Best Of

Hi Vincent

You can set Policy Manager to forward alerts to a third-party syslog server.

Hi Ashok

It's expected behavior and that's how Windows Firewall works.

It allows all connections which we allow in Firewall settings and blocks ones which are blocked in firewall profile. But for unknown inbound ones it may ask for user to decide - that's why users see these dialogs.

To tell which rules exactly are needed, admin can check event log for Windows Firewall or C:\ProgramData\F-Secure\Log\Firewall\Blocks.log - this file logs all blocked connections by windows firewall.

You need to trigger these apps to be blocked and can read which connection was blocked in blocks.log - then can add rule which would allow it.

Note that Windows Firewall configuration will be altered even when the prompt is dismissed by selecting “Cancel”. Two inbound rules for the related application will be created with Block action for both TCP and UDP protocols.

Hi FabioRocha

How many machines are affected ?

Follow the instructions below one at a time and check whether it solves the issue. Move on to the next step if issue is not resolved.

1. Check and ensure that the following services are up and running. Start the services if they are not running. Or perform reset by stopping and restarting the services manually:
   • F-Secure Automatic Update Agent
   • F-Secure Management Agent
   • F-Secure Network Request Broker
   • F-Secure ORSP Client
   • F-Secure WebUI Daemon
   • FSGKHS
2. Download and run the FSAUA reset tool to reset the potentially corrupted definition updates. You can download the tool here: https://download.f-secure.com/support/tools/FSAUA-Reset/fsaua-reset.exe
3. Download and run the fsdbupdate utility to install the definition updates manually. You can find the utility here: https://download.f-secure.com/latest/fsdbupdate9.exe
4. Uninstall the product and then reinstall it using the F-Secure uninstaller tool. You can find the tool here: https://www.f-secure.com/en/business/support/support-tools
5. Check on the IP configuration that your computer uses the correct subnet. For example, if it uses subnet /24 instead of /22, IP 10.X.240.X is not able to join Policy Manager in the 10.X.241.X destination.
6. Reset GUTS2 folder by;
   • Perform step 1 (stop services)
   • Delete guts2 folder at C:\ProgramData\F-secure
   • Start back services
   • Check for updates

Hi all

We have the fix ready, for ESS 12.X on Exchange Server 2013 (and later), where it strips XLS files (not Autorun macro) even with exclusion.

Please let me know if you want the fix

Hi krisvdv

How many clients do you need to uninstall ?

If you need to do a mass-uninstall, you can use the UNINSTALL operation available in the INSTALLATION tab in F-Secure Policy Manager, however make sure the context is correct. Meaning you have the correct sub-domain (with eg. only server hosts) or a particular host selected (when performing the operation) on the left pane.

Once done, distribute the policies. The client will be uninstalled when it receives the policy. A reboot is not performed after uninstallation, however installing a different end-point protection client likely will require a reboot of the host

Hi ITSM

You may need to block it using Hardware ID class. Some USB devices have different classes.

You can limit or block access permissions for removable drives using Device control. Refer to the following link for instructions:

• Limiting access permissions for removable drives
• Blocking device access using predefined rules
• Getting Hardware ID for a device

Note: Device control can only be configured from the Policy Manger or PSB Portal (Profile editor). There is no local configuration user interface.

Hi ITSM

We have determined the root cause. This will be fixed with next release, and should be available within a week or two.

Please check your inbox. I have just messaged you the links for the hotfix