Common Topics

Sort by:
Issue: DeepGuard blocks the application. This was determined to be a high-risk application by system control heuristics.  After the file SHA-1 hash and file path is excluded in F-Secure Client Security 13.x/14.x, Deepguard continues to block the application Resolution: You can exclude the network drivers from being scanned, by doing the following: Log in to Policy Manager Console Click on the Settings tab Click on Advanced View Navigate to F-Secure DeepGuard Click Settings Click Excluded applications and enter the exclusion in UNC format, like:'\\servername\share\folder\to\the\app.exe' If this location is also mapped to a drive letter, then another exclusion must also be added in the mapped format, so for example ' N:\folder\to\the\app.exe' If the network drive was mapped to N. Both formats are needed, as mapped network drives are user-specific, settings and DeepGuard can't automatically do the user based drive letter mapping. Folder based exclusions on network drives are also supported. Please refer to the screenshot below when making the exclusions: 7. Distribute the policy Note: If you are using F-Secure Client Security 13.10, kindly upgrade to 13.11 since the latest version has improvements for DeepGuard. Wildcard exclusions are only applicable for Real-time scanning. For Deepguard exclusion, kindly use file or folder path. F-Secure Security Cloud (ORSP) has a higher priority compared to SHA-1 exclusions. Only file or folder path exclusion has higher priority over ORSP. If you are using Policy Manager Version 14.xx. This setting has been replaced by Files and applications excluded from scanning, which applies to version 12.x, 13.x, and 14.x hosts. Your existing trusted applications have been moved to the new setting. Article no: 000004819
View full article
Issue: This article is applicable for the following products: Server Security 12.x, Email and Server Security 12.x, PSB Server Security 12, PSB Email and Server Security. How to uninstall F-Secure Server products on Windows server using Uninstallation Tool? Resolution: Although F-Secure Uninstallation Tool is not supported to be used on Windows server, the tool can be used for special cases with the following instructions. Important! DO NOT run this tool if you have Policy Manager installed on the same server. It will delete everything including the H2DB database and will cause data loss. Download the tool from here Open Command Prompt (cmd) with Run as Administrator... option Navigate to the folder where you saved the UninstallationTool.exe (e.g. Downloads) cd C:\Users\<your username>\Downloads Type in Uninstallationtool.exe -a --server to launch the Uninstallation Tool Follow the instruction on the screen and allow the tool to finish the uninstallation Uninstallation will be done. Article no: 000001459
View full article
When Windows crashes (blue screen of death), it creates memory dump files. These files contain information about the computer's memory at the time of...
View full article
To receive notifications for all types of threats, configure your settings in the Email and Server Security web console.
View full article
This article describes how you can create the Automatic Update Agent (AUA) debug logs.
View full article
Use the executable POLUTIL.exe tool located in the Common directory under the root of your product's installation directory to export the data that...
View full article
If you have technical issues with your Linux security product, this article tells you how to create an FSDIAG file which you can then attach to your...
View full article
If you need to recover an item, such as a false positive, from the quarantine, use the fsdumpqrt tool for this. It helps you to get sample files from...
View full article
To exclude a process from real-time scanning:
View full article
If you want to exclude objects from being scanned by Real-Time scanning, follow these steps:
View full article
To prevent users from using the devices, the administrator should select "Blocked" access level for the desired rule.
View full article
This article explains why the use of the at sign (@) as part of a password for the http proxy access is problematic.
View full article
The global F-Secure content delivery network used by F-Secure uses dynamic addressing and traffic routing. The content delivery network operates on...
View full article
This article describes the meaning of the F-Secure Automatic Update Agent (AUA) connection settings. AUA is the component in the product that is...
View full article
This article lists and explains the reputation and prevalence property values used in the Application Control rules.
View full article
It is not recommended to use any characters other than the standard Roman character set with any of F-Secure's products.
View full article
Below is a list of the persistent processes started by Linux Security 11. They are shown in the process list when you issue, for example the following...
View full article
In Windows, every device has a few sets of properties that can be used to identify the device or the class of the device. In the table below the...
View full article
This article contains a table listing and describing all the Email and Server Security client services and processes that are running on your server...
View full article
Device Control prevents threats from accessing your system via hardware devices, such as USB sticks, CD-ROM drives, and web cameras. This feature also...
View full article
DeepGuard settings in most F-Secure business products are configured to provide the best possible protection depending on the level of control you...
View full article
DeepGuard analyzes the behavior of programs, and blocks new and undiscovered viruses, worms, and other malicious programs that try to make potentially...
View full article
Application control is a premium feature that strengthens your protection for the installation and launch of applications, installers, and scripts....
