There is an issue with scan nodes not being able to connect to F-Secure back-end servers. In short, the Last seen and Engine update indicators on https://portal.radar.f-secure.com/mmc/settings/scannodes.aspx show a delay of more than 3-4 minutes.
To troubleshoot the scan node connectivity:
Make sure that the F-Secure Radar Scan Node Agent (legacy name= Karhu.Scan.Daemon) service is running. Check this by using Windows Task Manager or Windows Local Service. Make sure that the Windows credentials used to run the F-Secure Radar Scan Node Agent (Karhu.Scan.Daemon) service are able to log in. While logged in with these Windows credentials, run the following command: C:\Program Files (x86)\F-Secure\RadarScanAgent>FSRadarAgent.exe --test
This runs a connectivity test against our Radar Update server back-end. There should be no visible problems or errors while the previous test executes.
Ensure that using a browser to access the Security Center portal or https://portal.radar.f-secure.com, https://api.radar.f-secure.com and https://updates.radar.f-secure.com works. Also check if there are any changes in the network configuration or if the connection needs a proxy for outbound traffic.
If you need to configure or check the current http-proxy settings, you can open the Radar Scan node - Control Center application. Proxy related settings are visible in the Settings pane and are listed below.
By default, the scan node agent respects operating system proxy settings. On Windows, you can specify a web proxy in Internet Options (Connections -> Lan Settings). However, you have to configure it for the specific user (or service) account. Internet Explorer options are customized for each specific Windows account. Usually, the following procedure works in applying proxy settings to the Radar Scan Node Agent:
identify which user (or service) account Radar Scan Node Agent uses log in to the system using this account configure the Internet Option proxy settings restart the Radar Scan Node Agent Service (net stop "f-secure radar scan node agent", net start "f-secure radar scan node agent")
Verify communication works by looking at the service logs in the Radar scan node root directory C:\Program Files (x86)\F-Secure\RadarScanAgent\logs.
Article no: 000003665
F-Secure Radar Discovery Scan not finding any hosts
General instructions for troubleshooting:
Keep "Process if no PING" option turned on. Create a new Discovery Scan template, port scan mode i.e: for TOP 100 ports and with debug / verbose mode enabled. Attach your newly created DS template to your new discovery scan record and run it. This will tell you much more about the details of the scan execution and can enclose the root cause. Check gateways. In case the scan node server has more than one network interface / IP address, check if the scanner can for some unknown reason choose another gateway. On the "Scanning Performance" drop-down, try choosing "polite" or "sneaky". Don't only ping the given host (i.e. 192.168.99.71) from the scan node. Try to also access some services (f.ex: if there is a www service, try to access it with a web browser from the scan node).
Consider checking what account with what type of permissions you are running. Are your local account permissions the same as the permissions of the service account that Radar scan node is using? If your user account is coming from AD, while Radar has a local user account - does it change anything in your network setup with regards to what you can / can't access over the network?
Radar uses Nmap for port scanning, which is an industry-standard tool. You can see the exact command line parameters in the scan log that Radar uses to run a specific port scan. You can try to download namp https://nmap.org/download.html, run a port scan using nmap GUI, and compare command line params and results. Check the system proxy settings. Notice that the proxy settings can be different for the Scan Node Agent service account (local user?) and for a personal user account that is coming from AD. In some scenarios, disabling ARP-ping is required to allow the scan node agent installed in the same subnet to find hosts. To edit an existing discovery scan template (host discovery or port discovery), use the instructions below:
Create new discovery scan template. Name it as you wish (eg. "Host Discovery (no ARP ping)") or from the scan mode select "Host discovery" or "port scan". Click Finish and Save. Download the new template by selecting it on the templates list (click on the checkbox). Click "Download scan settings". Edit the downloaded file by adding ' --disable-arp-ping' node within '' (see screenshot). Click "Upload scan settings' on the Radar templates list. Browse for your edited file and click "Upload." Use your new template in discovery scans.
