Common Topics

Sort by:
Issue: Training videos are loading very slowly or not at all in the F-Secure Academy Learning Management System.  Issue started on 18th November 2019. Resolution: We were experiencing slowness to load some training videos on our F-Secure Academy Learning Management System (LMS) platform during 18-19th November 2019. The issue was fixed on 20th November 2019. If you are currently experiencing difficulties to load training videos, see if using a different web browser fixes the issue.    Article no: 000018159
View full article
Issue: Steps to clear up ORSP cache in F-Secure Client Security / Computer Protection / SAFE / Internet Security. Resolution: Click Start, type in cmd.exe in the search bar, and press Enter  In the command prompt window type in the following command and press Enter: For SAFE (64-bit) cd C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\<highest directory number> For SAFE (32-bit) cd C:\Program Files\F-Secure\SAFE\Ultralight\ulcore\<highest directory number> For Internet Security (64-bit) cd C:\Program Files (x86)\F-Secure\Internet Security\Ultralight\ulcore\<highest directory number> For Internet Security (32-bit) cd C:\Program Files\F-Secure\Internet Security\Ultralight\ulcore\<highest directory number> For Client Security (64-bit) cd C:\Program Files (x86)\F-Secure\Client Security\Ultralight\ulcore\<highest directory number> For Client Security (32-bit) cd C:\Program Files\F-Secure\Client Security\Ultralight\ulcore\<highest directory number> For Computer Protection (64-bit) cd C:\Program Files (x86)\F-Secure\PSB\Ultralight\ulcore\<highest directory number> For Computer Protection (32-bit) cd C:\Program Files\F-Secure\PSB\Ultralight\ulcore\<highest directory number> Note: If there are more than one sub-directories inside of the ulcore directory, Select the largest sub-directory number for <highest directory number> Type in the following (note the double dash --), and press Enter: For 32-bit systems: orspdiag.exe --cache-clear For 64-bit systems: orspdiag64.exe --cache-clear Accept with the letter Y when asked After completion, close the command prompt Article no: 000004992
View full article
Issue: F-Secure product has found a malware or Potentially Unwanted Application on a computer and user would like to get more information about what has happened to the machine and whether data has been breached. exported or forwarded, etc. Resolution: F-Secure has an Investigation & Incident Response team which provides forensic services if a data breach is suspected. You can find their contact information here.  Article no: 000018155
View full article
Issue: There is a localization (language translation) error, typo or incorrect information in an F-Secure product, help guide or website. Where can it be reported? Resolution: Open a support request and provide a description and screenshots of the error.  Article no: 000012245
View full article
Issue: I am a corporate customer/corporate reseller partner and I need to: Renew business / corporate products Buy additional or reduce licenses Transfer a license Cancel a subscription Resolution: When you have any questions relating to corporate product renewals, licenses transfers or cancellations, please contact your local F-Secure reseller for further help. If you are a reseller partner and you need help with renewing a customer's subscription, kindly directly contact your F-Secure sales contact. If you are unable to reach your F-Secure Sales contact, you can contact our Order Services team, or proceed to open a support request through the Partner Portal. Article no: 000003910
View full article
Issue: When a reseller partner submits an eorder via F-Secure Partner Portal, the order remains in "In progress" status. What to do if this happens?  Resolution: Initially, just wait a while (up to 30 minutes). If the problem persist, contact F-Secure Support and share a screenshot of the actual order (with the customer details and status visible). Details for how to contact F-Secure support are available here.   Article no: 000018018
View full article
Issue: With any extension this file is detected as an EICAR infection by the F-Secure end-point protection client but with the .xml extension it is not detected. Resolution: This issue will be fixed in a database update for the Hydra engine. Article no: 000017655
View full article
Issue: This article applies to the following F-Secure products: Client Security, Server Security, Computer Protection, Policy Manager, Email and Server Security, SAFE Steps on running the F-Secure Automatic Update Agent (FSAUA) reset tool, when the virus definitions are too old or the F-Secure products is encountering a malfunction with the F-Secure Automatic Updates. Resolution: Follow the steps below to run the FSAUA tool: Download the FSAUA reset tool from the F-Secure website here. Move the FSAUA reset tool to the affected F-Secure host (any directory). Open an elevated Command Prompt (Administrator). Navigate to the directory of the reset tool. Run the fsaua-reset.exe (use the option -? to receive information on the usage). The tool will clear any present F-Secure Automatic Updates on this host. The host will re-download all required F-Secure Automatic Updates and install them. To verify the status of the updates, you can proceed as follows: Open the F-Secure product's interface. Switch to Tools. Press Check for Updates. Verify the list of updates. Article no: 000001603
