Business Suite

Sort by:
Issue: After upgrading to F-Secure Client Security 14.10 or F-Secure Server Security 14 Client keeps asking for restart with notification "restart required F-Secure product received a critical update. To keep your protection up to date, restart your computer. Remember to save your work" After a restart the same notification is shown again F-Secure Ultralight services are not listed in the Windows services list Capricorn update is missing from Updates list in the local user interface Note: If you click on the view log file button in the Updates view, it will bring you to the aua.log, where you can see similar entries:  I: Installation of 'F-Secure Ultralight Core Update 2019-08-22_01' : Processing  I: Installation of 'F-Secure Ultralight Core Update 2019-08-22_01' : Retry at restart  I: Installation of 'F-Secure Hydra Update 2019-08-28_04' : Processing  I: Update check completed successfully  I: Installation of 'F-Secure Hydra Update 2019-08-28_04' : Retry at restart Resolution: This issue is related to Ultralight not installing or updating correctly. You can install one of the hotfixes bellow to solve the problem: FSCS1410-HF01 FSCS1410-HF02 FSCS1410-HF07 Note: All these Hotfixes are applicable for Server Security 14.00 and Client Security 14.10 These hotfixes are not publicly available from our homepage. Open a support request and our customer service team can send you the hotfixes. If these hotfixes do not resolve the issue and Capricorn update is still missing from the Updates list, you can try removing the Capricorn update from your Policy Manager Server and re-download it. Follow these steps to re-download Capricorn update on your Policy Manager Server: Stop Policy Manager Server Service Delete the following folder: C:\Program Files (x86)\F-Secure\Management Server 5\data\guts2\updates\capricorn-win64 Start Policy Manager Server Service The Policy Manager Server will now re-download the missing Capricorn update. Wait for 30 minutes and check from the client if it has now been able to download and install Capricorn.   Article no: 000014676
View full article
Issue: Security Cloud Client is not connected on Server Security 14 / Client Security 14. Resolution: Make sure that the affected F-Secure host is allowed to connect to the URL orsp.f-secure.com. If this host requires a connection via HTTP proxy to access this URL, you have to configure these settings via the F-Secure Policy Manager Console: Log on to your F-Secure Policy Manager Console. Select the Policy domain   or Host   /   where you want to edit the policy on. Switch to the Advanced view. Go to F-Secure Security Cloud Client > Settings > HTTP Proxy. Modify the value to suit your HTTP proxy requirements: 'http://server:port', e.g. 'http://my.domain.com:1234' Distribute the policy  . Note: If there is no parameter set under F-Secure Security Cloud Client > Settings > HTTP Proxy, the F-Secure Security Cloud Client will use the proxy configuration from the F-Secure Automatic Update Agent (AUA) by default: F-Secure Automatic Update Agent > Settings > Communications > HTTP settings > Use HTTP proxy NOTE: Server Security 14.00 and Client Security 14.x do not officially support proxy authentication. Article no: 000014893
View full article
Issue: The symptoms include clients are unable to download updates from the Policy Manager Server clients are unable to upload status information to the Policy Manager Server and will eventually show up in Policy Manager Console as disconnected hosts However, clients might still be able to download updates because in the default configuration, fallback to F-Secure update servers is allowed. A couple of logfiles on the endpoont help to establish, if the client is having a connection problem due to the firewall blocking access on the server. Examples are for Client Security 14 but also apply for Server Security 14 and later. Policy Manager Server here is pms.acme.com listening on default ports 80 and 443. C:\ProgramData\F-Secure\Log\AUA\Aua.log 2019-10-02 12:07:25.311 [15d4.1d50]  I: Connecting to pms.acme.com:80/guts22019-10-02 12:07:46.349 [15d4.1d50]  I: Update check failed, error=110 (connection timed out) Same is also visible in this logfile: 2019-10-02 12:17:37.502 [15d4.1d68]  I: UpdatablePmCertVerifier::RenewCertificates: Renewing certificates from pms.acme.com:443 with HTTP proxy ''2019-10-02 12:17:58.535 [15d4.1d68] *E: UpdatablePmCertVerifier::RenewCertificates: Failed to download certificate bodies (FsHttpRequest::Error_Timeout, AsyncSendRequest failed: 12002)2019-10-02 12:18:07.536 [15d4.1d68]  I: UpdatablePmCertVerifier::RenewCertificates: Renewing certificates from pms.acme.com:443 with HTTP proxy '' Error 12002 translates to  12002 ERROR_INTERNET_TIMEOUT The request has timed out. Resolution: Server Security 14 uses the Windows Firewall. It is likely that the ports that the HTTP and HTTPS services are using are blocked in the firewall on the server where Policy Manager Server is installed in. This would cause the clients to be unable to be in contact with the Policy Manager Server.   To resolve the issue, create a firewall rule allowing inbound HTTP and HTTPS traffic to the server where Policy Manager Server is installed.  You can find instructions how to create firewall rules in Policy Manager 14 in this guide. Things to consider: Make sure, the firewall rule is enabled. This is the first checkbox in the Firewall rules table. Make sure, the Server profile containing the rule is assigned as the "Server host profile". In the example below, the profile is called Server (cloned). The other rules in the profiles in this screenshot are also activated but this is is not needed to meet client Policy Manager Server communication requirements. As this particular rule is only required for the server host running Policy Manager Server, we have selected the server before making the change (the server called here DC1-PETERF)   Article no: 000016843
View full article
F-Secure has released a new generation engine for one of our core scanning engines, which, at F-Secure, we call Capricorn. The engine change brings...
