Business Suite

Sort by:
Issue: How do I run a manual scan using the command line on F-Secure Server Security 14.x or Client Security 14.x? Resolution: The command line option to execute a manual scan can be either used to run a scan on-demand. Additionally the command and the arguments can be used to fill the "Generic" scheduled scan task specific parameters. To run the task locally via command line: Press the Windows button Search for cmd.exe and press Enter Navigate to your F-Secure client's installation directory (for example: cd C:\Program Files (x86)\F-Secure\) For Client Security, navigate further to the Client Security directory. For Server Security, navigate to the Server Security directory. Type in fsscan.exe and add any of the below arguments/options, then press Enter The scan will be executed and further details will be returned in the command window Example 1 Retrieving information on available options: C:\Program Files (x86)\F-Secure\Client Security>fsscan -?   Usage: fsscan [options] Options: --sched, -s     Runs a scan optimized for scheduled scanning --target, -t <target> Scans the given <target> --report, -r <report> Writes an unformatted report to <report> file (only with -c) --delete, -d Deletes all harmful files found --collection, -c Runs a scan optimized for large collections of harmful files --noflyer, -f Skip showing scheduled scanning flyer -?, -h, --help Displays this help Example 2 Scanning a specific directory ( downloads directory of the user Foo) : C:\Program Files (x86)\F-Secure\Client Security>fsscan.exe -t C:\Users\Foo\Downloads\   Setting up a scheduled scan on a specific directory via Policy Manager Console: Log on to your F-Secure Policy Manager Console. Select the Policy domain   or Host   /   where you want to edit the policy on. In the Settings, select the Manual Scan item Go to the table under Scheduled scanning Add a new row Choose Task Type = Generic Edit the Task Type Specific Parameters, for example to scan the downloads directory of the user Foo: C:\Program Files (x86)\F-Secure\Server Security\fsscan.exe -t C:\Users\Foo\Downloads Exit the table Distribute the policy  Article no: 000011456
View full article
Issue: Why are the setting changes for "Email Alert Forwarding" reverted automatically after changing the configuration in the F-Secure Email and Server Security 12.x Web Console? Resolution: Most likely Email and Server Security 12.x  has been installed to be centrally managed by a F-Secure Policy Manager Server. By default local user changes are disallowed for email alert forwarding. You can allow local users to change email alert forwarding through the Policy Manager Console: Log in to the Policy Manager Console Select the host or domain from the Domain tree  Go to the Settings tab Select the Alert sending page Untick the checkbox under Alert forwarding  Distribute the policy Now the local user is allowed to change email alert forwarding settings through the Email and Server Security Web Console.  Article no: 000018060
View full article
Issue: Strip attachments for internal emails are being filter by F-Secure Email and Server Security, though the strip attachments option is turned off. Resolution: Th email direction is based on the Internal Domains and Internal SMTP senders settings and it is determined as follows: Email messages are considered internal if they come from internal SMTP sender hosts and mail recipients belong to one of the specified internal domains (internal recipients). Email messages are considered outgoing if they come from internal SMTP sender hosts and mail recipients do not belong to the specified internal domains (external recipients). Email messages that come from hosts that are not defined as internal SMTP sender hosts are considered incoming.  Email messages submitted via MAPI or Pickup Folder are treated as if they are sent from the internal SMTP sender host. Note: If email messages come from internal SMTP sender hosts and contain both internal and external recipients, messages are split and processed as internal and outgoing respectively. Internal Domains Specify internal domains. Messages coming to internal domains are considered to be inbound mail unless they come from internal SMTP sender hosts. Internal Domains Separate each domain name with a space. You can use an asterisk (*) as a wildcard. For example, *example.com internal.example.net Internal SMTP Senders Specify the IP addresses of hosts that belong to your organization. Specify all hosts within the organization that Internal SMTP Senders send messages to Exchange Edge or Hub servers via SMTP as Internal SMTP Senders. Separate each IP address with a space. An IP address range can be defined as: • a network/netmask pair (for example, 10.1.0.0/255.255.0.0), Note: There is also virus scanning, where mb infections are blocked • a network/nnn CIDR specification (for example, 10.1.0.0/16), or • IPv6 address (for example, 1::, 2001::765d 2001::0-5, 2001:db8:abcd:0012::0/64, 2001:db8:abcd:abcd::/52, ::1). You can use an asterisk (*)to match any number or dash (-) to define a range of numbers. For example, 172.16.4.4 172.16.*.1 172.16.4.0-16 172.16.250-255.* Note: If end-users in the organization use other than Microsoft Outlook email client to send and receive email, it is recommended to specify all end-user workstations as Internal SMTP Senders. Note: If the organization has Exchange Edge and Hub servers,the server with the Hub role installed should be added to the Internal SMTP Sender on the server where the Edge role is installed. Important: Do not specify the server where the Edge role is installed as Internal SMTP Sender. You can make these changes on the Web GUI. To do so, open F-Secure Email and Server Security Web Console and navigate  to settings. Open the Administration from menu and navigate to Network Expend the Network section and enter the list of the Internal domains as explained above Enter the Internal SMTP senders as explained above Note: Network internal domains and internal smtp senders - determine email direction (inbound, outbound, internal) and then apply corresponding filters Article no: 000018032
View full article
