Business Suite

Sort by:
Issue: Policy Manager Server is rejecting Policy Manager Console connections from a remote host.  When trying to connect to Policy Manager Server running on Linux using a Windows machine, the following error is displayed: "Cannot connect to server 172.16.0.6:8080. Check that the host name and port number are correct. Port number 8080 is used by default". Resolution: By default F-Secure Policy Manager Server is set up to only accept connections from localhost. Follow the steps below to allow remote connections and then test the connectivity from the remote Policy Manager Console. If Policy Manager Server is installed on a Windows OS: Stop F-Secure Policy Manager Server services Open registry Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Data Fellows\F-Secure\Management Server 5 Edit the value of [REG_DWORD] RestrictLocalhost to 0 Start F-Secure Policy Manager Server services If Policy Manager Server is installed on a Linux OS:  Stop the Policy Manager Server daemon (/etc/init.d/fspms stop) Open the file /etc/opt/f-secure/fspms/fspms.conf Check the line adminExtensionLocalhostRestricted value and make sure the value is set to False Save the file and restart the Policy Manager Server daemon (/etc/init.d/fspms restart) Once Policy Manager Server service has restarted, try to login from the remote Policy Manager Console. Please do check our other F-Secure Community KB article as well. Article no: 000001368
View full article
Issue: How to update F-Secure Linux Security 11.x virus databases manually in an isolated or offline environment with no internet connection? Is the update package self-contained, meaning it contains all signature updates, or is it an incremental update?   Resolution: Note: This article assumes deep technical understanding of both F-Secure's products and the relevant operating system. If you are unsure, contact F-Secure support for assistance. To update the virus definition databases for F-Secure Linux Security 11.x manually from the command line: Download the fsdbupdate9.run file from http://download.f-secure.com/latest/fsdbupdate9.run. The file is a self-extracting file that stops the AUA daemon, updates the databases and restarts the AUA. As a root user, run the  dbupdate fsdbupdate9.run  command where fsdbupdate9.run is the absolute or relative path to the fsdbupdate9.run file. The update package is self-contained and contains all necessary updates. Article no: 000011352
View full article
Issue: When installing F-Secure Linux Security 11.10, the following error is shown after entering the license code: Invalid keycode. After that is requests the license code again: Please enter the keycode you have received with your purchase of F-Secure Linux Security. Resolution: Make sure that the license is spelled correctly, and that you are entering a key belonging to the correct product. Trying to enter a code belonging to for example F-Secure Linux Security 64 would result in this error. Article no: 000018082
View full article
Issue: Can F-Secure Linux Security 64 be pre-installed on a virtual machine Golden image? How to reset the Unique Identifier (UID)? Resolution: F-Secure Linux Security 64 does not have the capability of changing its Unique Identifier (UID). The UID is tied to the hardware and cannot be reset, hence Linux Security 64 cannot be pre-installed on a Golden Image. Article no: 000018034
View full article
Issue: I would like to register my F-Secure Policy Manager Server which is not connected to a network (offline), how do I proceed? Resolution: Contact F-Secure support by opening a support request (https://www.f-secure.com/en/web/business_global/support/support-request) Provide the following information for F-Secure technical support to create an offline registration file: Account Name Customer ID Installation ID  Business Suite license Expiry date How to obtain Customer and Installation ID: Open F-Secure Policy Manager console, and go to Help menu > Registration dialog, or; Find the information from the Policy Manager Server installation folder, ...\F-Secure\Management Server 5\Data (Windows) or /var/opt/f-secure/fspms/data (Linux), open the file called upstream-statistics.json using notepad. Customer ID is on line 5 and Installation ID is on line 6. Once support has provided you with an offline registration file, use the following steps to activate it on your Policy Manager Server Windows: Copy the offline registration file to the folder F-Secure\Management Server 5\data Restart the F-Secure Policy Manager Server services by typing the following command in an elevated command prompt (CMD):   net stop fsms   net start fsms Linux: Copy the offline registration file to the folder /var/opt/f-secure/fspms/data  Restart the fspms daemon:  # /etc/init.d/fspms restart F-Secure Policy Manager will be activated until the expiry of your current subscription. After renewing the subscription you need to request a new registration token from support. Make sure to do this some time in advance so that you don't end up with an expired Policy Manager Server. Article no: 000001107
