Business Suite

Sort by:
Issue: Malware.ACAD/HighLight.C and Malware.ACAD/Burste.K detected infecting Autocad related files with extension .fas and .lsp F-Secure Antivirus is able to detect, but unable to remove the malware.  Resolution: These files need to be removed manually as per official article from Autocad :- https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/How-to-remove-fas-and-lsp-virus-from-a-server.html Article no: 000019918
View full article
Issue: After upgrading to F-Secure Email and Server Security 14.00 stripped attachments are not quarantined Quarantine folder is empty and nothing to query Items can not be deleted from Quarantine, action fails  Resolution: Make sure you have correct permissions set locally on the target server The "Microsoft Exchange Transport" service runs under "NETWORK SERVICE". Therefore, "NETWORK SERVICE" should have read / execute rights to FQM.EXE and FqmAssembly.dll. These rights should be set during installation for the F-Secure folder "C:\Program Files (x86)\F-Secure". 1. Open F-Secure Email and Server Security console and navigate to Email Quarantine Click on option and Test database connection to verify if SQL server is accessible. If not, please follow the next troubleshooting steps. 2. Open SQL management studio and troubleshoot the following: instance is running Mixed authentication mode is enabled db is existing FQM user have rights to write in db (db owner, db creator security admin) 3. Open Windows Explorer from target server and make sure that FQM service is be running under Local System account   Check permissions locally: "Microsoft Exchange Transport" service and hence our Transport Agent are running under "NETWORK SERVICE" "NETWORK SERVICE" should have read/execute rights on "...Anti-Virus For Microsoft Services/" folder  C:\ProgramData\F-Secure\EssTemp\" folder rights:  'LocalSystem' - FULL  'administrators' - FULL "NETWORK SERVICE" - read/write/delete     C:\ProgramData\F-Secure\EssLimited\ folder rights:     'LocalSystem' - FULL     'administrators' - FULL     'NETWORK SERVICE' - read/delete  Quarantine folder:     C:\ProgramData\F-Secure\EssQuarantine\ folder  permissions:     'LocalSystem' - FULL     'administrators' - FULL Check permissions for network share if centralized mode used: FQM account (SYSTEM by default) should have 'read'/'write'/'change' access rights to remote centralized quarantine (share & folder security tabs). "Exchange Servers" or specific Exchange computers/hosts should have 'read'/'write'/'delete' access rights on "Security" and "share" pages Article no: 000019827
View full article
This article provides information on how to exclude files from real-time scanning in F-Secure Anti-virus products using wildcard characters.
View full article
This article provides information on how to exclude files from manual scanning in F-Secure Anti-virus products using wildcard characters.
View full article
Issue: I have upgraded Policy Manager to the latest 14.30 but I am unable to download the installer for both Java update 212 and 231 using the download package link given in the Software Updater Manual Downloads window. I receive the following error while opening the download package link after logging on with Oracle credentials: Resolution: A fix has been released on the automatic update channel to fix the Download Package link for Java update 231. We do not plan to fix the Download Package link for Java update 212. Java update 212 is the last non-security update for Java and indirectly superseded by Java update 231. We strongly recommend to always upgrade to the latest version available, in this case Java update 231. Java update 212 shall no longer show up as missing update once the latest Java update is installed. Article no: 000018819
View full article
Issue: An F-Secure Email and Server Security 12.12 is sending the following alerts to Policy Manager Alerts list: Product: F-Secure Anti-Virus for Microsoft Exchange (OID: 1.3.6.1.4.1.2213.20) Severity: error (3) Message: The policy variable 1.3.6.1.4.1.2213.20.2.21.40.45 (Number of Grayware Messages) could not be set due to error: Policy API error -2080374783. Unknown error. Product: F-Secure Anti-Virus for Microsoft Exchange (OID: 1.3.6.1.4.1.2213.20) Severity: error (3) Message: The policy variable 1.3.6.1.4.1.2213.20.2.21.40.40 (Number of Medium Virus Risk Messages) could not be set due to error: Policy API error -2080374783. Unknown error. Resolution: These errors can appear due to temporary performance related issues on the Exchange server. The product was not able to read or write status information resulting to an alert being sent to the Policy Manager. If you receive similar error from time to time, you do not need to do anything since the product is able to recover itself in such situation.  With the default alerting settings, alerts which have the severity as "Error (3)" do not get sent to the Policy Manager alerts list since the product is able to recover itself without any user interaction.  Article no: 000019602
View full article
Issue: I've Installed  F-Secure Email and Server Security but Windows Defender Real-time Protection is still on. Should I deactivate this when I'm using the F-Secure product? Resolution: Yes, Windows Defender should be deactivated when using F-Secure Email and Server Security. Multiple Anti-Virus products running at the same time may cause conflicts. On Windows Server 2016/2019, Windows Defender will not enter passive or disabled mode if you install a third-party antivirus. After installing a third-party antivirus you should uninstall Windows Defender AV on Windows Server 2016 to prevent problems caused by having multiple antivirus products installed on a machine. Article no: 000002236
View full article
Issue: Where do you change the settings about alerts and when virus definition updates are considered outdated (old)? Resolution: Note: This feature has not yet been implemented in Client Security version 14.x or Server Security 14.x. Client Security 13.x and Server Security 12.x support this feature.  In order to change these parameters, do the following:  Log in to your Policy Manager Console Select the Policy domain   or Host   /   where you want to edit the policy on Go to Settings / Advanced view Choose F-Secure Anti-Virus  Click Settings Choose Virus Definitions Updates In oder to receive alerts, set Alert Administrator when Virus Definitions Are Old as activated  Set the Number of Days for Virus Definitions to Become Old Distribute the policy  Article no: 000005209
View full article
Issue: I have installed F-Secure Client Security 14.x and the host is unable to communicate with Policy Manager to download updates. I have re-installed F-Secure Client Security in the host and the issue persists. Resolution: This  issue is related to missing F-Secure Ultralight services. Proceed to verify if the following F-Secure services are running in services.msc: F-Secure Device Control F-Secure Hoster F-Secure Hoster (Restricted) F-Secure Ultralight Hoster F-Secure Ultralight Network Hoster F-Secure Ultralight ORSP Client F-Secure Ultralight Protected Hoster If F-Secure Utralight services are missing from the list, the issue is most likely due to the Ultralight not installed properly because of the older version of Client Security. Run the F-Secure uninstallation tool to clean up what was left from the previous installation. Next, remove F-Secure folders and files from Program Files and ProgramData including the F-Secure registry entries from the Registry Editor: HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows - 32bit HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Data Fellows - 64bit Once the uninstallation process completes, proceed to re-install F-Secure Client Security 14.10 on the host to resolve the issue.   Article no: 000019644