View full article
Issue: Request for an eService account. Resolution: F-Secure eService is part of the paid Premium support contract that allows for a centralized support ticket handling. Standard and Advanced support contracts are not eligible for F-Secure eService access. Contact your sales or account manager if you require the access.  For Premium customers, contact F-Secure support to get your F-Secure eService account created. We encourage you to prepare the following: First name Last name Email address   Article no: 000003888
View full article
Issue: When installing F-Secure Computer Protection or Client Security 14.xx, the following error message is logged: Conflicting Oneclient product already installed. Resolution: This error indicates that either F-Secure Computer Protection or F-Secure Client Security 14.xx has been previously installed on the computer. The uninstallation of the previous F-Secure product has left some leftover files on the computer which are conflicting with the new installation. To resolve this issue: Download the Oneclient-compatible uninstallation tool (Uninstallation Tool for Windows - Client Security 13.x & 14.x, Computer Protection, and Rapid Detection Service) from the Support tools page. Run the tool Here is a direct link to the tool Article no: 000011403
View full article
Issue: How can a reseller partner decrease or increase the amount of licenses for an existing SaaS subscription in the Partner Portal? Resolution: Click the Ordering-tab from the main menu, then click Saas from the sub-menu Click New SaaS Order For an existing customer, start typing the customer name into Search or add customer-field and the customer should appear in the suggestions drop-down list -> select customer Fill in order reference number (partner can choose this themselves, it is an internal reference for the partner helping them identify the customer and transaction and is visible on the bill we send) Click Add products Choose sales type as SaaS change (license increase or decrease) Select subscription to be modified Fill in new total quantity for the subscription Click Continue Click Order to submit the order Article no: 000009420
View full article
Issue: How can a reseller partner decrease or increase the number of licenses for an existing yearly subscription in Partner Portal? Resolution: A reseller partner can only decrease the number of licenses within the renewal window = 90 days from the license expiry date.  License reduction for Yearly license can be done through the following steps: 1. Click the Ordering-tab from main menu, then click Yearly from the sub-menu 2. Click New Order 3. For an existing customer, start typing the existing customer name into the Search-field and the customer should appear in the suggestions drop-down list -> select customer 4. Fill in order reference number (partner can choose this themselves, it is an internal reference for the partner helping them identify the customer and transaction and is visible on the bill we send) 5. Click Add products 6. Choose sales type as 'Renewal' (this is where partner can renew and increase/decrease the license number) 7. Select asset to be renewed 8. Fill in new total quantity for this license 9. Click Continue 10. Click Order to submit order Article no: 000009904
View full article
Issue: System administrator needs a list of all F-Secure processes and the folders where they are located in a Windows system  Resolution: You can create a list of all F-Secure processes and where they are located in a Windows system by following these steps: Open Command Prompt Run the following command in the folders listed below: dir /s /b *.exe C:\Program Files (x86)\F-Secure\ C:\ProgramData\F-Secure This will create you an easy to read list.   Article no: 000016628
View full article