View full article
Issue: How to setup the silent installation for Policy Manager Proxy 14.20 User is creating a policy-based upgrade and needs to export installer msi for rollout via group policies Resolution: Clean installations: For Windows Open Policy Manager Console and create temporary user with full access permissions for the root domain Download Policy Manager Proxy installer: fspm-14.10.88509.exe as an example Extract Policy Manager Proxy setup executable content. For 14.00 and older - via any archive manager, for 14.10 start the executable and grab all the content from temporary directory at root level of system drive Transfer admin.pub from Policy Manager to the extracted content Edit prodsett.ini in the same directory: uncomment and specify values for all properties in the section "F-Secure PM Proxy" Use user credentials created at first step for UpstreamPmUserName and UpstreamPmUserPwd properties Run "setup.exe /silent" at target host for 14.00 and older, starting from 14.10 executable is called like fspmp-14.10.88509-rtm.exe, so have to run "fspmp-14.10.88509-rtm.exe /silent" Remove user created at first step For Linux Open Policy Manager Console and create temporary user with full access permissions for the root domain Download installer: fspmp-14.10.88509-1.x86_64.rpm as an example Put admin.pub from PM to the dir with installer Create shell script with name like pmp.sh and following content: yum -y update libstdc++ yum -y install libstdc++.i686 rpm -i fspmp-14.10.88509-1.x86_64.rpm /opt/f-secure/fspms/bin/fspms-config << PMPCONFIG PM address PM port (usually 443) ./admin.pub PMP http port to be used (usually 80) PMP httpS port to be used (usually 443) PM admin username (created at first step) PM admin password (created at first step) PMPCONFIG Run the script: “./pmp.sh”. Remove user created at first step. Same things with Debian/Ubuntu, but use apt and dpkg instead, so sh script will look like: apt -y upgrade libstdc++6: apt -y install libstdc++6:i386 dpkg -i fspmp_14.10.88509_amd64.deb /opt/f-secure/fspms/bin/fspms-config << PMPCONFIG PM address PM port (usually 443) ./admin.pub PMP http port to be used (usually 80) PMP httpS port to be used (usually 443) PM admin username (created at first step) PM admin password (created at first step) PMPCONFIG After the script run, if everything is ok, PMP host should appear in PMC.   Policy Manager Proxy upgrades: For upgrades, as there is not need to configure PMP and generate certificates enough to just upgrade the build. For Windows: Extract PMP executable content via any archive manager Run "setup.exe /silent" For Linux: rpm -U fspmp-14.10.88509-1.x86_64.rpm dpkg -i fspmp_14.10.88509_amd64.deb Article no: 000016979
View full article
Issue:  I distributed an invalid policy to multiple hosts using Policy Manager Console. How can I troubleshoot this or identify what settings was changed and to which hosts it was distributed? Resolution: To locate this information, you can use available logfiles from the server running Policy Manager. fspms-domain-tree-audit.log Below is an example of this this logfile: 10.10.2019 13:21:59,139 INFO [audit.domainTree] - User 'admin' deleted host with identity 79fee1c5-e85b-4a90-b462-09354abb56fd (id=3) 10.10.2019 13:22:06,519 INFO [audit.domainTree] - User 'admin' moved host with identity b8a4bb94-2a9a-4830-b45b-8e45a531279c (id=36) to domain CS 14 hosts (id=4) 22.10.2019 14:14:12,929 INFO [audit.domainTree] - User 'admin' deleted host with identity f4ef246e-61c2-4ac1-949b-f0d3d3be4aa3 (id=35) 28.10.2019 10:54:20,208 INFO [audit.domainTree] - User 'admin' added domain test domain (id=39) to domain Root (id=1) This logfile allows us to understand host- and domain.operations (including the root-domain). Operations include the following: add, remove, rename, move. In our example, the last line, the user ADMIN added a new sub-domain "test domain" with id=39. Another file we are interested in called: fspms-policy-audit.log Below is an example of this this logfile: 23.10.2019 12:22:02,929 INFO [audit.policy] - type="lockedOnClient", domainId="36", OID="1.3.6.1.4.1.2213.12.1.111.2.100.100.60", oldValue="false", newValue="true" 23.10.2019 12:22:02,929 INFO [audit.policy] - type="lockedOnClient", domainId="36", OID="1.3.6.1.4.1.2213.12.1.111.2.100.100.61", oldValue="false", newValue="true" 23.10.2019 12:22:52,528 INFO [audit.policy] - User="admin" applied the following policy changes: 23.10.2019 12:22:52,528 INFO [audit.policy] - type="setting", domainId="36", OID="1.3.6.1.4.1.2213.12.1.111.2.100.100.61", oldValue="null", newValue="c:\test\printfile_release.exe" 