View full article
Issue: F-Secure Client Security v14.10 MSI installation fails and shows the error message: Error 1335. The cabinet file '_DBEE06267B6C806BE1ED16F60A63E29E' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package. Resolution: This error is shown due to corruption of the MSI package when it was exported from the Policy Manager. You need to export a new MSI package from the Policy Manager server and run the installation once again using the new MSI installer.   Article no: 000019642
View full article
Issue: Where can I get the license key to use for the latest Email and Server Security version? Resolution: You can contact your reseller or your F-Secure sales contact, depending on how you ordered the product. They can deliver an updated license certificate to you.  Take note that license keys are valid within the major versions they are linked to. For example Server Security 14 license key is valid for versions 14, 14.02,14.10 and so on. Article no: 000019305
View full article
Issue: When an infection is found on the terminal server installed with F-Secure Server Security 14.x, alerts are not displaying in logical user interface (LUI) Resolution: The root cause is due to some settings in the Windows system which prevent F-Secure notification flyers from being shown, it will be best to start checking from Start > Settings > System > Notifications & actions. Refer to the screenshot below: The fs_toaster.log has the following entry related to the reported issue: 2019-12-11 09:45:41.172 [1898.259c] *E: ToasterInternal::CreateManager: Failed to create Toast manager, Error:803E0105 2019-12-11 11:32:05.445 [1898.034c] *E: ToasterInternal::OnToastFailed: error: 803E0111 Note: The error 803E0105 is "The notification platform is unavailable" The error 803E0111 is "Settings prevent the notification from being delivered" Article no: 000018822
View full article
Issue: Solarwind script unable to receive WMI Queries from Namespace "root\SecurityCenter" or "root\SecurityCenter2" after upgrading from F-Secure Server Security 12.xx to 14.xx. With F-Secure Server Security 12.xx the queries work.   Resolution: The namespace "root\SecurityCenter" is available on Windows client systems of version Windows XP and below. The namespace "root\SecurityCenter*2*" is available starting from Windows Vista and above. Neither "root\SecurityCenter" nor "root\SecurityCenter*2*" is available on Windows server systems. Both namespaces belong to Microsoft and are not documented by them. That means no one can reliably use (read/write to) them except Microsoft's products. F-Secure products never read or write to "root\SecurityCenter" or "root\SecurityCenter*2*" directly and thus don't guarantee anything about the contents of these namespaces. The F-Secure product register itself in the system and Windows client (not server) systems reflect this information in "root\SecurityCenter" and "root\SecurityCenter*2*" (depending on Windows version) namespace. Why F-Secure Server Security is available via "root\SecurityCenter" then? This happens because a third-party product (Solarwinds client) creates and fills this namespace on Windows server systems.      To resolve the issue:  Use the namespace "root\fsecure". The namespace belongs to F-Secure and therefore is supported by F-Secure. F-Secure is unable to make guarantees when using other namespace to run WMI queries on F-Secure products.     Article no: 000019431
View full article
Issue: I have a syslog server, how can I forward alerts from F-Secure Policy Manager Server? Resolution: You can set Policy Manager to forward alerts to a third-party syslog server. Currently, both TCP and UDP transport protocols are supported. To configure syslog alert forwarding: Select Tools > Server configuration from the menu. Click Syslog. Select Forward alerts to syslog and enter the server address. By default, alerts are forwarded to syslog using UDP port number 514. If you want to use a different port, enter the port number after the server address, for example, test.com:8080. Select the message format. Both Syslog (RFC 3614) and Common Event Format messages are supported. Click OK. Next to configure Syslog alert forwarding: Launch Policy Manager Console Select Settings tab Switch to Advance View Under F-Secure Management Agent, select Settings Select Alerting > Alert Forwarding Select System logger, syslog checkbox Article no: 000002577
View full article
Issue: When trying to deploy F-Secure Client Security or Server Security installation from the Policy Manager Console via Push Installation method , user receives error code 5. Resolution: Error code 5 means that the host was reachable, but the  access from the instructing system / account was denied. Verify these points, to ensure the push installation can be instructed and executed on the remote host: The installation account has appropriate permission on the host (has to be local or domain administrator) Enable the remote registry service on the host: Control Panel -> Administrative Tools -> Services -> Remote registry Administrator share is enabled on the target host (this share is utilized by the push installation procedure) Both Policy Manager Server and workstation are on the same network Certain inbound traffic needs to be allowed to the host, such as RPC (TCP 135 Port), NetBios (137-139)  and SMB (TCP 445 port) In case the target host is running on Windows 8 or newer, the following registry should be set on the remote host to enable access to the admin share [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "LocalAccountTokenFilterPolicy"=dword:00000001 Article no: 000002086
View full article
Issue: Windows Management Instrumentation (WMI) Integration with F-Secure Policy Manager for Windows Resolution: F-Secure Policy Manager supports Windows Management Instrumentation (WMI) Integration. Policy Manager 13.xx Refer to the F-Secure Policy Manager admin guide Chapter 18, page 113 for more information. Policy Manager 14.xx Refer to the F-Secure Policy Manager admin guide Chapter 10, page 97 for more information. Instructions on how to obtain properties via WMI: For PSB, check the following link: https://help.f-secure.com/product.html#business/psb-portal/latest/en/task_D863946C3247471F948CD82785CC1A3A-psb-portal-latest-en For Business Suite, check the following link: https://help.f-secure.com/product.html#business/policy-manager/14.20/en/concept_E55FFF0187A54B79B30637C7983BDCC8-14.20-en Article no: 000002821
View full article
