Best Of

Hello jluc,

We would require the diagnostic information from the affected client machine and policy manager to check the scenario. Please provide this information to support, and we will investigate further.

Best regards,

Monika

Hi Everson,

1. There is ”block all other rules” checkbox which allows to disable all other rules and leave only defined ones active.
2. admin can select default action as “block” so only allowed rules will be allowing traffic.
3. admin can define strict allow rule which will allow only “low” ports and don’t allow rest.

Will that be enough?

We are also working on bringing Firewall alerts back to clients, so this will be fixed.

Hi Cetil,

Common causes of this error message are:

- "Base policy file on F-secure Management Server is invalid" appears mostly in situations when admin.pub on the client and on the policy manger are different, and because of that policy coming from PM can't be verified properly.

- Base policy could be corrupted during transit. To rule out this option, change a particular setting on the host using Policy Manager Console, distribute policies. Then change the value back to the previous value or hit the "clear" button to inherit the value from above. This ensure, the host will be generated a new, fresh base-policy.

- Base policy could be corrupted, because the system is running out of disk space. Check available disk-space on the system.

Hi Kmastemaker,

At the moment, Email and Server Security 14.00 is the only client that supports the "Manual Downloads" feature. For Client Security and Server Security, the new version releases are required for this feature to work properly. So, you'll have to wait for Client Security version 14.20 release for this feature.

Regards,

Monika

Hi Ashok,

Application control's exclusion rules give you a way to define the applications that you want to explicitly allow or block. Any applications that match the conditions that you set within the rules are excluded from the default rule for the profile. For example, if the default rule is Allow, you can create rules to specify the applications or locations that you want to block. Another example could be that you want to receive a report of any applications that match the triggering conditions, even though they are still allowed or blocked based on the default rule for the profile.

In Standard view:

1. Select the target domain.
2. Go to the Settings tab
3. Select the Application control
4. Select the profile that you want to edit from the Profile being edited drop-down list.
   Note: You cannot edit the exclusion rules for any profiles that are marked as Predefined.
5. Click Add rule. This opens the exclusion rule wizard.
6. Enter a name and description for the rule.
7. Select the Event and Action for the rule.                                                                                                  For example, if you select Run application as the event and Block as the action, the rule prevents applications from running if they match the conditions for the rule.
8. Click Add condition. You can add multiple conditions to the same rule to get the scope that you want. If multiple conditions are added to the rule, they all need to be true (AND operation) for the exclusion rule to apply.
9. Select the attribute, operator, and value for each condition.                                                                       
   The following table explains the attributes that you can select to match the condition values.

For example, if you want to block Internet Explorer, iexplore.exe is the target and explorer.exe (Windows Explorer) is the parent. 

10. Click OK.
11. Change the order of the rules if necessary.                                                                                                The rules listed for the profile are applied in priority order from the top down.
12. Click the following icon to distribute the policy:

In case you set Application Control setting "Default rule applied to untrusted application" to "Block", Application Control will allow application running from SYSTEM account, and any application that you have allow in the exclusion rule. Any other application will be blocked. Hence, we recommend to change the setting to "Report" to monitor the situation, and slowly creating new Application Control rule(s) to allow the application running in your environment.

By default, we do block batch scripts execution from any Microsoft Office application. In order to override the default rule applied to all applications, installers and scripts, exclusion rules are created to explicitly block or allow a specific access.

Regards,

Monika

Hi krisvdv,

Support for Server Security 11 series has been dropped since June, 2017 and Support for Windows Server 2003 has been dropped since Server Security version 12.x. You are advised to take steps to plan a migration to a more recent (and supported) operating system for the security of your environment.

You need to have a minimum of Windows Server 2008 to install the latest Server Security product.

The older versions of Server Security are not available for download. The latest product can be downloaded from here:

https://www.f-secure.com/en/business/downloads/server-security

Regards,
Monika