View full article
Issue: How to install a Hotfix Resolution: There are several types of HOTFIXES. fsfix, jar, and zip.   FSFIX  -> This is for Windows clients. This hotfix can be run on each Windows clients. JAR     -> This is for Policy Manager deployment. You can deploy hotfix using Policy Manager automatically. ZIP      -> This contains both FSFIX and JAR, sometimes only one from those. Users need to extract this file. [Note] Internet Explorer may change the file extension for fsfix/ jar to ".zip" This is due to the security setting. When it happens, please change the file extension back to the original one. [How to install] Fsfix Download the fsfix fix to target machine. Double click fsfix. Message is shown. Click "Yes" to proceed. Wait until installation finishes. You can see message window when it's finished. Click "OK" to finish installation.   Jar Open policy manager console and select "installation" Click on "Installation package". Click on "Import" and import Jar file. Click on "Close" Select target PC(or domain) and click on "install package". Select package name and click on "OK" Deploy policy to targets. Sometimes, a reboot is recommended. Please reboot your PC, if needed. This message is shown based on your OS status even if the hotfix does not need an OS reboot. Article no: 000014849
View full article
Issue: If we wish to block access to Web Radio pages, which category should we block in web content control settings? Resolution: To block access to web radio pages, block the "Streaming media" category in Web Content Control. Article no: 000016109
View full article
Issue: I would like to know the description for each of the services used in F-Secure product. What does each service do? Resolution: Below you can find the functionality and purpose of each F-Secure service: F-Secure Hoster: Product business logic, including product updates, telemetry, settings & configurations with SYSTEM privileges. F-Secure Hoster (Restricted): Product business logic, including product updates, telemetry, settings & configurations with NETWORK SERVICE privileges. F-Secure Ultralight Hoster: Anti-malware scanning logic, including real-time scanning, Online Safety, DeepGuard, DataGuard and Application Control with SYSTEM privileges. F-Secure Ultralight Network Hoster: Anti-malware scanning logic, including real-time scanning, Online Safety, DeepGuard, DataGuard and Application Control with NETWORK SERVICE privileges. F-Secure Ultralight ORSP client: Real-time protection network query service (NETWORK SERVICE). F-Secure Ultralight Protected Hoster: Scanning integration to Windows Security Center, runs as protected process (protected by Windows). F-Secure Device Control: F-Secure Device Control Daemon service, provides a possibility to block/restrict access to local devices. Article no: 000016071
View full article
Issue: This article is applicable for the following products: Client Security, Server Security, PSB Server Security, Computer Protection. A scheduled scan task does not seem to start or work. What do I do? Resolution: 1. With scheduled scan configured, it creates a scheduled scanning task in the Windows Task Scheduler. If the scheduled scan does not start, you can verify if the task was actually created in Windows Task Scheduler: Click Start. Go to Control Panel > System and Security. Click Administrative Tools. Select Task Scheduler. Select Task Scheduler Library. Look for Scheduled scanning task. (or the customized scheduled scanning task name you defined via Policy Manager Console or PSB profile editor) Delete the Scheduled scanning task. (or the customized scheduled scanning task name you defined via Policy Manager Console or PSB profile editor) Disable and re-enable back the scheduled scan. 2. If the scheduled scanning task is not found, try re-configuring the scheduled task (e.g. make a change in the scheduled scan, then distribute new policy from Policy Manager, or save and publish profile on PSB Portal). 3. Try to execute the scheduled scanning task in Task Scheduler manually and see if it works. If not, the scheduled task is disabled via GPO mostly. 4. For Server Security 12.x and PSB Server Security 12.x, try to restart FSGKHS service and verify if the scheduled scanning task works after that. 5. If you enclose the string with quotes, the scheduled scan will not work. Solution: remove the quotes via Policy Manager Console or PSB profile editor. Does not work: "/t18:00 /b2018-8-1 /rdaily" Works: /t18:00 /b2018-8-1 /rdaily Note: Ensure that Windows is up-to-date. Note: Ensure that the PC is ON until the scan finishes Article no: 000001990
View full article
Issue: Steps to clear up ORSP cache in F-Secure SAFE/Client Security/Computer Protection Resolution: Follow the steps below to clear the ORSP cache:  Click Start, type in cmd.exe in the search bar, and press Enter.  A black command prompt box will appear on the screen. Type in the following and press Enter: For SAFE (64-bit) - cd C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\<random number folder> For SAFE (32-bit) -  cd C:\Program Files\F-Secure\SAFE\apps\Ultralight\ulcore\<random number folder> For Client Security (64-bit) - cd C:\Program Files (x86)\F-Secure\Client Security\Ultralight\ulcore\<random number folder> For Client Security (32-bit) - cd C:\Program Files\F-Secure\Client Security\Ultralight\ulcore\<random number folder> For Computer Protection (64-bit) - cd C:\Program Files (x86)\F-Secure\PSB\Ultralight\ulcore\<random number folder> For Computer Protection (32-bit) - cd C:\Program Files\F-Secure\PSB\Ultralight\ulcore\<random number folder> Note: Look for a folder with the latest greatest number for <random number folder> if you have more than one folder. Next, type in the following (note the double dash -) and press Enter: orspdiag.exe --cache-clear Type Y when asked to. Once done, you may close the prompt. Article no: 000004992
View full article
Issue: With the firewall enabled in F-Secure Client Security 14 / Computer Protection, I am unable to reach the network share or printer Resolution: The default firewall rule blocks unknown inbound/outbound connections. Ensure that you have allowed the network traffic in the product firewall to port 135, 137-139 and 445. Whitelist the affected printer IP or port number to the firewall rule. In case this does not help, we recommend to check the local firewall rules in the Windows Firewall user interface and ensure that there is no potential conflict between F-Secure firewall rules, and local firewall rules. Article no: 000011040
View full article
Issue: This article describes the steps to generate debug logs for Computer Protection for Windows and Client Security 14 (and newer). Debug logs are needed in some instances by R&D to investigate some problems in detail. Resolution: FSDIAG with debug logs is needed in order to collect additional log files.  Steps:  Download the debug tool from here Double click fsloglevel.exe Select Full Logging Click OK Restart the computer. Reproduce the steps that caused the original problem, take note of exact time of the problem. Generate FSDIAG by following steps explained here Kindly run the fsloglevel.exe tool a second time after submitting the logs. Click on Normal Logging to turn off the debug mode (it slows down your machine a bit).  Article no: 000009164
View full article