Business Suite

Sort by:
Issue: How many virtual Windows workstations could be managed by one F-Secure Scanning and Reputation Server? What is the maximum amount of connections per F-Secure Scanning and Reputation Server (SRS)?  Resolution: A maximum of 130 virtual Windows workstations should be managed by one F-Secure Scanning and Reputation Server. Two instances of F-Secure Scanning and Reputation Server should be configured as primary in the F-Secure Client Security policy. Article no: 000004854
View full article
Issue: Clients are not able to get updates from the Policy Manager server Virus definitions shows later than the Policy Manager is Serving Update server is shown as wait.pmp-selector.local Policy Manager shows that Client Security is still in the old version even though on the client it is the newer version Resolution: The update server is shown as wait.pmp-selector.local until the client has successfully connected to the Policy Manager Server for the first time after the upgrade or installation. This is an indication that there is a connectivity issue between the clients and the Policy Manager server. First, check that you have set the correct Policy Manager Server address when exporting the installation file. You can check if the address is correct and if the HTTP connection works by opening a web browser on a client and then entering the Policy Manager Server address and the HTTP port in the address field.  Example: 10.132.2.19:80  Client Security 13 and earlier versions supported fallback to using HTTP connection if HTTPS did not work. Please check that both the HTTP and HTTPS ports are open in the firewall on the Policy Manager Server. By default Policy Manager listens to HTTP port 80 and HTTPS port 443, but these can be changed during installation.  Check that you have entered the correct Policy Manager Server address, HTTP port and HTTPS port when creating the installation file. If you have used the wrong address or ports when creating the installation file, you will need to reinstall the product with a new installation file with the correct settings.    If you are using Policy Manager Proxy in your environment, try these steps: Make sure that Policy Manager proxy servers are updated to 14 versions For Client Security 14 clients HTTPS connection support is required and for versions 13 and earlier it was not "Allow fallback" is not mandatory if everything is configured properly If you are not sure if it is configured properly, allow the option Fall back to Policy Manager Proxy which can be found under Automatic Update Agent in Policy Manager Console. If you cannot find an issue with your configuration, open a support request and submit an FSDiag diagnostic file from the Policy Manager Server and one of the affected client for further analysis and troubleshooting. Article no: 000009396
View full article
Issue: User get the following error message when trying to log in to Policy Manager Console: Cannot connect to server: authorization failed because the specified user credentials are invalid. Resolution: This error message appears because you are using either a wrong username or password when logging in.  The default username when logging in to Policy Manager Console is Admin. The password for the Admin account was set at installation, and if you do not know the correct password for the Admin account, you can reset it by following these steps: Shut down the F-Secure services  Open command line prompt as administrator Run the reset-admin-account.bat from this location: C:\Program Files (x86)\F-Secure\Management Server 5\bin\ Enter your new password Start the F-Secure services Try to log in to Policy Manager Console. To change the password for any other Policy Manager Console user account, use the following instructions: Log in by using the Admin account (If needed, reset the password for the set Admin account by using the above instructions) To use the setting, in Policy Manager Console select Tools > Users To change the password, delete the existing user account Recreate the account. This option allows you to configure a new password for the set account. Article no: 000009319
View full article
Issue: I am unable to have connectivity for my computer running a Business Suite product. We are using WPAD (Web Proxy Auto-Discovery protocol) to deploy http proxy server settings. Does Business Suite support WPAD for http proxy setting deployment? Resolution: WPAD is not officially tested nor supported by the Business Suite products, including Policy Manager. Article no: 000010593
View full article
Issue: When a Citrix application is published for end users, traces of the server's F-Secure Server Security session also follows. Visible effects are: when the user logs off the Citrix session, the F-Secure process fshoster32.exe remains running an F-Secure system tray icon becomes visible on the end-user's desktop performance degradation due to many fshoster32.exe processes running.  When the user's fshoster32.exe process is ended manually on the Citrix side, the icon disappears and the user's session closes. Resolution: For more information about this situation and a suggested registry change that can be used to end processes together with the main executable, read the following Citrix knowledge base article: Graceful Logoff from a Published Application Renders the Session in Active State. The following registry key has been confirmed by customers: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\TWI Value Name:LogoffCheckSysModules Type:REG_SZ String:fshoster32.exe Make sure to familiarize yourself with the information from Citrix before making any changes to your environment. Also, confirm with a small scale test before pushing changes to production. Article no: 000015484