Issue: Malicious code has been found in MBR file (Master Boot Record), how to proceed for further investigation. Resolution: Collect the MBR log from the infected machine for further investigation whether it is valid infection or false positive from F-Secure product. Log Collection Instructions: Install Sector Inspector "secinspect.msi" on the infected machine and note the installation directory. Download link: https://www.microsoft.com/en-us/download/details.aspx?id=19470 Locate installation directory C:\Program Files\Windows Resource Kits\Tools or C:\Program Files (x86)\Windows Resource Kits\Tools Execute "secinspect.exe" using cmd with the following argument. secinspect.exe > <log name>MBR.log Collect "<log name>MBR.log" that was generated Once the log has been collected, you can uninstall the tool using the same installer file "secinspect.msi" and choose uninstall option Once "<log name>MBR.log" was collected, please submit through the Submit a Sample service portal (https://www.f-secure.com/en/web/labs_global/submit-a-sample) for further investigation. Select I want to give more details about this sample and to be notified of the analysis results. Malware team will investigate the log and give remediation instructions for further clean up.   Article no: 000006535
View full article
Issue: I'm getting a detection for the following files: wscript.exe, ieexplorer.exe, winword.exe, explorer.exe, excel.exe Resolution: Mostly these detections come from DeepGuard. The following files are normally clean and each is a legitimate Microsoft file: wscript.exe ieexplorer.exe winword.exe explorer.exe excel.exe These legitimate Microsoft files are blocked by DeepGuard because a suspicious file, script or application is trying to run them. In order to investigate further, contact F-Secure support and provide the following: FSDIAG - https://community.f-secure.com/t5/Common-topics/How-do-I-create-an-FSDIAG-file/ta-p/18190 Possible file or script that you were running when you receive the detection. Example case with Excel, and how to find out the script which is causing the alert: Alert shown in Policy Manager Server / Windows Event log: DeepGuard blocked an exploit action. Application path: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE File hash: 6490a5897c31e43393c0feba365a08611340867c Locally on that machine, you can check the AlertSenderPlugin.log, which contains more detailed information about this: [...] 2019-09-20 09:38:30.426 [1004.2b68] I: ULAVMonitoring::callbackOnOASAlert: Got OAS alert with JSON: {"bookmark":"PEJvb2ttYXJrTGlzdD4NCiAgPEJvb2ttYXJrIENoYW5uZWw9J0ZTZWN1cmVVbHRyYWxpZ2h0U0RLJyBSZWNvcmRJZD0nMTIxNTknIElzQ3VycmVudD0ndHJ1ZScvPg0KPC9Cb29rbWFya0xpc3Q+","rl":"sp.evt.dg.block","rv":{"AskSample":0,"Detection":"Exploit:W32/OfficeExploitPayload.A!DeepGuard","Exploit":"d:\\shared\\download\\samples\\macrotest.xlsm","Hash":"6490a5897c31e43393c0feba365a08611340867c","Path":"C:\\Program Files (x86)\\Microsoft Office\\root\\Office16\\EXCEL.EXE","ProcessID":17996,"Rarity":2,"Reason":10,"Reputation":1,"SessionID":1,"tickcount":2348045081145}}. Extra data size: 0 [...] In this case, alert is caused because of this macro: d:\\shared\\download\\samples\\macrotest.xlsm AlertSenderPlugin.log is located here on clients with Client Security 14.x and PSB Computer Protection: C:\ProgramData\F-Secure\Log\PSB\AlertSenderPlugin.log Article no: 000004495
View full article
Issue: Web Content control is blocking pages by claiming they have been rated, for example, as adult material, even though the web page has nothing to do with that rating. How do I whitelist sites for PSB Computer Protection or Client Security? I want to access a site but Browsing Protection blocks it. What can I do? Resolution: You can report wrongly blocked pages and wrong web content categories to our labs. Check the box "I want to give more details about this sample and to be notified of the analysis results" and fill in the required information to get updates from labs as they check the link. Series 14 and newer of Business Suite products as well as PSB Computer and Server Protection will show webpage categories on the block page, which can give you more detail on why a page is blocked. To whitelist webpages in PSB settings profiles: Log in to your PSB portal account Go to Profiles using the left-side menu Open the profile you want to modify Click on Browsing Protection from the left-side menu Scroll down to Sites Add the site you want to whitelist to the Allowed sites-list Click Save and Publish in the bottom right To whitelist webpages using the Business Suite Policy Manager: Log in to the Policy Manager Console Select the correct policy domain or host from the Domain tree on the left Go to Settings Select Advanced view from the selector in the top right Navigate to F-Secure Browsing Protection->Settings->Reputation Based Protection->Trusted Sites in the settings tree Click the Add-button to the right of the sites list to add new entries  Press Ctrl+D or the Distribute policies-button in the top left to distribute the new settings Observe that you might have to empty your web browser cache for the changes to take effect. This applies to both set of instructions listed above and to when you receive a notification from the labs that they have updated a page rating. Article no: 000004384
View full article
