Business Suite

Sort by:
Issue: How to update malware definitions for Policy Manager 13.x/14.x in an isolated network. Resolution: Policy Manager offers two options for updating virus definitions in isolated networks that have no direct connection to the Internet. If your network configuration allows Policy Manager to access internal resources with Internet access, we recommend that you use Policy Manager Proxy as the source for updates. For more details click here. If using Policy Manager Proxy is not an option, you can use a tool provided with Policy Manager to fetch the updates as an archive and copy that to the server where Policy Manager is installed. For more details click here. Article no: 000002697
View full article
This article describes the use of the database recovery tool available since PM version 12.10.
View full article
This article describes the use of the database recovery tool available since PM version 12.10. If you are running the Policy Manager version 12.00 or...
View full article
If your network setup does not allow Policy Manager to connect to the Internet, but allows connections to internal resources that can access the...
View full article
When you cannot use a connection to an intermediate proxy due to security policies, you can update the malware definitions using the tool provided...
View full article
This article describes how to upgrade from F-Secure Policy Manager 12 to version 13.
View full article
Policy Manager Console prompts an error message: "Cannot connect to the server: localhost:8080. Check that the host name and port number are correct....
View full article
This article describes how you can reset both F-Secure Automatic Update Agent (AUA) and F-Secure Automatic Update Server (AUS) database repositories...
View full article
F-Secure Policy Manager supports some advanced configuration using Java system properties. This article describes how you can specify the Java system...
View full article
This article describes how you can move Policy Manager Server (PMS) to a new server.
View full article
To register your F-Secure Policy Manager in an isolated or offline environment, you need to get an offline registration file (or token) from F-Secure...
View full article
Your computer is protected with predefined firewall settings. Usually, you do not have to change them. However, you may have to change the settings,...
View full article
This article describes how you can set up the F-Secure firewall for Windows 7 DirectAccess from Policy Manager Console (PMC).
View full article
The following steps describe Policy Manager Proxy node installation for both Windows and Linux.
View full article
F-Secure has released a new generation engine for one of our core scanning engines, which, at F-Secure, we call Capricorn. The engine change brings...
View full article
To be able to combat the more adaptive and targeted attackers of the future even better, F-Secure has made a significant engine update.
View full article
This article describes how you can configure the MyNetwork rule in F-Secure Policy Manager.
View full article
There are several ways to get the Hardware ID for a device for the Device Control rules; Using Device Control statistics or Windows Device Manager.
View full article
If double-byte characters are used in the server addresses, the communication with the server will not function properly.
View full article
When deploying cloned virtual machines from a template, Policy Manager identifies them as identical machines even when each machine is configured to...
View full article
To maintain a high protection level, you may notice an increase in bandwidth due to the increased number of updates released per day. Policy Manager...
View full article
F-Secure Software Updater scans computers for missing software updates, and keeps Windows and third-party applications up to date and patched from...
View full article
Next-gen proxy is a role of Policy Manager Server, in which it proxies certain requests to Master Server while serving BackWeb and software updates...
View full article
F-Secure Policy Manager for Linux 13.10 was released on December 20, 2017.
View full article
F-Secure Policy Manager 13.10 (Windows) was released on December 20, 2017.
View full article
Policy Manager offers two options for updating virus definitions in isolated networks that have no direct connection to the Internet.
View full article
This article lists frequently asked questions related to administering Software Updater.
View full article
Software Updater only installs security-related updates automatically. The installation of non-security-related updates and service packs is required...
View full article
Policies are product configurations created on F-Secure Policy Manager and automatically picked up by the client machines. They define the settings of...
View full article
This article explains how the intermediate server failover time setting found in F-Secure Automatic Update Agent (FSAUA) works.
View full article
You can reset the host UID by using FSMAUTIL (F-Secure Management Agent Utility). One way to do this would be adding a command to the user login...
View full article
Starting from version 13.00, Business Suite products are switching to GUTS2 as a replacement for BackWeb to download virus definition updates. From...
View full article
There are various malware monitoring opportunities available provided both by F-Secure and the operating system.
View full article
This article contains some pointers about installing F-Secure Client Security and F-Secure Policy Manager. It is intended for use by technical staff...
