Best Of

Hello Vincent,

Network isolation rules are the firewall rules applied when a managed host gets isolated. It can become isolated either due to Network quarantine feature when certain criteria are not met, or get isolated manually by Policy Manager administrator using Operations > Network isolation > Isolate remote operation. The same isolation rules will be applied in both cases.

Best regards,

Vad

Hi Vad,

This is exactly what we were waiting for...

And it works perfectly...

Thank you. 

There is no client certificate to be distributed.
The server has a self signed certificate.

ClientSecurity "knows" the certificate that is in use, so what you see is only from a browser.
If you prefer you can replace that with a company certificate.
If your Clients are V14 they will automatically switch to https
Port 80 will only be used for Updates.

In V13 we had ruleset with a hirarchical management.
But Admins tend to organize their systems by departments and not by technical needs.
Thus having a special rule on one system in each department was a mess as this rule had to be added to an extra subdomain in that department or to special single hosts in that department. A change to these rules had to be done in various places.

In V14 Profiles we introduced. All profiles ar bound to the root of your tree.
(I have to admit that knowing the old cncept leads to misconfiguration as the profiles are visible in each subdomain, at least until you have understood this new concept.)

So your experience is correct any change to a profile in global. To assign a different setup to a subdomain or host you need a different profile, which is done by cloning an existing one.

As mentioned, these profiles are no longer hirarchical, the clone is independant from it's original.

Now you can add your special rule to the new profile and choose that profile on the subdomain or host.

Any change done to the profile will automatically change the settings for all systemes using tha profile, means only one change for all host with the same technical setup even if they are located in different subdomains/departments.

While I think this concept is better than the old I would have loved to see the profiles still be hirarchical.

Nevertheless I recommend to move away from USB-printes to network printers to be able to close this huge secuity gap. If your special printers do not have a LAN-interface you better buy a LAN2USB-prinserver, which are available on Amazon or eBay starting at 12€. These one-time-expenses will add a lot to your IT-Security!

Matthias

Hi Vincent

There are two uninstall tools available, and what version of CS are you removing ? 

First tool - https://download.f-secure.com/support/tools/uitool/UninstallationTool.exe

Second tool - https://download.sp.f-secure.com/uninstallationtool/FsUninstallationTool.exe

If the first tool not work, we suggest to use the second uninstallation tool, which is the newer one.

New uninstallation tool:
FsUninstallationTool.exe
- Accept licence terms, GUI shown, Prompt for reboot (Consumer default)

FsUninstallationTool.exe --silent
- Completely silent

Old uninstallation tool:
UninstallationTool.exe
- Accept licence terms, GUI shown, Prompt for reboot (Consumer default)

UninstallationTool.exe -a --nogui
- Accept license terms, no GUI displayed, auto-reboot

UninstallationTool.exe -a --nogui --noreboot
- Accept license terms, no GUI displayed, no auto-reboot

UninstallationTool.exe -s -a --nogui
- Completely silent, auto-reboot

UninstallationTool.exe -s -a --nogui --reboot-delay=60
- Completely silent, auto-reboot 60 seconds after execution finishes (with user countdown)