View full article
This article applies to Client Security 14.x and later Server Security 14.x and later
View full article
Issue: FSMAUTIL is no longer available for F-Secure Server Security/Client Security 14.x, how to reset the host UID? Resolution: In F-Secure Server Security/Client Security 14.x, there is a new tool introduced called resetuid.exe to reset the host identity. This tool will replace FSMAUTIL (F-Secure Management Agent Utility) for both the products. The tool can be found in C:\Program Files (x86)\F-Secure\Client Security\BusinessSuite\ (Client Security 14.x) or  C:\Program Files (x86)\F-Secure\Server Security\BusinessSuite (Server Security 14.x). Usage: RESETUID SHOWUID  Shows the host Unique Identity currently in use. RESETUID RESETUID {SMBIOSGUID | RANDOMGUID | WINS | MAC} [APPLYNOW] Schedules regeneration of the host Unique Identity using one of the specified methods: SMBIOSGUID        - uses SMBIOS GUID RANDOMGUID      - uses randomly generated GUID WINS                      - uses WINS (NetBIOS) name MAC                       - uses MAC (ethernet card) address APPLYNOW           - If the product is running, requests to apply new Unique Identity immediately. Otherwise, it is applied to the next start of the product. Article no: 000008416
View full article
Issue: I am unable to have connectivity for my computer running a Business Suite product. We are using WPAD (Web Proxy Auto-Discovery protocol) to deploy http proxy server settings. Does Business Suite support WPAD for http proxy setting deployment? Resolution: WPAD is not officially tested nor supported by the Business Suite products, including Policy Manager. Article no: 000010593
View full article
Issue: When a Citrix application is published for end users, traces of the server's F-Secure Server Security session also follows. Visible effects are: when the user logs off the Citrix session, the F-Secure process fshoster32.exe remains running an F-Secure system tray icon becomes visible on the end-user's desktop performance degradation due to many fshoster32.exe processes running.  When the user's fshoster32.exe process is ended manually on the Citrix side, the icon disappears and the user's session closes. Resolution: For more information about this situation and a suggested registry change that can be used to end processes together with the main executable, read the following Citrix knowledge base article: Graceful Logoff from a Published Application Renders the Session in Active State. The following registry key has been confirmed by customers: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\TWI Value Name:LogoffCheckSysModules Type:REG_SZ String:fshoster32.exe Make sure to familiarize yourself with the information from Citrix before making any changes to your environment. Also, confirm with a small scale test before pushing changes to production. Article no: 000015484
View full article
Issue: Carbonblack sensor and Server Security causing BSOD during reboot Resolution: When both products, Server Security and CarbonBlack sensor, are installed on the same server, BSOD occurs on every reboot. The problem is related to Windows Firewall. Existence of our drivers/services increases the chance of an MS bug to appear. Possibly our services issue some specific network requests, which cause memory corruption in the Windows firewall engine (memory corruption goes very deep into MS code of the firewall). This is an essential bug in the MS engine (possibly even a security vulnerability if such memory corruption could be made on request). This has been already reported to Microsoft.  The workaround/solution is to stop MS firewall before reboot or try to relax/change firewall rules on the server. More information about Carbon Black: https://www.carbonblack.com/ Article no: 000016167
View full article
Issue: When launching Citrix sessions/applications, the F-Secure system tray icon will also appear on the end-users machine, and will remain on the machine after closing the Citrix application. The F-Secure process for the user needs to be closed separately from the Citrix side to fully terminate the session. Resolution: The icon appears due to Citrix Seamless Configuration Settings. More information is available from the following link from Citrix: https://support.citrix.com/article/CTX101644&searchID=26517783 One option to test is to disable the Citrix tray icon agent, which can be done by adding the following registry key to every VDA machine: HKEY_LOCAL_MACHINE/System/CurrentControlSet/Control/Citrix/wfshell/TWI  SeamlessFlags:REG_DWORD = 0x20 It is strongly recommended to familiarize yourself with the information from Citrix before testing the solution, and to do a small-scale test before deploying any changes to production. Article no: 000014850
View full article
Issue: DNS resolution for certain sites are blocked with the product installed. How to avoid this from happening? Resolution: Most likely the DNS resolution is blocked by the Botnet Blocker feature. The site is rated as unsafe and hence blocked by the feature. You need to do the following: 1. Share the URL with the Labs team, for further investigation. The Labs team will whitelist the URL if the site is not malicious: https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-url 2. Whitelist the blocked site or the IP address of the blocked site via the Advanced View in the PM Console at: ======================================================================== * F-Secure Browsing Protection > Settings > Reputation Based Protection > Trusted Hosts * F-Secure Browsing Protection > Settings > Reputation Based Protection > Trusted Sites ======================================================================== Article no: 000003887
View full article
