How to install a Hotfix
There are several types of HOTFIXES. fsfix, jar, and zip.
FSFIX -> This is for Windows clients. This hotfix can be run on each Windows clients. JAR -> This is for Policy Manager deployment. You can deploy hotfix using Policy Manager automatically. ZIP -> This contains both FSFIX and JAR, sometimes only one from those. Users need to extract this file.
Internet Explorer may change the file extension for fsfix/ jar to ".zip" This is due to the security setting. When it happens, please change the file extension back to the original one. [How to install] Fsfix
Download the fsfix fix to target machine. Double click fsfix. Message is shown. Click "Yes" to proceed. Wait until installation finishes. You can see message window when it's finished. Click "OK" to finish installation.
Open policy manager console and select "installation" Click on "Installation package". Click on "Import" and import Jar file. Click on "Close" Select target PC(or domain) and click on "install package". Select package name and click on "OK" Deploy policy to targets.
Sometimes, a reboot is recommended. Please reboot your PC, if needed. This message is shown based on your OS status even if the hotfix does not need an OS reboot.
Article no: 000014849
If we wish to block access to Web Radio pages, which category should we block in web content control settings?
To block access to web radio pages, block the "Streaming media" category in Web Content Control.
Article no: 000016109
DeepGuard blocks the application. This was determined to be a high-risk application by system control heuristics. After the file SHA-1 hash and file path is excluded in F-Secure Client Security 13.x/14.x, Deepguard continues to block the application
You can exclude the network drivers from being scanned, by doing the following:
Log in to Policy Manager Console Click on the Settings tab Click on Advanced View Navigate to F-Secure DeepGuard Click Settings Click Excluded applications and enter the exclusion in UNC format, like:'\\servername\share\folder\to\the\app.exe'
If this location is also mapped to a drive letter, then another exclusion must also be added in the mapped format, so for example ' N:\folder\to\the\app.exe'
If the network drive was mapped to N. Both formats are needed, as mapped network drives are user-specific, settings and DeepGuard can't automatically do the user based drive letter mapping. Folder based exclusions on network drives are also supported.
Please refer to the screenshot below when making the exclusions:
7. Distribute the policy Note: If you are using F-Secure Client Security 13.10, kindly upgrade to 13.11 since the latest version has improvements for DeepGuard. Wildcard exclusions are only applicable for Real-time scanning. For Deepguard exclusion, kindly use file or folder path. F-Secure Security Cloud (ORSP) has a higher priority compared to SHA-1 exclusions. Only file or folder path exclusion has higher priority over ORSP. If you are using Policy Manager Version 14.xx. This setting has been replaced by Files and applications excluded from scanning, which applies to version 12.x, 13.x, and 14.x hosts. Your existing trusted applications have been moved to the new setting.
Article no: 000004819
I would like to know the description for each of the services used in F-Secure product. What does each service do?
Below you can find the functionality and purpose of each F-Secure service:
F-Secure Hoster: Product business logic, including product updates, telemetry, settings & configurations with SYSTEM privileges. F-Secure Hoster (Restricted): Product business logic, including product updates, telemetry, settings & configurations with NETWORK SERVICE privileges. F-Secure Ultralight Hoster: Anti-malware scanning logic, including real-time scanning, Online Safety, DeepGuard, DataGuard and Application Control with SYSTEM privileges. F-Secure Ultralight Network Hoster: Anti-malware scanning logic, including real-time scanning, Online Safety, DeepGuard, DataGuard and Application Control with NETWORK SERVICE privileges. F-Secure Ultralight ORSP client: Real-time protection network query service (NETWORK SERVICE). F-Secure Ultralight Protected Hoster: Scanning integration to Windows Security Center, runs as protected process (protected by Windows). F-Secure Device Control: F-Secure Device Control Daemon service, provides a possibility to block/restrict access to local devices.