Issue: My computer has been infected by ransomware and I have submitted encrypted samples. Resolution: What we can do is perform an analysis of the malware to ensure that your F-Secure product can protect against any future contact with it. We can also provide guidance on how to optimally configure your F-Secure product or current security practices to prevent a recurrence of this situation. For the immediate situation, here are some steps you can take to contain the damage caused by the ransomware and advice on recovering affected devices or data: https://www.f-secure.com/en/web/labs_global/crypto-ransomware#respond Lastly, we would appreciate it if you could provide us with the malicious file that caused the infection, or any other information that could be useful for the investigation. Article no: 000004496
View full article
Issue: This article is applicable for the following products: Client Security, Server Security, PSB Server Security, Computer Protection. A scheduled scan task by F-Secure products does not seem to be created in the user interface, does not start or work. What do I do? Resolution: 1. When scheduled scan configured in the F-Secure product, it creates a scheduled scanning task in the Windows Task Scheduler. If the scheduled scan does not start, you can verify if the task was actually created in Windows Task Scheduler: Click Start. Go to Control Panel > System and Security. Click Administrative Tools. Select Task Scheduler. Select Task Scheduler Library. Look for Scheduled scanning task. (or the customized scheduled scanning task name you defined via Policy Manager Console or PSB profile editor) Delete the Scheduled scanning task. (or the customized scheduled scanning task name you defined via Policy Manager Console or PSB profile editor) Disable and re-enable back the scheduled scan. 2. If the scheduled scanning task is not found, try re-configuring the scheduled task (e.g. make a change in the scheduled scan, then distribute new policy from Policy Manager, or save and publish the profile on PSB Portal). 3. Try to execute the scheduled scanning task in Task Scheduler manually and see if it works. If not, the scheduled task is disabled via GPO mostly. 4. For Server Security 12.x and PSB Server Security 12.x, try to restart FSGKHS (F-Secure Gatekeeper Handler Starter) services and verify if the scheduled scanning task works after that. 5. If you enclose the string with quotes, the scheduled scan will not work. Remove the quotes via the Policy Manager Console, distribute the new policy or PSB profile editor, save and publish the profile. Does not work: "/t18:00 /b2018-8-1 /rdaily" Works: /t18:00 /b2018-8-1 /rdaily 6. If the scheduled scanning task can be found in the Task Scheduler Library but is not visible in the application user interface - that is to be expected. Since the task is being configured and scheduled centrally, it is not handled via the end-point protection application, but via Windows Task Scheduler, and in this sense is not configured in the end-point protection application user interface. Note: The Windows operating system is up-to-date. Ensure that the host remains ON until the scan completes Article no: 000001990
View full article
Issue: RDP Brute Force attack performed and Ransomware encrypted system or files Technique commonly used by Crysis, Dharma, GandCrab ransomware. Resolution: Use strong and long passwords To avoid brute force attack on RDP, avoid using Dictionary word and simple password. Always use long password with combination of Uppercase letters, Lowercase letters, numbers and special characters. Limit number of attempts Go to Start-->Programs-->Administrative Tools-->Local Security Policy Under Account Policies-->Account Lockout Policies Account lockout threshold -> Set between 3 to 5 Account lockout duration -> Ideally set more than 5 minutes Only allow user accounts requiring RDP service Go to Start-->Programs-->Administrative Tools-->Local Security Policy Under Local Policies-->User Rights Assignment-->Allow logon through Remote Desktop Services Add or Remove the User accounts or groups which require RDP service Close RDP port Use VPN connection to access remote desktop and close RDP ports (TCP 3389) access  via firewall. Use RD gateway servers RD gateway proxy servers can be used for securing the connection with SSL. Read more here : https://social.technet.microsoft.com/wiki/contents/articles/10974.windows-server-2012-rds-deploying-and-configuring-rd-gateway.aspx Article no: 000005204
View full article