Issue: Universal CRT is not installed therefore Client Security 14.x/Server Security 14.00 installation fails Resolution: The latest version of Client Security 14.x/Server Security 14.00 requires Windows Universal C Runtime. Download and install Windows Universal C Runtime from the link here before installing F-Secure Client Security 14.x/Server Security 14.00.   Article no: 000008994
View full article
Issue: F-Secure scheduled scan causes high CPU usage. How can I reduce this? Resolution: Follow the steps below to change the priority of the scan from "Normal" to "Background" to improve the host performance during scheduled scanning: Open F-Secure Policy Manager console. Click on the Settings tab. Select Advanced view. Click F-Secure Anti-Virus. Click Settings. Click Settings for Manual Scanning. Click Scanning Options. Change the Priority value to Background. Article no: 000001585
View full article
Issue: How to create a custom firewall rule (service)? Resolution: To create a custom firewall rule over the Policy Manager Console: For Client Security 14 Open the Policy Manager Console and go to the Settings-tab Go to Firewall, using Standard view (changeable in the upper right corner) Make sure the 14.X clients-tab is selected Select the profile you want to edit from the Profile being edited-dropdown menu (if the list only contains the default profiles, clone the one you want to use as a base as the defaults can't be modified) Click Add rule on the right of the firewall rules list and create the rule as needed (see step 6 if the service required is missing) If the service you want to add is missing, click on Configure network services below the firewall rule list. Click Add and follow the steps to add a new firewall service Check the Enabled-checkbox to the left of the rule name to make sure that it is in use Distribute the new policy by clicking the symbol in the upper left corner of the interface, or by pressing Ctrl+D For Client Security 13 Open the Policy Manager Console and go to the Settings-tab  Go to the Advanced view Select F-Secure Internet Shield  Go to Settings and select Services Press Add and create a custom rule Go to Rules and select the firewall Security Level you want to work with Press Add before/Add after and select the rule you have created Distribute the new policy by clicking the symbol in the upper left corner of the interface, or by pressing Ctrl+D Note: Make sure, that the correct Security Level is assigned to the workstations: <F-Secure Internet Shield>Security Level> Active Security Level>. To create a custom firewall rule locally on the workstation: In Client Security 14 In versions 14.00 and later, rules are added through the Windows firewall settings. You can reach them through the Client Security user interface: Open F-Secure Client Security Click on Tools Click on Firewall settings Click on the Change Windows Firewall settings...-link to be brought to the Windows firewall settings In Client Security 13 Open F-Secure Client Security Go to Settings and select Internet Connection Go to Firewall and select Services Press Add and create a custom rule Go back to Firewall and select Rules Select the firewall Security Level you want to work with Press Add and select the rule you have created Press OK Additional information can be found here: https://community.f-secure.com/t5/Business-Suite/How-do-I-create-a-custom/ta-p/116212 https://community.f-secure.com/t5/Business-Suite/How-do-I-create-a-custom/ta-p/116213 Article no: 000002698
View full article
Issue: How do I run a manual scan using the command line on Server Security or Client Security 14 (and later)? Resolution: The command to use is fssscan and the available options are visible below.  Command line Command line summary is shown when the program is executed without parameters. For server security the directory is C:\Program Files (x86)\F-Secure\Server Security C:\Program Files (x86)\F-Secure\Client Security>fsscan Nothing to do. Usage: fsscan [options] Options:   --sched, -s            Runs a scan optimized for scheduled scanning.   --target, -t <target>  Scans the given <target>.   --report, -r <report>  Writes an unformatted report to <report> file (only                          used with -c).   --delete, -d           Deletes all harmful files found.   --collection, -c       Runs a scan optimized for large collections of harmful                          files.   --noflyer, -f          Skip showing scheduled scanning flyer.   -?, -h, --help         Displays this help. Exit codes fsscan.exe returns one of the following exit codes: Exit code Meaning 0 Scan successful, no harmful items found. 1 Wrong command line parameters, scan not executed. 2 Scan failed; see log files for errors. 3 Scan successful, harmful items were found. 4 Scan was aborted because Gaming Mode was enabled (used with scheduled scans only). 5 Scan was aborted by user (used with other than scheduled scans). Article no: 000011456
View full article
Issue: Visible effects: Windows Server operating system with Server Security 14.00 installed is hanging Windows Desktop operating system with Client Security 13.00 or newer installed is hanging Resolution: This may happen if F-Secure product have F-Secure Security Cloud Client enabled, but don't have access allowed to fsapi.com address. To resolve this issue, make sure that you have allowed access to fsapi.com from your environment. In case you have isolated environment, or otherwise cannot allow access to fsapi.com, disable F-Secure Security Cloud Client via Policy Manager Console: Log in to Policy Manager Console. Go to Settings tab. Select Advanced view. Navigate to: F-Security Security Cloud Client > Settings > Client is enabled. Select No from the drop-down menu. Make sure that the setting is locked. Distribute policies (CTRL-D). In case you should not have restricted network access, or if above steps didn't help, contact F-Secure support for further assistance. Article no: 000016583
View full article