If none of the above helped, you should re-install Radar discovery scan node.
Article no: 000007245
After Radar license renewal, I'm able to access the Radar portal. However, one or more of my scan nodes show up in an expired state and the scan node has a yellow exclamation mark in the list of scan nodes (Settings >> Scan nodes). Also I'm unable to launch any scans using this particular scan node.
Contact support for further assistance as there might be an issue with your Radar license(s). You can submit a support request from here.
Article no: 000010789
When you install a scan node and apply the license file ( sudo dotnet ScanNodeAgent.dll apply-license ), the "Central directory corrupt" error is output. Also, applying the license fails.
The installation was done as root ( su - root ) ¨which causes problems for the Microsoft dotnet package installation. To fix the issue, do the following:
Uninstall the scan node: sudo apt remove --purge fsecure-radar-scan-node-agent Uninstall the dotnet package: dpkg -r packages-microsoft-prod Reinstall the product. Restart the system. Try the installation again but this time do the installation by using sudo instead of root ( su - root ).
The installation should now finish without errors. For more information on installing Radar scan nodes on Linux systems, see our online help documentation.
Article no: 000015921
After running internet discovery scan, unable to add host from internet discovery scan result into scan group for F-Secure Radar vulnerability scan
If you receive the error message "Could not find a scan node in the scan group settings" when trying to add the host to a scan group, go to Vulnerability Scans and check the settings for scan group that you intended to use. Make sure System Scan is enabled and the scan node is assigned to the scan group.
Article no: 000014110
Where can I order the Radar Scan Node license for my Radar account? During installation of a scan node, a license.fsrl file is required. From where can i download this file?
A user with an administrator role or with "manage system" privileges can order a Scan Node license and download the Scan Node Agent installer from Radar Security Center portal. Ordering Scan Node 1. Log in to F-Secure Radar Security Center. 2. Go to Settings and click on the Scan nodes tab. 3. Click on New scan node button. The new scan node wizard will ask for the required information to create a new license and automatically register the new Scan node IDs in the portal. 4. Once you have the Scan node license, click Done. 5. Proceed to download and install the new Scan node. 6. Verify that the scan node can connect to the Radar Security Center. It should take less than 1 minute for the scan node to connect to the Security Center. If it takes longer, see the troubleshooting section. Troubleshooting scan nodes issues https://help.f-secure.com/product.html#business/radar/3.0/en/concept_F6FDEE68ABC547D68EBF7BB0311018A6-3.0-en Below are the default Scan Node limits for paid and trial Radar accounts:
5 Scan Nodes for paid Radar account 1 Scan Node for trial Radar account
Contact support if you have reached the Scan Node limit.
Article no: 000011510
Ping detection fails due to switch redirection using RADAR Discovery Scan.
We have added a new feature In F-Secure Radar that helps to resolve this issue. You need to modify your discovering scan template to use it. Follow the steps below to configure the top 100 port scan template without scanning or pinging port 80:
Create a new discovery scan template:
Name the template (eg. "Port Scan (no 80 ping)") For scan mode select Custom port scan TCP range: 7,9,13,21-23,25-26,37,53,79,81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157 UDP range: 7,9,17,19,49,53,67-69,80,88,111,120,123,135-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,631,996-999,1022-1023,1025-1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5000,5060,5353,5632,9200,10000,17185,20031,30718,31337,32768-32769,32771,32815,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201,65024 Click Save
Download the new template:
Select it on the templates list (click the checkbox) Click Download scan settings Edit downloaded file by adding '-PE -PP -PS443' node within '' (see Top 100 no 80 ping.xml)
Upload modified template:
Click Upload scan settings on Radar templates list Browse for your edited file and click "Upload"
Use your newly created template in Discovery Scans.
Note: If you want to skip port 80 pings on other types of scans, the procedure is similar (add correct <AdditionalNmapOptions> in the config).
Article no: 000012266