We now offer the possibility to define some of your endpoints as part of a early access group through the PSB Portal. Administrators can set in Profiles General Settings | Early access to client software (was: Pilot Client) -toggle on, identifying the computers that will receive our product update in advance of the full release. Since launch of this feature last week, we have seen nice numbers of partners opting in a subset of their computers into the early access group.
How We Released Before
With PSB service, we have teams at F-Secure actively developing the endpoint clients to provide best possible security and quality. We have carefully crafted a thougthful yet fast delivery of new features and bug fixes, which means your endpoints have seen more than one release a month. These are delivered without requiring a reboot, mirroring the good practices we have finetuned at F-Secure over decades of delivering protection updates multiple times a day. We have recognized moving fast is necessary to respond to the modern threat landscape.
As a new version with customer-relevant improvements is growing through individually tested changes, we make a decision to release. With each release, we have various quality control steps built against the vision of doing our best to make things better for our users. As we have released a new version, we monitor it. These are all transparent parts of the service.
Our release mechanism has proven to be reliable, and improving. Simultaneously, our monthly active user count has grown. As a release is made available, it has reached all of our customers and updated with a limit we have set on daily numbers. Our administrators have had no control over who gets updated and when.
How We Release Now, with Early Access
The "Early access to client software" option in profile gives more control to Administrators on who gets updated and when.
As part of the service, we still want to deliver your endpoints the latest protection we have available, but allow you to split your users to two categories. The early access group gets our software updates exactly as before. The computers you don't move to early access group get our software with one week delay. Only those of you who do not move to the early access group see a change from how we released before.
Expecting a Fix and Want to Get to New Faster?
We work towards the idea that the reasons for us providing you a release is improved security, functionality and quality. Should you see something in our release contents that you want sooner, we wanted to mention how to make that happen.
In portal, you would (temporarily) move your profile to early access and that gives you a week of head start on the release. This still has download limitation in place, and to get your computers to get the latest you can run the Send Full Status Update remote action or if you want the control with users, use the Check for Updates functionality in the client.
We hope you find the functionality useful, and have some of your computers part of the early access group. We would be happy to discuss this with our user community, and hear your ideas for improvements.
More info - How We Deal with Beta
As emphasized above, this early access is not a beta. It is a full blown release, for your convenience with control over which clients receive it. We have a separate mechanism of dealing what you would consider beta including two approaches: F-Secure computers for the managed model and sharing a public technology preview beta with Safe for feedback from 2000 users continuously.
On behalf of the team developing, maintaining and operating PSB Windows Endpoint clients,
... View more
A new version of the endpoint clients is made available. The release of clients makes available these products to install with an appropriate subscription key:
Computer Protection 19.4 (4.04.824)
Computer Protection Premium 19.4 (4.04.824)
Computer Protection & Rapid Detection and Response 19.4 (4.04.824)
Computer Protection Premium & Rapid Detection and Response 19.4 (4.04.824)
Server Protection 19.4 (4.04.824)
Server Protection Premium 19.4 (4.04.824)
Server Protection Premium & Rapid Detection and Response 19.4 (4.04.824)
The endpoints get automatically upgraded, generally without a reboot.
This release introduces:
Concept of Piloting. As per popular demand, we have introduced a change to the way we release endpoint clients. Administrators can set in Portal General Settings | Pilot Client -toggle on, identifying the computers that will receive our product update in advance of the full release. This allows Pilot computers receive F-Secure software updates several days before everyone else. We are finalizing the details of how many days we set the limit to, with limitation of allowing max one week delaying. For 19.4 release, availability tomorrow starts only for computers marked for the pilot group, and for others the availability starting point moves to next week.
Start of Support for full range of servers (Citrix, Terminal Server). With this release, we start support for Citrix (excluding the imaging scenarios that require recognizing new license uses as same) and Terminal Server. Also note that SWUP on servers no longer times a restart, but we allow servers their usual restart schedule. Enhancing settings on this is scheduled for next release.
Redesigned Endpoint Settings User Interface. We have combined our settings user interfaces under one umbrella and worked to address concerns around finding the settings on the endpoint cients that Administrators set on Portal. For example, the two DataGuard(tm) settings are now grouped together.
Software Updater User Interface. Primarily for convenience for administrators, we have introduced a Software Updater user interface on the endpoint clients. You can find this from Tools view on the endpoint client Main User Interface.
Fixes and Improvements. Improving Software Updater Exclusions, Software Updater Restart, Installation and functionality in Proxied environments, and Events and Event History (with Show All -function).
Should you notice anything worth a mention or question, we always welcome your feedback.
On behalf of the R&D team working on the endpoint Windows clients,
... View more
We are actively helping our customers through our support channels. To transition to F-Secure Computer Protection after the end of life of PSB Workstation Security (31st of March 2019), our customers have to anyway review their migrated profiles and Firewall status. They have have to do it now in any cases as channel upgrades can only be scheduled for the next three weeks. We have centrally migrated the profiles, but we cannot centrally resolve potential conflicts or activate a firewall disabled by GPO.
