Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- F-Secure Community
- :
- About MJ-perComp
About MJ-perComp
since
30-05-2011
Friday
MJ-perComp
Superuser
1051
Posts
239
Kudos
118
Solutions
29-05-2019
11:06 AM
Hi, 1) I received a mail telling me that "an answer posted in a monitored thread has been chosen as soloution". Opening the thread I am unable to see any hint which answer has been chosen. https://community.f-secure.com/t5/Business/Cloning-image/td-p/117370/jump-to/first-unread-message 2) Why does the system store hundrets of IPs I have been using to access the forum? As this is not needed for opertaion please remove that feature for GDPR compliance. 3) RT-Editor still shows text markers in GREY, like they are unselectable. Please fix 4) Header an white space take too much area on the forum. the width is limited and does not fill my 1920x1180 screen. ony 1/4 of the screen is effectivly used for the treadlist. 5) The Forum is still missing a PRINT.CSS that revomes all useless stuff not needed on a printed document. 6) The use om Macros is nowhere explained. What are they used for?
... View more
28-05-2019
04:24 PM
Hi, Either 1a) better use SMBIOSID each virtual machine should have a unique one assigned from the hypervisor or 1b) using WINS-name would allow to keep the history of the VM. You just do not want to use RandomGUID as it would create a new entry in PMS on every restart of the VM (in case you trash it on shutdown) 2) remove the master image from PMS, so that the client is forced to register. 3) check from the request-log what the clone communicated to PMS Sidenote: I personally do not like to trash VMs on shutdown, as it deletes all history and forensic data that is needed in case of an incident or a simple support-problem. Also it takes a lot of additional IO and performance to update that machine after start, the machines are outdated and (worst) sometimes a reboot would be needed to activate the new F-Secure drivers that were just downloaded. M.
... View more
28-05-2019
02:28 PM
See Vad's answer, adding this: moving SRS to Off-premiss will possibly be in conflict with GDPR! But it should be possible to convert an installed machine to an Azure image. BR M.
... View more
28-05-2019
02:22 PM
While I vote against any automated scan (for reasons see this post: https://community.f-secure.com/t5/Business/Launch-Scan-After-Update/m-p/117431#M9207 ): Why does size of the stick matter if you do a full or a quick scan? "If it likely takes too long to finish I would rather not care about security" seems to be a bad advise. and would you also ask to act differently when scaning via USB2 or USB3? What about scanning a Floppy? very small, but way slower than any USB-Stick? I think you know what I am up to....
... View more
28-05-2019
02:13 PM
1 Kudo
Proxy handling in CS has been under review. Not sure if changes already made it to 14.10, still in testing in our lab
... View more
28-05-2019
02:10 PM
Each host has its own policy counter. So if a host is really new and never had a policy before, the counter should be "1" after a fresh autoimport. also the logfile fspms-domain-tree-audit.log contains this <date/time> [audit.domainTree] - User 'fspms' added host ... should be aesy to do a daily grep on that.
... View more
28-05-2019
01:55 PM
1 Kudo
Hi, could you elaborate on why you need that option? Manual scans with a detection rate of 65% on new (today's) malware are a useless waste of performance, energy and time. F-Secure is publishing several updates a day andif you launch a scan on each of them this will lead to F-Secure constantly scanning. After the updates have been taken into use, the gatekeeper is monitoring each fileaccess using those. So when ever the OS touches a file it will be scanned. There is no security problem if the scan only happens right before loading. Even more important, in this moment the other modules like behavioural analysis, sandboxing aso. also get active and cover the remaining 35%. I recommend to NOT do scheduled/automated scans. They only give a false good feeling accompanied by bad feelings for bad performance and CO2-footprint, but add no better security. M.
... View more
24-05-2019
06:17 PM
Client Security with activated "Offload Scanning Agent" is what you want in VDI. ESS is a for a Citrix Terminal Server or Exchange Server. It has the same "role" as Client Security in Windows.
... View more
24-05-2019
05:37 PM
Sorry, but I have no Idea what you are searching for. SRS ist installated as a standalone VM next to all VDIs and Client Security 14+ is installed on the master, being the image for the VDIs. The functionallity is configured via F-Secure Policy. enlist the SRS servers (2 reccommended for failover). and switch the setting on.
... View more
24-05-2019
10:55 AM
1 Kudo
Hi while documentation explains all the steps needed (https://help.f-secure.com/product.html#business/fsvs/latest/en/task_A9D53BA712464958B4D6E683AE28731F-fsvs-latest-en) You have to understand the following: 1) The installation is not agent-less 2) The software installed on the VDI will still receive certain updates. So if your "golden image" becomes old, F-Secure will be somewhat "old". So, if you provide a new image on a daily basis the software will be pretty recent. Still it will download new updates for engines that reside in the Host and are not located on the SRS. 3) The scenario is to start all VDIs from a golden image, but depending on your setup you might trash that VDI in the evening or reuse it until a new image is provided. The first will also delete all previous information on that client including temp files, logs, errors, events just all forensic history that is needed in case of an incident or for debugging. IMHO resetting a VDI on shutdown as a means to have a "clean environment every day" is a bad idea from the start, you then better think about why it gets unclean. Restarting a system with the same vulnerabilities every day, having to patch them after startup (or even leave them unpatched) while also the AV-Software gets reset to the same old egines and modules, creates a dangerous threat vector. Reusing the same VDI on the next day (at least until the image was rebuild) will counter that threat, but also requires a diffenrent setup and more diskspace to store the engine state. 4) SRS is remembering (caching) the hashes it has previously analyzed. If a rebooted client ask an already know hash SRS will quickly return the answer. Usually the Client remembers the answer as well, caching it too, which will speed up the start of the client. After a reset this cache will be clean and the client will need to refetch the information from SRS. Depending on the number of SRSs and the amount of VDIs starting at the same time this might add same additional IO-load. One trick to overcome some of the above problems VDIs can be pre-started. Sowhenever a User logs on, he gets a machine that is "clean" in the means of XEN, but also has updated everything in the background already. Still LOGs, History aso. are gone. Hope this helps. For a more specific recommendation I would rather ask you to query for a consultatnt. We'd be happy to advise you. M.