23.10.2019 12:23:19,545 INFO [audit.policy] - User="admin" applied the following policy changes: 23.10.2019 12:23:19,545 INFO [audit.policy] - type="setting", domainId="36", OID="1.3.6.1.4.1.2213.12.1.111.2.100.100.61", oldValue="c:\test\printfile_release.exe", newValue="" 23.10.2019 12:34:32,557 INFO [audit.policy] - User="admin" applied the following policy changes: This logfile provides an audit trail for setting changes meaning (what setting was changed and how). The sub-domain in Policy Manager Console is reflected by DomainId. The actual settings is referred to by the OID:   23.10.2019 12:22:52,528 INFO [audit.policy] - type="setting", domainId="36", OID="1.3.6.1.4.1.2213.12.1.111.2.100.100.61", oldValue="null", newValue="c:\test\printfile_release.exe" How do we find the setting 1.3.6.1.4.1.2213.12.1.111.2.100.100.61 in Policy Manager Console? This is perhaps the trickiest part, because we do not have a list of settings available. However, you can find the settings by using Policy Manager. The part of the address that identifies the F-Secure company in the OID is 1.3.6.1.4.1.2213. The latter part identifies the application and the specific setting in the application. Here we have  12.1.111.2.100.100.61 See screenshot capture1.pnn: by selecting "F-Secure Anti-Virus" in Policy Manager Console, you can se that the application is "F-Secure Anti-virus" -> "Object identifier" = 1.3.6.1.4.1.2213.12 When we go further inside the settings in "F-Secure Anti-Virus", we can locate the relevant setting here: - F-Secure Anti-virus    -> Settings     -> Settings for real-time protection        -> Scanning options           -> File scanning               -> Inclusions and exclusions                 -> Excluded processes. To give you an example using syntax we saw in fspms-policy-audit.log: 23.10.2019 12:22:52,528 INFO [audit.policy] - User="admin" applied the following policy changes: 23.10.2019 12:22:52,528 INFO [audit.policy] - type="setting", domainId="39", OID="1.3.6.1.4.1.2213.12.1.111.2.100.100.61", oldValue="null", newValue="c:\test\printfile_release.exe" Based on the information we learned, this entry translates to: Policy Manager Console User=Admin, applied the process exlusion "c:\test\printfile_release.exe" exclusion for domain "test domain" (DomainID was available in fspsm-domain-tree-audit.log) . Article no: 000017432
View full article
Issue: How can i find out what was the last policy issued to a host in Policy Manager Console? Resolution: Check the screenshot below. This shows the field Policy file timestamp, which reflects when the policy file for this host was created. The same screen also indicates, whether the host has this latest policy in use as the column Policy in use states Latest. However, some of these fields are not visible by default (e.g. Policy in use). To enable or disable them, right-click the column header and left-click to enable or disable different fields. Article no: 000017386
View full article
Issue: This is the list with descriptions of the services installed for F-Secure Linux Security 64. Resolution: This information can be changed without notice.(06/Aug/2019) f-secure-baseguard-accd.service Responsible for receiving access permission requests from the kernel through the fanotify API. It can grant access autonomously, but for malware analysis, it uses f-secure-baseguard-icap.service.   f-secure-baseguard-as.service BaseGuard facility for email spam scanning. In LS64, the service is inactive.   f-secure-baseguard-av.service A relic from the early days of BaseGuard. For full backward-compatibility reasons, the service cannot be removed, but it serves no purpose in any product.   f-secure-baseguard-cleanup.service Makes sure channel updates don't accumulate on the disk without limit.   f-secure-baseguard-icap.service The malware analysis service used for realtime, scheduled and manual scanning.   f-secure-baseguard-orspgw.service A local proxy for F-Secure's Online Reputation Service. It is used by f-secure-baseguard-icap.service.   f-secure-baseguard-update.service Monitors F-Secure's GUTS2 service for channel updates and sends notifications to fsbg-updated.service.   f-secure-linuxsecurity-fsicd.service Maintains the file integrity checker baseline.   f-secure-linuxsecurity-lspmd.service Locally distributes policy settings to LS64 services.   f-secure-linuxsecurity-scand.service Manages manual and scheduled scans.   f-secure-linuxsecurity-statusd.service Collects status and statistics information from LS64 services and relays them to the policy agent (fsma2)   fsbg-statusd.service Collects status and statistics information from BaseGuard services and relays them to the policy agent (fsma2)   fsbg-updated.service Schedules the installation of online channel updates.   fsbg.service Locally distributes policy settings to BaseGuard services. Article no: 000014984
