Common Topics

Sort by:
Issue: This article is applicable to the following F-Secure products: F-Secure Email and Server Security Premium 14.00, F-Secure Email and Server Security 14.00 The release notes for F-Secure Email and Server Security 14.00 states only that Microsoft SQL Server 2008 R2 is required. I have Microsoft SQL Server 2008, is it compatible? Resolution: You can proceed to install F-Secure Email and Server Security 14.00 in Microsoft SQL Server 2008 as it is compatible. This information will be updated in the release notes soon. Article no: 000020715
View full article
Issue: This article applies to the following F-Secure products: Computer Protection for Mac, Client Security for Mac, SAFE for Mac, SENSE Application for Mac F-Secure product is installed on a Mac computer but the user interface shows that computer is not protected and that the real-time scanning is not activated. Resolution: After installation of the Mac product on macOS High Sierra, a red F-Secure (X) icon may appear when running real-time scanning. This is due to a new security feature, which has been introduced in macOS High Sierra (10.13) or higher. During first time installation, the security feature requires you to allow system software from F-Secure. Until the software is allowed, real-time scanning will fail. Once the installation is complete, allow F-Secure software as follows: Go to System Preferences > Security & Privacy, and select the General tab. Click Allow. Once this is done, the icon status changes to normal and the error message disappears. Note: The steps described must be performed locally on the machine and not remotely. Full instructions with pictures: https://community.f-secure.com/t5/Business/Issue-with-real-time-scanning/ta-p/100546 In case the mentioned solution above does not work, carry out the following solutions one by one and verify if the real-time scanning could be enabled. Solution 1: Check in System Preferences > Security & Privacy > Privacy > Accessibility and remove or disable 3rd party accessibility software such as the Better Touch Tool or MagicPrefs. Go to System Preferences > Security & Privacy. Select the General tab. Click the Allow button. Solution 2: Check in System Preferences > Keyboard > Shortcuts > Full keyboard access to enable full keyboard access. Go to System Preferences > Security & Privacy, and select the General tab. Use Tab key to move the focus on the Allow button Press Spacebar on your keyboard while the Allow button is active. Solution 3: Add F-Secure Team ID (6KALSAFZJC) to the list of approved kext developers by using "spctl kext-consent add 6KALSAFZJC" command in the Recovery mode. Refer to the following page for more detail information:  https://developer.apple.com/library/content/technotes/tn2459/_index.html#//apple_ref/doc/uid/DTS40017658-CH1-TNTAG4 Article no: 000001668
View full article
Issue: This article applies to the following F-Secure products: F-Secure Server Security 14.x, F-Secure PSB Server Protection I have installed F-Secure Server Security 14.x and F-Secure PSB Server Protection in a Windows Server 2019 host and Windows Security is not detecting or reflecting the F-Secure product installation. Windows Defender is enabled after installation of F-Secure products.  Resolution: It is known behaviour that Windows 2019 server does not reflect any 3rd party antivirus products installed including F-Secure.  For Windows Defender, the behaviour for servers is set to be active even after the installation of 3rd party antivirus products. For more information, you can refer to this Microsoft document. Article no: 000020619
View full article
Issue: F-Secure product does not trigger Windows Toast notifications after installing F-Secure Ultralight Core Update 2020-02-12_01 DeepGuard, Real-Time Scanning or Application Control blocks an application or file but does not show any alert  Issue affects the following products: PSB Computer Protection, PSB Server Protection, Client Security 13 and later, Server Security 14 and later, F-Secure SAFE and F-Secure Internet Security, F-Secure Anti-Virus Resolution: A restart of the F-Secure Hoster service will solve the issue. Follow these steps to restart the F-Secure Hoster service: Open a Command prompt as an administrator Enter command: net stop fshoster Enter command: net start fshoster  Once the F-Secure Hoster service has been restarted, the product will again show Windows Toast notifications when an application or file has been blocked. You can also reboot the system to solve the issue. The F-Secure Hoster service will be restarted during a system reboot. Article no: 000020627
View full article
Issue: How do I get access to the F-Secure training certification to become your Gold and Platinum partner? Resolution: F-Secure Gold and Platinum certification are earned by meeting the Partner program targets. It also requires technical training and certification on F-Secure products as well.  This is referring to the F-Secure Academy Learning Management System (LMS) training certification on Partner Portal. If you already have access to the new Partner Portal 2, you can login and request LMS access. Otherwise, you would need to contact the F-Secure region office and check with your account manager, who can then take this forward. If you are unable to reach your account manager, contact F-Secure support. Article no: 000018453
View full article
Issue: Computer Protection / Server Protection / Client Security / Server Security installation failed, getting below: Example error:  -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action Ultralight_Install, location: C:\Program Files (x86)\F-Secure\PSB\\UltralightInstaller\ul_536.exe, command: --aua-mode=true --install-directory="C:\Program Files (x86)\F-Secure\PSB\Ultralight\\" --product-directory="C:\Program Files (x86)\F-Secure\PSB\\" --doorman-url=dummy --doorman-id=dummy --doorman-hash=dummy Resolution: The 1722 error can appear if the F-Secure Ultralight component failed to install. Most likely there are some traces of an old F-Secure product installation on the computer, which then cause issues with a new installation. Example error from install-ultralight.log: 2019-10-14 15:15:37.815 [1a60.0b18] *E: wWinMain: Ultralight is already installed To solve the issue, run the F-Secure uninstallation tools to remove the traces. Note: Be aware that the Uninstallation Tool might affect other F-Secure products installed on your computer. Log on to the computer with administrator rights Run the both of these uninstallation tools: UninstallationTool.exe and FSUninstallationTool.exe With FsUninstallationTool.exe, you can select which product or components you want to remove Click Restart when prompted to remove remaining files The uninstallation is complete when the computer has restarted. After restart, you can retry the installation of the F-Secure product.  Article no: 000016978
