Vulnerability Management

Sort by:
Issue: Authenticated scan (WinRM using HTTP port 5985) found less vulnerabilities. No information about installed software or patches in the scan result. Resolution: If you are using port 5985 (HTTP) for the WInRM configuration in the system scan template, make sure to add the target host into trusted list on Radar Scan Node. Reference: Configuring the WinRM service to use HTTP on individual hosts https://help.f-secure.com/product.html#business/radar/3.0/en/task_5901D72CCEAB44529CAE857EF344FBFF-3.0-en   Article no: 000018757
View full article
Issue: What is the maximum simultaneous scan limit for F-Secure Radar Scan Node? Resolution: These are the default values for the maximum number of simultaneous scans that a scan node is allowed to run: Discovery Scan: 10  System Scan: 30  Web Scan: 5 These default values can be modified if required. See the following entries from our admin guide for more information: Windows:  Configuring scan nodes: https://help.f-secure.com/product.html#business/radar/3.0/en/task_82B78C67199740B3A28EC7FDF9E16FC1-3.0-en Linux:  Configuring scan nodes: https://help.f-secure.com/product.html#business/radar/3.0/en/task_EC1AA6BA87B549EEA34B3D370E149F9A-3.0-en Limiting maximum scans: https://help.f-secure.com/product.html#business/radar/3.0/en/task_B98C152AE41B49849B4A28CDEC1AA8A9-3.0-en Article no: 000018710
View full article
Issue: A Radar ticket has been created to resolve a vulnerability. How do I enable email notifications to the ticket delegate / owner? Resolution: Refer to the following page in our Radar Help Guide: https://help.f-secure.com/product.html?business/radar/3.0/en/task_7CC59C0CA86A41CA9C4E3224AE0A8885-3.0-en The person assigned to the ticket automatically becomes a follower and receives notifications about changes in the ticket. Note that external users only receive notifications but cannot log in or view the ticket itself. You can also enable notifications for approaching and reached ticket deadlines. Notifications are sent to all the ticket's participants, assuming the relevant Workflow settings listed below are enabled in the Radar Security Center settings. Settings > General settings > Workflow Notify participants when deadline has passed Number of day(s) before deadline to notify participants about it  Note, that changing these fields does not trigger a notification: changing tags adding a comment (change log) Article no: 000018383
View full article
Issue: How to create API keys for F-Secure Radar API authentication? Resolution: F-Secure Radar API uses API keys for authentication. An API key consists of an access key (for example, PA3IAKNANLM9) and a secret key (for example, UO9mkDEHFGa1Vau6o#1AfxwRmBQW@!qV). Note that the sample requests in this documentation show access and secret keys enclosed in braces, which must be omitted when you submit requests. Follow the steps below to create an API key: Log in to F-Secure Radar. Select My profile. Scroll down to the Configure API Keys section. Add a new API key and store it safely. Apply the created API key to the HTTP header of every API request that requires authentication. Run a simple request to check the authentication: curl -X GET https://api.radar.f-secure.com/api/integration/authenticationcheck -H 'Content-Type: application/json' -H 'ApiAccessKey: {ApiAccessKey}' -H 'ApiSecretKey: {ApiSecretKey}' If authentication was successful, you will get a HTTP response with status code 200 Authenticated. Note: Single quote works in Linux environment. When using CURL in Windows Operating System, recommended to use double quotes masked with backslash (\). Backslash is used to escape the inner quotes. Example: curl -X POST https://api.radar.f-secure.com/api/integration/assetMonitoring/withStartIndex/0/andPageSize/250 -H "Content-Type: application/json" -H "ApiAccessKey: {ApiAccessKey}" -H "ApiSecretKey: {ApiSecretKey}" -d "{\"AssetSourceType\": \"Custom\"}" Article no: 000018219
View full article
Issue: Does F-Secure offer the option to evaluate F-Secure Radar? Resolution: Yes, we have a page for requesting the access to evaluate F-Secure Radar. It is available here. Article no: 000018343
View full article
Issue: How to remove/add/change user in F-Secure Radar Security Center portal Resolution: The Account management page allows control to user access using Role Based Access Control (RBAC) principles. Users with administrator role have full access rights to user management.  Steps to edit / modify an existing user: Login to the Radar Security Center Go to the Account Management tab Click the List view button to view list of the users Click on three dots (...) on the right side of the user Select Edit Make the required change and save your settings Steps to delete a user: Login to the Radar Security Center Go to the Account Management tab Click on List view button to view list of the users Click on the checkbox next to the user Click the Delete users button at the bottom of the screen to delete user Steps to add a new user: Login to the Radar Security Center Go to the Account Management tab Click the circle with 3 dots (...)next to the title "Account management" Select Add user Fill in the user details and click Finish when done. An invitation email is sent to the user Note: Administrators also have other options available including activating and deactivating users and adding users to groups. To activate / deactivate or add a user to a group: Login to the Radar Security Center Go to the Account Management tab Click on the checkbox next to the user, repeat the step if needed to select all relevant users Click the button Activate users, Deactivate users or Add to user groups Note: If the ADMIN user is no longer available (e.g. user has left the company) and your request is about adding (or changing) another user to the ADMIN role, contact F-Secure Support with your request.    Article no: 000005330