Issue: How does the Protect the hosts file security feature work with F-Secure Client Security 14 on a Windows host?  What happens to an already modified hosts file when F-Secure Client Security is installed?  Resolution: The Protect the Hosts file security feature monitors if there have been any changes made to the hosts file in a Windows system. If the feature detects a non-default hosts file, it will alert of a redirected hosts file and replace it with a hosts file with the following content: # # Copyright (c) 2007 F-Secure Corporation  #  # This is a HOSTS file created during malware removal.  # # Your original HOSTS file was infected and it was replaced  # by this file containing only clean default entries.  # The original HOSTS file may be restored from the product's # quarantine feature. # 127.0.0.1    localhost ::1            localhost If a hosts file has been modified before the installation of F-Secure Client Security, the modified hosts file will be detected during the first system scan. If the hosts file is modified during a time when the Protect the hosts file feature has been disabled, the modified hosts file will be detected when the feature is turned back on.  Follow these steps to turn off the Protect the hosts file feature: Log in to Policy Manager Console Select the policy domain or host from the Domain Tree Go to the Settings tab and select Advanced view  Navigate to: F-Secure Anti-Spyware > Settings > Anti-Spyware Scanner > Real-Time Scanning > Real-Time Scanning Options > Protect the "hosts" File  Disable the setting  Distribute the policy (Ctrl + D) Article no: 000019105
View full article
Issue: How to create an Application control rule in F-Secure Policy Manager Console which blocks an application? What 'condition' should be used for example to block Microsoft Office using Application Control? Resolution: The F-Secure Application Control feature is included in F-Secure Client Security 14 Premium and newer versions.  Follow the example below to block Microsoft Office using Application Control: Log in to Policy Manager Console Select a Policy domain or host from from the Domain Tree Go to the Settings tab Go to Application control Click 'Add Rule' Conditions: Event : Run Application Action : Block Target product name : Contains Microsoft Office Article no: 000017426
View full article
Issue: When Web traffic scanning feature is enabled, some web applications and URLs are inaccessible or there are connectivity or performance issues. Java-based applications unable to connect to an internal server or there are connectivity issues. Issue started after client received the F-Secure Online Safety 2019-11-19_01 update. Resolution: Make sure ORSP Service (F-Secure Security Cloud) is enabled. You may find more information about the Security Cloud here        How to enable ORSP via Policy Manager console: Log in to Policy Manager Console Select the host or domain from the Domain Tree Go to the Settings tab (Advanced view) Navigate to F-Secure Security Cloud Client > Settings Enable Allow deeper analysis and Client is enabled Distribute the policy (Ctrl+D)        You can ping the ORSP Service on your local client and see if its reachable:  orsp.f-secure.com         From Web Browser  Open   http://orsp.f-secure.com/getc  and browser must be able to download the certificate file from the URL. If it is reporting an error or the browser hangs for several minutes, then there is a problem.       Connectivity to DOORMAN service: Open  https://doorman.sc.fsapi.com/doorman/v1/healthcheck  and the browser must reply 'OK'       You might have to check your firewall settings and allow *.f-secure.com and *.fsapi.com. More about URL addresses for F-Secure update services          can be found here.       Note: If ORSP is turned off, this means that our security cloud client can not access our remote services. This is the root cause of the                                        slowness/hangs/interoperability etc. You can add the server address as trusted. This will exclude the server from Web Traffic Scanning.        How to add the server address as trusted differs between F-Secure Client Security versions:        For F-Secure Client Security 13.x: Log in to F-Secure Policy Manager Console Select the host or domain from the Domain Tree Go to the Settings tab and select Advanced view Navigate to F-Secure Anti-Virus -> Settings -> Settings for Web Traffic Scanning -> Trusted Servers Click Add and enter the server address  Distribute the policy (Ctrl+D)       With Client Security 13.x clients the address needs to have the /* wildcard added after the server address, for example: http://193.110.109.55/* http://sql-server-2008:8080/* SAMPLESERVER:8080/*        For F-Secure Client Security 14.x: Log in to F-Secure Policy Manager Console Select the host or domain from the Domain Tree Go to the Settings tab and select Standard view Go to the Web content control page Click Add on the right side of the Trusted sites list Enter the server address in the Address column Distribute the policy (Ctrl+D)        With Client Security 14.x clients no wildcard is needed in the address, for example: http://193.110.109.55 http://sql-server-2008:8080 SAMPLESERVER:8080        If the steps above did not solve your problem, please try to disable Botnet Blocker and/or DeepGuard        How to disable Botnet blocker: Log in to F-Secure Policy Manager Console Select the host or domain from the Domain Tree Go to the Settings tab and select Standard view Navigate to Web traffic scanning and select Botnet Blocker Set the DNS query filtering to Allow all queries Distribute the policy (Ctrl+D) Article no: 000004728
View full article
Issue: How to upgrade F-Secure Policy Manager to a newer version on a Windows Server? Resolution: Database maintenance is automatically started as part of any Policy Manager upgrade or re-installation to ensure that the database structure is compatible with the latest version. The maintenance tool creates a backup of your database, after which it verifies the database integrity and then applies the updated schema to the contents of the database. It also cleans up any invalid data to optimize the size and performance of the database. To upgrade from a previous version of F-Secure Policy Manager, we recommend that you first back up your existing Policy Manager data: Create a full backup of the Policy Manager data (H2 database, preferences and other files). The backups are stored in the <F-Secure installation folder>\Management Server 5\data\backup folder. For more information about how to do a full backup, consult Policy Manager Administrator Guide. Download the newest F-Secure Policy Manager installation file from the downloads page Run the F-Secure Policy Manager setup on a computer that has the Policy Manager components installed The Policy Manager setup recommends that you upgrade the components that are installed on the computer. Continue with the default options to upgrade the installed components while keeping the existing configuration Article no: 000010751
View full article
Issue: I have accidentally upgraded my F-Secure Email and Server Security Premium 12.12 to F-Secure Server Security Premium 14.00, can I roll back? Resolution: F-Secure Email and Server Security and F-Secure Server Security are considered two different products since Email And Server Security includes the Content Scanner Server module, and thus you cannot revert back to the previous product without an uninstallation. Proceed to uninstall the current F-Secure Server Security Premium 14.00 in the server and proceed to install F-Secure Email and Server Security Premium 12.12 locally in the server. Since it is considered as first time installation again, you would need to install F-Secure Email and Server Security Premium 12.12 locally using the .exe installer instead of push installation via Policy Manager or MSI installation package. Article no: 000018569