Issue: Why is F-Secure Email and Server Security dropping password protected attachments? Resolution: If password protected attachments are being dropped from emails, you should review actions that are taken when emails include archived files. You can review and change the settings by following these steps: Log in to the Email and Server Security Web Console Select Email traffic scanning from the menu  Select Incoming mail On this page you will find the following settings for archived files: Action on archives with disallowed files Action on max nested archives Action on password protected archives Make sure that password protected archives are allowed to pass through if you do not want them to be dropped. The archived attachments can also be dropped if you have active match lists that are triggered for your email route as you have configured. If inbound archived attachments are dropped, they are most likely triggering the 'Disallowed Inbound Files' match list. You can from the above mentioned Incoming mail settings page check the setting for list of files to scan inside archives. This setting shows which match list it currently uses. The match list can be found in F-Secure Email and Server Security Web GUI: Go to the Settings page  Select List and templates When a match list is active for incoming email traffic, when a user sends an attachment file that is included in this list, the rule will be triggered and the file is dropped. If a file is being dropped, you can verify it from the logfile.log. Here are two example entries from the logfile log: Example 1: conditionReason: Attachment 'password_protected_example.docx' matches 'Disallowed Files Internal' stripping condition; Real type: application/msword; description: Microsoft Compound Document;Microsoft Word Document; password protected; extensions: DOC DOT  Example2: Attachment '2019-04-18_examplefile.pptx' matches  'Disallowed Inbound Files' stripping condition; Real type: application/msword; description: Microsoft Compound Document;Microsoft Word Document; password protected; extensions: DOC DOT  Action: Message stopped   To allow the files in the examples, you would need to remove the *.doc extension from the disallowed files match list. Article no: 000011451
View full article
Issue: Security Cloud Client is not connected on Server Security 14.x / Client Security 14.x Resolution: Make sure that the affected F-Secure host is allowed to connect to the URL orsp.f-secure.com. If this host requires a connection via HTTP proxy to access this URL, you have to configure these settings via the F-Secure Policy Manager Console: Log on to your F-Secure Policy Manager Console. Select the Policy domain   or Host   /   where you want to edit the policy on. Switch to the Advanced view. Go to F-Secure Security Cloud Client > Settings > HTTP Proxy. Modify the value to suit your HTTP proxy requirements: 'http://server:port', e.g. 'http://my.domain.com:1234' Distribute the policy  . Note: If there is no parameter set under F-Secure Security Cloud Client > Settings > HTTP Proxy, the F-Secure Security Cloud Client will use the proxy configuration from the F-Secure Automatic Update Agent (AUA) by default: F-Secure Automatic Update Agent > Settings > Communications > HTTP settings > Use HTTP proxy Note: Server Security 14.00 and Client Security 14.x do not support proxy authentication. Article no: 000014893
View full article
Issue: Universal CRT is not installed therefore Client Security 14.x/Server Security 14.00 installation fails. In Policy Manger Console, push installations result in the error message Installation failed. MSI error code is 1603. The following error can be seen in Windows Application Event Logs: Product: F-Secure Client Security [Premium] 14.XX/F-Secure Server Security [Premium] 14.XX -- Universal CRT is not installed  Resolution: The latest version of Client Security 14.x/Server Security 14.00 requires Windows Universal C Runtime. Download and install Windows Universal C Runtime from the link here before installing F-Secure Client Security 14.x/Server Security 14.00.   Article no: 000008994
View full article
Issue: After upgrading from version F-Secure Server Security 12.12 to 14.00 on terminal servers, these servers have freezing, hanging and performance issues.  Unable to access the server, remote logins are only possible if all F-Secure services are disabled. Resolution: In such scenarios, there is most likely a hang in ORSP Client, which prevents ulcore from updating. This can be seen in the lynx.log: 2019-09-29 09:36:35.468 [09e8.3330] .W: fs::rs::WinSocket::Impl::connect: Cannot resolve address doorman.sc.fsapi.com 2019-09-29 15:38:08.728 [09e8.2428] .W: fs::rs::WinSocket::Impl::connect: Cannot resolve address doorman.sc.fsapi.com 2019-09-29 21:41:59.136 [09e8.3410] .W: fs::rs::WinSocket::Impl::connect: Cannot resolve address doorman.sc.fsapi.com 2019-09-30 03:44:05.294 [09e8.2a0c] .W: fs::rs::WinSocket::Impl::connect: Cannot resolve address doorman.sc.fsapi.com 2019-10-01 10:04:33.890 [09e8.2670] .W: fs::rs::WinSocket::Impl::connect: Cannot resolve address doorman.sc.fsapi.com When a new object, such as a file or URL, is encountered on one client, the product communicates with the Security Cloud using the strongly encrypted Object Reputation Service Protocol (ORSP) to query for the object's reputation details. Anonymous metadata about the object, such as file size and anonymized path, are sent to the Security Cloud.  In this case, the reason of this hang is that queries to doorman.sc.fsapi.com, one of our back-ends, is blocked. To solve the issue, follow these steps: You need to allow f-secure.com and fsapi.com in your Firewall or External Proxy An other option is, to setup a HTTP Proxy instead of trying to allow fsapi.com, which would be allowed to connect and client will be configured to use the Proxy.  After you have set your Proxy, make sure you configure the HTTP Proxy address in the Policy Manager Console. Please refer to the screenshot below where to add the HTTP Proxy address. If the HTTP Proxy is not an option for you, you can switch OFF security cloud in the settings, as currently the connection to Security Cloud is blocked.  You may find more information about the Security Cloud here. Article no: 000017219
View full article
Issue: During mailbox indexation Exchange service becomes abnormally slow if F-Secure Email and Server Security is installed  Disabling the security features fixes the slowness issue Resolution: In the event that you are facing slowness during mailbox indexation, we suggest that you verify that you are following this Microsoft article about exclusions here. Article no: 000017943