View full article
Issue: This article is applicable to the following F-Secure products: F-Secure Client, F-Secure Server Security F-Secure PSB Computer Protection and F-Secure PSB Server Protection Windows SearchIndexer.exe is slowing down after F-Secure product receives security updates Resolution: F-Secure Virus Database engine updates should not interfere with the Windows Search Index component.  Follow these steps to troubleshoot issues related to Windows Search Index performance: Check what is the current windows.edb file size at C:\ProgramData\Microsoft\Search\Data\Applications\Windows. (Windows.edb is an index database of Windows Search service). If the file is too big, proceed to reduce the size.  Try to rebuild the Windows Index Reference Link: https://support.microsoft.com/en-my/help/4520146/fix-problems-in-windows-search Note: As of 5th February 2020, a recent update by Microsoft to unify Windows and Bing have caused performance issues with the Windows Search function. Article no: 000020372
View full article
Issue: This article applies to the following F-Secure products: PSB Computer Protection, PSB Server Protection I have disabled Use Windows Firewall in the PSB Computer Protection/Server Protection Profiles but Windows Firewall is still enabled in the host. Resolution: You are only allowed to disable either "Apply F-Secure firewall profiles" or "Use Windows Firewall" in the PSB portal Profiles. As an example, when the F-Secure firewall is disabled in the Profiles, our product will not disable Windows Firewall even if you disable "Use Windows Firewall" in the profiles. This is by design.   Article no: 000020432
View full article
Issue: Application blocked by Deepguard as rare application with error "DeepGuard blocked an application because it is not commonly used" Resolution: Submit the application to our Anti-Malware team to investigate the file. Open a ticket on the following webpage: https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-file Upload the file, and remember to click on this button [I want to give more details about this sample and to be notified of the analysis results​] if you want us to contact you regarding the file, the analyses and the result. Remember to fill in the information, and describe the issue, so that we can analyse the situation and contact you.  The sample submission is analysed by our analysts and databases, and is updated if necessary. Note: Post your question in English in the "Description" field. For more information how you can submit a sample, read our Community article here Follow these steps to submit large sample files (>30MB) via FTP: Save the sample(s) in a password-protected ZIP archive file. Use the password: infected  Open Windows Explorer or Finder (Mac), and paste the following location in the address bar: ftp://ftp.f-secure.com/incoming Upload (drag and drop) the file(s) to the FTP folder Go to the Submit A Sample page, and upload a text file containing the file name(s) of the uploaded file(s) Tick the I want to give more details about this sample and to be notified of the analysis results box Fill in the required details and provide any relevant information about the issue Tick the I'm not a robot reCAPTCHA box Click Submit sample file. An automatic ticket is generated and emailed to you. An analyst will reply accordingly upon handling the case. Article no: 000008097
View full article
Issue: What does the DeepGuard functionality in F-Secure products do?  Resolution: DeepGuard monitors applications to detect potentially harmful changes to the system. DeepGuard makes sure that you use only safe applications. The safety of an application is verified from the trusted cloud service. If the safety of an application cannot be verified, DeepGuard starts to monitor the application behavior. DeepGuard blocks new and undiscovered Trojans, worms, exploits, and other harmful applications that try to make changes to your computer, and prevents suspicious applications from accessing the Internet. Potentially harmful system changes that DeepGuard detects include: System setting (Windows registry) changes Attempts to turn off important system programs Attempts to edit important system files Article no: 000012390
View full article
Issue: PSB Computer Protection, PSB Server Protection, Client Security or Server Security installation fails. Windows system event log shows error message: "Error 1920. Service 'F-Secure Hoster (Restricted)' (fsnethoster) failed to start. Verify that you have sufficient privileges to start system services."  Resolution: The error message might indicate that there are missing permissions in the root-directory where the F-Secure product is trying to be installed or is installed: You will have to verify that the default permission set. If you are using the default installation path (C:\Program Files (x86)\F-Secure), verify that the Program Files (x86) directory has permissions set for the following: NT AUTHORITY\NETWORK SERVICE. In doubt, reset the permission on that specific directory back to defaults and retry the installation. Other possible solutions: Check if Windows is fully updated Check or reinstall .NET Framework 4.7.x Check or reinstall Universal CRT Potential Workaround: Rename following files to anything else (e.g. vcruntime140_old.dll): On 64 bit Windows:  C:\Windows\SysWOW64\vcruntime140.dll C:\Windows\SysWOW64\msvcp140.dll ​On 32 bit Windows: C:\Windows\System32\vcruntime140.dll C:\Windows\System32\msvcp140.dll ​​Restart the computer If the steps above still causing error message "fsnethoster does not have sufficient privileges", there is a possibility that registry key HKEY_USERS\S-1-5-20 doesn't have the required permission for NETWORK SERVICE and fsnethoster is unable to create an entry there. For this follow the steps below to try fix the issue: Click Start Type regedit, and press Enter Navigate to and select registry key HKEY_USERS\S-1-5-20 Select Edit Select Permissions Click Add... Type NETWORK SERVICE Click Check Names (the name should get underlined) Click OK Check Allow checkbox for Full Control (also Read permission should be automatically allowed) Click Apply Click OK Article no: 000013226