View full article
Issue: There is an issue with scan nodes not being able to connect to F-Secure back-end servers. In short, the Last seen and Engine update indicators on https://portal.radar.f-secure.com/mmc/settings/scannodes.aspx show a delay of more than 3-4 minutes. Resolution: To troubleshoot the scan node connectivity: Make sure that the F-Secure Radar Scan Node Agent (legacy name= Karhu.Scan.Daemon) service is running. Check this by using Windows Task Manager or Windows Local Service. Make sure that the Windows credentials used to run the F-Secure Radar Scan Node Agent (Karhu.Scan.Daemon) service are able to log in. While logged in with these Windows credentials, run the following command:  C:\Program Files (x86)\F-Secure\RadarScanAgent>FSRadarAgent.exe --test This runs a connectivity test against our Radar Update server back-end. There should be no visible problems or errors while the previous test executes. Ensure that using a browser to access the Security Center portal or https://portal.radar.f-secure.com, https://api.radar.f-secure.com and https://updates.radar.f-secure.com works.  Also check if there are any changes in the network configuration or if the connection needs a proxy for outbound traffic.  If you need to configure or check the current http-proxy settings, you can open the Radar Scan node - Control Center application. Proxy related settings are visible in the Settings pane and are listed below. Communication.WebSerivce.WSNG.Binding.ProxyAddress Communication.WebSerivce.WSNG.Binding.BypassProxyOnLocal Communication.WebSerivce.WSNG.Binding.UseDefaultWebProxy Communication.WebSerivce.SSNG.Binding.ProxyAddress Communication.WebSerivce.SSNG.Binding.BypassProxyOnLocal Communication.WebSerivce.SSNG.Binding.UseDefaultWebProxy Communication.WebSerivce.PSNG.Binding.ProxyAddress Communication.WebSerivce.PSNG.Binding.BypassProxyOnLocal Communication.WebSerivce.PSNG.Binding.UseDefaultWebProxy Communication.WebSerivce.Updates.Binding.ProxyAddress Communication.WebSerivce.Updates.Binding.BypassProxyOnLocal Communication.WebSerivce.Updates.Binding.UseDefaultWebProxy Communication.WebRequest.Updates.ProxyFileTransferTimeout By default, the scan node agent respects operating system proxy settings. On Windows, you can specify a web proxy in Internet Options (Connections -> Lan Settings). However, you have to configure it for the specific user (or service) account. Internet Explorer options are customized for each specific Windows account. Usually, the following procedure works in applying proxy settings to the Radar Scan Node Agent: identify which user (or service) account Radar Scan Node Agent uses log in to the system using this account configure the Internet Option proxy settings restart the Radar Scan Node Agent Service (net stop "f-secure radar scan node agent", net start "f-secure radar scan node agent") Verify communication works by looking at the service logs in the Radar scan node root directory C:\Program Files (x86)\F-Secure\RadarScanAgent\logs.  Article no: 000003665
View full article
Issue: F-Secure Radar Discovery Scan not finding any hosts Resolution: General instructions for troubleshooting: Keep "Process if no PING" option turned on. Create a new Discovery Scan template, port scan mode i.e: for TOP 100 ports and with debug / verbose mode enabled. Attach your newly created DS template to your new discovery scan record and run it. This will tell you much more about the details of the scan execution and can enclose the root cause. Check gateways. In case the scan node server has more than one network interface / IP address, check if the scanner can for some unknown reason choose another gateway. On the "Scanning Performance" drop-down, try choosing "polite" or "sneaky". Don't only ping the given host (i.e. 192.168.99.71) from the scan node. Try to also access some services (f.ex: if there is a www service, try to access it with a web browser from the scan node). Consider checking what account with what type of permissions you are running. Are your local account permissions the same as the permissions of the service account that Radar scan node is using? If your user account is coming from AD, while Radar has a local user account - does it change anything in your network setup with regards to what you can / can't access over the network? Radar uses Nmap for port scanning, which is an industry-standard tool. You can see the exact command line parameters in the scan log that Radar uses to run a specific port scan. You can try to download namp https://nmap.org/download.html, run a port scan using nmap GUI, and compare command line params and results.  Check the system proxy settings. Notice that the proxy settings can be different for the Scan Node Agent service account (local user?) and for a personal user account that is coming from AD. In some scenarios, disabling ARP-ping is required to allow the scan node agent installed in the same subnet to find hosts. To edit an existing discovery scan template (host discovery or port discovery), use the instructions below: Create new discovery scan template. Name it as you wish (eg. "Host Discovery (no ARP ping)") or from the scan mode select "Host discovery" or "port scan". Click Finish and Save. Download the new template by selecting it on the templates list (click on the checkbox). Click "Download scan settings". Edit the downloaded file by adding ' --disable-arp-ping' node within '' (see screenshot). Click "Upload scan settings' on the Radar templates list. Browse for your edited file and click "Upload." Use your new template in discovery scans. If none of the above helped, you should re-install Radar discovery scan node. Article no: 000007245
View full article
With F-Secure Radar, there are a wide range of substantial benefits that help your business curb potential risks to your corporate security. In this...