View full article
Issue: I noticed Email and Server Security 14.00 installed in my Microsoft Exchange 2016 server is not filtering emails after I upgraded my Policy Manager 14.30 beta to the final version Resolution: This is related to the policy issue when you perform an upgrade from Policy Manager version 14.30 beta to the final release version. The following errors are visible in the transportAgent.log: 2019-12-12 11:38:47.853 [53bc.0019] *E: FSecure.AntiVirus.Exchange.Transport.CosmosSupport: GetSettings Failed Newtonsoft.Json.JsonReaderException: Could not convert string to boolean: security. Path 'transport_protection.inbound.archive_processing.notify_administrator', line 1, position 14061. To fix this, you need to clear the setting "Notify administrator" shown in the attached screenshot below and distribute the policy. Article no: 000018854
View full article
Issue: Policy Manager Server is rejecting Policy Manager Console connections from a remote host.  When trying to connect to Policy Manager Server running on Linux using a Windows machine, the following error is displayed: "Cannot connect to server 172.16.0.6:8080. Check that the host name and port number are correct. Port number 8080 is used by default". When checking netstat output on a Windows server running the Policy Manager Server, the administration module (default port 8080) is listening on Local address 127.0.0.1 Resolution: By default F-Secure Policy Manager Server is set up to only accept connections from localhost. Follow the steps below to allow remote connections and then test the connectivity from the remote Policy Manager Console. If Policy Manager Server is installed on a Windows OS: Stop F-Secure Policy Manager Server services Open registry Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Data Fellows\F-Secure\Management Server 5 Edit the value of [REG_DWORD] RestrictLocalhost to 0 Start F-Secure Policy Manager Server services If Policy Manager Server is installed on a Linux OS:  Stop the Policy Manager Server daemon (/etc/init.d/fspms stop) Open the file /etc/opt/f-secure/fspms/fspms.conf Check the line adminExtensionLocalhostRestricted value and make sure the value is set to false Save the file and restart the Policy Manager Server daemon (/etc/init.d/fspms restart) Once Policy Manager Server service has restarted, try to login from the remote Policy Manager Console. Please do check our other F-Secure Community KB article as well. Article no: 000001368
View full article
Issue: Issues are appearing on isolated Client Security 14 hosts after performing offline malware definition updates (as documented here) Malware scan won't start. It is waiting for malware definition updates to install List of updates is showing Aquarius as Not installed Resolution: The offline updates package needs to be prepared from a Policy Manager Server running the same major version as the client software. If a package for a 14-series client is prepared using a 13-series Policy Manager, there will be update packages missing which will result in these issues.  To resolve, update the Policy Manager Server to the latest version and repeat the update process on the client(s). Article no: 000018917
View full article
Issue: Is it possible to choose a custom location (installation path) for the F-Secure Client Security installation on a Windows or Mac host?   Resolution: It is not possible to change the installation directory of F-Secure Client Security. Article no: 000018950
View full article
Issue: After uninstalling F-Secure Server Security 12.12 on a Windows Server 2016 Operating System, the product F-Secure Server Security is still shown in the Apps & Features list Product sttatus is shown as Unavailable Product cannot be removed from the list since the Uninstall and Modify buttons are greyed out Running the F-Secure Uninstallation Tool does not remove the product from the Apps & Features list Product is not shown on the Programs and features list Resolution: This issue is only visual and does not affect any new installations of the product. You can remove the product from the list by manually removing the F-Secure Product 1001 registry key by following these steps: Open Windows Registry editor Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall Right click on F-Secure Product 1001 registry key Select Delete Article no: 000018904
View full article
Issue: Is there a way to block users from accessing or running a specific file with Business Suite products such as F-Secure Client Security and Server Security? Can you for example block C:\Temp\temp.do or even the F-Secure Uninstallation Tool? Resolution: Email and Server Security 14.00 introduces the 'File access' event type to the Application control feature. This lifts the Application control feature to the next level - from controlling events like starting processes, loading DLLs and running installers to blocking access to any file. Note: The 'File access' event type is not currently supported by F-Secure Client Security 14.10 and Server Security 14.00. The next versions of these products will add this feature. With the help of F-Secure Application Control file access rules, the admin can block the distribution and execution of a certain file in their environment. When creating the rule, providing only a file hash as a rule condition is enough but may result in performance degradation, because of the need to calculate new digests, especially for big files. To optimize rule performance it is recommended to supply a file size as an extra condition for file access rules. Log in to Policy Manager Console Select the host or domain from the Domain Tree Go to the Settings tab Go to the Application control page Click Clone to create a custom profile which can be edited Set the newly created profile as the Host profile  Click Add rule Set Event as File access  Set Action as Block  Add condition: Target SHA1 - Equals - <file SHA1> Add condition: Target size - Equals - <file size> Click OK to save the rule Distribute the policy (Ctrl + D) Note: To be able to add the target size condition, you need to have F-Secure Policy Manager 14.30 This screenshot shows an example how to configure this in Policy Manager Console. This blocks users from launching a "bad" PDF file containing an exploit. Article no: 000001830
View full article
Issue: When installing F-Secure Policy Manager 14.x, user receives the following error after clicking Next on the Configure ports page: Error: "The Host Module HTTPS port number specified is already in use."   Resolution: If the port you have chosen for F-Secure Policy Manager communication is in use by other services (e.g Microsoft webserver), thus causing a conflict, you can solve the issue by changing the port F-Secure Policy Manager will use or by deactivating the service causing the conflict or changing the port that service is using.    Article no: 000018483
View full article
