Standalone/Air-Gap Usage

Scholar

Standalone/Air-Gap Usage

Hi Folks,

 

I'm looking over various anti-virus solutions right now for potential use, but I have a unique wrinkle.  I work in an air-gapped environment, where the systems do not have access to the internet for signature and product updates.  

 

My question is: Does F-Secure have a method of using their endpoint protection products on standalone networks and to update those products via offline methods?  If so, is there a paper, or instruction, I can look at?

 

Next wrinkle, I need to install the same products on some standalone systems, which literally have no network connection as you may understand it (stuff like MODBUS).  Any support here?


Thanks!

Mike

3 REPLIES 3
F-Secure Product Expert
F-Secure Product Expert

Re: Standalone/Air-Gap Usage

Hi mToecker, 

 

You can use the fsdbupdates tools to update isolated environments
https://www.f-secure.com/en/web/labs_global/database-updates

 

Our end-point clients don't all support officially standalone installation.



Best Regards

-Ben

_________________________________

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
Superuser

Re: Standalone/Air-Gap Usage

Hello,

 

Some remarks:

 

- F-Secure's corporate market, workstation protection suite (called FSAV Client Security 12) doesn't have .EXE or .MSI installation package any more. It comes as a .JAR file that can only be made into an .MSI using the "F-Secure Policy Manager" centralized control system.

 

( If you can demonstrate the need to F-Secure support, "Policy Manager" centralized control system can be licensed with an off-line token file. Tthe normal method uses recurring online licenc checks. )

 

- Even if you could operate AV protection in totally off-line mode, the protection level will be about 33% less, compared to the networked (access to public net) mode, because instant online reputation lookups (the Cloud) is now a very important aspect of antivirus technology. That's true of almost all AV vendors, not just F-Secure.

 

- The "offline" virus recognition database updating method provided by F-Secure is somewhat unefficient, as it means downloading a ~270MB sized file again and again (preferrably once every day for optimal protection) and transferring the file to the isolated machines using a USB stick, for example.

 

Best regards: Tamas Feher, Hungary.

Scholar

Re: Standalone/Air-Gap Usage

Thank you everyone for your replies, I'll be taking a look at the solutions provided.  Unfortunately, I don't have a choice in going for the offline version, regulations regarding cyber security in the industry I work in are very specific on what interactions are allowed to the outside internet: none.

 

Mike