View full article
Issue: How does the firewall automatic selection in Policy Manager work? How to set up the automatic selection profile? Resolution: To set the firewall automatic selection profile changes to work, create the auto select rule based on conditions such as gateway IP, DNS, etc. As an example, when the Windows Firewall profile is changed to different networks (public, private, domain), there is network change happening too. This can be used as the condition for firewall automatic selection rule to trigger. When a host is connected to Domain network, it will use default firewall profile "Office, file and printer sharing". When a host is connected to Public network and assign to DHCP IP address, it will switch to firewall profile "Server". When a host is connected to Private network that communicate to gateway IP (Example: 192.168.1.103), it will switch to firewall profile "My test firewall profile". Note: The firewall automatic selection is based on rules priority. The rule consists of two conditions: Method1/Argument1 and Method2/Argument2.  When both conditions are met, the profile specified in the rule is selected. The rules are evaluated whenever changes in the network interfaces are detected, and the rule with the highest priority is applied in case there are more than one matching rule.  If none of the rules match, the profile will remain unchanged. Therefore a fallback rule, with both methods set to Always, is usually put at the bottom of the rule set. Supported methods and arguments: Never: Never true (argument ignored) Always: Always true (argument ignored) DNS Server IP Address: IP address given as the argument matches with a DNS server DHCP Server IP Address: IP address given as the argument matches with a DHCP server Default Gateway IP Address: IP address given as the argument matches with the default gateway My Network: IP address given as the argument falls within the LAN subnet of the host Dialup: A dial-up connection is open (argument ignored) In IP address arguments, the asterisk (*) may be used as a wildcard, but only in place of whole pieces of the address. For instance 172.16.*.*, but not 172.16.*10.* or 172.16.*. Example: Method1 = Default Gateway IP Address Argument1 = 123.12.0.1 Note: The Argument value is irrelevant for Always, Never and Dialup methods. Article no: 000013127
View full article
Issue: User wants to exclude a specific software update from F-Secure Software Updater automatic installation. Resolution: You can create a rule to exclude a certain software update from Software Updater automatic installation in Policy Manager Console by following these steps: Log in to Policy Manager Console  Select the host or domain from the Domain tree  Select the Settings tab Go to the Software Updater page Click Add from the right side of Exclude software from automatic installation table Enter software name and/or bulletin ID  Distribute policy to the hosts  Now the selected domain or hosts will have an exclusion for the software updates you have created a rule for.  Article no: 000002779
View full article
Issue: Does Policy Manager Proxy also proxy Software Update installation packages? Resolution: Yes, Policy Manager Proxy also proxies Software Updater installation packages. You can find more information, here.  Article no: 000017850
View full article
Issue: I would like to register my F-Secure Policy Manager Server which is not connected to a network (offline), how do I proceed? Resolution: Contact F-Secure support by opening a support request (https://www.f-secure.com/en/web/business_global/support/support-request) Provide the following information for F-Secure technical support to create an offline registration file: Account Name Customer ID Installation ID  Business Suite license Expiry date How to obtain Customer and Installation ID: Open F-Secure Policy Manager console, and go to Help menu > Registration dialog, or; Find the information from the Policy Manager Server installation folder, ...\F-Secure\Management Server 5\Data (Windows) or /var/opt/f-secure/fspms/data (Linux), open the file called upstream-statistics.json using notepad. Customer ID is on line 5 and Installation ID is on line 6. Once support has provided you with an offline registration file, use the following steps to activate it on your Policy Manager Server Windows: Copy the offline registration file to the folder F-Secure\Management Server 5\data Restart the F-Secure Policy Manager Server services by typing the following command in an elevated command prompt (CMD):   net stop fsms   net start fsms Linux: Copy the offline registration file to the folder /var/opt/f-secure/fspms/data  Restart the fspms daemon:  # /etc/init.d/fspms restart F-Secure Policy Manager will be activated until the expiry of your current subscription. After renewing the subscription you need to request a new registration token from support. Make sure to do this some time in advance so that you don't end up with an expired Policy Manager Server. Article no: 000001107
View full article
Issue: Error or issue related to F-Secure components (e.g. Gatekeeper, Firewall, Network Interceptor Framework, Internet Shield) Resolution: Follow the steps below to collect F-Secure debug logs. Download and run the F-Secure debug tool Click Update Debug Files Online Select the components you want to debug (e.g Firewall, Gatekeeper driver) Click Apply Changes Reproduce the issue that was reported and take note of the time Disable debugging by deselecting the components and click Apply Changes Click Collect Logs once the issue is reproduced Locate the FSDIAG on the desktop Send the newly generated FSDIAG log files for investigation and report when the issue was reproduced   Article no: 000002782
View full article
