[PSB] F-Secure Server Protection (Premium): Main differences compared to PSB Server Security
- Significantly revised scanning architecture using the latest technology from the F-Secure Lab, including native support for 64-bit scanning technology.
- Silent upgrades without the need to reboot the computer allowing regular introduction of new features
- Completely revised update technology, bringing significant reduction in network bandwidth usage.
- Deployment: MSI package available with all the same Remote Installation capabilities than the Computer Protection
- Extensible client architecture, allowing easier integration of new features. For example, the Premium features and Rapid Detection and Response (RDR) can easily be activated.
- Remotely managed Microsoft Firewall: PSB portal display the windows Firewall status and allows to configure specific Firewall profiles.
- Device Control
- To restrict the usage of USB devices, such as a memory stick
- Provide visibility to the USB devices of a server
- Software Update
Server Protection comes with the latest generation of patch management.
- It clearly display the status of the missing software updates.
It never forces reboots on servers.
It continues to install updates even if reboot is requested by one of updates. It means, even if there is no reboot on server, SWUP continues to work and install next updates. In previous version it would just stop and wait for reboot.
There is an option now in profiles to hide all reboot dialogs and notifications on servers (and workstations as well) - it's useful on terminal servers, for instance.
- Scheduled update can be installed next time the computer resume or restart (depending on settings). In previous version, it would wait for next schedule update.
- Ability to ignore certain applications by excluding them from the scan
- Local user interface for viewing and managing Server Updates
- Remote change of subscription key (without re-installation) from PSB portal
- The server automatically take into use the new product associated with the key (e.g. Server Protection Premium). That replaces the ability to change the key from the local UI.
- Profile management is simplified
- Server Protection profiles are under their own tab and not mixed with Computer Protection profiles
- Computer Protection profiles can be copied to Server Protection and vice versa
- It is possible to import of export configurations (e.g. exclusion or firewall settings) from a profile to another as described in Import / export rows to all tables -feature is now available for Computer / Server / Mac Protection profile editors
- Remote quarantine management
- A quarantined file can be allowed or deleted from PSB portal
- Remote isolation is possible from PSB and RDR portals
- The isolation is based on strict firewall profile and block all external connections.
- The administrator can configure a specific isolation profile in order to connect with its remote management tool.
- Active Directory (AD) filtering
- By searching an AD domain in the device list view, only the computers and servers using this domain are displayed. It is possible to view only Server Protection.
- A new category for Active Directory is also available.
- Remote diagnostic file (fsdiag)
- In case of problem with a computer, the PSB administrator can select the server and request a diagnostic file to be uploaded to F-Secure. The administrator should then provide the reference number (available from the device operations tab, or the view fsdiag operation in support page) to F-Secure in a support ticket.
- RMM Support (Remote Management and Monitoring)
- The integration is the same to Computer Protection integration with RMM software as described in our documentation: Using third party RMM tools
- Improved visibility in device details view
- Scan report in portal: If an admin suspect an issue with a Windows Server, it will be able to check the latest scan report (it might be a scan triggered from portal, or scheduled or manual) remotely.
- Active Directory information: Active Directory name, Organizational unit, Domain Components and GUID are visible.
- Domain and Windows name are visible
- Security Parameters: Disk Encryption Status and Password strength are displayed
- Application Control
- Providing fine grain rules to control the applications running on a server.
- Default security rules to block the most common threats providing yet another layer of defense
- Configurable rules to block or allow applications and scripts
- White and black list
- Monitoring mode to evaluate rules before enforcing them
Protecting specific folder to block for example ransomware from modifying them. It allows:
- To define applications that are always given access to modify files and folders protected by DataGuard.
- To define folders on which DataGuard protection is applied.
- Lightweight sensors monitor your endpoint users' behaviour and stream the events to F-Secure cloud in real-time.
- F-Secure's real-time behavioural analytics and Broad Context Detection™ distinguish malicious behaviour patterns and identify real attacks.
- Visualised broad context and descriptive attack information make confirming a detection easy. F-Secure Partner or your own IT team manages the alerts, and there's an option to elevate tough investigations to F-Secure.
- Following a confirmed detection, our solution provides advice and recommendations to guide you through the necessary steps to contain and remediate the threat.
- Citrix: this release starts support for Citrix (excluding the imaging scenarios that require recognizing new license uses as same)
- Terminal Server
- Support for Microsoft Hyper-V and VDI
- Support for Email and Server Protection
- Providing support for Sharepoint and Exchange Server
- Support for Windows Server 2003 and Windows server 2008 original build (but Windows Server 2008 R2 is supported)
- The local web console is removed and replaced by the User Interface (requiring .NET 4.7.2 or later)
- Neighborcast: The bandwith usage is greatly reduced with Server Protection. F-Secure End Point Proxy (with the coming version PMP 14.21) will in addition introduce the ability to cache software updates.
Just to make things clearer, are we talking here about the outgoing version 12.x software and the incoming v14.00 software, for the protection of Windows file servers?
Best Regards: Tamas Feher, Hungary.0
This product is actually for PSB our cloud solution.
This is a separate product from Server Security 14.0 that is used by our on-site solution, even if they share a lot of code.
But thanks for the question I clarified it in the article as well.2