Business Suite

Sort by:
Issue: How can we configure a scheduled manual scan to only alert on detections (report only)? Resolution: This is currently not supported, but we are planning to improve this in upcoming versions of both Client Security 14.20 and Server Security 14.10. Both versions are expected to be released during the first half of 2020. Article no: 000017966
View full article
Issue: After upgrading from version F-Secure Server Security 12.12 to 14.00 on terminal servers, these servers have freezing, hanging and performance issues.  Unable to access the server, remote logins are only possible if all F-Secure services are disabled. Resolution: In such scenarios, there is most likely a hang in ORSP Client, which prevents ulcore from updating. This can be seen in the lynx.log: 2019-09-29 09:36:35.468 [09e8.3330] .W: fs::rs::WinSocket::Impl::connect: Cannot resolve address doorman.sc.fsapi.com 2019-09-29 15:38:08.728 [09e8.2428] .W: fs::rs::WinSocket::Impl::connect: Cannot resolve address doorman.sc.fsapi.com 2019-09-29 21:41:59.136 [09e8.3410] .W: fs::rs::WinSocket::Impl::connect: Cannot resolve address doorman.sc.fsapi.com 2019-09-30 03:44:05.294 [09e8.2a0c] .W: fs::rs::WinSocket::Impl::connect: Cannot resolve address doorman.sc.fsapi.com 2019-10-01 10:04:33.890 [09e8.2670] .W: fs::rs::WinSocket::Impl::connect: Cannot resolve address doorman.sc.fsapi.com When a new object, such as a file or URL, is encountered on one client, the product communicates with the Security Cloud using the strongly encrypted Object Reputation Service Protocol (ORSP) to query for the object's reputation details. Anonymous metadata about the object, such as file size and anonymized path, are sent to the Security Cloud.  In this case, the reason of this hang is that queries to doorman.sc.fsapi.com, one of our back-ends, is blocked. To solve the issue, follow these steps: You need to allow f-secure.com and fsapi.com in your Firewall or External Proxy An other option is, to setup a HTTP Proxy instead of trying to allow fsapi.com, which would be allowed to connect and client will be configured to use the Proxy.  After you have set your Proxy, make sure you configure the HTTP Proxy address in the Policy Manager Console. Please refer to the screenshot below where to add the HTTP Proxy address. If the HTTP Proxy is not an option for you, you can switch OFF security cloud in the settings, as currently the connection to Security Cloud is blocked.  You may find more information about the Security Cloud here. Article no: 000017219
View full article
Issue: After updating to Server Security Premium 14.00, a group of Servers are not getting Virus Definitions After upgrading to Client Security 14.10, Clients are not getting updates from Policy Manager Server Resolution: You can apply the hotfix FSCS1410-HF07 to resolve the problem. If the problem persists, make you are experiencing the same problem, by opening the following logs from affected Client and investigate them. Logs are usually located in the following path: C:\ProgramData\F-Secure  Open the C:\ProgramData\F-Secure\Log\AUA.log and scroll down to the latest event to see if you have a similar error: 2019-09-23 15:17:09.502 [0e50.1388] I: Connecting to updateserver:80/guts2 (proxy proxy.demo.com:8888) 2019-09-23 15:17:09.517 [0e50.1388] I: Update check failed, error=115 (operation in progress) Open the C:\ProgramData\F-Secure\Log\CCF\Guts2Plugin.log  and scroll down to the latest event to see if you have a similar error: 2019-10-01 09:54:30.351 [1284.1258] I: Guts2Client::UpdateCurrentProxyForRootServer: Save successful proxy 'proxy.demo.com:8888' 2019-10-01 09:54:30.352 [1284.1258] I: Guts2Client::CheckForUpdatesFromServer: Check from server 'fsms:80/guts2' 2019-10-01 09:54:30.365 [1284.1258] I: Guts2Client::RefreshAvailablePackages: Trying with proxy 'proxy.demo.com:8888' 2019-10-01 09:54:30.581 [1284.1258] I: [fslib] server returned HTTP status code 503 (try again later) 2019-10-01 09:54:30.581 [1284.1258] *E: [fslib] unable to fetch update information from the server, error 115 (operation in progress) 2019-10-01 09:54:30.581 [1284.1258] I: Guts2Client::RefreshAvailablePackagesProxyConfigured: Failed to refresh available packages, error=115 2019-10-01 09:54:30.581 [1284.1258] *E: Guts2Client::CheckForUpdatesFromServer: Failed to refresh available updates list 2019-10-01 09:54:30.587 [1284.1258] I: CCFGuts2Plugin::ScheduleCheck: Scheduling next check in 156 seconds As you can see, proxy.demo.com:8888' can answer 503 without forwarding a request to the Policy Manager Server/guts2 server. In this case, you could troubleshoot the HTTP-Proxy by checking the following: Retry the URL from the address bar again by clicking the reload/refresh button, or pressing F5 or Ctrl+R. Restart your router and/or your device, especially if you're seeing the "Service Unavailable - DNS Failure" error. As an option, you could disable the HTTP proxy for AUA, to see if the connection issue is caused by AUA. You can do this from the Policy Manager Console: 3.1  Under the F-Secure Automatic Updates Agent > HTTP  Settings > Use HTTP Proxy and set it to No. Deploy the policy.  If the changes you made now worked, make sure to enable your HTTP-Proxy to updateserver:80 (:443) Note:  When upgrading from Client Security 13.xx series: GUTS2 updates were already available, so the behavior didn't change  When upgrading from  Client Security 12.10-12.3x: Everything in the Client Security > Policy Manager communication was changed. If you are upgrading from 12.00 or older - also the protocol was changed from HTTP to HTTPS (but guts2 are still downloaded via HTTP). In the event that a proxy is/must be used ensure that no filtering for port 443 is enabled. Client Security 13.x already used GUTS2, where 503 was the "good answer", which means they would come back later, and that didn't cause fallback to the Internet.   Article no: 000015249
View full article