Issue: Server Security has scanning errors and causing performance and hanging issues on virtual servers. Application event log shows error: "The description for Event ID 301 from source FSecure-FSecure Application-F-Secure Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer." Issue has started on one or more virtual servers at the same time. Lynx.log shows following error: W: ComTransaction::GetResult: Exception: Type: fs::BaseException, Reason: invalid status code 500, Function: fs::rs::AbstractTransaction<class fs::rs::Icap>::getResult, File: "c:\\workspace\\workspace\\spt_lynx\\src\\fsciapi\\svce_common\\transaction.h", Line: 235 F: ComTransaction::GetResult: Creating a new transaction failed. Resolution: On virtual servers the scanning is often offloaded to a Scanning and Reputation Server (SRS) to minimize the performance impact. If you have an Scanning and Reputation Server in use, the Event ID 301 error on the client side can be caused by an Scanning and Reputation Server that is having issues. Restart the Scanning and Reputation Server to see if it helps: Open the virtual machine console Log in to go to the Admin menu Select 6 to reboot or shut down the appliance The Power management menu opens Choose: Select 1 to restart the server If a restart of the Scanning and Reputation Server does not fix the issue, follow these steps to install a new one: https://help.f-secure.com/product.html#business/fsvs/latest/en/concept_FAA8187341EF42DA8264EAF45CF42B6B-fsvs-latest-en If a new installation of the Scanning and Reputation Server does not fix the issue, troubleshoot issues on the server where you have installed the Scanning and Reputation Server.  Article no: 000017702
View full article
Issue: F-Secure scan modules for Server Security Premium 12.11 Build 103 are not loaded on the terminal servers. The FSAUA reset tool has already been already executed without success. The server is running on Windows Server 2012 R2. When performing a manual scan the error "No scan modules loaded" appears. Resolution: First make sure you are able to ping your F-Secure Scanning and Reputation Server. If the ping results are ok, then the Agent is most likely down "Reason: Transport is down, Function: fs::rs::Library::newTransaction, File: "library.cpp", Line: 222, Error Code : 34" due to some changes made possibly in Policy Manager Server, like new installation, migration, settings removed. To make sure your clients are connecting to F-Secure Scanning and Reputation Server, open Policy Manager Console and check the settings bellow: For Clients 12.xx and 13.xx Open Policy Manager Server/ Console in advanced view and navigate to Offload Scanning Agent: Specifies the primary F-Secure Scanning and Reputation Server(s) that are used for remote content inspection and reputation services.  The server is defined as <host>[:<port>], where <host> is IP address or FQDN of the server and <port> is the port number the server accepts incoming connections from the client. If the port is not defined, then the default one is used. Use the comma separated list if multiple servers are used. For example, "192.168.1.10, 192.168.1.12:4344". Object identifier: 1.3.6.1.4.1.2213.74.1.10.10 For Clients 14.xx Open Policy Manager Server/ Console in Standard view and navigate to Real-time scanning and make sure your F-Secure Scanning and Reputation Server addresses are correct configured and the check box is selected. Article no: 000014714
View full article
Issue: How to setup the silent installation for Policy Manager Proxy 14.20 User is creating a policy-based upgrade and needs to export installer msi for rollout via group policies Resolution: Clean installations: For Windows Open Policy Manager Console and create temporary user with full access permissions for the root domain Download Policy Manager Proxy installer: fspm-14.10.88509.exe as an example Extract Policy Manager Proxy setup executable content. For 14.00 and older - via any archive manager, for 14.10 start the executable and grab all the content from temporary directory at root level of system drive Transfer admin.pub from Policy Manager to the extracted content Edit prodsett.ini in the same directory: uncomment and specify values for all properties in the section "F-Secure PM Proxy" Use user credentials created at first step for UpstreamPmUserName and UpstreamPmUserPwd properties Run "setup.exe /silent" at target host for 14.00 and older, starting from 14.10 executable is called like fspmp-14.10.88509-rtm.exe, so have to run "fspmp-14.10.88509-rtm.exe /silent" Remove user created at first step For Linux Open Policy Manager Console and create temporary user with full access permissions for the root domain Download installer: fspmp-14.10.88509-1.x86_64.rpm as an example Put admin.pub from PM to the dir with installer Create shell script with name like pmp.sh and following content: yum -y update libstdc++ yum -y install libstdc++.i686 rpm -i fspmp-14.10.88509-1.x86_64.rpm /opt/f-secure/fspms/bin/fspms-config << PMPCONFIG PM address PM port (usually 443) ./admin.pub PMP http port to be used (usually 80) PMP httpS port to be used (usually 443) PM admin username (created at first step) PM admin password (created at first step) PMPCONFIG Run the script: “./pmp.sh”. Remove user created at first step. Same things with Debian/Ubuntu, but use apt and dpkg instead, so sh script will look like: apt -y upgrade libstdc++6: apt -y install libstdc++6:i386 dpkg -i fspmp_14.10.88509_amd64.deb /opt/f-secure/fspms/bin/fspms-config << PMPCONFIG PM address PM port (usually 443) ./admin.pub PMP http port to be used (usually 80) PMP httpS port to be used (usually 443) PM admin username (created at first step) PM admin password (created at first step) PMPCONFIG After the script run, if everything is ok, PMP host should appear in PMC.   Policy Manager Proxy upgrades: For upgrades, as there is not need to configure PMP and generate certificates enough to just upgrade the build. For Windows: Extract PMP executable content via any archive manager Run "setup.exe /silent" For Linux: rpm -U fspmp-14.10.88509-1.x86_64.rpm dpkg -i fspmp_14.10.88509_amd64.deb Article no: 000016979
View full article
