Offload Scanning connection is down during a system restart. After system restarted, the connection is restored after few seconds.
This is expected product behavior if the Offload Scanning connection is established after few seconds during system restart. During system startup, the Offload Scanning Agent (OSA) service will attempt to establish a connection with the Scanning & Reputation Server (SRS). If the connection to SRS is unreachable due to some reason (e.g. Internal network congestion), the service will re-attempt to establish the connection.
Article no: 000018019
Error or issue related to F-Secure components (e.g. Gatekeeper, Firewall, Network Interceptor Framework, Internet Shield)
Follow the steps below to collect F-Secure debug logs.
Download and run the F-Secure debug tool Click Update Debug Files Online Select the components you want to debug (e.g Firewall, Gatekeeper driver) Click Apply Changes Reproduce the issue that was reported and take note of the time Disable debugging by deselecting the components and click Apply Changes Click Collect Logs once the issue is reproduced Locate the FSDIAG on the desktop Send the newly generated FSDIAG log files for investigation and report when the issue was reproduced
Article no: 000002782
Server Security has scanning errors and causing performance and hanging issues on virtual servers. Application event log shows error: "The description for Event ID 301 from source FSecure-FSecure Application-F-Secure Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer." Issue has started on one or more virtual servers at the same time. Lynx.log shows following error: W: ComTransaction::GetResult: Exception: Type: fs::BaseException, Reason: invalid status code 500, Function: fs::rs::AbstractTransaction<class fs::rs::Icap>::getResult, File: "c:\\workspace\\workspace\\spt_lynx\\src\\fsciapi\\svce_common\\transaction.h", Line: 235 F: ComTransaction::GetResult: Creating a new transaction failed.
On virtual servers the scanning is often offloaded to a Scanning and Reputation Server (SRS) to minimize the performance impact. If you have an Scanning and Reputation Server in use, the Event ID 301 error on the client side can be caused by an Scanning and Reputation Server that is having issues. Restart the Scanning and Reputation Server to see if it helps:
Open the virtual machine console Log in to go to the Admin menu Select 6 to reboot or shut down the appliance The Power management menu opens Choose: Select 1 to restart the server
If a restart of the Scanning and Reputation Server does not fix the issue, follow these steps to install a new one: https://help.f-secure.com/product.html#business/fsvs/latest/en/concept_FAA8187341EF42DA8264EAF45CF42B6B-fsvs-latest-en If a new installation of the Scanning and Reputation Server does not fix the issue, troubleshoot issues on the server where you have installed the Scanning and Reputation Server.
Article no: 000017702
Unable to change Management Server Address on Client Security or Server Security hosts because the public and private admin keys do not match. Need to migrate hosts between two Policy Manager Servers without having to do a re-installation of the software client side.
If your Policy Manager ONLY manages clients running Client Security 14.00 or newer, you can create a Keyreplacer yourself with a tool that can be provided to you by support. The tool comes with instructions on how to create the keyreplacer-file. You will need to know the IP-address or hostname of the new Policy manager, the http- and https-ports that it uses, and depending on the situation, its admin.pub-file (see steps to download admin.pub below). To deploy the keyreplacer, see steps for "Instruction to deploy the Key Replacer fix" below. In case you are also managing other installations, kindly provide us with the following information from the new Policy Manager for assistance to create Key Replacer fix.
Admin.pub file The Policy Manager management address The http- and https-ports used by the Policy Manager
( On Linux systems the port information can be found in the following log: /var/opt/f-secure/fspms/logs/fspms-stderrout.log ) To download admin.pub file, please follow these steps:
Login to the PM console In the top menu, click Tools > Server Configuration > Keys Click Export to download admin.pub and admin.prv files
Attach the admin.pub file to your e-mail reply and we will create the Key Replacer hotfix file for you.
Instruction to deploy the Key Replacer fix
Please close the Policy Manager Console and stop Policy Manager Server service in services.msc
You can also stop Policy Manager service by opening a command prompt with elevated mode and typing in the below command. net stop fsms
Configure the registry on the Policy Manager Server
Locate this registry key: "HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Server 5" for - 32bits OS "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432node\Data Fellows\F-Secure\Management Server 5" for - 64bits OS
Right-click on Management Server 5 Registry Key and add a new String Value with the following:
Name: additional_java_args Data field: -DallowUnsignedWithRiwsAndMibs=true Note: Please don't remove the -D on the beginning of the string or it will not work properly.
The same works for Linux, but you need to use config file /etc/opt/f-secure/fspms/fspms.conf instead of the registry. Create a new line with parameter additional_java_args and specify Java system properties in its value in quotes in the following format: -DpropertyName=value. Multiple properties can be specified using space as a delimiter. Property names and values are case sensitive.
Example: additional_java_args=-DallowUnsignedWithRiwsAndMibs=true -Dh2ConsoleEnabled=true -DmaxSynchronousPackageRetrievalRequests=100
Start the Policy Manager Server service and open the Policy Manager Console Go to the Installation-tab and click Installation packages Click Import to import "KeyReplacer_unsigned.jar" file to the Policy Manager Console as an Installation package Deploy the KeyReplacer file to all clients, for example using a policy-based installation
After the deployment is finished import the hosts in the Policy Manager Console by going to the Installation tab and clicking "Import new hosts".
Article no: 000003212
Carbonblack sensor and Server Security causing BSOD during reboot
When both products, Server Security and CarbonBlack sensor, are installed on the same server, BSOD occurs on every reboot. The problem is related to Windows Firewall. Existence of our drivers/services increases the chance of an MS bug to appear. Possibly our services issue some specific network requests, which cause memory corruption in the Windows firewall engine (memory corruption goes very deep into MS code of the firewall). This is an essential bug in the MS engine (possibly even a security vulnerability if such memory corruption could be made on request). This has been already reported to Microsoft. The workaround/solution is to stop MS firewall before reboot or try to relax/change firewall rules on the server. More information about Carbon Black: https://www.carbonblack.com/
Article no: 000016167
DNS resolution for certain sites are blocked with the product installed. How to avoid this from happening?
Most likely the DNS resolution is blocked by the Botnet Blocker feature. The site is rated as unsafe and hence blocked by the feature. You need to do the following: 1. Share the URL with the Labs team, for further investigation. The Labs team will whitelist the URL if the site is not malicious: https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-url 2. Whitelist the blocked site or the IP address of the blocked site via the Advanced View in the PM Console at: ======================================================================== * F-Secure Browsing Protection > Settings > Reputation Based Protection > Trusted Hosts * F-Secure Browsing Protection > Settings > Reputation Based Protection > Trusted Sites ========================================================================
Article no: 000003887
The administrator receives the following alert from a server running Server Security and Microsoft SQL Server: "F-Secure Management Agent failed in an internal operation. Setting the policy variable 220.127.116.11.4.1.218.104.22.168.20 (error=-510)" was not successful."
The server in question was hosting multiple instances for SQL Server 2016.
Due to a limitation in the current software, the internal table for storing "missing updates" cannot accept multiple identical rows and Software Updater was detecting a missing update on both instances for MS SQL Server. Consequently, adding the second missing patch to "missing updates" table failed with error -510: "Set result: your table contains multiple identical rows". A fix for this issue will be released later 2019 in Client Security version 14.20. Server Security will also inherit the fix, once F.Secure releases a new version.
Article no: 000016213