View full article
Issue: User attaches a USB mass storage device but F-Secure Device Control does not block access to it. Admin has disallowed writing to removable storage devices, this works correctly on USB thumb drives, however external USB disk drives can still be written to. How to ensure that writing to external disk drives is also blocked just like the USB thumb drives? Resolution: Note: This article is relevant to all F-Secure products using Device Control: F-Secure Client Security 13 and 14, F-Secure PSB Computer Protection and PSB Server Protection.  In some cases external USB disk drives report themselves to Windows as standard drives, and due to this Device Control sees them as normal drives instead of external. In the event that USB thumb drives are blocked but not external disks, try the following: Device Control has an advanced device type recognition logic which is disabled by default, but can be activated by registry manipulation: Under the registry key  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\F-Secure Gatekeeper\Parameters  create a value of type DWORD with name  EnableHotplugResolving  and set the value to 1 run cmd.exe with administrator priviledges  net stop fsulhoster net stop "f-secure gatekeeper" net start fsulhoster Test this out as it should resolve the problem. Article no: 000006258
View full article
Issue: This article applies to the following F-Secure products: F-Secure Client Security 14.x, F-Secure PSB Computer Protection, F-Secure Server Security 14.x, F-Secure PSB Server Protection I am seeing a lot of the following entries in the firewall blocks.log: [xxxx.xxxx]  I: Type: FWPM_NET_EVENT_TYPE_CLASSIFY_DROP. Dropped by filter: Port Scanning Prevention Filter, This filter prevents port scanning. This many times means there are no listeners. If debugging ensure your scenario has one. The connection parameters vary, with different local/remote ports and IP addresses. Do I need to modify my firewall rules for these massages to disappear? Resolution: These log entries are associated to the Stealth mode mechanism in Windows Firewall with Advanced Security. It is a built-in functionality, which silently drops outgoing ICMP unreachable and TCP reset messages, to prevent port scanning. This functionality reacts when there is no process listening on the port, which is targeted by the incoming request/traffic. You can refer to this Microsoft Technet article for more information about this functionality. Article no: 000012637
View full article
Issue: This article applies to the following F-Secure products: PSB Computer Protection, PSB Server Protection When I installed PSB Computer Protection/Server Protection using .msi installer, the devices are not listed in the PSB portal. Resolution: As .msi installer has no subscription key attached to it, you are required to manually enter the key (prompt for the key should appear during first time launch of Computer/Server Protection) after installation is completed. This is different to .exe installer where the subscription key needs to be selected from the Portal when generating the installation file, thus the subscription key is exported with the installer. Example: .msi installer: OfflineInstallerCP-PSB1.msi .exe installer: PSBInstaller-PSB1[AAA1-BBB2-CCC3-DDDD-EEE4].exe For Group Policy (GPO) installation or third-party remote management tools and how to append the subscription key to the installer, you can refer to the following link: Remote installation via Active Directory Group Policy Remote installation using third-party remote monitoring and management (RMM) tools Article no: 000016248
View full article
Issue: Which F-Secure windows services should be monitored and running all the time to verify that the protection is on?   Resolution: F-Secure Client Security 14.x, Server Security 14.x, PSB Computer Protection and PSB Server Protection are all OneClient based products so they all have the same services in use.  Here is a list of all the services that should be running when any of these are installed on a machine: F-Secure Device Control (Premium feature) F-Secure Hoster F-Secure Hoster (restricted)  F-Secure Ultralight Hoster  F-Secure Ultralight Network Hoster  F-Secure Ultralight ORSP Client F-Secure Ultralight Protected Hoster When you turn off All security features through the UI, the F-Secure Ultralight Hoster is stopped. All security features are linked to that service. If F-Secure Hoster is stopped the security features are still on but the user interface will disappear and no action prompts will be visible. So the computer is still protected but you cannot control it in any way.  F-Secure Ultralight ORSP Client controls the Object Reputation Service Protocol, which is connected to the security cloud feature: https://www.f-secure.com/en/web/legal/privacy/security-cloud All of the services are essential so that the product is fully operational on the machine, so you should monitor all of these services.    Article no: 000013469
View full article