Issue:  I distributed an invalid policy to multiple hosts using Policy Manager Console. How can I troubleshoot this or identify what settings was changed and to which hosts it was distributed? Resolution: To locate this information, you can use available logfiles from the server running Policy Manager. fspms-domain-tree-audit.log Below is an example of this this logfile: 10.10.2019 13:21:59,139 INFO [audit.domainTree] - User 'admin' deleted host with identity 79fee1c5-e85b-4a90-b462-09354abb56fd (id=3) 10.10.2019 13:22:06,519 INFO [audit.domainTree] - User 'admin' moved host with identity b8a4bb94-2a9a-4830-b45b-8e45a531279c (id=36) to domain CS 14 hosts (id=4) 22.10.2019 14:14:12,929 INFO [audit.domainTree] - User 'admin' deleted host with identity f4ef246e-61c2-4ac1-949b-f0d3d3be4aa3 (id=35) 28.10.2019 10:54:20,208 INFO [audit.domainTree] - User 'admin' added domain test domain (id=39) to domain Root (id=1) This logfile allows us to understand host- and domain.operations (including the root-domain). Operations include the following: add, remove, rename, move. In our example, the last line, the user ADMIN added a new sub-domain "test domain" with id=39. Another file we are interested in called: fspms-policy-audit.log Below is an example of this this logfile: 23.10.2019 12:22:02,929 INFO [audit.policy] - type="lockedOnClient", domainId="36", OID="1.3.6.1.4.1.2213.12.1.111.2.100.100.60", oldValue="false", newValue="true" 23.10.2019 12:22:02,929 INFO [audit.policy] - type="lockedOnClient", domainId="36", OID="1.3.6.1.4.1.2213.12.1.111.2.100.100.61", oldValue="false", newValue="true" 23.10.2019 12:22:52,528 INFO [audit.policy] - User="admin" applied the following policy changes: 23.10.2019 12:22:52,528 INFO [audit.policy] - type="setting", domainId="36", OID="1.3.6.1.4.1.2213.12.1.111.2.100.100.61", oldValue="null", newValue="c:\test\printfile_release.exe" 23.10.2019 12:23:19,545 INFO [audit.policy] - User="admin" applied the following policy changes: 23.10.2019 12:23:19,545 INFO [audit.policy] - type="setting", domainId="36", OID="1.3.6.1.4.1.2213.12.1.111.2.100.100.61", oldValue="c:\test\printfile_release.exe", newValue="" 23.10.2019 12:34:32,557 INFO [audit.policy] - User="admin" applied the following policy changes: This logfile provides an audit trail for setting changes meaning (what setting was changed and how). The sub-domain in Policy Manager Console is reflected by DomainId. The actual settings is referred to by the OID:   23.10.2019 12:22:52,528 INFO [audit.policy] - type="setting", domainId="36", OID="1.3.6.1.4.1.2213.12.1.111.2.100.100.61", oldValue="null", newValue="c:\test\printfile_release.exe" How do we find the setting 1.3.6.1.4.1.2213.12.1.111.2.100.100.61 in Policy Manager Console? This is perhaps the trickiest part, because we do not have a list of settings available. However, you can find the settings by using Policy Manager. The part of the address that identifies the F-Secure company in the OID is 1.3.6.1.4.1.2213. The latter part identifies the application and the specific setting in the application. Here we have  12.1.111.2.100.100.61 See screenshot capture1.pnn: by selecting "F-Secure Anti-Virus" in Policy Manager Console, you can se that the application is "F-Secure Anti-virus" -> "Object identifier" = 1.3.6.1.4.1.2213.12 When we go further inside the settings in "F-Secure Anti-Virus", we can locate the relevant setting here: - F-Secure Anti-virus    -> Settings     -> Settings for real-time protection        -> Scanning options           -> File scanning               -> Inclusions and exclusions                 -> Excluded processes. To give you an example using syntax we saw in fspms-policy-audit.log: 23.10.2019 12:22:52,528 INFO [audit.policy] - User="admin" applied the following policy changes: 23.10.2019 12:22:52,528 INFO [audit.policy] - type="setting", domainId="39", OID="1.3.6.1.4.1.2213.12.1.111.2.100.100.61", oldValue="null", newValue="c:\test\printfile_release.exe" Based on the information we learned, this entry translates to: Policy Manager Console User=Admin, applied the process exlusion "c:\test\printfile_release.exe" exclusion for domain "test domain" (DomainID was available in fspsm-domain-tree-audit.log) . Article no: 000017432
View full article
Issue: After upgrading Server Security to version 14.00, the NTUSER.DAT file is often corrupted when loading server-based profiles Same issue with upgrade to Client Security 14.10  Resolution: Avdaemon.dll is doing multiple service tasks. One of tasks is the setting conversion and resolving paths environment profiles e.g. %desktop% using user profile and loads each profile into memory. In this case Windows cannot find the local profile and is logging the user with a temporary profile. Changes you make to this profile will be lost when you log off. Ransomware loads user profile aka ntuser.dat to resolve protected path. It seems that it is doing it, even if anti-Ransomware is off. This issue will be fixed in the next versions of the products.  Currently we have hotfix FSCS1410-HF11 that fixes the issue, but before applying the hotfix, which contains a new avdaemon.dll file, make sure the steps below help you resolve the issue: Contact F-Secure support and we will provide you with the hotfix FSCS1410-HF11 and the new avdaemon.dll file Rename avdaemon.dll on one of the affected hosts and restart fshoster service to see if this helps. The avdaemon.dll is located here: C:\Program Files (x86)\F-Secure\Client Security and C:\Program Files (x86)\F-Secure\Server Security If the renaming avdaemon.dll solves the issue, replace the avdaemon.dll file with the fixed version and restart the fshoster service If the replacement helped, you can apply hotfix FSCS1410-HF11 on all of your affected clients Follow these steps to install the hotfix to centrally managed computers: Log into F-Secure Policy Manager Console  Select Installation tab Click Installation packages  Import the hotfix jar file Select appropriate domain or host from the Domain Tree press Install  Select this hotfix FSCS1410-HF11 Distribute policies Article no: 000012303
View full article
Issue: How can i find out what was the last policy issued to a host in Policy Manager Console? Resolution: Check the screenshot below. This shows the field Policy file timestamp, which reflects when the policy file for this host was created. The same screen also indicates, whether the host has this latest policy in use as the column Policy in use states Latest. However, some of these fields are not visible by default (e.g. Policy in use). To enable or disable them, right-click the column header and left-click to enable or disable different fields. Article no: 000017386
View full article