... View more
18-04-2019
10:31 AM
1 Kudo
That is a generic detection. There is no specific description. If you need one, submit the sample, add your e-mail address and ask for the details. Tell them you are infceted and need them ASAP. Escalating this through your reseller should speed up things.
... View more
18-04-2019
10:26 AM
SWUP is not designed to manage your own development. It will always and only use the updates released by the original vendor. If you have a vendor that still publishes unsigned software this setting (accessable from advanced view) should allow to install those updates but only in manual distribution! You have some options: 1) step on the vendor's toe and stay there until he signs his software. Certificates are avaiable from 79$/p. year. This is NOT state of the art security! 2) kick the vendor and choose a signed software. 3) As this is a rare case you might need to open a case with F-Secure support 4) Manually roll out that updates or use a different tools to do so. Even a GPO should be able to handle that.
... View more
18-04-2019
10:07 AM
"is it blocking legitimate things" is the wrong understanding of the module. It is simply disabling the "feature" to start a powershell script from Office. There is no "good" or "bad" evaluation. IMHO it was a very bad idea to give Office the power to create and launch scripts, and MS has disabled this feature by default since then. Even macros are no longer enabled by default. There are better ways to organize a workflow then to use a Word-document. So, if you think that starting a powershell script from office is a good idea and you want to use it, then "yes, it will be blocking legitimate things"
... View more
18-04-2019
09:53 AM
2 Kudos
@Vad please forward to product management ASAP.
... View more
05-04-2019
02:13 PM
what is "ikey"?
... View more
05-04-2019
01:34 PM
2 Kudos
in your cloned profile add a rule like this: where "10.0.1.0/24" must be replaced by the IPs of the Admin-PCs that shall be allowed to access the remote hosts. Test with "Any remote host" first, then restrict to the helpdesk PCs. HTH Matthias
... View more
05-04-2019
01:25 PM
1 Kudo
Hi, please keep in mind, that SWUP has to fetch the updates from the original vendors (for legal reasons). So to do that SWUP must have access to the Internet. In the Logs you should find the requested URLs check if you are able to DL them manually. BR Matthias
... View more
02-04-2019
01:53 PM
1 Kudo
You are right, "Only Server alerts" is PMS only "Host and server alerts" is PMS and all managed systems. The severity can be chosen from the field below that. Alerts, severity and forwards can not be configured on a per host basis. This should be configured on the Mailer with filters.
... View more
02-04-2019
01:40 PM
Not sure if I understand your question. you can switch the assigned profile by autoselect. So when the Laptop goes online in a remote office a different profile can become active. But usually remote and HQ should be happy with the office profile as outbound traffic is allowed. BR Matthias
... View more
02-04-2019
01:36 PM
Hi, AFAIK you will only get alerts for the APP once and no longer if you created a rule. This is to avoid that a broken script or service that restarts every few seconds would create hundrets of alerts. Keep in mind: F-Secure is not a Monitoring Tool. Neither for User's nor for system's activity. M.
... View more
01-04-2019
02:02 PM
No idea what you are talking about. You are only entiteled to pull updates for a year (or two). This has nothing to do with a Version. As long as you have a valid license you can ask to send you the latest keycodes for V14.
... View more
01-04-2019
01:57 PM
in V14 environments e-mail alerting is ONLY done by PMS. You can select to forward alerts from servers or from servers and hosts.
... View more
29-03-2019
01:39 PM
Re-Installation of a Hotfix should not cause a problem, but it might create a "pending reboot". Check that on one system first.
... View more
28-03-2019
12:18 PM
You wrote you "installed V14.01 in an other Server", so maybe you meant something else. SS14 willbe available shortly and that brings the same windows based firewall. You are right SS12 does not have a F-Secure firewall at all. M.
... View more
27-03-2019
07:07 PM
Hi, this is how it works. There are only global profiles. You can clone a profile. They will not depend on anything nor will they inherit anychanges from the original profile. The visibility of the profiles on subdomain level is irritating as any changes made here are global. Please keep in mind that the number of rules should be kept small. There is no need to define rules for outgoing traffic in a standard office environment (except rare cases for single machines) and there is no need to allow inbound traffic except for some remote machines that have to manage a host via RDP or else. So you create cloned profiles for types of machines on root level and assign these to the different subdomains. To make things easy, combine the most common rules to the first profile, before creating more clones from that. Always think twice if the difference in that clone is really needed in terms of "does it improve the security of this system or would it rather protect a remote system?!" For Servers: DO NOT use the client profiles at all. create new ones and assign these before switching on the firewall. Here it is usefull to only allow THAT inbound traffic that the server shall answer. Finally: CS 14.02 is RTM. 14.01 is buggy and 14.10 is in RC testing already. BR Matthias
... View more
25-03-2019
11:37 PM
https://www.f-secure.com/en/web/business_global/support/support-tools
... View more
25-03-2019
08:01 PM
1 Kudo
1) While build 110-V2 is the latest V13 build, why not go with V14? 2) You might still need some reboots, as many dirvers got replaced. 3) Upgrade from V9 to V13 is not a supported setup. The existing V9 policy might not work with V13. Use UI-Tool to cleanup then do a propper reinstall.
... View more
Visit the Community
Check our Forums or How-to & FAQs for advice or answers