View full article
Issue: Via proxy or direct connection, F-Secure Client Security is not receiving updates from Policy Manager. The following errors are visible in C:\ProgramData\F-Secure\Log\AUA\AUA.log: [ 8068]Thu Aug 30 11:15:32 2018(3):  Connecting to http://<Policy Manager IP address>/guts2/ via http proxy <Proxy IP address> [ 3488]Thu Aug 30 11:15:32 2018(3):  Update check failed. There was an error connecting http://<Policy Manager IP address>/guts2/ via http proxy Proxy IP address (Server error) [12232]Thu Aug 30 11:15:32 2018(3):  Connecting to http://Policy Manager IP address/guts2/ (no http proxy) [ 3488]Thu Aug 30 11:15:32 2018(2):  Update check failed. There was an error connecting http://<Policy Manager IP address>/guts2. (Unspecified error) [10736]Thu Aug 30 11:17:41 2018(3):  Connecting to http://Policy Manager IP address/ via http proxy Proxy IP address [ 3488]Thu Aug 30 11:17:41 2018(3):  Update check failed. There was an error connecting http://Policy Manager IP address/guts2/ via http proxy Proxy IP address (Server error) Resolution: Test the connectivity from the host to Policy Manager Server by using the HTTP and HTTPS protocol: Open any web browser on the host that has F-Secure Client Security installed. Enter the IP address of the Policy Manager and press Enter. Repeat the test, only this time by using the HTTPS protocol (for example https://192.168.0.10:443/). If the HTTP (automatic updates) and HTTPS (management agent) connections are working, the web page should display the following information: If the connection fails, troubleshoot the network connectivity between the host and Policy Manager at your end. Verify whether the host and the server have permission to connect to each and other (for example corporate firewall, proxy). If the intermediate proxy is a PMP instance and the clients are unable to download updates via it, ensure that PMP can connect to the internet directly as the default configuration for the proxy is forward mode. In this mode, updates are downloaded via PMP but from the internet and not from Policy Manager Server. This configuration is controlled by changing the proxy mode to either reverse or forward.  Reverse vs. forward modes define whether the virus definitions and software updates are retrieved directly from the internet or from the configured upstream Policy Manager Server or other proxy. Forward proxy is used to minimize traffic between networks, for example between a branch office and HQ. Reverse proxy is used for example in environments where the proxy has no direct connection to the internet, or to minimize the load on the master server (or other forward proxy). By default the proxy is installed in forward mode. Set "-DreverseProxy=true" additional Java argument to switch it to the 'reverse' mode. You can verify whether PMP can download updates by checking the c:\program files (x86)\Management Server 5\logs\fspms-download-updates.log file. The following message is an example of downloading updates failing: 26.03.2019 14:47:44,034 ERROR [c.f.f.s.g.d.DownloadUpdatesService] - Error while checking latest updates org.apache.http.conn.ConnectTimeoutException: Connect to guts2.sp.f-secure.com:80 [guts2.sp.f-secure.com/2.21.76.146, guts2.sp.f-secure.com/2.21.76.152] failed: connect timed out. Article no: 000006708
View full article
Issue: The Policy Manager registration does not work and it returns a "Customer number is invalid" error. How to fix this? Resolution: Check the following items: Make sure that the customer number entered during registration is a correct one (the number is visible in the license certificate). Make sure that the license is still valid (the information is visible in the license certificate). Article no: 000015351
View full article
Issue: Windows Management Instrumentation (WMI) Integration with F-Secure Policy Manager for Windows Resolution: F-Secure Policy Manager supports Windows Management Instrumentation (WMI) Integration. Policy Manager 13.xx Refer to the F-Secure Policy Manager admin guide Chapter 18, page 113 for more information. Policy Manager 14.xx Refer to the F-Secure Policy Manager admin guide Chapter 10, page 97 for more information. Instructions on how to obtain properties via WMI: For PSB, check the following link: https://help.f-secure.com/product.html#business/psb-portal/latest/en/task_D863946C3247471F948CD82785CC1A3A-psb-portal-latest-en For Business Suite, check the following link: https://help.f-secure.com/product.html#business/policy-manager/14.20/en/concept_E55FFF0187A54B79B30637C7983BDCC8-14.20-en Article no: 000002821
View full article