Issue: I need to enable or disable the Browsing Protection feature on some client, how can I do it centrally using Policy Manager Console? Resolution: Open F-Secure Policy Manager: Settings [Standard view] F-Secure Browsing Protection Uncheck the box to Disable or Enable Browsing Protection After you have chosen your setting, make sure that the padlock is closed, after that you can distribute the policies (Ctrl+D) Note:  F-Secure Browser Protection is an integrated Module within the package, that can be only deactivated via Policy Manager or locally from the Client. If you have disabled Browsing Protection for your Clients, and you want to hide the browser plugin deactivated message in main local UI Please ask customer support to provide you the file  FSCS1410-HF03-signed.jar when you submit a ticket.  This  specific hotfix removes notification about disabled BP from UI, while it is disabled. Distribution details for centrally managed hosts: Log in to F-Secure Policy Manager Console  select the Installation tab  Click Installation packages and select import to import the downloaded hotfix jar file Select appropriate domain or host and press Install Select the hotfix Distribute policies Article no: 000004715
View full article
Issue: Firewall rules made with Policy Manager 14.x are not operational on Client Security 14.x clients. Firewall rules pushed from Policy Manager 14.x to Client Security 14.x clients do not appear in the Windows firewall. Resolution: Check that you have edited the same firewall profile that is in use on the client. This can be done by following these steps: Open F-Secure Policy Manager Console Select the host or domain from the Domain tree Go to the Settings tab Go to the Firewall page Check that Host profile and Profile being edited match If they match, the reason why the rule is not applied on the client is because it is an invalid rule. If the rule has many IP addresses in it, make sure that you have used a comma ( , ) in between each IP range as a value separator. Using a space or semicolon ( ; ) in between the IP ranges will invalidate the rule and it will not be visible in the Windows Firewall.  Article no: 000011310
View full article
Issue: Configured Application Control for Client Security 13.x hosts in Policy Manager 14.x but it does not stop the applications from launching Resolution: F-Secure Client Security 13 version does not support the Application control feature which is the reason why applications are still able to be launched after configuring the feature through F-Secure Policy Manager 14. The Application control feature is supported by F-Secure Client Security version 14 and newer. You will need to upgrade the hosts if you wish to use this feature.  F-Secure Client Security 13 supports the Network Access Control feature which prevents unauthorized applications from gaining network access.   Article no: 000016529
View full article
Issue: Unable to change Management Server Address on Client Security or Server Security hosts because the public and private admin keys do not match. Need to migrate hosts between two Policy Manager Servers without having to do a re-installation of the software client side.  Resolution: If your Policy Manager ONLY manages clients running Client Security 14.00 or newer, you can create a Keyreplacer yourself with a tool that can be provided to you by support.  The tool comes with instructions on how to create the keyreplacer-file. You will need to know the IP-address or hostname of the new Policy manager, the http- and https-ports that it uses, and depending on the situation, its admin.pub-file (see steps to download admin.pub below). To deploy the keyreplacer, see steps for "Instruction to deploy the Key Replacer fix" below. In case you are also managing other installations, kindly provide us with the following information from the new Policy Manager for assistance to create Key Replacer fix. Admin.pub file The Policy Manager management address The http- and https-ports used by the Policy Manager ( On Linux systems the port information can be found in the following log: /var/opt/f-secure/fspms/logs/fspms-stderrout.log ) To download admin.pub file, please follow these steps: Login to the PM console In the top menu, click Tools > Server Configuration > Keys Click Export to download admin.pub and admin.prv files Attach the admin.pub file to your e-mail reply and we will create the Key Replacer hotfix file for you. Instruction to deploy the Key Replacer fix Please close the Policy Manager Console and stop Policy Manager Server service in services.msc You can also stop Policy Manager service by opening a command prompt with elevated mode and typing in the below command. net stop fsms Configure the registry on the Policy Manager Server Locate this registry key: "HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Server 5" for - 32bits OS "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432node\Data Fellows\F-Secure\Management Server 5" for - 64bits OS Right-click on Management Server 5 Registry Key and add a new String Value with the following: Name: additional_java_args Data field: -DallowUnsignedWithRiwsAndMibs=true Note: Please don't remove the -D on the beginning of the string or it will not work properly.   The same works for Linux, but you need to use config file /etc/opt/f-secure/fspms/fspms.conf instead of the registry. Create a new line with parameter additional_java_args and specify Java system properties in its value in quotes in the following format: -DpropertyName=value. Multiple properties can be specified using space as a delimiter. Property names and values are case sensitive. Example: additional_java_args=-DallowUnsignedWithRiwsAndMibs=true -Dh2ConsoleEnabled=true -DmaxSynchronousPackageRetrievalRequests=100   Start the Policy Manager Server service and open the Policy Manager Console Go to the Installation-tab and click Installation packages Click Import to import "KeyReplacer_unsigned.jar" file to the Policy Manager Console as an Installation package Deploy the KeyReplacer file to all clients, for example using a policy-based installation After the deployment is finished import the hosts in the Policy Manager Console by going to the Installation tab and clicking "Import new hosts". Article no: 000003212
View full article