Issue: Universal CRT is not installed therefore Client Security 14.x/Server Security 14.00 installation fails. In Policy Manger Console, push installations result in the status error message: "Installation failed. MSI error code is 1603." The following error can be seen in Windows Application Event Logs: "Product: F-Secure Client Security [Premium] 14.XX/F-Secure Server Security [Premium] 14.XX -- Universal CRT is not installed" Resolution: The latest version of Client Security 14.x and Server Security 14.00 require Windows Universal C Runtime to be installed on the system. Download and install Windows Universal C Runtime from the link here before installing F-Secure Client Security 14.x or Server Security 14.x.   Article no: 000008994
View full article
Issue: Does F-Secure Policy Manager create and maintain an audit log for user and admin activity? For example for these events: User login / logoff Host deletion  / add / rename events Policy sub-domain deletion / add / rename events  Change of policy settings Resolution: The F-Secure Policy Manager server logs can be found in the following folder: C:\Program Files (x86)\F-Secure\Management Server 5\logs The user login actions are not recorded, but there are 2 logs that record actions made by the users while logged in to the console. Changes made to policy settings: fspms-policy-audit.logs Changes made to the Policy domain computers/servers or specifically changes made to the policy domain structure: fspms-domain-tree-audit.logs Q: How to find out who deleted a policy sub-domain in Policy Manage Console? A: This information is available in the fspms-domain-tree-audit.logs. Below is an example, where a sub-domain called test was added and immediately deleted. 05.12.2019 09:44:17,785 INFO [audit.domainTree] - User 'admin' added domain test (id=76) to domain Root (id=1) 05.12.2019 09:44:23,615 INFO [audit.domainTree] - User 'admin' deleted domain test (id=76)   Article no: 000007129
View full article
Issue: Sub admins imported via active directory gets the error "No existing transaction found for transaction marked with propagation 'mandatory'. To get back to the Web Reporting main page click here" when they select any host on their domain structure in Policy Manager 14.20 Web Reporting. Resolution: A hotfix has been created that will resolve the issue. The fix will be included in the upcoming F-Secure Policy Manager 14.30 version. Contact F-Secure Customer Service here to obtain the hotfix. Once you have obtained the hotfix, follow these steps to install the hotfix: For Policy Manager Windows: Extract the file somewhere in the server (e.g. Desktop) Exit the Policy Manager Console Launch command prompt as administrator To stop Policy Manager Server services, type the following below and hit enter: net stop fsms Copy and replace the fixed fspms-webapp-1-SNAPSHOT.jar in <Policy Manager Server installation folder>\F-Secure\Management Server 5\lib Start Policy Manager Server services by typing the following below in the elevated command prompt and hit enter: net start fsms For Policy Manager Linux: Stop the F-Secure Policy Manager Server services by executing the following command: # /etc/init.d/fspms stop Copy the fix to the folder /opt/f-secure/fspms/lib Start the F-Secure Policy Manager Server services by the typing the following command below and hit enter: # /etc/init.d/fspms restart Article no: 000013564
View full article
Issue: Message: Scanning 'message' by F-Secure Spam Scanner was unsuccessful. Reason: SSL certificate issue: X.509 error value Host: <example> (192.168.101.150, fe80::5c55:4250:d46d:3d83%10) Computer name: EX-EXCH01 User account: EXAMPLE\EX Product: F-Secure Content Scanner Server (OID: 1.3.6.1.4.1.2213.18) Severity: error (3) Message: Scanning 'message' by F-Secure Spam Scanner was unsuccessful. Reason: SSL certificate issue: X.509 error value. 56 similar errors occurred in last 10 minutes.   Resolution: F-Secure Spam Scanner connects to the detection center address https://aspam.sp.f-secure.com/ which has an Amazon certificate that expires on Tuesday, June 30, 2020. Ensure that you have trusted this certificate. You may also try running Windows Update to install the latest updates and certificates. The F-Secure Spam Scanner needs to be able to query aspam.sp.f-secure.com in order for it to work. It's hosted in the Amazon Web Services (AWS) Cloud and as a result does not have a static range of IP addresses.  Verify that you are able to access the following URL: https://aspam.sp.f-secure.com/bdnc/config Open the browser on the host where you have installed  F-Secure Email and Server Security and enter https://aspam.sp.f-secure.com/bdnc/config. You should get the following response: {"benchmarkInterval":3600,"benchmark":1,"servers":["aspam.sp.f-secure.com"],"statsInterval":1800,"enforceSSL":true,"benchmarkThreshold":5,"disableThreshold":10} If you do not get a similar response as above, verify that *.f-secure.com and *.fsapi.com are allowed in your firewall  If you require a proxy to connect to this address with your browser, then the anti-spam engine needs to be configured to use the same proxy. How to setup proxy server locally from your F-Secure Email and Server Security: Open the F-Secure Email and Server Security Web Console and navigate to Settings  Expand the Setting and under Engines expand the Use proxy server Activate it by moving the use proxy icon and provide the proxy server information Article no: 000017979
View full article
Issue: How to check what versions of virus definitions are currently installed on F-Secure Client Security 14 or Server Security 14 with the Windows Command line? Resolution: Follow these steps to run the fs_oneclient_info tool to print out product information sheet: 1. Open the Command Prompt (cmd) as an Administrator 2. Depending on the product, navigate to: Server Security 14: C:\Program Files (x86)\F-Secure\Server Security Client Security 14: C:\Program Files (x86)\F-Secure\Client Security 3. Run command: fs_oneclient_info.exe This will print the following statuses: License status: license validity and expiration date Update status: Update server info, last update date and list of latest installed updates Setting status   Article no: 000018421
View full article
Issue: Our current license certificate does not contain the most recent subscription information or license keys. How can I get an updated license certificate which includes the license keycodes required for when installing or updating to the newest product versions?  Resolution: To get a new license certificate, proceed to contact your local reseller or F-Secure sales contact. If you are uncertain of who this contact is, kindly create a support ticket here. Article no: 000001527
View full article
Issue: FSMAUTIL is no longer available for F-Secure Server Security/Client Security 14.x, how do I reset the host UID? Resolution: In F-Secure Server Security/Client Security 14.x, there is a new tool introduced called resetuid.exe to reset the host identity. This tool will replace FSMAUTIL (F-Secure Management Agent Utility) for both the products. The tool can be found in C:\Program Files (x86)\F-Secure\Client Security\BusinessSuite\ (Client Security 14.x) or  C:\Program Files (x86)\F-Secure\Server Security\BusinessSuite (Server Security 14.x). Check the Help page for the procedure. Usage: RESETUID SHOWUID  Shows the host Unique Identity currently in use. RESETUID RESETUID {SMBIOSGUID | RANDOMGUID | WINS | MAC} [APPLYNOW] Schedules regeneration of the host Unique Identity using one of the specified methods: SMBIOSGUID        - uses SMBIOS GUID RANDOMGUID      - uses randomly generated GUID WINS                      - uses WINS (NetBIOS) name MAC                       - uses MAC (ethernet card) address APPLYNOW           - If the product is running, requests to apply new Unique Identity immediately. Otherwise, it is applied to the next start of the product. Article no: 000008416