Issue: How to migrate the F-Secure Policy Manager Server to the new Windows Server? Resolution: If you want to keep the DNS name, just move h2db to the new host, stop the old host and start the new one.   If you change the DNS name of the server, you must follow the instructions below:  Please read the following instructions completely before you start working on the server. Create a backup of the PMS: 1. Stop the Policy Manager Server service. 2. Back up the directory <F-Secure Installation Folder> \ Management Server 5 \ data \ h2db>. 3. Restart the Policy Manager Server service. Now perform the installation on the new server. The current installation file can be found on our website: https://www.f-secure.com/en/web/business_global/downloads/policy-manager Note: To avoid the communication issues, use exactly the same ports by the installation like for the old F-Secure  Policy Manager Server . To restore secured Policy Manager data: 1. Stop the Policy Manager Server service. 2. Copy the backup to the <F-Secure Installation Folder> \ Management Server 5 \ data \ h2db> directory to the correct location. 3. Restart the Policy Manager Server service.   After the installation is complete, the new F-Secure Policy Manager Server has the complete domain structure, including the settings. After logging into the old server using the Policy Manager Console, enter the address of the new Policy Manager Server <F-Secure Management Agent / Data Communication / Protocols / HTTP / Management Server Address>   and distribute the policies for all your policy domain. Now all clients will connect the new server. Once all clients are connected without errors with the new Policy Manager Server, you can turn off the old one. The procedure is also discussed in the following community article: https://community.f-secure.com/t5/Business/i-need-to-move-policy-manager-to/m-p/13961 Article no: 000002290
View full article
Issue: Policy Manager Console runs slow and unable to connect to Policy Manager. Resolution: Make sure your Policy Manager and Policy Manager Console are the same version. Otherwise connection will not work. If both are the same version it could be due to having very high number of alerts, or very high volume of scanning reports being kept in Policy Manager Server. This would slow down the console.  You may remove some of the alerts, or scanning reports to improve the performance. If the above mentioned does not help, proceed to do the following: Stop F-Secure Policy Manager Server service. Backup the H2DB (...\F-Secure\Management Server 5\data\h2db). DO NOT proceed further without having a working H2DB backup in place. Run the database maintenance tool (...\F-Secure\Management Server 5\bin\fspms-db-maintenance-tool.exe) and follow the on-screen instructions to optimize the database. Start F-Secure Policy Manager Server service. Log on to Policy Manager Console. In case issue remain, you can execute the H2DB recovery tool (...\F-Secure\Management Server 5\bin\fspms-db-recover.bat) in the command prompt window, to repair the H2DB. Note: Do stop F-Secure Policy Manager Server service before running the tool. If necessary, you can refer to the read me file (..\F-Secure\Management Server 5\bin\README-recover-db.txt) on how to execute the H2DB recovery tool. Once you have finish repairing the H2DB using the tool, you can proceed to take the repaired H2DB into used, and start back F-Secure Policy Manager Server service. Try to logon to Policy Manager Console again after this. Article no: 000010142
View full article
Issue: How to migrate from Client Security to Computer Protection using Policy Manager? Resolution: Kindly follow the steps explained here on migrating from Client Security to Computer Protection using Policy Manager Console. NOTE: The bs2cp_psb*.jar file that needs to be downloaded is dependable on which F-Secure PSB portal you have your F-Secure PSB Computer Protection subscription in and not the region where you are located. EMEA: https://emea.psb.f-secure.com/ AMER: https://amer.psb.f-secure.com/ APAC: https://apac.psb.f-secure.com/ EMEA2: https://emea2.psb.f-secure.com/ EMEA3: https://emea3.psb.f-secure.com/ Your login credentials will only be applicable to one of these portals, therefore, the bs2cp_psb*.jar file is dependent on this. Article no: 000007334
View full article
Issue: I would like to register my F-Secure Policy Manager Server which is not connected to a network (offline), how do I proceed? Resolution: Contact F-Secure support by opening a support request (https://www.f-secure.com/en/web/business_global/support/support-request) Provide the following information for F-Secure technical support to create an offline registration file: Account Name Customer ID Installation ID  Business Suite license Expiry date How to obtain Customer and Installation ID: Open F-Secure Policy Manager console, and go to Help menu > Registration dialog, or; Find the information from the Policy Manager Server installation folder, ...\F-Secure\Management Server 5\Data (Windows) or /var/opt/f-secure/fspms/data (Linux), open the file called upstream-statistics.json using notepad. Customer ID is on line 5 and Installation ID is on line 6. Once support has provided you with an offline registration file, use the following steps to activate it on your Policy Manager Server Windows: Copy the offline registration file to the folder F-Secure\Management Server 5\data Restart the F-Secure Policy Manager Server services by typing the following command in an elevated command prompt (CMD):   net stop fsms   net start fsms Linux: Copy the offline registration file to the folder /var/opt/f-secure/fspms/data  Restart the fspms daemon:  # /etc/init.d/fspms restart F-Secure Policy Manager will be activated until the expiry of your current subscription. After renewing the subscription you need to request a new registration token from support. Make sure to do this some time in advance so that you don't end up with an expired Policy Manager Server. Article no: 000001107
View full article
