" for - 32bits OS "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432node\Data Fellows\F-Secure\Management Server 5" for - 64bits OS
Right-click on Management Server 5 Registry Key and add a new String Value with the following:
Name: additional_java_args Data field: -DallowUnsignedWithRiwsAndMibs=true Note: Please don't remove the -D on the beginning of the string or it will not work properly.
The same works for Linux, but you need to use config file /etc/opt/f-secure/fspms/fspms.conf instead of the registry. Create a new line with parameter additional_java_args and specify Java system properties in its value in quotes in the following format: -DpropertyName=value. Multiple properties can be specified using space as a delimiter. Property names and values are case sensitive.
Example: additional_java_args=-DallowUnsignedWithRiwsAndMibs=true -Dh2ConsoleEnabled=true -DmaxSynchronousPackageRetrievalRequests=100
Start the Policy Manager Server service and open the Policy Manager Console Go to the Installation-tab and click Installation packages Click Import to import "KeyReplacer_unsigned.jar" file to the Policy Manager Console as an Installation package Deploy the KeyReplacer file to all clients, for example using a policy-based installation
After the deployment is finished import the hosts in the Policy Manager Console by going to the Installation tab and clicking "Import new hosts".
Article no: 000003212
New updates for some software such as Citrix Receiver appear on the Software Updates list in Policy Manager console Software Updater. Whenever I try to download and install them, I receive the following status message: The update package must be downloaded manually. What does it mean and how can I install the newest updates?
The message means that the updates must be downloaded directly from the Citrix Receiver official website. After downloading the updates, install them manually as it is not possible to do it via the Policy Manager console or by using Software Updater. The reason why it is not possible is that more and more sites require authentication (e.g. "I'm not a robot" captcha). In those cases where Software Updater cannot download the updates, it advises that an update is available and can be installed manually to ensure security.
Article no: 000014817
I am trying to activate Client Security 14.xx with the License key we used for 13.xx but it is not recognized.
Please check that you are using a valid license key. License keys differ between versions. Contact your reseller to obtain your updated license keys and certificates
Article no: 000012137
Universal CRT is not installed therefore Client Security 14.x/Server Security 14.00 installation fails
The latest version of Client Security 14.x/Server Security 14.00 requires Windows Universal C Runtime. Download and install Windows Universal C Runtime from the link here before installing F-Secure Client Security 14.x/Server Security 14.00.
Article no: 000008994
In Policy Manager, F-Secure Linux Security installed as clone image is not listed under the domain tree.
Follow the instructions in the F-Secure Linux Security administrator guide to clear the host UID after deploying Linux clone image. This is explained in page 9 section 2.3, Central Deployment Using Image Files here.
Article no: 000014351