View full article
Issue: The Policy Manager registration does not work and it returns a "Customer number is invalid" error. How to fix this? Resolution: Check the following items: Make sure that the customer number entered during registration is a correct one (the number is visible in the license certificate). Make sure that the license is still valid (the information is visible in the license certificate). Article no: 000015351
View full article
Issue: Windows Management Instrumentation (WMI) Integration with F-Secure Policy Manager for Windows Resolution: F-Secure Policy Manager supports Windows Management Instrumentation (WMI) Integration. Policy Manager 13.xx Refer to the F-Secure Policy Manager admin guide Chapter 18, page 113 for more information. Policy Manager 14.xx Refer to the F-Secure Policy Manager admin guide Chapter 10, page 97 for more information. Instructions on how to obtain properties via WMI: For PSB, check the following link: https://help.f-secure.com/product.html#business/psb-portal/latest/en/task_D863946C3247471F948CD82785CC1A3A-psb-portal-latest-en For Business Suite, check the following link: https://help.f-secure.com/product.html#business/policy-manager/14.20/en/concept_E55FFF0187A54B79B30637C7983BDCC8-14.20-en Article no: 000002821
View full article
Issue: Our current license certificate does not contain the most recent subscription info and/or license keys. How can I get an updated license certificate?  Resolution: To get a new license certificate, proceed to contact your local reseller or F-Secure sales contact. If you are uncertain of who this contact is, kindly create a support ticket here. Article no: 000001527
View full article
Issue: How can I manually isolate hosts from the network with Policy Manager? Resolution: You can isolate one or more hosts from the network. Note: Use network isolation with caution and only in case of a network attack. To isolate a host from the network: Select the target host in the policy domain tree Go to the Operations tab Click Isolate under Network isolation. This isolates the selected host from the network To reconnect an isolated host to the network, click Release on the Operations tab. Isolated hosts are shown on the Host issues section of the dashboard. This feature is only available in Policy Manager 14.10 and newer. Article no: 000015929
View full article
Issue: How to migrate the F-Secure Policy Manager Server to the new Windows Server? Resolution: If you want to keep the DNS name, just move h2db to the new host, stop the old host and start the new one.   If you change the DNS name of the server, you must follow the instructions below:  Please read the following instructions completely before you start working on the server. Create a backup of the PMS: 1. Stop the Policy Manager Server service. 2. Back up the directory <F-Secure Installation Folder> \ Management Server 5 \ data \ h2db>. 3. Restart the Policy Manager Server service. Now perform the installation on the new server. The current installation file can be found on our website: https://www.f-secure.com/en/web/business_global/downloads/policy-manager Note: To avoid the communication issues, use exactly the same ports by the installation like for the old F-Secure  Policy Manager Server . To restore secured Policy Manager data: 1. Stop the Policy Manager Server service. 2. Copy the backup to the <F-Secure Installation Folder> \ Management Server 5 \ data \ h2db> directory to the correct location. 3. Restart the Policy Manager Server service.   After the installation is complete, the new F-Secure Policy Manager Server has the complete domain structure, including the settings. After logging into the old server using the Policy Manager Console, enter the address of the new Policy Manager Server <F-Secure Management Agent / Data Communication / Protocols / HTTP / Management Server Address>   and distribute the policies for all your policy domain. Now all clients will connect the new server. Once all clients are connected without errors with the new Policy Manager Server, you can turn off the old one. The procedure is also discussed in the following community article: https://community.f-secure.com/t5/Business/i-need-to-move-policy-manager-to/m-p/13961 Article no: 000002290
View full article
Issue: Carbonblack sensor and Server Security causing BSOD during reboot Resolution: When both products, Server Security and CarbonBlack sensor, are installed on the same server, BSOD occurs on every reboot. The problem is related to Windows Firewall. Existence of our drivers/services increases the chance of an MS bug to appear. Possibly our services issue some specific network requests, which cause memory corruption in the Windows firewall engine (memory corruption goes very deep into MS code of the firewall). This is an essential bug in the MS engine (possibly even a security vulnerability if such memory corruption could be made on request). This has been already reported to Microsoft.  The workaround/solution is to stop MS firewall before reboot or try to relax/change firewall rules on the server. More information about Carbon Black: https://www.carbonblack.com/ Article no: 000016167
View full article
Issue: The DeepGuard status of a F-Secure Client Security 14.0x client in Policy Manager in the Overall Protection section, the status is shown as "Unknown".   Resolution: This is a known issue and an upgrade to F-Secure Client Security version 14.10 or newer fixes the issue. The older Client Security 14 do not have the upload of DeepGuard module version to Policy Manager enabled.   Article no: 000012983