Issue: How to collect the quarantined files on an affected Windows machine using F-Secure Quarantine Dumper, and then submit the files for analysis.  Resolution: Collect quarantined files using F-Secure Quarantine Dumper by following the instructions below: Click on this link to download F-Secure Quarantine Dumper to a location of your choice, for example, c:\temp. Launch Command Prompt (CMD). Navigate the directory to the location you selected in step 1. For example, type cd c:\temp\ and press Enter on your keyboard to go to c:\temp\ folder. Type fsdumpqrt.exe -d c:\temp\  to run the tool. Enter your administrator credentials when prompted. F-Secure license terms are now shown. Scroll all the way to the end of the license terms before you can accept them. Press E on your keyboard to accept the license terms. Press any key to complete the run. The quarantined files will be collected in a file named malware_samples.zip with the default password (infected) in the location you specified in step 1.  These are the parameters that can be used in the tool:​ -d, --destination: Destination directory for output (default: current admin desktop) -p, --password: Password for output (default: "infected") -v, --verbose: Verbose output -a, --accept-eula: Accept EULA -s, --silent: Silent mode -l, --list: Only list contents, nothing is written to disk Tip: Running the fsdumpqrt.exe tool in command prompt without additional command line parameters will print out a short tool description and the extra parameters for using the tool.   Article no: 000002484
View full article
Issue: How do I identify and remove the infected item(s) that F-Secure has detected on a .PST archive (Outlook data file)? Resolution: Follow the steps below to configure the F-Secure scanning report to show additional information when an email is detected inside an Outlook PST file. These steps will help you to identify the email so that it can be removed manually after the scanning: Open the Registry Editor (regedit.exe) Navigate to the following location: HKEY_LOCAL_MACHINE\SOFTWARE\F-Secure\Ultralight\GKH2\Plug-Ins\F-Secure Capricorn Add a new 'String Value' (REG_SZ) with the following information: Name: CustomSettings Data: mailboxmode=2 It should look like in this image: Other scanning modes available are: 0 = none (default, mailbox is not scanned) 1 = enable mailbox scanning 2 = enable scanning and provide extended report (inside infection name) Restart the "F-Secure Ultralight Hoster" service net stop fsulhoster net start fsulhoster (If you are unsure on how to restart a service, just restart the computer) Manually scan the PST. The report will now show message-related fields (email subject, folder, attachment name) Once the message has been identified, proceed to remove it manually in Outlook: Delete the message with [shift-del] (so that it will not be moved to trash). Finally follow these steps to compact the PST database: https://support.office.com/en-us/article/reduce-the-size-of-your-mailbox-and-outlook-data-files-pst-and-ost-e4c6a4f1-d39c-47dc-a4fa-abe96dc8c7ef?ui=en-US&rs=en-US&ad=US Re-scan the .PST archive to ensure all infected items have been removed.   Article no: 000002840
View full article
Issue: This article applies to the following F-Secure products: Computer Protection for Mac, Client Security for Mac, SAFE for Mac, SENSE Application for Mac F-Secure product is installed on a Mac computer but the user interface shows that computer is not protected and that the real-time scanning is not activated. Resolution: After installation of the Mac product on macOS High Sierra, a red F-Secure (X) icon may appear when running real-time scanning. This is due to a new security feature, which has been introduced in macOS High Sierra (10.13) or higher. During first time installation, the security feature requires you to allow system software from F-Secure. Until the software is allowed, real-time scanning will fail. Once the installation is complete, allow F-Secure software as follows: Go to System Preferences > Security & Privacy, and select the General tab. Click Allow. Once this is done, the icon status changes to normal and the error message disappears. Note: The steps described must be performed locally on the machine and not remotely. Full instructions with pictures: https://community.f-secure.com/t5/Business/Issue-with-real-time-scanning/ta-p/100546 In case the mentioned solution above does not work, carry out the following solutions one by one and verify if the real-time scanning could be enabled. Solution 1: Check in System Preferences > Security & Privacy > Privacy > Accessibility and remove or disable 3rd party accessibility software such as the Better Touch Tool or MagicPrefs. Go to System Preferences > Security & Privacy. Select the General tab. Click the Allow button. Solution 2: Check in System Preferences > Keyboard > Shortcuts > Full keyboard access to enable full keyboard access. Go to System Preferences > Security & Privacy, and select the General tab. Use Tab key to move the focus on the Allow button Press Spacebar on your keyboard while the Allow button is active. Solution 3: Add F-Secure Team ID (6KALSAFZJC) to the list of approved kext developers by using "spctl kext-consent" command in the Recovery mode. Refer to the following page for more detail information:  https://developer.apple.com/library/content/technotes/tn2459/_index.html#//apple_ref/doc/uid/DTS40017658-CH1-TNTAG4 Article no: 000001668
View full article
This article explains how you can manually update the antivirus databases of F-Secure products on Windows platforms.