Issue: I verified that Windows has the latest updates installed, but still F-Secure product installation fails due to error "Could not validate the server certificates and create a secure connection to the service. Make sure that your Windows has the latest updates and try again.". What can I do? The installation fails with error: "The certificates from the server could not be verified, make sure that the windows updates are installed." The certificates of the download server could not be verified. Make sure you have the latest windows updates and try again. Resolution: The error is typically caused when Windows updates are disabled. Make sure that Windows updates are installed. If the issue persists, there may be some problems adding the needed certificate from third party Root Certification Authorities store. F-Secure currently uses the Digicert Root CA. You can try to install the certificate manually from: https://www.digicert.com/CACerts/DigiCertGlobalRootCA.crt  If choosing the local machine (all users) option does't fix it, try to adding the cert to the user's profile option instead. DNS can also be the reason, so try using Google DNS 8.8.8.8 (and 8.8.4.4) and see if it solves the issue. You can check this by using ping to guts2.sp.f-secure.com if it times out, change to Google DNS. Also, in case of PSB Server Protection, the installation can fail in multiple ways if you have the Enabled the "Turn off Automatic Root Certificate Update" and don't have latest root certificates available. This problem can be fixed by enabling the automatic root certificate updates via Group Policy: Computer Configuration / Administrative Templates / System / Internet Communication Management / Internet Communication settings / Turn off Automatic Root Certificate Update, which need to be set as Not Configured or Disabled. Note: that name of the feature starts with "Turn off" so when it is enabled, it prevents the Windows from automatically downloading the needed new root certificates. If these fail to fix the problem, next solution is to do a clean install of Windows, so that certificates are updated. Article no: 000002105
View full article
Issue: I have used F-Secure uninstallation tool, and I can still find F-Secure folder in C:\\program-files(x86)\   Resolution: Even when using F-Secure uninstallation tool there will be some registry entries left and the "Program files (x86)" folder will have the F-Secure folder which includes empty product folders. This is normal, and won't affect the performance of the computer.  Article no: 000019868
View full article
Issue: Exclusion rules under Application Control for applications running from Temp Folders does not work.  Resolution: The rule might conflict with the default Application Control exclusion rules, such as: Block malicious files in Temp folder Block rare and unknown files in Temp folder Block rare Dlls with unknown reputation in Temp folder To solve this problem you can either; Disable the default rule that is causing the problem. Modify the default rule that is causing the problem to exclude the specific application. Article no: 000019858
View full article
Issue: This article applies to the following F-Secure products: F-Secure SAFE, F-Secure Client Security, F-Secure Server Security, F-Secure PSB Computer Protection, F-Secure PSB Server Protection I am getting a detection for the following files: wscript.exe, ieexplorer.exe, winword.exe, explorer.exe, excel.exe, and regsvr32.exe by Deepguard. How can I fix this? Resolution: Mostly these detections come from DeepGuard (a basic part of F-secure products which monitors applications to detect potentially harmful changes to the system). The following files are normally clean and each is a legitimate Microsoft file: wscript.exe ieexplorer.exe winword.exe explorer.exe excel.exe Regsvr32.exe These legitimate Microsoft files are blocked by DeepGuard because a suspicious file, script or application is trying to run them. When it comes to the business products, in order to investigate further, contact F-Secure support and provide the following: FSDIAG - You can refer to this article for instructions on how to create an FSDIAG log Possible file or script that you were running when you receive the detection. The following is an example case with Microsoft Excel, and how to find out the script which is causing the alert: Alert shown in Policy Manager Server or Windows Event log: DeepGuard blocked an exploit action. Application path: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE File hash: 6490a5897c31e43393c0feba365a08611340867c Locally on that machine, you can check the AlertSenderPlugin.log, which contains more detailed information about this: [...] 2019-09-20 09:38:30.426 [1004.2b68] I: ULAVMonitoring::callbackOnOASAlert: Got OAS alert with JSON: {"bookmark":"PEJvb2ttYXJrTGlzdD4NCiAgPEJvb2ttYXJrIENoYW5uZWw9J0ZTZWN1cmVVbHRyYWxpZ2h0U0RLJyBSZWNvcmRJZD0nMTIxNTknIElzQ3VycmVudD0ndHJ1ZScvPg0KPC9Cb29rbWFya0xpc3Q+","rl":"sp.evt.dg.block","rv":{"AskSample":0,"Detection":"Exploit:W32/OfficeExploitPayload.A!DeepGuard","Exploit":"d:\\shared\\download\\samples\\macrotest.xlsm","Hash":"6490a5897c31e43393c0feba365a08611340867c","Path":"C:\\Program Files (x86)\\Microsoft Office\\root\\Office16\\EXCEL.EXE","ProcessID":17996,"Rarity":2,"Reason":10,"Reputation":1,"SessionID":1,"tickcount":2348045081145}}. Extra data size: 0 [...] In this case, alert is caused because of this macro: d:\\shared\\download\\samples\\macrotest.xlsm AlertSenderPlugin.log is located here on clients with Client Security 14.x and PSB Computer Protection: C:\ProgramData\F-Secure\Log\PSB\AlertSenderPlugin.log When it comes to the home products like F-secure SAFE, perform a full computer scan to let the product detect the source of those detection. F-Secure SAFE will check if there are any harmful files stored on the computer which cause such behaviour. To perform a full computer scan, follow the instruction below: Open the F-Secure SAFE Click Settings > Scanning settings > Manual scanning Untick Scan only known file types  Tick Scan inside compressed files Exit Settings Click Tools Select Virus scan options > Full computer scan If the scan does not indicate any harmful files or any suspicious application installed, contact F-Secure support for further assistance. Article no: 000004495
View full article
Issue: As a reseller, where can I find my customers license codes in the new Partner Portal? Resolution: If you need to see or check a license code under one of your customers in the new Partner Portal, you need to click on the customer you need to check, and then go to "Details". The license codes for that specific customers will be listed on that section. Article no: 000016058
View full article
Issue: Does F-secure SAFE/ Client Security/ Server Security/ PSB Computer Protection scan emails for infections/viruses? Resolution: The F-Secure SAFE/ Client Security/ Server Security/ PSB Computer Protection does not scan emails immediately. Real-time scanning will automatically start when you run a file from an email, and will scan it before allowing the file to open or execute.    Article no: 000002814
View full article
F-Secure Software Updater supports a number of software and programs.