View full article
Issue: Policy Manager Console runs slow and unable to connect to Policy Manager. Resolution: Make sure your Policy Manager and Policy Manager Console are the same version. Otherwise connection will not work. If both are the same version it could be due to having very high number of alerts, or very high volume of scanning reports being kept in Policy Manager Server. This would slow down the console.  You may remove some of the alerts, or scanning reports to improve the performance. If the above mentioned does not help, proceed to do the following: Stop F-Secure Policy Manager Server service. Backup the H2DB (...\F-Secure\Management Server 5\data\h2db). DO NOT proceed further without having a working H2DB backup in place. Run the database maintenance tool (...\F-Secure\Management Server 5\bin\fspms-db-maintenance-tool.exe) and follow the on-screen instructions to optimize the database. Start F-Secure Policy Manager Server service. Log on to Policy Manager Console. In case issue remain, you can execute the H2DB recovery tool (...\F-Secure\Management Server 5\bin\fspms-db-recover.bat) in the command prompt window, to repair the H2DB. Note: Do stop F-Secure Policy Manager Server service before running the tool. If necessary, you can refer to the read me file (..\F-Secure\Management Server 5\bin\README-recover-db.txt) on how to execute the H2DB recovery tool. Once you have finish repairing the H2DB using the tool, you can proceed to take the repaired H2DB into used, and start back F-Secure Policy Manager Server service. Try to logon to Policy Manager Console again after this. Article no: 000010142
View full article
Issue: When launching Citrix sessions/applications, the F-Secure system tray icon will also appear on the end-users machine, and will remain on the machine after closing the Citrix application. The F-Secure process for the user needs to be closed separately from the Citrix side to fully terminate the session. Resolution: The icon appears due to Citrix Seamless Configuration Settings. More information is available from the following link from Citrix: https://support.citrix.com/article/CTX101644&searchID=26517783 One option to test is to disable the Citrix tray icon agent, which can be done by adding the following registry key to every VDA machine: HKEY_LOCAL_MACHINE/System/CurrentControlSet/Control/Citrix/wfshell/TWI  SeamlessFlags:REG_DWORD = 0x20 It is strongly recommended to familiarize yourself with the information from Citrix before testing the solution, and to do a small-scale test before deploying any changes to production. Article no: 000014850
View full article
Issue: DNS resolution for certain sites are blocked with the product installed. How to avoid this from happening? Resolution: Most likely the DNS resolution is blocked by the Botnet Blocker feature. The site is rated as unsafe and hence blocked by the feature. You need to do the following: 1. Share the URL with the Labs team, for further investigation. The Labs team will whitelist the URL if the site is not malicious: https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-url 2. Whitelist the blocked site or the IP address of the blocked site via the Advanced View in the PM Console at: ======================================================================== * F-Secure Browsing Protection > Settings > Reputation Based Protection > Trusted Hosts * F-Secure Browsing Protection > Settings > Reputation Based Protection > Trusted Sites ======================================================================== Article no: 000003887
View full article
Issue: In Client Security 14, how do you activate the Offload Scanning functionality for virtual environments? Resolution: Starting from F-Secure Client Security version 14 onwards, the Offload Scanning Agent (OSA) is activated through the policy.  This policy setting may or may not be included in the installation package. Changing the setting In order to activate or deactivate the functionality, you can change it under the following setting using the Policy Manager Console: Standard view > Real-time scanning > Virtualization support Set the checkbox accordingly for the setting named Offload file scanning Article no: 000008176
View full article
Issue: After the file SHA-1 hash and file path is excluded in F-Secure Client Security 13.x/14.x, Deepguard continues to block the application. Resolution: If you are using F-Secure Policy Manager version 14, in Real-time scanning the option "Do not scan the following files and applications" is only applicable for F-Secure Client Security 14 and newer. In order to exclude an application path from Deepguard for F-Secure Client Security 13.x, do the following: Log in to Policy Manager Console. Click on the Settings tab. Click Advanced View. Click F-Secure DeepGuard. Click Settings. Click Excluded applications. Enter the full path of the application. Distribute the policies. Note: If you are using F-Secure Client Security 13.10, kindly upgrade to 13.11 since the latest version has improvements for Deepguard. Wildcard exclusions are only applicable for Real-time scanning. For Deepguard exclusion, kindly use file or folder path. F-Secure Security Cloud (ORSP) has a higher priority compared to SHA-1 exclusions. Only file or folder path exclusion has higher priority over ORSP. If the exclusions were done for F-Secure Client Security 14.10 and the application is still being blocked, kindly contact F-Secure Customer Care here for assistance. Article no: 000009628