Issue: After installation, user is unable to launch Policy Manager Console and they receive error: "The item referred by this shortcut cannot be accessed. You may not have the appropriate permissions". Resolution: The setup wizard creates the user group FSPM users. The user who was logged in and ran the installer is automatically added to this group. To allow another user to run Policy Manager Console you must manually add this user to the FSPM users user group. To add users to a group, use the following instructions: Click on the Server Manager icon on the bottom left of the Windows desktop  Select the Tools menu in the upper right, then select Computer Management Expand Local Users and Groups Expand Groups Double-click on the group to which you want to add users Select Add Enter the name of the user you wish to add to the group, then select Check Names You can separate names with a semicolon if you want to add more than one user Press OK when complete, then OK again to finish Article no: 000017207
View full article
Issue: Visible effects: Windows Server operating system with Server Security 14.00 installed is hanging Windows Desktop operating system with Client Security 13.00 or newer installed is hanging Resolution: UPDATE: The issue related to F-Secure Ultralight Core Update 2019-10-01_01 has now been fixed in the latest Ultralight Core Update, which is available as an automatic update by name  F-Secure Ultralight Core Update 2019-10-22_01. However, if you are still facing similar issues after the update fix, this may happen if F-Secure product have F-Secure Security Cloud Client enabled, but don't have access allowed to fsapi.com address. To resolve this issue, make sure that you have allowed access to fsapi.com from your environment. In case you have isolated environment, or otherwise cannot allow access to fsapi.com, disable F-Secure Security Cloud Client via Policy Manager Console: Log in to Policy Manager Console. Go to Settings tab. Select Advanced view. Navigate to: F-Security Security Cloud Client > Settings > Client is enabled. Select No from the drop-down menu. Make sure that the setting is locked. Distribute policies (CTRL-D). In case you should not have restricted network access, or if above steps didn't help, contact F-Secure support for further assistance. Article no: 000016583
View full article
Issue: How to disable Advanced Network Protection for Client Security 14 in Policy Manager 14? Resolution: To centrally disable Advanced Network Protection from target hosts in Policy Manager 14, follow these steps: Open F-Secure Policy Manager Choose the target host or domain from the Domain Tree Go to the Settings tab and use Standard View Go to Web traffic scanning section Choose from HTTP Scanning HTTP scanning enabled and set the value as disabled Distribute the new policy with the Distribute policies button Now Advanced Network protection is disabled from the target hosts. Article no: 000008143
View full article
Issue: How to update malware definitions for Policy Manager 13.x/14.x in an isolated network. Resolution: Policy Manager offers two options for updating virus definitions in isolated networks that have no direct connection to the Internet. If your network configuration allows Policy Manager to access internal resources with Internet access, we recommend that you use Policy Manager Proxy as the source for updates. For more details click here. If using Policy Manager Proxy is not an option, you can use a tool provided with Policy Manager to fetch the updates as an archive and copy that to the server where Policy Manager is installed. For more details click here. Article no: 000002697
View full article
Issue: When using image files to distribute product installations, how can I reset the host UID for Policy Manager Proxy to prevent duplicate hosts appearing in Policy Manager? Resolution: If you use image files to distribute product installations, you need to make sure that there are no unique ID conflicts. For Policy Manager Proxy this can be prevented by following the steps below: Stop F-Secure Policy Manager Server service:  Linux: [/etc/init.d/fspms stop] Windows: [net stop fsms] Remove following two files: Linux: /var/opt/f-secure/fspms/data/h2db/fspms.h2.db /var/opt/f-secure/fspms/data/fspms.jks Windows: <F-Secure Installation Folder>\Management Server 5\data\h2db\fspms.h2.db <F-Secure Installation Folder>\Management Server 5\data\fspms.jks Use fspmp-enroll-tls-certificate script to generate proxy node certificate. Run the script and authenticate yourself as root administrator of the Master Policy Manager: Linux: /opt/f-secure/fspms/bin/fspmp-enroll-tls-certificate Windows: <F-Secure Installation Folder>/Management Server 5/bin/fspmp-enroll-tls-certificate.bat Start F-Secure Policy Manager Server service: Linux: [/etc/init.d/fspms start] Windows: [net start fsms]   Article no: 000016987
View full article
Issue: How do I schedule reports on Policy Manager 14.x? Resolution: You can configure Web Reporting to send regular reports by email to one or more recipients. To send the reports by email, you need to enter the mail server details in Policy Manager Console. To do this: Select Tools > Server configuration and click the Mail tab. Enter the mail server address and authentication information. Enter the address that you want to display as the sender in the report emails. This does not have to be a valid email address. Click OK. To configure the report scheduling: Note: You cannot schedule reports for individual hosts, only for domains. You can use the root domain if you want the reports to cover all configured domains. Use semi-colons to separate multiple addresses. If you choose to send the reports on a monthly basis, the reports for each month are automatically sent on the first day of the following month. On the Web Reporting main page, select Scheduled reporting. On the policy domain tree, select the domain that you want to use for the reports. Note: You cannot schedule reports for individual hosts, only for domains. You can use the root domain if you want the reports to cover all configured domains. In the Recipient emails field, enter the email addresses that should receive the reports. Choose whether to send the reports daily, weekly or monthly. If you want to send the reports on a weekly basis, select the weekday. If you choose to send the reports on a monthly basis, the reports for each month are automatically sent on the first day of the following month. Select which reports you want to send. The listed recipients will receive the selected reports in HTML format according to your settings. If you want to check that the report emails are delivered correctly, click Send reports now.   For more information: https://help.f-secure.com/product.html#business/policy-manager/latest/en/task_4644F99989CB41A4BD5BBC5FE87919A2-latest-en Article no: 000003775