We are reminding our customers through a pop up to "check firewall settings after Computer Protection migration".
We have also provided instructions about: - How to check the firewall status in F-Secure Computer Protection? - How to handle conflicts in the migration from Workstation Profile to Computer Protection Profiles?
... View more
Tamas,I'm glad we helped you. We have selected .Net as our future development platform across products and introduced it in this release with minimal set of features which use it. Already starting from next release more components will use .Net. This release is definitely the most painful one - for us and for customers. We are gathering statistics and we will know soon how many upgrades fail and for which reason. We expect amount of failures and not supported systems to be below several percent but still - we will see how the rest of clients can be upgraded.
... View more
Hi Mihai, thank you for the more detailed report on what you are experiencing. It would have been really useful if you had run the support tool after these tests and sent us via support the fsdiag file, so we could have analysed this even more thoroughly. Here is some analysis based on the data we can see from here: - First of all the manual scan of a computer is not the most imporant protecting for modern viruses and Computer Protection has lot more new capabilities on other area compared to Workstation Security. - The amount files being scanned is so different just because the set of file extensions we scan is different with default settings. - Speed difference is just some minutes and I think WKS 12 was actually 2 minutes slower in the 1 hour 40 minutes times. If you would have tested the scan times for second time the time for CP should drop a lot, as the first scan caches lot of information on the clean files and optimizes the scan times that way. - On the cleaup of the infection - based on the numbers from both the WKS12 and CP, it looks like most of the infected files are inside archives and we do not cleaup them. We are still wondering why you could not cleanup anything during the scan. It should not have worked like this. - About the upgrade without permissing - are you a partner level user or company level users? With partners who do Security as a Service the partner actually decides when to do the upgrades and how to communicate to their customers. We haven't yet started any forced upgrade due to EOL for WKS 12, but those will start during this month. Again, I'm really sorry for the bad experience with our product. If you could still send the fsdiag support file to our support with the scan results this would help a lot us. Br, Petri
... View more
A new version of the endpoint clients is made available. With the standalone installer and embedded key, you will now get: Rapid Detection and Response 19.2 (4.02.1067) The combination product installer makes available these products to install with an appropriate subscription key: Computer Protection 19.2 (4.02.1067) Computer Protection Premium 19.2 (4.02.1067) Computer Protection & Rapid Detection and Response 19.2 (4.02.1067) Computer Protection Premium & Rapid Detection and Response 19.2 (4.02.1067) What is new with 19.2 standalone? Can be installed on multiple languages using a command line argument, e.g "-l fi" What is new with the 19.2 combination products? New user interface using .NET - first changed is the About box. PSB managed remote F-Secure diagnostics. Admins can now request a diagnostic tool run from the portal to initiate asking permission for it on the endpoint. With permission, the file is made directly available for F-Secure with an identifier the admins can use in their support contacts. First-level properties for WMI. To support RMM tool integration, we added WMI properties and simplified the interface for more straighforward integration. We now support RMM with Kasaya and will add documentation on it to make it more widely accessible. Fixes. Many enhancements on installation scenarios, software updater, browsing protection and remotely managed firewall. Crashes in components that happen silently. Improvements. List of IP addresses for autoswitch rules so that you can define single rule for multiple addresses. WINS support for autoswitch rules. Separate sidegrade package to run in MSI remote installations. NOTE: For this release you will see a need of reboot in a special case. If at time of installing there is an application running that uses .NET that we are upgrading to version 4.7.2, a reboot is needed. This reboot is not asked visibly, but only through the downloads list with the PSB module status "Reboot needed". The version 19.1 will continue to be fully operational while the reboot is pending. Also, a fraction percentage of our installed base will see PSB module status "Will try again". This means that something blocked us from upgrading .NET to version 4.7.2, usually the reason being that the computer is running an older version of e.g. Windows 10 where Microsoft is not supporting this version. In this case, check that .NET 4.7.2 is supported on the Windows version the computer is running and if the status remains, please reach out to us. Also in this case, the version 19.1 will continue to be fully operational.
... View more
We have received a number of queries asking about RMM (Remote Management and Monitoring) support with Computer Protection endpoints.