View full article
Issue: Error or issue related to F-Secure components (e.g. Gatekeeper, Firewall, Network Interceptor Framework, Internet Shield) and more advanced debug logs are required to investigate the issue. How to enable advanced debug logging for F-Secure Client Security 13.x and F-Secure (Email and) Server Security 12.x clients? Resolution: Note: These instructions are applicable for Client Security 13.x and (Email and) Server Security 12.x clients. Newer products use a different tool to enable debug logging.  Follow the steps below to collect F-Secure debug logs. Download and run the F-Secure debug tool Click Update Debug Files Online Select the components you want to debug (e.g Firewall, Gatekeeper driver) Click Apply Changes Reproduce the issue that was reported and take note of the time Disable debugging by deselecting the components and click Apply Changes Click Collect Logs once the issue is reproduced Locate the FSDIAG on the desktop Send the newly generated FSDIAG log files for investigation and report when the issue was reproduced   Article no: 000002782
View full article
Issue: How to uninstall F-Secure Server Security 12 or 14 from a Windows Server using the Uninstallation Tool? Resolution: If you cannot uninstall F-Secure Server Security from the program and features, you can uninstall it using the F-Secure Uninstallation Tool. Which uninstallation tool you should use depends on the F-Secure Server Security version that is installed on the Windows server.  Note: If you have F-Secure Email and Server Security installed on the server, do not use the Uninstallation Tool since a removal can cause issues with the email flow.  Note: If you have F-Secure Policy Manager Server installed on the same server, running the UninstallationTool.exe will remove it.   F-Secure Server Security 12.x: Download this uninstallation tool: https://download.f-secure.com/support/tools/uitool/UninstallationTool.exe Open the Command Prompt Navigate to the folder where you have stored the tool Run the following command: UninstallationTool.exe -a --server F-Secure Server Security 14.x:  Download this uninstallation tool: https://download.sp.f-secure.com/uninstallationtool/FsUninstallationTool.exe Run the uninstallation tool Follow the on-screen instructions This tool can be ran silently using the command prompt and adding the parameter --silent Article no: 000015608
View full article
Issue: Windows Firewall status is red with error message: "Windows Defender firewall is not using the recommended settings to protect your computer" The Windows Firewall state is set to: ON Incoming connection is set to: Allow all connections to apps that are not on the list of blocked apps Resolution: If Windows Firewall is showing its status as red with message: "Windows Defender Firewall is not using the recommended settings to protect your computer", this is most likely due to the settings of the Unknown inbound and outbound connections from the F-Secure Client Security 14 firewall profile. In order to resolve the issue follow these steps: Open the Policy Manager console Select the host or domain from the Domain Tree Go to the Settings tab Browse to the Firewall menu Ensure the value under  "Profile being edited" is the correct profile Set the value of the Unknown inbound connections and Unknown outbound connections to Block Distribute the profile (ctrl +D) Once the host receives the new profile, the firewall should stop displaying the message and the status should turn to green.  Article no: 000018337
View full article
Issue: F-Secure Client Security 13.x or (Email and) Server Security 12.x installation using MSI Package failed due to "Setup Wizard ended prematurely" error. Resolution: The installation error "Setup Wizard ended prematurely because of an error" when running the F-Secure Client Security 13.x or (Email and) Server Security 12.x installation MSI file can be caused by the following: Ensure the subscription key used during the export of the MSI installation file is correct. Contact your local F-Secure reseller partner to obtain the license certificate with latest subscription key for F-Secure products Verify if there is any conflicting 3rd party software installed in the host If none of the above helped with the installation issue, proceed to contact F-Secure Customer Support here for assistance. Article no: 000001448
View full article
Issue: User get the following error message when trying to log in to Policy Manager Console: Cannot connect to server: authorization failed because the specified user credentials are invalid. Resolution: This error message appears because you are using either a wrong username or password when logging in.  The default username when logging in to Policy Manager Console is Admin. The password for the Admin account was set at installation, and if you do not know the correct password for the Admin account, you can reset it by following these steps: Stop F-Secure Policy Manager Server service  Open command line prompt as administrator Run the reset-admin-account.bat from this location: C:\Program Files (x86)\F-Secure\Management Server 5\bin\ Enter your new password Start F-Secure Policy Manager Server service Try to log in to Policy Manager Console To change the password for any other Policy Manager Console user account, use the following instructions: Log in to Policy Manager Console by using the Admin account (If needed, reset the password for the set Admin account by using the above instructions) To use the setting, in Policy Manager Console select Tools > Users To change the password, delete the existing user account Recreate the account. This option allows you to configure a new password for the set account Article no: 000009319
View full article
Issue: I have forgotten my login password to F-Secure Policy Manager Console, how do I reset the admin password? Resolution: If you have lost the password for the admin user, or if the account was accidentally deleted, you can reset the admin account for Policy Manager on Windows by following the steps below: Stop F-Secure Policy Manager Server service  Open command line prompt as administrator Run the reset-admin-account.bat from this location: C:\Program Files (x86)\F-Secure\Management Server 5\bin\ Enter your new password Start F-Secure Policy Manager Server service Try to log in to Policy Manager Console For Policy Manager on Linux, use the following script to reset the user account: /opt/f-secure/fspms/bin/fspms-reset-admin-account If you are still not able to login to Policy Manager Console, make sure the account used in the login windows is admin (and not administrator). Article no: 000002657
View full article
If you want to exclude files or folders from being scanned by Real-Time scanning, follow these steps:
