Best Of
Re: How do I block a smartphone on PSB
Hi Carlos2285
To block/disable mobile phone via Device Control from PSB web portal, you need to block the following device classes.
Please add a device access rule as below, and let me know if it works:
Display name: Mobile Phone storage
HardwareID: USB\Class_FF
Access level: Blocked
Repeat this rule with the below mentioned device classes to block all smart phones:
HardwareID: USB\Class_00
HardwareID: USB\Class_08
HardwareID: USB\Class_02
HardwareID: USB\Class_EF
JamesC
Re: Linux Security 64 more documentation?
Hi Donovan,
I hope the below finds you well, but please do let me know if you have further concerns or questions.
- Which service is responsible for what?
- Currently, we have the following services for the Linux Security 64 but it could change at any moment through a routine channel update without a notice or advance warning.
* f-secure-baseguard-accd.service is responsible for receiving access permission requests from the kernel through the fanotify API. It can grant access autonomously, but for malware analysis, it uses f-secure-baseguard-icap.service. * f-secure-baseguard-as.service is a BaseGuard facility for email spam scanning. In LS64, the service is inactive. * f-secure-baseguard-cleanup.service makes sure channel updates don't accumulate on the disk without limit. * f-secure-baseguard-icap.service is the malware analysis service used for realtime, scheduled and manual scanning. * f-secure-baseguard-orspgw.service is a local proxy for F-Secure's Online Reputation Service. It is used by f-secure-baseguard-icap.service. * f-secure-baseguard-update.service monitors F-Secure's GUTS2 service for channel updates and sends notifications to fsbg-updated.service. * f-secure-linuxsecurity-fsicd.service maintains the file integrity checker baseline. * f-secure-linuxsecurity-lspmd.service locally distributes policy settings to LS64 services. * f-secure-linuxsecurity-scand.service manages manual and scheduled scans. * f-secure-linuxsecurity-statusd.service collects status and statistics information from LS64 services and relays them to the policy agent (fsma2) * fsbg-statusd.service collects status and statistics information from BaseGuard services and relays them to the policy agent (fsma2) * fsbg-updated.service schedules the installation of online channel updates. * fsbg.service locally distributes policy settings to BaseGuard services.
- How to invoke manual configuration update?
- All configurations related to Linux Security 64 needs to be done via Policy Manager. Currently, it is not possible to do a manual update etc
- How to check proper functioning of the antivirus?
- The only way to check that the antivirus is functioning properly is by scanning an eicar file. Alternatively, you could also check the status of LS64 services and make sure that they are up and running.
- Eicar test file is not working with full real time scanning on / enable, /opt/f-secure/linuxsecurity/bin/fsanalyze , but EICAR_Test_File_Not_A_Virus is working ok.
- By default, “Files and folders to scan” setting for real time scanning is empty in Policy Manager that customer has to specify which file/directory to be scanned by the real time scanning after the product installation. If they want all files to be scanned, they can consider to add root directory (/) to that setting as below.
- Do we need only to configure "Linux security 64" or is the "Real-time scanning" also involved ?
- You only need to configure “Linux security 64” for this LS64 product as shown on the screenshot above
JamesC
Re: Email and Server security strips XLS files (not Autorun macro) with exclusion
Please check your inbox. I have just messaged you the links for the hotfix
JamesC
Re: DataGuard on network drive
Hi Dussan
My apologies as I misread. What products are your clients using ? If you are using Business Suite - Policy Manager and Client Security, then you do not have to pay attention to the red color, the newly added network path row can be distributed to the client anyway.
This feature is still in Beta. Visual issue on Policy Manager should be addressed in the next release.
JamesC
Re: Email and Server security strips XLS files (not Autorun macro) with exclusion
Hi DaFit
ESS 14 Beta is planned for 14.10.2019, and RTM around second-half of November.
JamesC
Re: Scheduled scans notifications
Hi Laxtlo
We have the setting windows.scheduled_scanning.show_to_user available and will be added as a feature to the next PSB Portal update. I have forwarded your request to the product team.
JamesC
Re: Citrix Virtual Apps server stop responding
Hi JensB
We have developed the fix and will appear in the ulcore channel after standard release procedure, which can take 1-4 weeks.
JamesC
Re: F-Secure Server Security 14.00 can't update in DMZ
Hi Pand
Have you checked your fallback settings ? If issue still persists, moving forward, we will investigate your case which you have submitted.
For standalone new installations, product will need at least 3 hours to download all the Ultralight component and the rest of the updates.
You do not need to restart the machine even reboot prompted, until all updates are installed (3+ hours required).