Issue: Logging in to the Policy Manager Console returns an error message: "F-Secure Policy Manager Console cannot start: internal error. See Administrator.error.log for more information." The Administrator.error.log contains several SQL-related entries with "error code [1206]:The total number of locks exceeds the lock table size" Resolution: These SQL-errors are in most cases related to the value innodb_buffer_pool_size, and increasing this value usually fixes the issues. The value is verified by looking it up in the my.ini file on the MySQL-server, where it can also be increased as needed.  Due to the large possible variations in user environments we are not able to give a direct number that this value should be set to. You can look for additional guidance from the MySQL Reference Manual and try an incremental approach, making several smaller changes and monitoring the results. After modifying the value in the my.ini file, restart the MySQL-server and the Policy Manager Server to make sure everything is running with the latest configuration. Note: Observe that getting or setting the value through Command line does not show or modify the correct value for every version of MySQL. To guarantee that the value is set correctly all changes need to happen via interaction with the my.ini file. Article no: 000016309
View full article
Issue: The F-Secure Client Security reports that a suspiciously small datagram fragment has been blocked How to get rid of the warning if it is a false positive?  Resolution: This type of alerts might be related to a DDoS attack. If they appear on a network, they might also be a sign of a broken or wrongly configured router or device in the network, for example a printer.  Proceed to investigate the issue on a network level before applying the modification below. In practice packet with a size below 128 bytes are normally considered inefficient (ratio data/data+headers). To get rid of the alert, you can change what the F-Secure firewall considers as the minimum size for a fragment.  In Policy Manager, this setting has to be changed by using the Advanced view. Follow these steps:   Log into Policy Manager Console. Select the host or domain from the Domain tree. Go to the Settings tab and select the Advanced view. Navigate to F-Secure Internet Shield > Settings > Firewall Engine > Minimum fragment size. Set the Minimum Fragment Size to 0. Distribute the policy to the hosts. Article no: 000001900
View full article
Issue: I need to enable / disable the Browsing Protection on some client, how can I do it? Resolution: Open F-Secure Policy Manager: Settings [Standard view] F-Secure Browsing Protection Uncheck the box to Disable or Enable Browsing Protection After you had choose your setting, make sure that the padlock is closed, after that you can distribute the policies (Ctrl+D) Note:  F-Secure Browser Protection is an integrated Module within the package, that can be only deactivated via Policy Manager or locally from the Client. If you have disabled Browsing Protection for your Clients, and you want to hide the browser plugin deactivated message in main local UI Please ask customer support to provide you the file  FSCS1410-HF03-signed.jar when you submit a ticket.  This  specific hotfix removes notification about disabled BP from UI, while it is disabled. Distribution details Standalone computers:Standalone version is not available for this hotfix. Ping MM if you need it. Centrally managed computers: 1. In F-Secure Policy Manager Console, select Installation tab, import the downloaded jar file. Select appropriate domain or host and press "Install" button. Select this hotfix and distribute policies. Article no: 000004715
View full article
Issue: How to backup and restore Policy Manager Server database ? Resolution: Read the following instructions completely before you start working on the server. If you want to keep the DNS name, just move h2db to the new host, stop the old host and start the new one. If you change the DNS name of the server, you must follow the instructions below. Create a backup of the Policy Manager Server: 1. Stop the Policy Manager Server service. 2. Back up the directory <F-Secure Installation Folder> \ Management Server 5 \ data \ h2db>.  Note: Please copy the DB on some different location as the one PM is installed. 3. Restart the Policy Manager Server service. Now perform the installation on the new server. The current installation file can be found here Note: To avoid the communication issues, use exactly the same ports by the installation like for the old F-Secure  Policy Manager Server . To restore secured Policy Manager data: 1. Stop the Policy Manager Server service. 2. Copy the backup to the <F-Secure Installation Folder> \ Management Server 5 \ data \ h2db> directory to the correct location. 3. Restart the Policy Manager Server service.   After the installation is complete, the new F-Secure Policy Manager Server has the complete domain structure, including the settings. After logging into the old server using the Policy Manager Console, enter the address of the new Policy Manager Server <F-Secure Management Agent / Data Communication / Protocols / HTTP / Management Server Address>   and distribute the policies for all your policy domain. Note that the policy setting needs to be locked down to ensure that it's not getting overwritten by locally defined settings. Now all clients will connect the new server. Once all clients are connected without errors with the new Policy Manager Server, you can turn off the old one. You may also find additional instructions in our community:   Article no: 000001258