View full article
Issue: The Allow button to Restore files from quarantine is grayed out in Client Security 14.10 . How can I allow this from Policy Manager? Resolution: You can allow a local user to restore files sent to quarantine by following these steps: Log in to Policy Manager console. Select a host or domain from the Domain Tree. Go to the Settings tab. Go to the Real-time scanning page. Uncheck Prevent users from adding scanning exclusion. 6. Distribute the new policy to the hosts. Note: By default the "delete" option in Client User Interface is allowed, as the option "delete" does not contain any risk. Article no: 000012976
View full article
Issue: F-Secure scheduled scan causes high CPU usage. How can I reduce this? Resolution: Follow the steps below to change the priority of the scan from "Normal" to "Background" to improve the host performance during scheduled scanning: Open F-Secure Policy Manager console. Click on the Settings tab. Select Advanced view. Click F-Secure Anti-Virus. Click Settings. Click Settings for Manual Scanning. Click Scanning Options. Change the Priority value to Background. Article no: 000001585
View full article
Issue: How to migrate from Client Security to Computer Protection using Policy Manager? Resolution: Kindly follow the steps explained here on migrating from Client Security to Computer Protection using Policy Manager Console. NOTE: The bs2cp_psb*.jar file that needs to be downloaded is dependable on which F-Secure PSB portal you have your F-Secure PSB Computer Protection subscription in and not the region where you are located. EMEA: https://emea.psb.f-secure.com/ AMER: https://amer.psb.f-secure.com/ APAC: https://apac.psb.f-secure.com/ EMEA2: https://emea2.psb.f-secure.com/ EMEA3: https://emea3.psb.f-secure.com/ Your login credentials will only be applicable to one of these portals, therefore, the bs2cp_psb*.jar file is dependent on this. Article no: 000007334
View full article
Issue: When I try to create Offline MSI installer via the FSMSI tool I get the error "FsMsiTool is not recognized as an internal or external command."  Resolution: You have to execute the FSMSI tool command from the directory where the tool is copied to or else you will get the error.  Article no: 000014777
View full article
Issue: New updates for some software such as Citrix Receiver appear on the Software Updates list in Policy Manager console Software Updater. Whenever I try to download and install them, I receive the following status message: The update package must be downloaded manually. What does it mean and how can I install the newest updates? Resolution: The message means that the updates must be downloaded directly from the Citrix Receiver official website. After downloading the updates, install them manually as it is not possible to do it via the Policy Manager console or by using Software Updater.  The reason why it is not possible is that more and more sites require authentication (e.g. "I'm not a robot" captcha).  In those cases where Software Updater cannot download the updates, it advises that an update is available and can be installed manually to ensure security. Article no: 000014817
View full article
Issue: I am trying to activate Client Security 14.xx with the License key we used for 13.xx but it is not recognized. Resolution: Please check that you are using a valid license key. License keys differ between versions. Contact your reseller to obtain your updated license keys and certificates Article no: 000012137
View full article
Issue: The F-Secure Client Security products started sending security alerts to F-Secure Policy Manager for every single blocked URL. This started when F-Secure Online Safety 2019-09-02_02 update was released. The security alerts have following details: Unknown alert: online_safety.page.block. Resolution: The fix was released in the F-Secure Online Safety 2019-09-10_01 update package. The update is installed automatically and does not require user or administrator actions.   Article no: 000015569
View full article
Issue: The administrator receives the following alert from a server running Server Security and Microsoft SQL Server: "F-Secure Management Agent failed in an internal operation. Setting the policy variable 1.3.6.1.4.1.2213.59.2.20.20 (error=-510)" was not successful." The server in question was hosting multiple instances for SQL Server 2016. Resolution: Due to a limitation in the current software, the internal table for storing "missing updates" cannot accept multiple identical rows and Software Updater was detecting a missing update on both instances for MS SQL Server. Consequently, adding the second missing patch to "missing updates" table failed with error -510: "Set result: your table contains multiple identical rows". A fix for this issue will be released later 2019 in Client Security version 14.20. Server Security will also inherit the fix, once F.Secure releases a new version. Article no: 000016213
View full article
Issue: F-Secure Server Security Premium 12.11 and 12.12 display incorrect versions in Policy Manger after being upgraded from F-Secure Server Security Standard Policy Manager is reporting two different versions of Server Security installations on Installed products summary Resolution: This issue is a known bug. Contact F-Secure Support here so we can provide you with the hotfix to resolve this issue. Article no: 000003462
View full article