View full article
Issue: What are the default ports used by Policy Manager Server and Policy Manager Proxy? This article lists the network ports that F-Secure Policy Manager Server and F-Secure Policy Manager Proxy uses. If you use any port filtering devices or software, verify that the required ports are available. Port filtering devices and software include firewalls, routers, proxy servers or IPsec.   Resolution: Default TCP-Ports: F-Secure Policy Manager:  8080 Default https-port used for Admin module used for communication with Policy Manager Console. 8081 Default https-port for F-Secure Policy Manager Web Reporting, the graphical reporting system included in Policy Manager Server. 443 Default https-port used for the host module used for communication with the hosts, excluding client database-updates. 80 Default http-port used for the host module used for communication with the hosts (legacy F-Secure clients). All F-Secure clients by default download database updates using this port. Default TCP-Ports: F-Secure Policy Manager Proxy: 443 Default https-port used for the host module used for communication with the hosts, excluding client database-updates. 80 Default http-port used for the host module used for communication with the hosts (legacy F-Secure clients). All F-Secure clients by default download database updates using this port. Note: F-Secure Web Reporting might not be enabled in your configuration. The Policy Manager Server admin module is not by default exposed to other network interfaces than localhost. Software Updater (SWUP) updates are downloaded on port 80.   Article no: 000018194
View full article
Issue: Can F-Secure Email and Server Security 12.12, which includes the Content Scanner Server module, be upgraded to F-Secure Server Security 14.x?   Resolution: F-Secure Email and Server Security and F-Secure Server Security are considered two different products, since Email And Server Security includes the Content Scanner Server module. This means that the upgrade feature in Policy Manager Console cannot be used to upgrade from Email and Server Security 12.12 to Server Security 14.x.   However, a policy-based installation via F-Secure Policy Manager Console can be used to install Server Security 14.x on the target host. The previous F-Secure Email and Server Security 12.12 installation will be sidegraded (uninstalled) by the F-Secure Server Security 14.x installation.  Follow these steps to install F-Secure Server Security 14.x on a host with F-Secure Email and Server Security 12.12: Log in to Policy Manager Console Select the target host or domain from the Domain Tree Go to the Installation tab Click on the Install button on the bottom of Installation tab  Choose the F-Secure Server Security 14.x installation package (import jar file if needed) and click OK Configure the installation package with the help of the installation wizard Distribute the policy  After the policy has been distributed to the host or domain, F-Secure Email and Server Security will be removed and Server Security will be installed.  Article no: 000018150
View full article
Issue: Does the server need to be rebooted after installing upgrade from (Email and) Server Security version 12.11 to 12.12? Resolution: When upgrading F-Secure Server Security 12.11 to 12.12, a reboot is not required for these upgrades to take effect. When creating the installer you will be given the choice between rebooting or not. For F-Secure Email and Server Security, if a restart is required cannot be reliably predicted. In general it does not require a reboot of the server. Therefore we recommend to perform the upgrade within a service window.   Article no: 000003204
View full article
Issue: How does the firewall automatic selection in Policy Manager work? How to set up the automatic selection profile? Resolution: To set the firewall automatic selection profile changes to work, create the auto select rule based on conditions such as gateway IP, DNS, etc. As an example, when the Windows Firewall profile is changed to different networks (public, private, domain), there is network change happening too. This can be used as the condition for firewall automatic selection rule to trigger. When a host is connected to Domain network, it will use default firewall profile "Office, file and printer sharing". When a host is connected to Public network and assign to DHCP IP address, it will switch to firewall profile "Server". When a host is connected to Private network that communicate to gateway IP (Example: 192.168.1.103), it will switch to firewall profile "My test firewall profile". Note: The firewall automatic selection is based on rules priority. The rule consists of two conditions: Method1/Argument1 and Method2/Argument2.  When both conditions are met, the profile specified in the rule is selected. The rules are evaluated whenever changes in the network interfaces are detected, and the rule with the highest priority is applied in case there are more than one matching rule.  If none of the rules match, the profile will remain unchanged. Therefore a fallback rule, with both methods set to Always, is usually put at the bottom of the rule set. Supported methods and arguments: Never: Never true (argument ignored) Always: Always true (argument ignored) DNS Server IP Address: IP address given as the argument matches with a DNS server DHCP Server IP Address: IP address given as the argument matches with a DHCP server Default Gateway IP Address: IP address given as the argument matches with the default gateway My Network: IP address given as the argument falls within the LAN subnet of the host Dialup: A dial-up connection is open (argument ignored) In IP address arguments, the asterisk (*) may be used as a wildcard, but only in place of whole pieces of the address. For instance 172.16.*.*, but not 172.16.*10.* or 172.16.*. Example: Method1 = Default Gateway IP Address Argument1 = 123.12.0.1 Note: The Argument value is irrelevant for Always, Never and Dialup methods. How to configure My Network rule in Policy Manager autoselect: https://community.f-secure.com/t5/Business-Suite/How-to-configure-MyNetwork-rule/ta-p/20670 Article no: 000013127
View full article
Issue: How do I run a manual scan using the command line on F-Secure Server Security 14.x or Client Security 14.x? Resolution: The command line option to execute a manual scan can be either used to run a scan on-demand. Additionally the command and the arguments can be used to fill the "Generic" scheduled scan task specific parameters. To run the task locally via command line: Press the Windows button Search for cmd.exe and press Enter Navigate to your F-Secure client's installation directory (for example: cd C:\Program Files (x86)\F-Secure\) For Client Security, navigate further to the Client Security directory. For Server Security, navigate to the Server Security directory. Type in fsscan.exe and add any of the below arguments/options, then press Enter The scan will be executed and further details will be returned in the command window Example 1 Retrieving information on available options: C:\Program Files (x86)\F-Secure\Client Security>fsscan -?   Usage: fsscan [options] Options: --sched, -s     Runs a scan optimized for scheduled scanning --target, -t <target> Scans the given <target> --report, -r <report> Writes an unformatted report to <report> file (only with -c) --delete, -d Deletes all harmful files found --collection, -c Runs a scan optimized for large collections of harmful files --noflyer, -f Skip showing scheduled scanning flyer -?, -h, --help Displays this help Example 2 Scanning a specific directory ( downloads directory of the user Foo) : C:\Program Files (x86)\F-Secure\Client Security>fsscan.exe -t C:\Users\Foo\Downloads\   Setting up a scheduled scan on a specific directory via Policy Manager Console: Log on to your F-Secure Policy Manager Console. Select the Policy domain   or Host   /   where you want to edit the policy on. In the Settings, select the Manual Scan item Go to the table under Scheduled scanning Add a new row Choose Task Type = Generic Edit the Task Type Specific Parameters, for example to scan the downloads directory of the user Foo: C:\Program Files (x86)\F-Secure\Server Security\fsscan.exe -t C:\Users\Foo\Downloads Exit the table Distribute the policy  Article no: 000011456