View full article
When Windows crashes (blue screen of death), it creates memory dump files. These files contain information about the computer's memory at the time of...
View full article
To receive notifications for all types of threats, configure your settings in the Email and Server Security web console.
View full article
This article describes how you can create the Automatic Update Agent (AUA) debug logs.
View full article
Use the executable POLUTIL.exe tool located in the Common directory under the root of your product's installation directory to export the data that...
View full article
If you have technical issues with your Linux security product, this article tells you how to create an FSDIAG file which you can then attach to your...
View full article
If you need to recover an item, such as a false positive, from the quarantine, use the fsdumpqrt tool for this. It helps you to get sample files from...
View full article
To exclude a process from real-time scanning:
View full article
To prevent users from using the devices, the administrator should select "Blocked" access level for the desired rule.
View full article
This article explains why the use of the at sign (@) as part of a password for the http proxy access is problematic.
View full article
The global F-Secure content delivery network used by F-Secure uses dynamic addressing and traffic routing. The content delivery network operates on...
View full article
This article describes the meaning of the F-Secure Automatic Update Agent (AUA) connection settings. AUA is the component in the product that is...
View full article
This article lists and explains the reputation and prevalence property values used in the Application Control rules.
View full article
It is not recommended to use any characters other than the standard Roman character set with any of F-Secure's products.
View full article
Below is a list of the persistent processes started by Linux Security 11. They are shown in the process list when you issue, for example the following...
View full article
In Windows, every device has a few sets of properties that can be used to identify the device or the class of the device. In the table below the...
View full article
This article contains a table listing and describing all the Email and Server Security client services and processes that are running on your server...
View full article
Device Control prevents threats from accessing your system via hardware devices, such as USB sticks, CD-ROM drives, and web cameras. This feature also...
View full article
DeepGuard settings in most F-Secure business products are configured to provide the best possible protection depending on the level of control you...
View full article
DeepGuard analyzes the behavior of programs, and blocks new and undiscovered viruses, worms, and other malicious programs that try to make potentially...
View full article
Application control is a premium feature that strengthens your protection for the installation and launch of applications, installers, and scripts....
View full article
Issue: Customers own (developed) file causes a false positive detection by the F-Secure products.  Resolution: To solve the issue, first sign the file with the digital signature certificate and then submit the file to F-Secure: Open the Submit A Sample portal. Click Choose File and select the file to be submitted. Select I want to give more details about this sample and to be notified of the analysis result. Fill in the required details. Note: Select "False Positive" as the Sample Type and write "File whitelisting request" in the Subject field. Click Submit sample file. The submitted file will be subjected to a verification process. Once verified clean, the file will be added to the list and the database will be updated accordingly to prevent the file from causing new false positive detections.        Article no: 000005979
View full article
Issue: With the firewall enabled in F-Secure Client Security 14 / Computer Protection, I am unable to reach the network share or printer Resolution: The default firewall rule blocks unknown inbound/outbound connections. Ensure that you have allowed the network traffic in the product firewall to port 135, 137-139 and 445. Whitelist the affected printer IP or port number to the firewall rule. In case this does not help, we recommend to check the local firewall rules in the Windows Firewall user interface and ensure that there is no potential conflict between F-Secure firewall rules, and local firewall rules. Article no: 000011040
View full article
Issue: This article describes the steps to generate debug logs for Computer Protection for Windows and Client Security 14 (and newer). Debug logs are needed in some instances by R&D to investigate some problems in detail. Resolution: FSDIAG with debug logs is needed in order to collect additional log files.  Steps:  Download the debug tool from here Double click fsloglevel.exe Select Full Logging Click OK Restart the computer. Reproduce the steps that caused the original problem, take note of exact time of the problem. Generate FSDIAG by following steps explained here Kindly run the fsloglevel.exe tool a second time after submitting the logs. Click on Normal Logging to turn off the debug mode (it slows down your machine a bit).  Article no: 000009164