Issue: The symptoms include clients are unable to download updates from the Policy Manager Server clients are unable to upload status information to the Policy Manager Server and will eventually show up in Policy Manager Console as disconnected hosts However, clients might still be able to download updates because in the default configuration, fallback to F-Secure update servers is allowed. A couple of logfiles on the endpoont help to establish, if the client is having a connection problem due to the firewall blocking access on the server. Examples are for Client Security 14 but also apply for Server Security 14 and later. Policy Manager Server here is pms.acme.com listening on default ports 80 and 443. C:\ProgramData\F-Secure\Log\AUA\Aua.log 2019-10-02 12:07:25.311 [15d4.1d50]  I: Connecting to pms.acme.com:80/guts22019-10-02 12:07:46.349 [15d4.1d50]  I: Update check failed, error=110 (connection timed out) Same is also visible in this logfile: 2019-10-02 12:17:37.502 [15d4.1d68]  I: UpdatablePmCertVerifier::RenewCertificates: Renewing certificates from pms.acme.com:443 with HTTP proxy ''2019-10-02 12:17:58.535 [15d4.1d68] *E: UpdatablePmCertVerifier::RenewCertificates: Failed to download certificate bodies (FsHttpRequest::Error_Timeout, AsyncSendRequest failed: 12002)2019-10-02 12:18:07.536 [15d4.1d68]  I: UpdatablePmCertVerifier::RenewCertificates: Renewing certificates from pms.acme.com:443 with HTTP proxy '' Error 12002 translates to  12002 ERROR_INTERNET_TIMEOUT The request has timed out. Resolution: Server Security 14 uses the Windows Firewall. It is likely that the ports that the HTTP and HTTPS services are using are blocked in the firewall on the server where Policy Manager Server is installed in. This would cause the clients to be unable to be in contact with the Policy Manager Server.   To resolve the issue, create a firewall rule allowing inbound HTTP and HTTPS traffic to the server where Policy Manager Server is installed.  You can find instructions how to create firewall rules in Policy Manager 14 in this guide. Things to consider: Make sure, the firewall rule is enabled. This is the first checkbox in the Firewall rules table. Make sure, the Server profile containing the rule is assigned as the "Server host profile". In the example below, the profile is called Server (cloned). The other rules in the profiles in this screenshot are also activated but this is is not needed to meet client Policy Manager Server communication requirements. As this particular rule is only required for the server host running Policy Manager Server, we have selected the server before making the change (the server called here DC1-PETERF)   Article no: 000016843
View full article
F-Secure has released a new generation engine for one of our core scanning engines, which, at F-Secure, we call Capricorn. The engine change brings...
View full article
This article applies to Client Security 14.x and later Server Security 14.x and later
View full article
Issue: FSMAUTIL is no longer available for F-Secure Server Security/Client Security 14.x, how to reset the host UID? Resolution: In F-Secure Server Security/Client Security 14.x, there is a new tool introduced called resetuid.exe to reset the host identity. This tool will replace FSMAUTIL (F-Secure Management Agent Utility) for both the products. The tool can be found in C:\Program Files (x86)\F-Secure\Client Security\BusinessSuite\ (Client Security 14.x) or  C:\Program Files (x86)\F-Secure\Server Security\BusinessSuite (Server Security 14.x). Usage: RESETUID SHOWUID  Shows the host Unique Identity currently in use. RESETUID RESETUID {SMBIOSGUID | RANDOMGUID | WINS | MAC} [APPLYNOW] Schedules regeneration of the host Unique Identity using one of the specified methods: SMBIOSGUID        - uses SMBIOS GUID RANDOMGUID      - uses randomly generated GUID WINS                      - uses WINS (NetBIOS) name MAC                       - uses MAC (ethernet card) address APPLYNOW           - If the product is running, requests to apply new Unique Identity immediately. Otherwise, it is applied to the next start of the product. Article no: 000008416
View full article
Issue: When a Citrix application is published for end users, traces of the server's F-Secure Server Security session also follows. Visible effects are: when the user logs off the Citrix session, the F-Secure process fshoster32.exe remains running an F-Secure system tray icon becomes visible on the end-user's desktop performance degradation due to many fshoster32.exe processes running.  When the user's fshoster32.exe process is ended manually on the Citrix side, the icon disappears and the user's session closes. Resolution: For more information about this situation and a suggested registry change that can be used to end processes together with the main executable, read the following Citrix knowledge base article: Graceful Logoff from a Published Application Renders the Session in Active State. The following registry key has been confirmed by customers: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\TWI Value Name:LogoffCheckSysModules Type:REG_SZ String:fshoster32.exe Make sure to familiarize yourself with the information from Citrix before making any changes to your environment. Also, confirm with a small scale test before pushing changes to production. Article no: 000015484
View full article
Issue: Carbonblack sensor and Server Security causing BSOD during reboot Resolution: When both products, Server Security and CarbonBlack sensor, are installed on the same server, BSOD occurs on every reboot. The problem is related to Windows Firewall. Existence of our drivers/services increases the chance of an MS bug to appear. Possibly our services issue some specific network requests, which cause memory corruption in the Windows firewall engine (memory corruption goes very deep into MS code of the firewall). This is an essential bug in the MS engine (possibly even a security vulnerability if such memory corruption could be made on request). This has been already reported to Microsoft.  The workaround/solution is to stop MS firewall before reboot or try to relax/change firewall rules on the server. More information about Carbon Black: https://www.carbonblack.com/ Article no: 000016167
View full article