View full article
Issue: After updating to Server Security Premium 14.00, a group of Servers are not getting Virus Definitions After upgrading to Client Security 14.10, Clients are not getting updates from Policy Manager Server Resolution: You can apply the hotfix FSCS1410-HF07 to resolve the problem. If the problem persists, make you are experiencing the same problem, by opening the following logs from affected Client and investigate them. Logs are usually located in the following path: C:\ProgramData\F-Secure  Open the C:\ProgramData\F-Secure\Log\AUA.log and scroll down to the latest event to see if you have a similar error: 2019-09-23 15:17:09.502 [0e50.1388] I: Connecting to updateserver:80/guts2 (proxy proxy.demo.com:8888) 2019-09-23 15:17:09.517 [0e50.1388] I: Update check failed, error=115 (operation in progress) Open the C:\ProgramData\F-Secure\Log\CCF\Guts2Plugin.log  and scroll down to the latest event to see if you have a similar error: 2019-10-01 09:54:30.351 [1284.1258] I: Guts2Client::UpdateCurrentProxyForRootServer: Save successful proxy 'proxy.demo.com:8888' 2019-10-01 09:54:30.352 [1284.1258] I: Guts2Client::CheckForUpdatesFromServer: Check from server 'fsms:80/guts2' 2019-10-01 09:54:30.365 [1284.1258] I: Guts2Client::RefreshAvailablePackages: Trying with proxy 'proxy.demo.com:8888' 2019-10-01 09:54:30.581 [1284.1258] I: [fslib] server returned HTTP status code 503 (try again later) 2019-10-01 09:54:30.581 [1284.1258] *E: [fslib] unable to fetch update information from the server, error 115 (operation in progress) 2019-10-01 09:54:30.581 [1284.1258] I: Guts2Client::RefreshAvailablePackagesProxyConfigured: Failed to refresh available packages, error=115 2019-10-01 09:54:30.581 [1284.1258] *E: Guts2Client::CheckForUpdatesFromServer: Failed to refresh available updates list 2019-10-01 09:54:30.587 [1284.1258] I: CCFGuts2Plugin::ScheduleCheck: Scheduling next check in 156 seconds As you can see, proxy.demo.com:8888' can answer 503 without forwarding a request to the Policy Manager Server/guts2 server. In this case, you could troubleshoot the HTTP-Proxy by checking the following: Retry the URL from the address bar again by clicking the reload/refresh button, or pressing F5 or Ctrl+R. Restart your router and/or your device, especially if you're seeing the "Service Unavailable - DNS Failure" error. As an option, you could disable the HTTP proxy for AUA, to see if the connection issue is caused by AUA. You can do this from the Policy Manager Console: 3.1  Under the F-Secure Automatic Updates Agent > HTTP  Settings > Use HTTP Proxy and set it to No. Deploy the policy.  If the changes you made now worked, make sure to enable your HTTP-Proxy to updateserver:80 (:443) Note:  When upgrading from Client Security 13.xx series: GUTS2 updates were already available, so the behavior didn't change  When upgrading from  Client Security 12.10-12.3x: Everything in the Client Security > Policy Manager communication was changed. If you are upgrading from 12.00 or older - also the protocol was changed from HTTP to HTTPS (but guts2 are still downloaded via HTTP). In the event that a proxy is/must be used ensure that no filtering for port 443 is enabled. Client Security 13.x already used GUTS2, where 503 was the "good answer", which means they would come back later, and that didn't cause fallback to the Internet.   Article no: 000015249
View full article
This article describes the use of the database recovery tool available since PM version 12.10.
View full article
If your network setup does not allow Policy Manager to connect to the Internet, but allows connections to internal resources that can access the...
View full article
When you cannot use a connection to an intermediate proxy due to security policies, you can update the malware definitions using the tool provided...
View full article
This article describes how to upgrade from F-Secure Policy Manager 12 to version 13.
View full article
Policy Manager Console prompts an error message: "Cannot connect to the server: localhost:8080. Check that the host name and port number are correct....
View full article
F-Secure Policy Manager supports some advanced configuration using Java system properties. This article describes how you can specify the Java system...
View full article
This article describes how you can move Policy Manager Server (PMS) to a new server.
View full article
To register your F-Secure Policy Manager in an isolated or offline environment, you need to get an offline registration file (or token) from F-Secure...
View full article
The product uses Windows Firewall to protect your computer.
View full article
Your computer is protected with predefined firewall settings. Usually, you do not have to change them. However, you may have to change the settings,...
View full article
This article describes how you can set up the F-Secure firewall for Windows 7 DirectAccess from Policy Manager Console (PMC).
View full article
The default update server address uses a global dynamic content delivery network unsuitable for setting up an IP address based access control policy....
View full article
This article describes the steps on how to perform a Scanning and Reputation Server upgrade from an older version to a latest version.
View full article
When faced with large Downadup potential, it may be useful to disable autorun or USB sticks completely. This article refers extensively to two...
View full article
If you have installed Client Security on hosts that do not have a network connection, you can update the malware definitions using the tool provided...
View full article
This article describes how you can allow file sharing with F-Secure firewall turned on.
View full article
The following steps describe Policy Manager Proxy node installation for both Windows and Linux.
View full article
F-Secure has released a new generation engine for one of our core scanning engines, which, at F-Secure, we call Capricorn. The engine change brings...
View full article
To be able to combat the more adaptive and targeted attackers of the future even better, F-Secure has made a significant engine update.
View full article
This article describes how you can configure the MyNetwork rule in F-Secure Policy Manager.
View full article