View full article
Issue: This article applies to the following F-Secure products: F-Secure PSB Email and Server Security 12.10, F-Secure Email and Server Security 12.x and F-Secure Server Security 12.x I notice my Windows Server 2016 installed with F-Secure Server products are consuming resources when installing Windows patches, how to fix this? Resolution: A hotfix has been created to address this issue with F-Secure Server products. The hotfix is available in F-Secure Server Security public web Support and downloads pages under Hotfixes section. Proceed to select 12.12 tab and download the F-Secure Server Security (Standard & Premium) 12.x FSAV Hotfix.   Article no: 000009681
View full article
Issue: DataGuard blocks applications such as Firefox, OneDrive etc. that are installed to and running from AppData folder. Resolution: If setting "Discover trusted applications automatically" is enabled, only applications that are installed under 'default trusted locations' or utilizing 'default trusted processes' will be allowed to make changes to DataGuard Monitored folders automatically. The default trusted locations and processes are predefined as follows; C:\PROGRAM FILES (X86)\ C:\PROGRAM FILES\ C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\FILEMANAGER\PHOTOSAPP.EXE C:\WINDOWS\NOTEPAD.EXE C:\WINDOWS\SPLWOW64.EXE C:\WINDOWS\SYSTEM32\MSPAINT.EXE C:\WINDOWS\SYSTEM32\MSTSC.EXE C:\WINDOWS\SYSTEM32\NOTEPAD.EXE C:\WINDOWS\SYSTEM32\PICKERHOST.EXE C:\WINDOWS\SYSTEM32\RUNTIMEBROKER.EXE C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE C:\WINDOWS\SYSTEM32\SIHOST.EXE C:\WINDOWS\SYSTEM32\SNIPPINGTOOL.EXE C:\WINDOWS\SYSTEM32\SPOOLSV.EXE C:\WINDOWS\SYSTEM32\WFS.EXE C:\WINDOWS\SYSTEM32\WRITE.EXE C:\WINDOWS\SYSWOW64\EXPLORER.EXE C:\WINDOWS\SYSWOW64\MSPAINT.EXE C:\WINDOWS\SYSWOW64\MSTSC.EXE C:\WINDOWS\SYSWOW64\NOTEPAD.EXE C:\WINDOWS\SYSWOW64\PICKERHOST.EXE C:\WINDOWS\SYSWOW64\SEARCHPROTOCOLHOST.EXE C:\WINDOWS\SYSWOW64\WRITE.EXE C:\WINDOWS\WRITE.EXE Since AppData is not on the list, applications installed to the AppData folder will be blocked by DataGuard. Resolution is to either; Uninstall the application from AppData and reinstall to trusted location such as C:\Program Files or C:\Program Files (x86)  Add the application to the Trusted Application list under DataGuard. This can be done by going to Settings (in Policy Manager) or Profile (in PSB): DataGuard > Access control list > Manually added trusted applications and folders Exclude the application's target path from being monitored by DataGuard. This can be done from Profile (PSB only): DataGuard > Monitored folders > Manually excluded folders. Article no: 000018119
View full article
Issue: Can users be prevented from disabling or uninstalling the F-Secure Browsing Protection extension from Google Chrome?  Can this be done from the F-Secure Policy Manager Console for Client Security or from the PSB Portal for Computer Protection?    Resolution: F-Secure products do not feature a setting to prevent the F-Secure Browsing Protection extension from being disabled or uninstalled by the users from the Google Chrome browser. Chrome does have an ExtensionInstallForceList which can be used to specify list of apps and extensions which cannot be uninstalled nor disabled by the user. You can learn more about this feature from the Chrome Enterprise Policy List: https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionInstallForcelist   Article no: 000018780
View full article
Issue: I'm using an operating system on my endpoints for which Microsoft is ending extended support.  What impact does this have on my servers and workstations running an F-Secure end-point client like: Computer Protection Server Protection Client Security Server Security  Email and Server Security Resolution: If you continue using the F-Secure end-point protection client product on the operating system that has reached end-of-life, F-Secure cannot guarantee proper operation of the product on this particular operating system platform, especially if resolving a particular problem would require support from the operating system vendor (Microsoft). Also, a future product update from F-Secure can remove support for the not-supported operating system. We therefore recommend our customers to upgrade to a supported version of the operating system as soon as possible. Additional information F-Secure supported products: https://www.f-secure.com/en/business/support-and-downloads/supported-products Microsoft Product Lifecycle search page: https://support.microsoft.com/en-us/lifecycle/search Article no: 000015475
View full article
Issue: Windows 10 Service Pack update version 1809 or above cannot be deployed via F-Secure Software Updater Resolution: You would need to install and deploy Microsoft Service Pack manually in the host and cannot be done via Software Updater. Software Updater is a component in the F-Secure Protection Service for Business Management Portal or F-Secure Business Suite, offering automated patch management for all endpoints and servers. Software Updater works by scanning for missing updates, creating a vulnerability report, and then downloading and deploying them automatically or manually. Security patches include Microsoft updates and over 2,500 third-party applications such as Flash, Java, OpenOffice and others that commonly serve as attack vectors. Article no: 000008811
View full article
Issue: Where to contact about payments and billing regarding F-Secure Business/corporate Products. Resolution: If you are an end-customer, you need to contact your own F-Secure reseller partner if you have questions about billing.  If you are an F-Secure reseller partner and you have questions about billing, please contact your F-secure Sales contact, or email F-Secure Order Services.  Article no: 000003578
View full article
Issue: How to configure Kaseya VSA agent to retrieve read-only status information from F-Secure client applications such as F-Secure PSB Computer Protection or F-Secure Client Security.  Resolution: F-Secure Help Guides include all of the information required to configure supported Windows Management Instrumentation (WMI) integrations for F-Secure Business Products.  Using WMI you can retrieve information such as: Product version, Real-Time Scanning status, Malware definition database information, Firewall status etc. For Business Suite's Policy Manager, the guide for WMI configuration can be found at https://help.f-secure.com/product.html#business/policy-manager/14.20/en/concept_E8B1C2F45269429D84CA9F073FF6D491-14.20-en  For Protection Service for Business (PSB), the guide for WMI configuration can be found at https://help.f-secure.com/product.html#business/psb-portal/latest/en/concept_E8B1C2F45269429D84CA9F073FF6D491-psb-portal-latest-en Article no: 000005831
View full article