Issue: Logging in to the Policy Manager Console returns an error message: "F-Secure Policy Manager Console cannot start: internal error. See Administrator.error.log for more information." The Administrator.error.log contains several SQL-related entries with "error code [1206]:The total number of locks exceeds the lock table size" Resolution: These SQL-errors are in most cases related to the value innodb_buffer_pool_size, and increasing this value usually fixes the issues. The value is verified by looking it up in the my.ini file on the MySQL-server, where it can also be increased as needed.  Due to the large possible variations in user environments we are not able to give a direct number that this value should be set to. You can look for additional guidance from the MySQL Reference Manual and try an incremental approach, making several smaller changes and monitoring the results. After modifying the value in the my.ini file, restart the MySQL-server and the Policy Manager Server to make sure everything is running with the latest configuration. Note: Observe that getting or setting the value through Command line does not show or modify the correct value for every version of MySQL. To guarantee that the value is set correctly all changes need to happen via interaction with the my.ini file. Article no: 000016309
View full article
Issue: The F-Secure Client Security reports that a suspiciously small datagram fragment has been blocked How to get rid of the warning if it is a false positive?  Resolution: This type of alerts might be related to a DDoS attack. If they appear on a network, they might also be a sign of a broken or wrongly configured router or device in the network, for example a printer.  Proceed to investigate the issue on a network level before applying the modification below. In practice packet with a size below 128 bytes are normally considered inefficient (ratio data/data+headers). To get rid of the alert, you can change what the F-Secure firewall considers as the minimum size for a fragment.  In Policy Manager, this setting has to be changed by using the Advanced view. Follow these steps:   Log into Policy Manager Console. Select the host or domain from the Domain tree. Go to the Settings tab and select the Advanced view. Navigate to F-Secure Internet Shield > Settings > Firewall Engine > Minimum fragment size. Set the Minimum Fragment Size to 0. Distribute the policy to the hosts. Article no: 000001900
View full article
Issue: Multiple issues observed: SPAM emails are coming through  Emails that are wrongly quarantined, cannot be released The usual SPAM emails in Quarantine are missing Cannot quarantine messages Resolution: You can use different approaches to troubleshot the problem. Here are few approaches how to make sure your SPAM engine is working properly: Make sure that Scanning 'message' by F-Secure Spam Scanner was successful. The anti-spam engine is a cloud-based solution, so it will simply not work if it doesn't have a working connection to the detection center https://aspam.sp.f-secure.com/. If you require a proxy to connect to this site with your browser, then the anti-spam engine needs to be configured to use the same proxy. Make sure that the Hydra and Gemini Engines are up-to-date.   Open the Web GUI  and navigate to Settings and Engines: Under the Server Statistics, you should see that F-Secure Hydra and F-Secure Gemini are up to date and the icon is green. 3. If the Icon of the two modules is Orange, contact F-Secure support to retrieve a file (fsavsd). Mention this article as reference. Once you have the file, do as follows: Stop F-Secure Content Scanner Server Daemon in services.msc. Go to C:\Program Files (x86)\F-Secure\Content Scanner Server. Rename fsavsd.exe to fsavsd.exe.OLD. Copy the new fsavsd file obtained from F-Secure support into the folder. Start F-Secure Content Scanner Server Daemon in services.msc. 4. If the SPAM filter is still not working properly, check the following rights: The service "Microsoft Exchange Transport" runs under "NETWORK SERVICE". Therefore "NETWORK SERVICE" should have read/execution rights on FQM.EXE and FqmAssembly.dll. These rights should be defined during installation and transferred from the "...Program Files (x86)\F-Secure" folder. This can be viewed on the 'Advanced Security' page of the 'F-Secure' folder. If none of the steps above helped, open a support ticket with F-Secure support for further assistance with this issue. To speed up the process, mention the following items when creating the support ticket: If Hydra and Gemini are being disabled, please inform. If quarantine is inaccessible, please inform.     Article no: 000011216
View full article
Issue: How to backup and restore Policy Manager Server database ? Resolution: Read the following instructions completely before you start working on the server. If you want to keep the DNS name, just move h2db to the new host, stop the old host and start the new one. If you change the DNS name of the server, you must follow the instructions below. Create a backup of the Policy Manager Server: 1. Stop the Policy Manager Server service. 2. Back up the directory <F-Secure Installation Folder> \ Management Server 5 \ data \ h2db>.  Note: Please copy the DB on some different location as the one PM is installed. 3. Restart the Policy Manager Server service. Now perform the installation on the new server. The current installation file can be found here Note: To avoid the communication issues, use exactly the same ports by the installation like for the old F-Secure  Policy Manager Server . To restore secured Policy Manager data: 1. Stop the Policy Manager Server service. 2. Copy the backup to the <F-Secure Installation Folder> \ Management Server 5 \ data \ h2db> directory to the correct location. 