This community post: - Introduces RMM with Solarwinds and RMM with Kaseya to support new people in getting started with it - Invites partner and user feedback on improving our RMM support
The Foundation for RMM Support
F-Secure Computer Protection endpoint includes a WMI (Windows Management Interface) functionality that exposes a selected set of information in a commonly used format. As a supported interface, it includes a promise for us to keep this interface consistent even when we are changing the internals of the applications. WMI is the core of RMM Support as the interface that provides the necessary information. For RMM support to work, WMI must be turned on. Out of the box, WMI is turned off and administrators need to assign a profile with WMI on for RMM purposes. Where we have built Protection Service for Businesses Portal as optimized for our fleet of security products, RMM solutions offer a more generalized set of remotely managing and monitoring software in large organizations on top of the details F-Secure PSB Portal does. It enables seeing many kinds of software in a concise view, with selected subset of information and functionalities. RMM Support with Solarwinds as an example Scenario 1: Installation of Computer Protection The Solarwinds portal includes a "Push 3rd party software" node. Installing with a command line installer option for silent install, including the licence voucher in the installer name allows for distributing Computer Protection. Scenario 2: Monitoring Windows Devices with Computer Protection There are six stock monitoring services related to F-Secure that are available in the Solarwinds MSP portal and also described in their documentation: https://secure.n-able.com/webhelp/NC_11-0-0_en/Content/Help_20/Services/FSecure/Services_FSecureProtection.htm They display the information extracted from WMI Interface. All this information can be added to dashboards. Ensure WMI is first enabled in PSB Portal.
Scenario 3: Running tasks with Computer Protection The Solarwinds portal allows for running tasks exposed through WMI or AMP (Powershell). Our WMI exposes only one method, Scan Computer. Users of Solarwind are also free to implement Powershell scripts for specific task running and information collection needs. Our solution does not include any of those. Scenario 4: Alerts The "thresholds" for monitored parameters can be configured by standard means of the Solarwinds portal. For example, if the "Real Time Scanning" parameter does not contain the "Turned_On" string, a warning is issued, as seen in the screenshot above. The administrator will then see it on the Active Issues node of the portal. Scenario 5: Reports Simple reports are possible based on monitored metrics.
RMM Support with Kaseya as an example
Scenario 1: Installation of Computer Protection
You can add either a network installer or an offline MSI package to the Kaseya's Software Catalog.
To detect a deployed instance of the software, you can specify the following registry key as a scan item: (for 32-bit Windows) HKEY_LOCAL_MACHINE\SOFTWARE\F-Secure\OneClient (for 64-bit Windows) HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\F-Secure\OneClient
Scenario 2: Monitoring with Monitor Sets
Kaseya allows you to create Monitor Sets for monitoring Windows services and processes. You can add the following F-Secure Computer Protection services to your Monitor Sets:
Scenario 3: Scheduling agent procedures
F-Secure Computer Protection includes the WMI Provider component to enable an integration with various RMM systems.
The documentation on the exposed WMI classes together with some use case examples can be found here.
Alternatively, you can download and import the pre-created set of the agent procedures here.
In case of any failures detected by the agent procedures, the alerts are issued:
The description of each agent procedure can be found here.
Inviting Your Feedback We recognize our RMM support is founded on information we have decided to reveal on the WMI and would welcome your feedback on our choices of what we make available. Are you missing something we don't make available? Are you using something you self-created that other administrators would benefit from if we improved the product? Our idea queue holds these items that we could take forward based on feedback:
On access scanning results are not shown through WMI. We have one manual scanning actions available with WMI and show only results of that specific scan through WMI. Perhaps having a fuller status is more needed that we have given it credit for?
We have only one action available with WMI: running a malware scan. Would other actions be needed? We have thought about WMI primarily as an interface for *monitoring* purposes. Is that a fair assumption with respect to what you need?
We focus on reporting status when the product is running and are more unclear on how things are shown through WMI when an installation of the product is broken. Has this turned out to be something you look for when managing the product with WMI or through a RMM solution?
We know we don't know all of it, and we know we also forget to mention some of the things you have shared with us in our summaries. Take this as an opportunity to specifically provide us feedback on a focus area we want to understand: the RMM support.
On behalf of the R&D team responsible for Computer Protection endpoint development, Maaret
... View more
Hi, we're sorry to hear you're having trouble with Software Updater. We'd like to look into the problem, and have had some cases where the technology our Software Updater is founded on has not worked as expected. Could you raise a case with our support with specifics of your environment (company name & fsdiag from one of computers)? Maaret, Lead Quality Engineer, Computer Protection client
... View more
@etomcat wrote: Hello, I would like to understand if F-Secure DataGuard is compatible with legitimate disk encryption products, either BIOS/self-encrypting SSD level or Microsoft's software or some 3rd party software vendors, like Sophos? Hello, DataGuard should be able to work together with all 3rd party software (even ones providing similar "DataGuard like" protection). And if it's not compatible for some reason - you can always add this software to trusted list and DataGuard will trust it.
... View more
When Computer Protection (Windows) endpoint client is expired, it locks its functionality. To get back to normal mode, you need a subscription. In the PSB managed product, your admin is the person to sort this out for you. They may continue to duration of the subscription key already assigned to you, or give you a new subscription key. When the administrator continues subscription, the client resumes its normal operations automatically. In case of a new key, the expiration dialog allows you to enter in a new subscription key. You can also enter keycode from F-Icon context menu (right-click), choosing Open Common settings, Subscription keys -tab and Add new subscription... -link.
... View more