Issue: When installing a 3rd party EDR client on a computer running an F-Secure endpoint protection software, which are the recommended exclusions to bypass the F-Secure client in context of the EDR solution?   Resolution: You can exclude any and all files residing the in the directory pointed to by this registry key: HKEY_LOCAL_MACHINE\SOFTWARE\F-Secure\Ultralight\Settings\product.paths The value will contain the directory to skip (also include content of sub directories in the exclusion).  Note that this approach works with Ultralight based F-Secure products (CS 13 and later, Server Security 14.x and later). If a broad exclusion of our product folder is not acceptable, use the following alternative As previously, read the product path value from HKEY_LOCAL_MACHINE\SOFTWARE\F-Secure\Ultralight\Settings\product.paths Then construct the exclusion using the following logic. <product-path>*\Ultralight\ulcore\*\fsorsp*.exe <product-path>*\Ultralight\ulcore\*\fshoster*.exe (the wildcard "*" represents here 0 or more characters) For example, if the product installed in the folder C:\Program Files (x86)\F-Secure\Client Security\ the exclusion should match: C:\Program Files (x86)\F-Secure\Client Security\Ultralight\ulcore\1570191397\fsorsp64.exe C:\Program Files (x86)\F-Secure\Client Security\Ultralight\ulcore\1570191397\fshoster64.exe Please note that exclusions  fshoster*.exe and fsorsp*.exe cover both 32 and 64 bit operating-systems e.g. fsorsp64.exe or fsorsp32.exe both should match the above pattern.  Article no: 000018299
View full article
Issue: Steps to clear up ORSP cache in F-Secure Client Security / Computer Protection / SAFE / Internet Security. Resolution: Click Start, type in cmd.exe in the search bar, and press Enter  In the command prompt window type in the following command and press Enter: For SAFE (64-bit) cd C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\<highest directory number> For SAFE (32-bit) cd C:\Program Files\F-Secure\SAFE\Ultralight\ulcore\<highest directory number> For Internet Security (64-bit) cd C:\Program Files (x86)\F-Secure\Internet Security\Ultralight\ulcore\<highest directory number> For Internet Security (32-bit) cd C:\Program Files\F-Secure\Internet Security\Ultralight\ulcore\<highest directory number> For Client Security (64-bit) cd C:\Program Files (x86)\F-Secure\Client Security\Ultralight\ulcore\<highest directory number> For Client Security (32-bit) cd C:\Program Files\F-Secure\Client Security\Ultralight\ulcore\<highest directory number> For Computer Protection (64-bit) cd C:\Program Files (x86)\F-Secure\PSB\Ultralight\ulcore\<highest directory number> For Computer Protection (32-bit) cd C:\Program Files\F-Secure\PSB\Ultralight\ulcore\<highest directory number> Note: If there are more than one sub-directories inside of the ulcore directory, select the largest sub-directory number for <highest directory number> Type in the following (note the double dash --), and press Enter: For 32-bit systems: orspdiag.exe --cache-clear For 64-bit systems: orspdiag64.exe --cache-clear Accept with the letter Y when asked, then press Enter After completion, close the command prompt Article no: 000004992
View full article
Issue: Training videos are loading very slowly or not at all in the F-Secure Academy Learning Management System.  Issue started on 18th November 2019. Resolution: We were experiencing slowness to load some training videos on our F-Secure Academy Learning Management System (LMS) platform during 18-19th November 2019. The issue was fixed on 20th November 2019. If you are currently experiencing difficulties to load training videos, see if using a different web browser fixes the issue.    Article no: 000018159
View full article
Issue: F-Secure product has found a malware or Potentially Unwanted Application on a computer and user would like to get more information about what has happened to the machine and whether data has been breached. exported or forwarded, etc. Resolution: F-Secure has an Investigation & Incident Response team which provides forensic services if a data breach is suspected. You can find their contact information here.  Article no: 000018155
View full article
Issue: There is a localization (language translation) error, typo or incorrect information in an F-Secure product, help guide or website. Where can it be reported? Resolution: Open a support request and provide a description and screenshots of the error.  Article no: 000012245
View full article
Issue: I am a corporate customer/corporate reseller partner and I need to: Renew business / corporate products Buy additional or reduce licenses Transfer a license Cancel a subscription Resolution: When you have any questions relating to corporate product renewals, licenses transfers or cancellations, please contact your local F-Secure reseller for further help. If you are a reseller partner and you need help with renewing a customer's subscription, kindly directly contact your F-Secure sales contact. If you are unable to reach your F-Secure Sales contact, you can contact our Order Services team, or proceed to open a support request through the Partner Portal. Article no: 000003910
View full article
Issue: With any extension this file is detected as an EICAR infection by the F-Secure end-point protection client but with the .xml extension it is not detected. Resolution: This issue will be fixed in a database update for the Hydra engine. Article no: 000017655
View full article
Issue: This article applies to the following F-Secure products: Client Security, Server Security, Computer Protection, Policy Manager, Email and Server Security, SAFE Steps on running the F-Secure Automatic Update Agent (FSAUA) reset tool, when the virus definitions are too old or the F-Secure products is encountering a malfunction with the F-Secure Automatic Updates. Resolution: Follow the steps below to run the FSAUA tool: Download the FSAUA reset tool from the F-Secure website here. Move the FSAUA reset tool to the affected F-Secure host (any directory). Open an elevated Command Prompt (Administrator). Navigate to the directory of the reset tool. Run the fsaua-reset.exe (use the option -? to receive information on the usage). The tool will clear any present F-Secure Automatic Updates on this host. The host will re-download all required F-Secure Automatic Updates and install them. To verify the status of the updates, you can proceed as follows: Open the F-Secure product's interface. Switch to Tools. Press Check for Updates. Verify the list of updates. Article no: 000001603
View full article
Issue: Request for an eService account. Resolution: F-Secure eService is part of the paid Premium support contract that allows for a centralized support ticket handling. Standard and Advanced support contracts are not eligible for F-Secure eService access. Contact your sales or account manager if you require the access.  For Premium customers, contact F-Secure support to get your F-Secure eService account created. We encourage you to prepare the following: First name Last name Email address   Article no: 000003888
View full article