3. Restart the Policy Manager Server service.   After the installation is complete, the new F-Secure Policy Manager Server has the complete domain structure, including the settings. After logging into the old server using the Policy Manager Console, enter the address of the new Policy Manager Server <F-Secure Management Agent / Data Communication / Protocols / HTTP / Management Server Address>   and distribute the policies for all your policy domain. Note that the policy setting needs to be locked down to ensure that it's not getting overwritten by locally defined settings. Now all clients will connect the new server. Once all clients are connected without errors with the new Policy Manager Server, you can turn off the old one. You may also find additional instructions in our community:   Article no: 000001258
View full article
Issue: How to create a custom firewall rule (service)? Resolution: To create a custom firewall rule over the Policy Manager Console: For Client Security 14 Open the Policy Manager Console and go to the Settings-tab Go to Firewall, using Standard view (changeable in the upper right corner) Make sure the 14.X clients-tab is selected Select the profile you want to edit from the Profile being edited-dropdown menu (if the list only contains the default profiles, clone the one you want to use as a base as the defaults can't be modified) Click Add rule on the right of the firewall rules list and create the rule as needed (see step 6 if the service required is missing) If the service you want to add is missing, click on Configure network services below the firewall rule list. Click Add and follow the steps to add a new firewall service Check the Enabled-checkbox to the left of the rule name to make sure that it is in use Distribute the new policy by clicking the symbol in the upper left corner of the interface, or by pressing Ctrl+D For Client Security 13 Open the Policy Manager Console and go to the Settings-tab  Go to the Advanced view Select F-Secure Internet Shield  Go to Settings and select Services Press Add and create a custom rule Go to Rules and select the firewall Security Level you want to work with Press Add before/Add after and select the rule you have created Distribute the new policy by clicking the symbol in the upper left corner of the interface, or by pressing Ctrl+D Note: Make sure, that the correct Security Level is assigned to the workstations: <F-Secure Internet Shield>Security Level> Active Security Level>. To create a custom firewall rule locally on the workstation: In Client Security 14 In versions 14.00 and later, rules are added through the Windows firewall settings. You can reach them through the Client Security user interface: Open F-Secure Client Security Click on Tools Click on Firewall settings Click on the Change Windows Firewall settings...-link to be brought to the Windows firewall settings In Client Security 13 Open F-Secure Client Security Go to Settings and select Internet Connection Go to Firewall and select Services Press Add and create a custom rule Go back to Firewall and select Rules Select the firewall Security Level you want to work with Press Add and select the rule you have created Press OK Additional information can be found here: https://community.f-secure.com/t5/Business-Suite/How-do-I-create-a-custom/ta-p/116212 https://community.f-secure.com/t5/Business-Suite/How-do-I-create-a-custom/ta-p/116213 Article no: 000002698
View full article
Issue: How do I run a manual scan using the command line on Server Security or Client Security 14 (and later)? Resolution: The command to use is fssscan and the available options are visible below.  Command line Command line summary is shown when the program is executed without parameters. For server security the directory is C:\Program Files (x86)\F-Secure\Server Security C:\Program Files (x86)\F-Secure\Client Security>fsscan Nothing to do. Usage: fsscan [options] Options:   --sched, -s            Runs a scan optimized for scheduled scanning.   --target, -t <target>  Scans the given <target>.   --report, -r <report>  Writes an unformatted report to <report> file (only                          used with -c).   --delete, -d           Deletes all harmful files found.   --collection, -c       Runs a scan optimized for large collections of harmful                          files.   --noflyer, -f          Skip showing scheduled scanning flyer.   -?, -h, --help         Displays this help. Exit codes fsscan.exe returns one of the following exit codes: Exit code Meaning 0 Scan successful, no harmful items found. 1 Wrong command line parameters, scan not executed. 2 Scan failed; see log files for errors. 3 Scan successful, harmful items were found. 4 Scan was aborted because Gaming Mode was enabled (used with scheduled scans only). 5 Scan was aborted by user (used with other than scheduled scans). Article no: 000011456
View full article
