Best Of
Re: Policy Manager 14.30 - Software Update Manual Download
Hi Kmastemaker,
At the moment, Email and Server Security 14.00 is the only client that supports the "Manual Downloads" feature. For Client Security and Server Security, the new version releases are required for this feature to work properly. So, you'll have to wait for Client Security version 14.20 release for this feature.
Regards,
Monika
MonikaL
Re: Client Security 14 firewall popup dialogs
Hi Ashok,
Application control's exclusion rules give you a way to define the applications that you want to explicitly allow or block. Any applications that match the conditions that you set within the rules are excluded from the default rule for the profile. For example, if the default rule is Allow, you can create rules to specify the applications or locations that you want to block. Another example could be that you want to receive a report of any applications that match the triggering conditions, even though they are still allowed or blocked based on the default rule for the profile.
In Standard view:
- Select the target domain.
- Go to the Settings tab
- Select the Application control
- Select the profile that you want to edit from the Profile being edited drop-down list.
Note: You cannot edit the exclusion rules for any profiles that are marked as Predefined. - Click Add rule. This opens the exclusion rule wizard.
- Enter a name and description for the rule.
- Select the Event and Action for the rule. For example, if you select Run application as the event and Block as the action, the rule prevents applications from running if they match the conditions for the rule.
- Click Add condition. You can add multiple conditions to the same rule to get the scope that you want. If multiple conditions are added to the rule, they all need to be true (AND operation) for the exclusion rule to apply.
- Select the attribute, operator, and value for each condition.
The following table explains the attributes that you can select to match the condition values.
|
Selected attribute |
Description |
|
Target |
Values of the actual application. For example, Target file name is the actual file that you want to block. |
|
Parent |
Values of the process that launches the application. For example, Parent file name is the file that launches the application that you want to block. |
For example, if you want to block Internet Explorer, iexplore.exe is the target and explorer.exe (Windows Explorer) is the parent.
- Click OK.
- Change the order of the rules if necessary. The rules listed for the profile are applied in priority order from the top down.
- Click the following icon to distribute the policy:
In case you set Application Control setting "Default rule applied to untrusted application" to "Block", Application Control will allow application running from SYSTEM account, and any application that you have allow in the exclusion rule. Any other application will be blocked. Hence, we recommend to change the setting to "Report" to monitor the situation, and slowly creating new Application Control rule(s) to allow the application running in your environment.
By default, we do block batch scripts execution from any Microsoft Office application. In order to override the default rule applied to all applications, installers and scripts, exclusion rules are created to explicitly block or allow a specific access.
Regards,
Monika
MonikaL
Re: v11 download?
Hi krisvdv,
Support for Server Security 11 series has been dropped since June, 2017 and Support for Windows Server 2003 has been dropped since Server Security version 12.x. You are advised to take steps to plan a migration to a more recent (and supported) operating system for the security of your environment.
You need to have a minimum of Windows Server 2008 to install the latest Server Security product.
The older versions of Server Security are not available for download. The latest product can be downloaded from here:
https://www.f-secure.com/en/business/downloads/server-security
Regards,
Monika
MonikaL
Re: Changing Subscription key through Command line
Hi sirkdotCS,
The fs_oneclient_logout tool allows you to log out from Computer Protection so that you can re-enter the subscription key to connect a device to the correct company in the management portal.
This command-line tool removes the current subscription from Computer Protection and returns the software to its initial state, before a subscription key was used.
To use the tool:
1. Download the fs_oneclient_logout tool from https://download.sp.f-secure.com/PSB/Utilities/fs_oneclient_logout.exe
2. Open a command prompt with administrator privileges
3. Run the tool in the command prompt
To log out and register to F-Secure PSB Portal automatically, run \fs_oneclient_logout.exe --keycode . Computer Protection will log out and start using the subscription key that you entered immediately.
To remove the current subscription key, run \fs_oneclient_logout.exe --nokeycode. Computer Protect will stop working and asks you to enter a new subscription key manually when you open the main view of the application.
If the tool runs successfully, it returns 0 as the result. In other cases, for example if the network is unavailable or you enter an incorrect subscription key, Computer Protection will stay in the "expired" state and asks you enter the new subscription key manually.
Note: Since PSB Computer Protection installations are portal specific, you can only change the subscription key if both the old and new key belong to the same PSB Portal. This means that if the original installation has been performed with the PSB1 installation file, you cannot enter a subscription key belonging to PSB4.
Regards,
Monika
MonikaL
Re: F-Secure Software Updater using Command line / Software Updater install on Shutdown
Hi Datsspeed,
The Policy Manager 14.40 is expected to be released in Q1 2020.
Regards,
Monika
MonikaL
Re: java.exe CPU on PM server
Hi krisvdv,
If the file size of your FSDIAG file is large, you can upload the file to our FTP site. Make sure that you have a case number before submitting the file. You will receive a case number in the email sent by our customer support.
1. Rename the generated diagnostic file following this format: [Your case number here]_FSDIAG.TAR.GZ or [Your case number here]_fsdiag.7z
2. Right-click the Windows Start icon, and select Open Windows Explorer. A Windows Explorer window opens
3. Type ftp://ftp.f-secure.com/incoming in the address bar, and press Enter
4. Copy the renamed fsdiag file to the window (or drag and drop it there)
5. Reply to the email sent by our customer support to inform us that you have now uploaded the FSDIAG file.
Regards,
Monika
MonikaL