View full article
F-Secure Radar is a vulnerability management and security scanning solution that gives your business the tools to control and manage the IT security...
View full article
With Radar, there are several different scanning engines that work together to keep you safe.
View full article
During the first part of 2018, we have added several exciting enhancements to F-Secure Radar, which we highlight in this article.
View full article
F-Secure Radar is constantly evolving to help you minimize cyber security threats by giving full visibility into your cyber security attack surface....
View full article
Our license model for F-Secure Radar is simple. The license model offers the following options: Scalable pricing based on the number of devices to...
View full article
As a vulnerability scanning and management solution, F-Secure Radar follows a five-step workflow to secure the system assets in your business network....
View full article
There are two ways of deploying F-Secure Radar into your corporate IT systems. From the Radar Cloud as a SaaS (Software as a Service); or As an...
View full article
Issue: After Radar license renewal, I'm able to access the Radar portal. However, one or more of my scan nodes show up in an expired state and the scan node has a yellow exclamation mark in the list of scan nodes (Settings >> Scan nodes). Also I'm unable to launch any scans using this particular scan node. Resolution: Contact support for further assistance as there might be an issue with your Radar license(s). You can submit a support request from here.  Article no: 000010789
View full article
Issue: When you install a scan node and apply the license file ( sudo dotnet ScanNodeAgent.dll apply-license ), the "Central directory corrupt" error is output. Also, applying the license fails. Resolution: The installation was done as root ( su - root ) ¨which causes problems for the Microsoft dotnet package installation. To fix the issue, do the following: Uninstall the scan node: sudo apt remove --purge fsecure-radar-scan-node-agent Uninstall the dotnet package:  dpkg -r packages-microsoft-prod Reinstall the product. Restart the system. Try the installation again but this time do the installation by using  sudo instead of root ( su - root ). The installation should now finish without errors. For more information on installing Radar scan nodes on Linux systems, see our online help documentation. Article no: 000015921
View full article
Issue: After running internet discovery scan, unable to add host from internet discovery scan result into scan group for F-Secure Radar vulnerability scan Resolution: If you receive the error message "Could not find a scan node in the scan group settings" when trying to add the host to a scan group, go to Vulnerability Scans and check the settings for scan group that you intended to use. Make sure System Scan is enabled and the scan node is assigned to the scan group. Article no: 000014110
View full article
Issue: Where can I order the Radar Scan Node license for my Radar account? During installation of a scan node, a license.fsrl file is required. From where can i download this file?    Resolution: A user with an administrator role or with "manage system" privileges can order a Scan Node license and download the Scan Node Agent installer from Radar Security Center portal. Ordering Scan Node 1. Log in to F-Secure Radar Security Center. 2. Go to Settings and click on the Scan nodes tab. 3. Click on New scan node button. The new scan node wizard will ask for the required information to create a new license and automatically register the new Scan node IDs in the portal. 4. Once you have the Scan node license, click Done. 5. Proceed to download and install the new Scan node. 6. Verify that the scan node can connect to the Radar Security Center. It should take less than 1 minute for the scan node to connect to the Security Center. If it takes longer, see the troubleshooting section. Troubleshooting scan nodes issues https://help.f-secure.com/product.html#business/radar/3.0/en/concept_F6FDEE68ABC547D68EBF7BB0311018A6-3.0-en Below are the default Scan Node limits for paid and trial Radar accounts: 5 Scan Nodes for paid Radar account 1 Scan Node for trial Radar account Contact support if you have reached the Scan Node limit. Article no: 000011510
View full article
Issue: Ping detection fails due to switch redirection using RADAR Discovery Scan. Resolution: We have added a new feature In F-Secure Radar that helps to resolve this issue. You need to modify your discovering scan template to use it. Follow the steps below to configure the top 100 port scan template without scanning or pinging port 80: Create a new discovery scan template: Name the template (eg. "Port Scan (no 80 ping)") For scan mode select Custom port scan TCP range: 7,9,13,21-23,25-26,37,53,79,81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157 UDP range: 7,9,17,19,49,53,67-69,80,88,111,120,123,135-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,631,996-999,1022-1023,1025-1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5000,5060,5353,5632,9200,10000,17185,20031,30718,31337,32768-32769,32771,32815,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201,65024  Click Save Download the new template: Select it on the templates list (click the checkbox) Click Download scan settings Edit downloaded file by adding '-PE -PP -PS443' node within '' (see Top 100 no 80 ping.xml) Upload modified template: Click Upload scan settings on Radar templates list Browse for your edited file and click "Upload" Use your newly created template in Discovery Scans. Note: If you want to skip port 80 pings on other types of scans, the procedure is similar (add correct <AdditionalNmapOptions> in the config). Article no: 000012266
View full article