Issue: After upgrading or installing F-Secure Client Security 14.x, you encounter issues with communication. Symptoms include: the host is unable to connect to F-Secure Policy Manager Server the host is not visible on the "Import host" list in F-Secure Policy Manager Console. However, the hosts might be able to download updates. Resolution: Note: Make sure that the F-Secure Policy Manager Server address is correct and that the host communication ports (default: TCP 80 and 443) are listening. Test the connectivity between the clients and Policy Manager: Try to connect to the F-Secure Policy Manager Server's address via a web browser from one of the hosts (http://pms-server.local:80 and https://pm-server.local:443). If the connection is set up correctly, you will receive a web page from the F-Secure Policy Manager Server indicating so. If there is no page loaded, check that the host communication ports to the Policy Manager Server are allowed in your firewall. Make sure that you have configured the F-Secure Policy Manager Server IP address and/or hostname correctly and that the ports configured for host modules are correct.  On the host running F-Secure Client Security, the following log contains details on the connection status with the F-Secure Policy Manager Server. You can use it to troubleshoot connection issues: C:\ProgramData\F-Secure\Log\BusinessSuite\PmpSelectorPlugin.log Below is an example of a failed connection:   2019-03-04 14:11:50.150 [10d8.1588] I: Connecting to wait.pmp-selector.local 2019-03-04 14:11:50.150 [10d8.1588] I: Update check failed, error=210 (unable to resolve host) 2019-03-04 14:11:50.150 [10d8.1588] I: Connection failed 2019-03-04 14:12:50.871 [10d8.15a0] .W: ServerFinder::Ping: Ping to {host: 10.10.10.10, http: 82, https: 443} aborted. There are no valid certificates 2019-03-04 14:12:50.871 [10d8.15a0] I: UpdatablePmCertVerifier::RenewCertificates: Renewing certificates from 10.10.10.10 2019-03-04 14:13:11.908 [10d8.15a0] *E: UpdatablePmCertVerifier::RenewCertificates: Failed to download certificate bodies. AsyncSendRequest failed: 12002 2019-03-04 14:13:11.908 [10d8.15a0] .W: CosmosUpdater::Run: No servers responded. Policy Manager unavailable. Error 12002 means ERROR_WINHTTP_TIMEOUT > Client Security cannot connect to Policy Manager to fetch this list. A complete list of Microsoft Windows HTTP Services errors is available here.  Below is an example of a working connection: 2019-09-05 09:00:19.789 [0fd0.136c] I: UpdatablePmCertVerifier::RenewCertificates: Renewing certificates from 10 .11 .10.10 2019-09-05 09:00:19.839 [0fd0.136c] I: UpdatablePmCertVerifier::RenewCertificates: 2 certificate(s) renewed successfully; expire in 86170 seconds Article no: 000010321
View full article
Issue: Where can I find the F-Secure Policy Manager Server's management public key (admin.pub) used by clients to verify the validity of distributed policies? Resolution: You can export the public key (admin.pub) from the Policy Manager Console. To do so, follow the steps below: Method A - Export the key with the F-Secure Policy Manager Console Log on to your F-Secure Policy Manager Console. From the top menu panel, select Tools > Server Configuration.... Select the Keys tab. Under "Export signing keys", select the button Export.... Method B - Downloading the key from the F-Secure Policy Manager Server From any of the managed hosts: Open a web browser. In the address bar type in the address of the F-Secure Policy Manager Server that this host is connected to, for example: https://fspms-local.example:443 If the connection to your F-Secure Policy Manager Server is successful, a web page indicating that the Policy Manager Server is operating correctly is shown. Find the paragraph about the "F-Secure Policy Manager Server's public key". Download the key from the highlighted download button/hyperlink (here) in that paragraph. Article no: 000003331
View full article
Issue: Currently we are using F-Secure Client Security 13.xx and F-Secure Policy Manager 13.xx and before we upgrade to Version 14.00 we would like to know what happens to the current F-Secure Firewall configurations? We upgraded from Client Security 13.11 to 14.10 and Windows firewall profile changes, when F-Secure Firewall is enabled/disabled After upgrading to 14.02 and 14.02 Clients are having different issues, like: Internet is breaking, Internet Explorer and other application that run in Production are freezing F-Secure firewall is deactivated from Policy Manager, but there are still rules  Windows firewall under outbound rules Resolution: F-Secure firewall is replaced with the Windows firewall engine. It is automatically turned on after installing Client Security 14.00, unless explicitly disabled in the policies. You may find more information about the new firewall engine here:https://help.f-secure.com/product.html#business/releasenotes-business/latest/en/fscs_14_02-latest-en Support for the new firewall engine Centralized configuration experience remains unchanged as much as possible. The main difference in the configuration logic is the introduction of profiles, which compared to Security levels do not use a policy inheritance model, but use a copy-on-modify approach instead. In addition to a set of firewall rules, the profiles contain a number of related settings. Network services list is now treated as a global dictionary, which is the same for all Policy Manager administrators. Internet Shield's Application control feature is no longer supported in Client Security 14.00 and is superseded by a new version of Application control. To better reflect the nature of the old Application Control, it is renamed to Network Access Control. Why F-Secure dropped its own Firewall? The main reason is the unification of clients based on "Oneclient" that doesn't have F-Secure firewall. Do we have to configure rules and services for Version 14.00? Yes Does this mean, we have to redo all our rules when we Upgrade to 14.00? Yes Does the automatic switching of the firewall profiles (Office/ Mobile) continue to work according to certain criteria? Yes Does the quarantine function work with the 14.00 version? Yes If the virus signature is outdated, the device will be quarantined and only the connection to the update server will still work and