View full article
Issue: How to create a custom firewall rule (service)? Resolution: To create a custom firewall rule over the Policy Manager Console: For Client Security 14 Open the Policy Manager Console and go to the Settings-tab Go to Firewall, using Standard view (changeable in the upper right corner) Make sure the 14.X clients-tab is selected Select the profile you want to edit from the Profile being edited-dropdown menu (if the list only contains the default profiles, clone the one you want to use as a base as the defaults can't be modified) Click Add rule on the right of the firewall rules list and create the rule as needed (see step 6 if the service required is missing) If the service you want to add is missing, click on Configure network services below the firewall rule list. Click Add and follow the steps to add a new firewall service Check the Enabled-checkbox to the left of the rule name to make sure that it is in use Distribute the new policy by clicking the symbol in the upper left corner of the interface, or by pressing Ctrl+D For Client Security 13 Open the Policy Manager Console and go to the Settings-tab  Go to the Advanced view Select F-Secure Internet Shield  Go to Settings and select Services Press Add and create a custom rule Go to Rules and select the firewall Security Level you want to work with Press Add before/Add after and select the rule you have created Distribute the new policy by clicking the symbol in the upper left corner of the interface, or by pressing Ctrl+D Note: Make sure, that the correct Security Level is assigned to the workstations: <F-Secure Internet Shield>Security Level> Active Security Level>. To create a custom firewall rule locally on the workstation: In Client Security 14 In versions 14.00 and later, rules are added through the Windows firewall settings. You can reach them through the Client Security user interface: Open F-Secure Client Security Click on Tools Click on Firewall settings Click on the Change Windows Firewall settings...-link to be brought to the Windows firewall settings In Client Security 13 Open F-Secure Client Security Go to Settings and select Internet Connection Go to Firewall and select Services Press Add and create a custom rule Go back to Firewall and select Rules Select the firewall Security Level you want to work with Press Add and select the rule you have created Press OK Additional information can be found here: https://community.f-secure.com/t5/Business-Suite/How-do-I-create-a-custom/ta-p/116212 https://community.f-secure.com/t5/Business-Suite/How-do-I-create-a-custom/ta-p/116213 Article no: 000002698
View full article
Issue: Where can I find the F-Secure Policy Manager Server's management public key (admin.pub) used by clients to verify the validity of distributed policies? Resolution: You can export the public key (admin.pub) from the Policy Manager Console. To do so, follow the steps below: Method A - Export the key with the F-Secure Policy Manager Console Log on to your F-Secure Policy Manager Console. From the top menu panel, select Tools > Server Configuration.... Select the Keys tab. Under "Export signing keys", select the button Export.... Method B - Downloading the key from the F-Secure Policy Manager Server From any of the managed hosts: Open a web browser. In the address bar type in the address of the F-Secure Policy Manager Server that this host is connected to, for example: https://fspms-local.example:443 If the connection to your F-Secure Policy Manager Server is successful, a web page indicating that the Policy Manager Server is operating correctly is shown. Find the paragraph about the "F-Secure Policy Manager Server's public key". Download the key from the highlighted download button/hyperlink (here) in that paragraph. Article no: 000003331
View full article
Issue: How to block specific extensions using “Disallowed Inbound Files“ for incoming, outgoing and Internal with F-Secure Email and server security. I want to block only these extensions " *.doc *.docx *.docm *.xlx *.xlsx *.xlsm" for Internal email only, but not Outgoing or Incoming   Resolution: Each mail route has its own settings. You need to individually define which match list to use. You can use Policy Manager Console to make these changes, if you are managing your F-Secure Email and Server Security via Policy Manager, or use the Web Console to login to your Email and Server Security locally. As you can see here, I am using a different Match list for each of my mail route, where I have defined the file types I want to block. On Actions, I have however selected "only drop the attachment", not the whole message. Now, I have activated each list for my Email traffic scanning accordingly, and each of them has their own list that contains the Extensions I want to be blocked from attachments.   Note: I did not use the default "Disallowed Files" from Lists and templates as I wanted to have my own customized lists. If you are using the default list on each email route, it means that the same rules will apply for all.   Article no: 000016592
View full article