Issue: When installing F-Secure Computer Protection or Client Security 14.xx, the following error message is logged: Conflicting Oneclient product already installed. Resolution: This error indicates that either F-Secure Computer Protection or F-Secure Client Security 14.xx has been previously installed on the computer. The uninstallation of the previous F-Secure product has left some leftover files on the computer which are conflicting with the new installation. To resolve this issue: Download the Oneclient-compatible uninstallation tool (Uninstallation Tool for Windows - Client Security 13.x & 14.x, Computer Protection, and Rapid Detection Service) from the Support tools page. Run the tool Here is a direct link to the tool Article no: 000011403
View full article
Issue: How can a reseller partner decrease or increase the amount of licenses for an existing SaaS subscription in the Partner Portal? Resolution: Click the Ordering-tab from the main menu, then click Saas from the sub-menu Click New SaaS Order For an existing customer, start typing the customer name into Search or add customer-field and the customer should appear in the suggestions drop-down list -> select customer Fill in order reference number (partner can choose this themselves, it is an internal reference for the partner helping them identify the customer and transaction and is visible on the bill we send) Click Add products Choose sales type as SaaS change (license increase or decrease) Select subscription to be modified Fill in new total quantity for the subscription Click Continue Click Order to submit the order Article no: 000009420
View full article
Issue: How can a reseller partner decrease or increase the number of licenses for an existing yearly subscription in Partner Portal? Resolution: A reseller partner can only decrease the number of licenses within the renewal window = 90 days from the license expiry date.  License reduction for Yearly license can be done through the following steps: 1. Click the Ordering-tab from main menu, then click Yearly from the sub-menu 2. Click New Order 3. For an existing customer, start typing the existing customer name into the Search-field and the customer should appear in the suggestions drop-down list -> select customer 4. Fill in order reference number (partner can choose this themselves, it is an internal reference for the partner helping them identify the customer and transaction and is visible on the bill we send) 5. Click Add products 6. Choose sales type as 'Renewal' (this is where partner can renew and increase/decrease the license number) 7. Select asset to be renewed 8. Fill in new total quantity for this license 9. Click Continue 10. Click Order to submit order Article no: 000009904
View full article
Issue: System administrator needs a list of all F-Secure processes and the folders where they are located in a Windows system  Resolution: You can create a list of all F-Secure processes and where they are located in a Windows system by following these steps: Open Command Prompt Run the following command in the folders listed below: dir /s /b *.exe C:\Program Files (x86)\F-Secure\ C:\ProgramData\F-Secure This will create you an easy to read list.   Article no: 000016628
View full article
Issue: Malicious code has been found in MBR file (Master Boot Record), how to proceed for further investigation. Resolution: Collect the MBR log from the infected machine for further investigation whether it is valid infection or false positive from F-Secure product. Log Collection Instructions: Install Sector Inspector "secinspect.msi" on the infected machine and note the installation directory. Download link: https://www.microsoft.com/en-us/download/details.aspx?id=19470 Locate installation directory C:\Program Files\Windows Resource Kits\Tools or C:\Program Files (x86)\Windows Resource Kits\Tools Execute "secinspect.exe" using cmd with the following argument. secinspect.exe > <log name>MBR.log Collect "<log name>MBR.log" that was generated Once the log has been collected, you can uninstall the tool using the same installer file "secinspect.msi" and choose uninstall option Once "<log name>MBR.log" was collected, please submit through the Submit a Sample service portal (https://www.f-secure.com/en/web/labs_global/submit-a-sample) for further investigation. Select I want to give more details about this sample and to be notified of the analysis results. Malware team will investigate the log and give remediation instructions for further clean up.   Article no: 000006535
View full article
Issue: Web Content control is blocking pages by claiming they have been rated, for example, as adult material, even though the web page has nothing to do with that rating. How do I whitelist sites for PSB Computer Protection or Client Security? I want to access a site but Browsing Protection blocks it. What can I do? Resolution: You can report wrongly blocked pages and wrong web content categories to our labs. Check the box "I want to give more details about this sample and to be notified of the analysis results" and fill in the required information to get updates from labs as they check the link. Series 14 and newer of Business Suite products as well as PSB Computer and Server Protection will show webpage categories on the block page, which can give you more detail on why a page is blocked. To whitelist webpages in PSB settings profiles: Log in to your PSB portal account Go to Profiles using the left-side menu Open the profile you want to modify Click on Browsing Protection from the left-side menu Scroll down to Sites Add the site you want to whitelist to the Allowed sites-list Click Save and Publish in the bottom right To whitelist webpages using the Business Suite Policy Manager: Log in to the Policy Manager Console Select the correct policy domain or host from the Domain tree on the left Go to Settings Select Advanced view from the selector in the top right Navigate to F-Secure Browsing Protection->Settings->Reputation Based Protection->Trusted Sites in the settings tree Click the Add-button to the right of the sites list to add new entries  Press Ctrl+D or the Distribute policies-button in the top left to distribute the new settings Observe that you might have to empty your web browser cache for the changes to take effect. This applies to both set of instructions listed above and to when you receive a notification from the labs that they have updated a page rating. Article no: 000004384
View full article
Issue: My computer has been infected by ransomware and I have submitted encrypted samples. Resolution: What we can do is perform an analysis of the malware to ensure that your F-Secure product can protect against any future contact with it. We can also provide guidance on how to optimally configure your F-Secure product or current security practices to prevent a recurrence of this situation. For the immediate situation, here are some steps you can take to contain the damage caused by the ransomware and advice on recovering affected devices or data: https://www.f-secure.com/en/web/labs_global/crypto-ransomware#respond Lastly, we would appreciate it if you could provide us with the malicious file that caused the infection, or any other information that could be useful for the investigation. Article no: 000004496