View full article
Issue: What are the main differences between F-Secure Linux Security 64 and F-Secure Linux Security 11.x?   Resolution: Linux Security 64 is a native 64-bit application, however there are some differences compared to the previous released version Linux Security 11.x, most notably: no support for standalone installation mode no support for Protection Service for Business (PSB) installation mode no firewall no web user interface (for remote management with browser) no support for F-Secure Policy Manager Proxies no support for unattended (scripted) installations The list of supported Linux distributions is also different with some legacy distributions only being supported by Linux Security 11.x.  Also note, that while the installer for LS 64 is created/exported in Policy Manager Console, neither Linux Security 11 nor Linux Security 64 can be deployed/pushed to hosts using Policy Manager Console. Article no: 000014897
View full article
Issue: The following errors are show during Linux Security 64 installation. 1:f-secure-linuxsecurity-12.0.6-1 ################################# [100%] 2019-10-21 11:15:03 net/fshttp.c:1662[7] idle timeout occurred 2019-10-21 11:15:03 fshttps.c:560[7] a timeout occurred 2019-10-21 11:15:03 fsguts2.c:1830[7] unable to perform the HTTP operation, error 201 (timed out) 2019-10-21 11:15:03 fsguts2.c:1062[7] unable to fetch update information from the server, error 201 (timed out) 2019-10-21 11:15:03 src/guts2download.c:148[7] unable to fetch the list of updates, error 201 (timed out) 2019-10-21 11:15:03 src/guts2download.c:84[7] downloading the channel content failed, error 201 (timed out) Failed to activate the product! Resolution: Make sure the Policy Manager Server is accessible by the Linux Security 64 installation target machine. Article no: 000017159
View full article
Issue: Is SUSE Linux Enterprise Server 12 (SLES) a supported platform for F-Secure Linux Security 64? Resolution: SUSE Linux Enterprise Server 12 (SLES) has been added to the officially supported platforms for F-Secure Linux Security 64. For more details you can check the release notes on this link.   Article no: 000013134
View full article
Issue: F-Secure Linux Security 64 is not connecting to the Policy Manager Server and it is not visible in the "Import new hosts" tab in Policy Manager Console. Resolution: Verify the connection from F-Secure Linux Security 64 to the Policy Manager Server. If the issue persists, configure the address of Policy Manager Server using the server's IP address instead of hostname during the creation of the installation package. Article no: 000016582
View full article
Issue: How to update malware definitions for Policy Manager 13.x/14.x in an isolated network. Resolution: Policy Manager offers two options for updating virus definitions in isolated networks that have no direct connection to the Internet. If your network configuration allows Policy Manager to access internal resources with Internet access, we recommend that you use Policy Manager Proxy as the source for updates. For more details click here. If using Policy Manager Proxy is not an option, you can use a tool provided with Policy Manager to fetch the updates as an archive and copy that to the server where Policy Manager is installed. For more details click here. Article no: 000002697
View full article
Issue: When using image files to distribute product installations, how can I reset the host UID for Policy Manager Proxy to prevent duplicate hosts appearing in Policy Manager? Resolution: If you use image files to distribute product installations, you need to make sure that there are no unique ID conflicts. For Policy Manager Proxy this can be prevented by following the steps below: Stop F-Secure Policy Manager Server service:  Linux: [/etc/init.d/fspms stop] Windows: [net stop fsms] Remove following two files: Linux: /var/opt/f-secure/fspms/data/h2db/fspms.h2.db /var/opt/f-secure/fspms/data/fspms.jks Windows: <F-Secure Installation Folder>\Management Server 5\data\h2db\fspms.h2.db <F-Secure Installation Folder>\Management Server 5\data\fspms.jks Use fspmp-enroll-tls-certificate script to generate proxy node certificate. Run the script and authenticate yourself as root administrator of the Master Policy Manager: Linux: /opt/f-secure/fspms/bin/fspmp-enroll-tls-certificate Windows: <F-Secure Installation Folder>/Management Server 5/bin/fspmp-enroll-tls-certificate.bat Start F-Secure Policy Manager Server service: Linux: [/etc/init.d/fspms start] Windows: [net start fsms]   Article no: 000016987
View full article
This article describes the use of the database recovery tool available since PM version 12.10. If you are running the Policy Manager version 12.00 or...