If you restart earlier, not all updates will be present, and the new up to 3+ hours round will be needed to complete the download after boot. And restart dialog will be shown again in 20 minutes.
Please only restart after all updates are installed (3+ hours required).
It will behave as below:
============================================================
1. First approach downloads ULU handler
2. Second approach downloads ulcore
3. Third approach downloads all the rest UL db updates
4. Each one happen after failover timeout which is 1 hour interval
============================================================
The behavior can be seen from AUA.log
2019-07-18 17:13:46.508 [0a2c.0cc0] I: Connecting to guts2.sp.f-secure.com
2019-07-18 17:13:46.819 [0a2c.0cc0] I: Downloaded 'F-Secure Ultralight Updater Update 2018-09-18_01' - 'ulupdater-win64' version '1537259154'
2019-07-18 17:13:46.819 [0a2c.0cc0] I: Update check completed successfully
2019-07-18 17:13:46.819 [0a2c.0ff0] I: Installation of 'F-Secure Ultralight Updater Update 2018-09-18_01' : Processing
2019-07-18 17:13:47.475 [0a2c.0ff0] I: Installation of 'F-Secure Ultralight Updater Update 2018-09-18_01' : Success
2019-07-18 17:13:48.663 [0a2c.0cc0] I: Connecting to wait.pmp-selector.local
2019-07-18 17:13:48.663 [0a2c.0cc0] I: Update check failed, error=210 (unable to resolve host)
2019-07-18 17:13:48.663 [0a2c.0cc0] I: Connecting to wait.pmp-selector.local
After it downloads the Ultralight handler, it will try to connect back to the Policy Manager Server. In this period, product still not protected since the rest of Ultralight component still not downloaded. It needs to wait another fallback for the 2nd approach and so on.
JamesC
Re: Possible to uninstall Client Security using GPO in unattended mode ?
Hi Rick_Nit
I would suggest to use an administrator credential.
If you use PowerShell:
Use PowerShell to Uninstall Software: https://blogs.technet.microsoft.com/heyscriptingguy/2011/12/14/use-powershell-to-find-and-uninstall-software/
F-Secure Uninstaller Path: "C:\Program Files (x86)\F-Secure\Uninstall\fsuninst.exe"
If you use GPO:
use following commands for a .bat script:
start C:\"program files"\F-Secure\Uninstall\fsuninst.EXE /UninstRegKey:"F-Secure Spam Scanner" -a
start C:\"program files"\F-Secure\Uninstall\fsuninst.EXE /UninstRegKey:"F-Secure Software Updater" -a
start C:\"program files"\F-Secure\Uninstall\fsuninst.EXE /UninstRegKey:"F-Secure E-mail Scanning" -a
start C:\"program files"\F-Secure\Uninstall\fsuninst.EXE /UninstRegKey:"F-Secure Browsing Protection" -a
start C:\"program files"\F-Secure\Uninstall\fsuninst.EXE /UninstRegKey:"F-Secure HIPS" -a
start C:\"program files"\F-Secure\Uninstall\fsuninst.EXE /UninstRegKey:"F-Secure Protocol Scanner" -a
start C:\"program files"\F-Secure\Uninstall\fsuninst.EXE /UninstRegKey:"F-Secure Internet Shield" -a
start C:\"program files"\F-Secure\Uninstall\fsuninst.EXE /UninstRegKey:"F-Secure Anti-Virus" -a
JamesC
Re: Complete Unisntall of Client Security
Hi Vincent
There are two uninstall tools available, and what version of CS are you removing ?
First tool - https://download.f-secure.com/support/tools/uitool/UninstallationTool.exe
Second tool - https://download.sp.f-secure.com/uninstallationtool/FsUninstallationTool.exe
If the first tool not work, we suggest to use the second uninstallation tool, which is the newer one.
New uninstallation tool:
FsUninstallationTool.exe
- Accept licence terms, GUI shown, Prompt for reboot (Consumer default)
FsUninstallationTool.exe --silent
- Completely silent
Old uninstallation tool:
UninstallationTool.exe
- Accept licence terms, GUI shown, Prompt for reboot (Consumer default)
UninstallationTool.exe -a --nogui
- Accept license terms, no GUI displayed, auto-reboot
UninstallationTool.exe -a --nogui --noreboot
- Accept license terms, no GUI displayed, no auto-reboot
UninstallationTool.exe -s -a --nogui
- Completely silent, auto-reboot
UninstallationTool.exe -s -a --nogui --reboot-delay=60
- Completely silent, auto-reboot 60 seconds after execution finishes (with user countdown)
JamesC