View full article
Issue: This article is applicable for the following products: Client Security, Server Security, PSB Server Security, Computer Protection. A scheduled scan task by F-Secure products does not seem to be created in the user interface, does not start or work. What do I do? Resolution: 1. When scheduled scan configured in the F-Secure product, it creates a scheduled scanning task in the Windows Task Scheduler. If the scheduled scan does not start, you can verify if the task was actually created in Windows Task Scheduler: Click Start. Go to Control Panel > System and Security. Click Administrative Tools. Select Task Scheduler. Select Task Scheduler Library. Look for Scheduled scanning task. (or the customized scheduled scanning task name you defined via Policy Manager Console or PSB profile editor) Delete the Scheduled scanning task. (or the customized scheduled scanning task name you defined via Policy Manager Console or PSB profile editor) Disable and re-enable back the scheduled scan. 2. If the scheduled scanning task is not found, try re-configuring the scheduled task (e.g. make a change in the scheduled scan, then distribute new policy from Policy Manager, or save and publish the profile on PSB Portal). 3. Try to execute the scheduled scanning task in Task Scheduler manually and see if it works. If not, the scheduled task is disabled via GPO mostly. 4. For Server Security 12.x and PSB Server Security 12.x, try to restart FSGKHS (F-Secure Gatekeeper Handler Starter) services and verify if the scheduled scanning task works after that. 5. If you enclose the string with quotes, the scheduled scan will not work. Remove the quotes via the Policy Manager Console, distribute the new policy or PSB profile editor, save and publish the profile. Does not work: "/t18:00 /b2018-8-1 /rdaily" Works: /t18:00 /b2018-8-1 /rdaily 6. If the scheduled scanning task can be found in the Task Scheduler Library but is not visible in the application user interface - that is to be expected. Since the task is being configured and scheduled centrally, it is not handled via the end-point protection application, but via Windows Task Scheduler, and in this sense is not configured in the end-point protection application user interface. Note: The Windows operating system is up-to-date. Ensure that the host remains ON until the scan completes Article no: 000001990
View full article
Issue: RDP Brute Force attack performed and Ransomware encrypted system or files Technique commonly used by Crysis, Dharma, GandCrab ransomware. Resolution: Use strong and long passwords To avoid brute force attack on RDP, avoid using Dictionary word and simple password. Always use long password with combination of Uppercase letters, Lowercase letters, numbers and special characters. Limit number of attempts Go to Start-->Programs-->Administrative Tools-->Local Security Policy Under Account Policies-->Account Lockout Policies Account lockout threshold -> Set between 3 to 5 Account lockout duration -> Ideally set more than 5 minutes Only allow user accounts requiring RDP service Go to Start-->Programs-->Administrative Tools-->Local Security Policy Under Local Policies-->User Rights Assignment-->Allow logon through Remote Desktop Services Add or Remove the User accounts or groups which require RDP service Close RDP port Use VPN connection to access remote desktop and close RDP ports (TCP 3389) access  via firewall. Use RD gateway servers RD gateway proxy servers can be used for securing the connection with SSL. Read more here : https://social.technet.microsoft.com/wiki/contents/articles/10974.windows-server-2012-rds-deploying-and-configuring-rd-gateway.aspx Article no: 000005204
View full article
Issue: How to collect the quarantined files on an affected Windows machine using F-Secure Quarantine Dumper, and then submit the files for analysis.  Resolution: Collect quarantined files using F-Secure Quarantine Dumper by following the instructions below: Click on this link to download F-Secure Quarantine Dumper to a location of your choice, for example, c:\temp. Launch Command Prompt (CMD). Navigate the directory to the location you selected in step 1. For example, type cd c:\temp\ and press Enter on your keyboard to go to c:\temp\ folder. Type fsdumpqrt.exe -d c:\temp\  to run the tool. Enter your administrator credentials when prompted. F-Secure license terms are now shown. Scroll all the way to the end of the license terms before you can accept them. Press E on your keyboard to accept the license terms. Press any key to complete the run. The quarantined files will be collected in a file named malware_samples.zip with the default password (infected) in the location you specified in step 1.  These are the parameters that can be used in the tool:​ -d, --destination: Destination directory for output (default: current admin desktop) -p, --password: Password for output (default: "infected") -v, --verbose: Verbose output -a, --accept-eula: Accept EULA -s, --silent: Silent mode -l, --list: Only list contents, nothing is written to disk Tip: Running the fsdumpqrt.exe tool in command prompt without additional command line parameters will print out a short tool description and the extra parameters for using the tool.   Article no: 000002484
View full article
Issue: How do I identify and remove the infected item(s) that F-Secure has detected on a .PST archive (Outlook data file)? Resolution: Follow the steps below to configure the F-Secure scanning report to show additional information when an email is detected inside an Outlook PST file. These steps will help you to identify the email so that it can be removed manually after the scanning: Open the Registry Editor (regedit.exe) Navigate to the following location: HKEY_LOCAL_MACHINE\SOFTWARE\F-Secure\Ultralight\GKH2\Plug-Ins\F-Secure Capricorn Add a new 'String Value' (REG_SZ) with the following information: Name: CustomSettings Data: mailboxmode=2 It should look like in this image: Other scanning modes available are: 0 = none (default, mailbox is not scanned) 1 = enable mailbox scanning 2 = enable scanning and provide extended report (inside infection name) Restart the "F-Secure Ultralight Hoster" service net stop fsulhoster net start fsulhoster (If you are unsure on how to restart a service, just restart the computer) Manually scan the PST. The report will now show message-related fields (email subject, folder, attachment name) Once the message has been identified, proceed to remove it manually in Outlook: Delete the message with [shift-del] (so that it will not be moved to trash). Finally follow these steps to compact the PST database: https://support.office.com/en-us/article/reduce-the-size-of-your-mailbox-and-outlook-data-files-pst-and-ost-e4c6a4f1-d39c-47dc-a4fa-abe96dc8c7ef?ui=en-US&rs=en-US&ad=US Re-scan the .PST archive to ensure all infected items have been removed.   Article no: 000002840
View full article
This article explains how you can manually update the antivirus databases of F-Secure products on Windows platforms.
View full article