Article no: 000016071
This article is applicable for the following products: Client Security, Server Security, PSB Server Security, Computer Protection. A scheduled scan task by F-Secure products does not seem to be created in the user interface, does not start or work. What do I do?
1. When scheduled scan configured in the F-Secure product, it creates a scheduled scanning task in the Windows Task Scheduler. If the scheduled scan does not start, you can verify if the task was actually created in Windows Task Scheduler:
Click Start. Go to Control Panel > System and Security. Click Administrative Tools. Select Task Scheduler. Select Task Scheduler Library. Look for Scheduled scanning task. (or the customized scheduled scanning task name you defined via Policy Manager Console or PSB profile editor) Delete the Scheduled scanning task. (or the customized scheduled scanning task name you defined via Policy Manager Console or PSB profile editor) Disable and re-enable back the scheduled scan.
2. If the scheduled scanning task is not found, try re-configuring the scheduled task (e.g. make a change in the scheduled scan, then distribute new policy from Policy Manager, or save and publish the profile on PSB Portal). 3. Try to execute the scheduled scanning task in Task Scheduler manually and see if it works. If not, the scheduled task is disabled via GPO mostly. 4. For Server Security 12.x and PSB Server Security 12.x, try to restart FSGKHS (F-Secure Gatekeeper Handler Starter) services and verify if the scheduled scanning task works after that. 5. If you enclose the string with quotes, the scheduled scan will not work. Remove the quotes via the Policy Manager Console, distribute the new policy or PSB profile editor, save and publish the profile. Does not work: "/t18:00 /b2018-8-1 /rdaily" Works: /t18:00 /b2018-8-1 /rdaily 6. If the scheduled scanning task can be found in the Task Scheduler Library but is not visible in the application user interface - that is to be expected. Since the task is being configured and scheduled centrally, it is not handled via the end-point protection application, but via Windows Task Scheduler, and in this sense is not configured in the end-point protection application user interface. Note:
The Windows operating system is up-to-date. Ensure that the host remains ON until the scan completes
Article no: 000001990
Steps to clear up ORSP cache in F-Secure Client Security / Computer Protection / SAFE / Internet Security.
Click Start, type in cmd.exe in the search bar, and press Enter In the command prompt window type in the following command and press Enter:
For SAFE (64-bit)
cd C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\<highest directory number>
For SAFE (32-bit)
cd C:\Program Files\F-Secure\SAFE\Ultralight\ulcore\<highest directory number>
For Internet Security (64-bit)
cd C:\Program Files (x86)\F-Secure\Internet Security\Ultralight\ulcore\<highest directory number>
For Internet Security (32-bit)
cd C:\Program Files\F-Secure\Internet Security\Ultralight\ulcore\<highest directory number>
For Client Security (64-bit)
cd C:\Program Files (x86)\F-Secure\Client Security\Ultralight\ulcore\<highest directory number>
For Client Security (32-bit)
cd C:\Program Files\F-Secure\Client Security\Ultralight\ulcore\<highest directory number>
For Computer Protection (64-bit)
cd C:\Program Files (x86)\F-Secure\PSB\Ultralight\ulcore\<highest directory number>
For Computer Protection (32-bit)
cd C:\Program Files\F-Secure\PSB\Ultralight\ulcore\<highest directory number>
Note: If there are more than one sub-directories inside of the ulcore directory, select the largest sub-directory number for <highest directory number>
Type in the following (note the double dash --), and press Enter:
For 32-bit systems: orspdiag.exe --cache-clear For 64-bit systems: orspdiag64.exe --cache-clear
Accept with the letter Y when asked, then press Enter After completion, close the command prompt
Article no: 000004992
This article applies to the following F-Secure products: Computer Protection for Mac, Client Security for Mac, SAFE for Mac, SENSE Application for Mac F-Secure product is installed on a Mac computer but the user interface shows that computer is not protected and that the real-time scanning is not activated.