View full article
Issue: I would like to know the description for each of the services used in F-Secure product. What does each service do? Resolution: Below you can find the functionality and purpose of each F-Secure service: F-Secure Hoster: Product business logic, including product updates, telemetry, settings & configurations with SYSTEM privileges. F-Secure Hoster (Restricted): Product business logic, including product updates, telemetry, settings & configurations with NETWORK SERVICE privileges. F-Secure Ultralight Hoster: Anti-malware scanning logic, including real-time scanning, Online Safety, DeepGuard, DataGuard and Application Control with SYSTEM privileges. F-Secure Ultralight Network Hoster: Anti-malware scanning logic, including real-time scanning, Online Safety, DeepGuard, DataGuard and Application Control with NETWORK SERVICE privileges. F-Secure Ultralight ORSP client: Real-time protection network query service (NETWORK SERVICE). F-Secure Ultralight Protected Hoster: Scanning integration to Windows Security Center, runs as protected process (protected by Windows). F-Secure Device Control: F-Secure Device Control Daemon service, provides a possibility to block/restrict access to local devices. Article no: 000016071
View full article
Issue: If we wish to block access to Web Radio pages, which category should we block in web content control settings? Resolution: To block access to web radio pages, block the "Streaming media" category in Web Content Control. Article no: 000016109
View full article
Issue: How to install a Hotfix Resolution: There are several types of HOTFIXES. fsfix, jar, and zip.   FSFIX  -> This is for Windows clients. This hotfix can be run on each Windows clients. JAR     -> This is for Policy Manager deployment. You can deploy hotfix using Policy Manager automatically. ZIP      -> This contains both FSFIX and JAR, sometimes only one from those. Users need to extract this file. [Note] Internet Explorer may change the file extension for fsfix/ jar to ".zip" This is due to the security setting. When it happens, please change the file extension back to the original one. [How to install] Fsfix Download the fsfix fix to target machine. Double click fsfix. Message is shown. Click "Yes" to proceed. Wait until installation finishes. You can see message window when it's finished. Click "OK" to finish installation.   Jar Open policy manager console and select "installation" Click on "Installation package". Click on "Import" and import Jar file. Click on "Close" Select target PC(or domain) and click on "install package". Select package name and click on "OK" Deploy policy to targets. Sometimes, a reboot is recommended. Please reboot your PC, if needed. This message is shown based on your OS status even if the hotfix does not need an OS reboot. Article no: 000014849
View full article
Issue: DeepGuard blocks the application. This was determined to be a high-risk application by system control heuristics.  After the file SHA-1 hash and file path is excluded in F-Secure Client Security 13.x/14.x, Deepguard continues to block the application Resolution: You can exclude the network drivers from being scanned, by doing the following: Log in to Policy Manager Console Click on the Settings tab Click on Advanced View Navigate to F-Secure DeepGuard Click Settings Click Excluded applications and enter the exclusion in UNC format, like:'\\servername\share\folder\to\the\app.exe' If this location is also mapped to a drive letter, then another exclusion must also be added in the mapped format, so for example ' N:\folder\to\the\app.exe' If the network drive was mapped to N. Both formats are needed, as mapped network drives are user-specific, settings and DeepGuard can't automatically do the user based drive letter mapping. Folder based exclusions on network drives are also supported. Please refer to the screenshot below when making the exclusions: 7. Distribute the policy Note: If you are using F-Secure Client Security 13.10, kindly upgrade to 13.11 since the latest version has improvements for DeepGuard. Wildcard exclusions are only applicable for Real-time scanning. For Deepguard exclusion, kindly use file or folder path. F-Secure Security Cloud (ORSP) has a higher priority compared to SHA-1 exclusions. Only file or folder path exclusion has higher priority over ORSP. If you are using Policy Manager Version 14.xx. This setting has been replaced by Files and applications excluded from scanning, which applies to version 12.x, 13.x, and 14.x hosts. Your existing trusted applications have been moved to the new setting. Article no: 000004819
View full article