View full article
Issue: Why are the setting changes for "Email Alert Forwarding" reverted automatically after changing the configuration in the F-Secure Email and Server Security 12.x Web Console? Resolution: Most likely Email and Server Security 12.x  has been installed to be centrally managed by a F-Secure Policy Manager Server. By default local user changes are disallowed for email alert forwarding. You can allow local users to change email alert forwarding through the Policy Manager Console: Log in to the Policy Manager Console Select the host or domain from the Domain tree  Go to the Settings tab Select the Alert sending page Untick the checkbox under Alert forwarding  Distribute the policy Now the local user is allowed to change email alert forwarding settings through the Email and Server Security Web Console.  Article no: 000018060
View full article
Issue: Strip attachments for internal emails are being filter by F-Secure Email and Server Security, though the strip attachments option is turned off. Resolution: Th email direction is based on the Internal Domains and Internal SMTP senders settings and it is determined as follows: Email messages are considered internal if they come from internal SMTP sender hosts and mail recipients belong to one of the specified internal domains (internal recipients). Email messages are considered outgoing if they come from internal SMTP sender hosts and mail recipients do not belong to the specified internal domains (external recipients). Email messages that come from hosts that are not defined as internal SMTP sender hosts are considered incoming.  Email messages submitted via MAPI or Pickup Folder are treated as if they are sent from the internal SMTP sender host. Note: If email messages come from internal SMTP sender hosts and contain both internal and external recipients, messages are split and processed as internal and outgoing respectively. Internal Domains Specify internal domains. Messages coming to internal domains are considered to be inbound mail unless they come from internal SMTP sender hosts. Internal Domains Separate each domain name with a space. You can use an asterisk (*) as a wildcard. For example, *example.com internal.example.net Internal SMTP Senders Specify the IP addresses of hosts that belong to your organization. Specify all hosts within the organization that Internal SMTP Senders send messages to Exchange Edge or Hub servers via SMTP as Internal SMTP Senders. Separate each IP address with a space. An IP address range can be defined as: • a network/netmask pair (for example, 10.1.0.0/255.255.0.0), Note: There is also virus scanning, where mb infections are blocked • a network/nnn CIDR specification (for example, 10.1.0.0/16), or • IPv6 address (for example, 1::, 2001::765d 2001::0-5, 2001:db8:abcd:0012::0/64, 2001:db8:abcd:abcd::/52, ::1). You can use an asterisk (*)to match any number or dash (-) to define a range of numbers. For example, 172.16.4.4 172.16.*.1 172.16.4.0-16 172.16.250-255.* Note: If end-users in the organization use other than Microsoft Outlook email client to send and receive email, it is recommended to specify all end-user workstations as Internal SMTP Senders. Note: If the organization has Exchange Edge and Hub servers,the server with the Hub role installed should be added to the Internal SMTP Sender on the server where the Edge role is installed. Important: Do not specify the server where the Edge role is installed as Internal SMTP Sender. You can make these changes on the Web GUI. To do so, open F-Secure Email and Server Security Web Console and navigate  to settings. Open the Administration from menu and navigate to Network Expend the Network section and enter the list of the Internal domains as explained above Enter the Internal SMTP senders as explained above Note: Network internal domains and internal smtp senders - determine email direction (inbound, outbound, internal) and then apply corresponding filters Article no: 000018032
View full article
Issue: Why is F-Secure Email and Server Security dropping password protected attachments? Resolution: If password protected attachments are being dropped from emails, you should review actions that are taken when emails include archived files. You can review and change the settings by following these steps: Log in to the Email and Server Security Web Console Select Email traffic scanning from the menu  Select Incoming mail On this page you will find the following settings for archived files: Action on archives with disallowed files Action on max nested archives Action on password protected archives Make sure that password protected archives are allowed to pass through if you do not want them to be dropped. The archived attachments can also be dropped if you have active match lists that are triggered for your email route as you have configured. If inbound archived attachments are dropped, they are most likely triggering the 'Disallowed Inbound Files' match list. You can from the above mentioned Incoming mail settings page check the setting for list of files to scan inside archives. This setting shows which match list it currently uses. The match list can be found in F-Secure Email and Server Security Web GUI: Go to the Settings page  Select List and templates When a match list is active for incoming email traffic, when a user sends an attachment file that is included in this list, the rule will be triggered and the file is dropped. If a file is being dropped, you can verify it from the logfile.log. Here are two example entries from the logfile log: Example 1: conditionReason: Attachment 'password_protected_example.docx' matches 'Disallowed Files Internal' stripping condition; Real type: application/msword; description: Microsoft Compound Document;Microsoft Word Document; password protected; extensions: DOC DOT  Example2: Attachment '2019-04-18_examplefile.pptx' matches  'Disallowed Inbound Files' stripping condition; Real type: application/msword; description: Microsoft Compound Document;Microsoft Word Document; password protected; extensions: DOC DOT  Action: Message stopped   To allow the files in the examples, you would need to remove the *.doc extension from the disallowed files match list. Article no: 000011451
View full article