After installation of the Mac product on macOS High Sierra, a red F-Secure (X) icon may appear when running real-time scanning. This is due to a new security feature, which has been introduced in macOS High Sierra (10.13) or higher. During first time installation, the security feature requires you to allow system software from F-Secure. Until the software is allowed, real-time scanning will fail.
Once the installation is complete, allow F-Secure software as follows:
Go to System Preferences > Security & Privacy, and select the General tab. Click Allow. Once this is done, the icon status changes to normal and the error message disappears.
Note: The steps described must be performed locally on the machine and not remotely. Full instructions with pictures: https://community.f-secure.com/t5/Business/Issue-with-real-time-scanning/ta-p/100546 In case the mentioned solution above does not work, carry out the following solutions one by one and verify if the real-time scanning could be enabled. Solution 1:
Check in System Preferences > Security & Privacy > Privacy > Accessibility and remove or disable 3rd party accessibility software such as the Better Touch Tool or MagicPrefs. Go to System Preferences > Security & Privacy. Select the General tab. Click the Allow button.
Check in System Preferences > Keyboard > Shortcuts > Full keyboard access to enable full keyboard access. Go to System Preferences > Security & Privacy, and select the General tab. Use Tab key to move the focus on the Allow button Press Spacebar on your keyboard while the Allow button is active.
Solution 3: Add F-Secure Team ID (6KALSAFZJC) to the list of approved kext developers by using "spctl kext-consent" command in the Recovery mode. Refer to the following page for more detail information: https://developer.apple.com/library/content/technotes/tn2459/_index.html#//apple_ref/doc/uid/DTS40017658-CH1-TNTAG4
Article no: 000001668
With the firewall enabled in F-Secure Client Security 14 / Computer Protection, I am unable to reach the network share or printer
The default firewall rule blocks unknown inbound/outbound connections. Ensure that you have allowed the network traffic in the product firewall to port 135, 137-139 and 445. Whitelist the affected printer IP or port number to the firewall rule. In case this does not help, we recommend to check the local firewall rules in the Windows Firewall user interface and ensure that there is no potential conflict between F-Secure firewall rules, and local firewall rules.
Article no: 000011040
This article describes the steps to generate debug logs for Computer Protection for Windows and Client Security 14 (and newer). Debug logs are needed in some instances by R&D to investigate some problems in detail.
FSDIAG with debug logs is needed in order to collect additional log files. Steps:
Download the debug tool from here Double click fsloglevel.exe Select Full Logging Click OK Restart the computer. Reproduce the steps that caused the original problem, take note of exact time of the problem. Generate FSDIAG by following steps explained here Kindly run the fsloglevel.exe tool a second time after submitting the logs. Click on Normal Logging to turn off the debug mode (it slows down your machine a bit).
Article no: 000009164
When installing F-Secure Computer Protection or Client Security 14.xx, the following error message is logged: Conflicting Oneclient product already installed.
This error indicates that either F-Secure Computer Protection or F-Secure Client Security 14.xx has been previously installed on the computer. The uninstallation of the previous F-Secure product has left some leftover files on the computer which are conflicting with the new installation. To resolve this issue:
Download the Oneclient-compatible uninstallation tool (Uninstallation Tool for Windows - Client Security 13.x & 14.x, Computer Protection, and Rapid Detection Service) from the Support tools page. Run the tool
Here is a direct link to the tool
Article no: 000011403
Customers own (developed) file causes a false positive detection by the F-Secure products.
To solve the issue, first sign the file with the digital signature certificate and then submit the file to F-Secure:
Open the Submit A Sample portal. Click Choose File and select the file to be submitted. Select I want to give more details about this sample and to be notified of the analysis result. Fill in the required details. Note: Select "False Positive" as the Sample Type and write "File whitelisting request" in the Subject field. Click Submit sample file.
The submitted file will be subjected to a verification process. Once verified clean, the file will be added to the list and the database will be updated accordingly to prevent the file from causing new false positive detections.
Article no: 000005979