View full article
If your network setup does not allow Policy Manager to connect to the Internet, but allows connections to internal resources that can access the...
View full article
When you cannot use a connection to an intermediate proxy due to security policies, you can update the malware definitions using the tool provided...
View full article
This article describes how to upgrade from F-Secure Policy Manager 12 to version 13.
View full article
This article describes how you can reset both F-Secure Automatic Update Agent (AUA) and F-Secure Automatic Update Server (AUS) database repositories...
View full article
F-Secure Policy Manager supports some advanced configuration using Java system properties. This article describes how you can specify the Java system...
View full article
This article describes how you can move Policy Manager Server (PMS) to a new server.
View full article
This article provides information on installing the F-Secure Linux Security 11 and Policy Manager for Linux 12 on the same server.
View full article
To register your F-Secure Policy Manager in an isolated or offline environment, you need to get an offline registration file (or token) from F-Secure...
View full article
The product uses Windows Firewall to protect your computer.
View full article
Your computer is protected with predefined firewall settings. Usually, you do not have to change them. However, you may have to change the settings,...
View full article
This article explains how you can update the F-Secure Linux Security virus databases manually.
View full article
This article describes how you can setup an HTTP proxy for Linux Security.
View full article
Further analysis is needed to pin-point the problematic file and/or process that is causing the performance issue. By setting fsoasd (real-time...
View full article
This article describes how you can configure F-Secure Automatic Update Agent (AUA) to use F-Secure Policy Manager Proxy (PMP) or HTTP proxy.
View full article
When problems occur, packet capturing is sometimes helpful for troubleshooting to see what happens on the server. This article explains how you can...
View full article
This article describes how you can place F-Secure Internet Gatekeeper for Linux sandwich-like between the same Postfix.
View full article
The default update server address uses a global dynamic content delivery network unsuitable for setting up an IP address based access control policy....
View full article
This article describes how you can change the settings to use a Policy Manager Server (PMS) as the source for database updates.
View full article
This article describes how you can change the directory for the log files in Internet Gatekeeper.
View full article
If you have installed Client Security on hosts that do not have a network connection, you can update the malware definitions using the tool provided...
View full article
The following steps describe Policy Manager Proxy node installation for both Windows and Linux.
View full article
F-Secure has released a new generation engine for one of our core scanning engines, which, at F-Secure, we call Capricorn. The engine change brings...
View full article
To be able to combat the more adaptive and targeted attackers of the future even better, F-Secure has made a significant engine update.
View full article
This article describes how you can configure the MyNetwork rule in F-Secure Policy Manager.
View full article
This article explains how you can collect an MBR rootkit sample for F-Secure Labs to analyse.
View full article
There are several ways to get the Hardware ID for a device for the Device Control rules; Using Device Control statistics or Windows Device Manager.
View full article
If double-byte characters are used in the server addresses, the communication with the server will not function properly.
View full article
All Linux distributions are transitioning to systemd. Out of the box, systemd services make use of namespaces to contain their temporary files. For...
View full article
Linux Security 11.00 on RHEL/CentOS 7.x causes processes to hang when on-access scanning is turned on. The system log warns about one or more...
View full article
You cannot use the Anti-Virus mode of PMC to administer Linux products. Use the Advanced mode instead.
View full article
This article lists down all the current known issues for F-Secure Linux Security 11.10.
View full article
This article lists down all the current known issues for F-Secure Linux Security 11.00.
View full article
After upgrading to Linux Security Full Edition version 11.00, the following error message appears on the web UI: The requested resource is not...
View full article
Creating a new file on CIFS (Samba) file share blocks the operation and the system for 30 seconds before finishing. Other file operations and malware...
View full article