update after successful signatures, the firewall will be activated according to the profile? Yes, if quarantine is activated I still see F-Secure Services in "Allowed Applications and features" in Windows Firewall, though I have disabled F-Secure firewall. It remains there,  because our plugin has been loaded once and it will be removed on uninstallation. It won't work in any case as you have deactivated the firewall. How do I disable F-Secure firewall? Note: In the next release, we will get back the previous behavior, where you can uncheck Firewall component during msi deployment from Policy Manager. In the current Client Security Version 14.xx, you can export msi with custom policy that has a disabled firewall. Windows Firewall won't be affected by F-Secure firewall plugin, it will stay at the same state as it was before our installation. F-Secure plugin allows managing of Windows firewall from Policy Manager. We add our default rules for our own services and administrator can add their custom rules from Policy Manager. If administrator does not want to use our firewall, then you can either disable it by regular means described in the above line or : a. Use GPO to enable Windows firewall + disable our firewall from Policy Mnaager b. Rename fs_manageable_win_firewall_32.dll in CS installation directory and restart the client. This way our plugin will be broken and won't be able to start. Article no: 000008510
View full article
Issue: How to block specific extensions using “Disallowed Inbound Files“ for incoming, outgoing and Internal with F-Secure Email and server security. I want to block only these extensions " *.doc *.docx *.docm *.xlx *.xlsx *.xlsm" for Internal email only, but not Outgoing or Incoming   Resolution: Each mail route has its own settings. You need to individually define which match list to use. You can use Policy Manager Console to make these changes, if you are managing your F-Secure Email and Server Security via Policy Manager, or use the Web Console to login to your Email and Server Security locally. As you can see here, I am using a different Match list for each of my mail route, where I have defined the file types I want to block. On Actions, I have however selected "only drop the attachment", not the whole message. Now, I have activated each list for my Email traffic scanning accordingly, and each of them has their own list that contains the Extensions I want to be blocked from attachments.   Note: I did not use the default "Disallowed Files" from Lists and templates as I wanted to have my own customized lists. If you are using the default list on each email route, it means that the same rules will apply for all.   Article no: 000016592
View full article
Issue: Email messages are or were incorrectly classified by F-Secure spam scanner. Resolution: If your email messages were incorrectly classified by our spam scanner, we would like to receive a copy by email. Do note that the copy must be sent to the right channel, otherwise, it be rejected by our automated systems. Create a new message and address it to: spam-samples@email-samples.f-secure.com for spam messages which the spam scanner failed to filter ham-samples@email-samples.f-secure.com for legitimate, non-spam messages which were accidentally filtered as spam phishing-samples@email-samples.f-secure.com for spam that attempts to trick the recipient into disclosing personal, private, or sensitive information (e.g., online banking password) Add the spam sample as an attachment (multiple samples of the same type can be sent in a single submission) In Microsoft Outlook, drag the sample from your inbox into the composition pane so they appear as an attachment in the new message In other email program, refer to the product documentation for instructions on how to obtain the full header of an email message using your email program  Important! Sample should be submitted with its full header, and if possible, in the message/rfc822 format. For meaningful analysis, do not edit the original message in any way. In the message, provide the name of the F-Secure product used and its version number Submit the sample from a valid, live email address. In rare cases, we may need to reply to you if we have questions. Note: Submissions are primarily handled by automated systems; if you wish to include comments related to the submission, they should be communicated to your designated support contact to ensure proper attention. Mention the support ticket ID in the Subject header of the sample submission. Article no: 000008306
View full article
Issue: During installation of Client Security 14.x we are receiving a notification saying Overlapped I/O operation is in progress. Running the uninstallation tool between attempts has no impact. Resolution: This points towards a Microsoft-related issue which can be remedied by renaming a Microsoft folder, running our uninstallation tool and reinstalling Client Security. To verify this, look for events with ID 997 within the Windows Event Viewer. Steps to resolve: Rename the following folder C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 to C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18_BAK Run the F-Secure uninstallation tool: https://download.sp.f-secure.com/uninstallationtool/FsUninstallationTool.exe Remove any F-Secure folders and files from C:\Program Files (x86), C:\Program Files and C:\ProgramData Delete all F-Secure registry entries from the Registry Editor: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Data Fellows Re-install F-Secure Client Security onto the host Article no: 000016801
View full article