Linux Agent LS64 Changelog (Elements, Business Suite, Standalone)

This changelog provides updates for the WithSecure™ Linux Agent (LS64), used across WithSecure™ Elements, Business Suite, and Standalone environments. It includes the latest improvements, security enhancements, and fixes to ensure reliable protection and performance on Linux-based systems.

Find more posts tagged with

Changelog

Comments

New update for Linux Security 64 has been released (2025-05-20)

New FSBG update (version 1.0.921) has been released. FSBG is a component of Linux Security 64. This update includes the following changes:

LNX-839: Resolved an issue where a failed update could cause the product to become unresponsive.
LNX-857: Addressed a problem where network disruptions could cause hotfix service to fail.
Miscellaneous bug fixes and improvements.

New update for Linux Security 64 has been released (2025-04-28)

New update for Linux Security 64 (version 12.0.503) has been released. See the earlier pilot release announcement for the full list of changes.

New pilot update for Linux Security 64 has been released (2025-04-24)

New pilot update for Linux Security 64 (version 12.0.503) has been released. Pilot updates are an opt-in mechanism for experiencing new Linux Security 64 versions before they get distributed to all users. This update includes the following changes:

LNX-581: Fixed an issue where restarting the system could deactivate the EDR sensor.
LNX-840: Fixed an issue where alerts about unsupported distribution had incorrect timestamps.
LNX-838: Fixed an issue where installations made using --override-distro option were detected as unsupported.
Miscellaneous bug fixes and improvements.

New update for Linux Security 64 has been released (2025-04-03)

New Linux Security 64 update (version 12.0.501) has been released. This update includes the following changes:

Resolved an issue where installing the previous Linux Security 64 update (version 12.0.500) concurrently with the FSBG update (version 1.0.918) could cause the system to become unresponsive.

Here is the second Easter Egg:

Request the badge here: https://community.withsecure.com/badge/egg2

New update for Linux Security 64 has been released (2025-03-31)

New update for Linux Security 64 (version 12.0.500) has been released. See the earlier pilot release announcement for the full list of changes.

New Linux Security 64 update has been released (2025-03-25)

New FSBG update (version 1.0.918) has been released. FSBG is a component of Linux Security 64. This update includes the following changes:

LNX-756: Fixed an issue causing the sensor to reload more frequently than necessary.
Fixed an issue where uninstalling the product occasionally triggered SELinux warnings in the audit log.
Fixed an issue where generating a diagnostic package on RedHat Enterprise Linux 9.5 using Elements Portal led to SELinux warnings in the audit log.
Fixed an issue where the update installation schedule was not adhered to.
Miscellaneous bug fixes and improvements.

New pilot update for Linux Security 64 has been released (2025-03-24)

New pilot update for Linux Security 64 (version 12.0.500) has been released. Pilot updates are an opt-in mechanism for experiencing new Linux Security 64 versions before they get distributed to all users. This update includes the following changes:

LNX-763: Introduced support for Amazon Linux 2023.
LNX-834: Resolved an issue where the elements-migrator utility failed to correctly migrate update settings.
Miscellaneous bug fixes and improvements.

New Linux Security 64 update has been released (2024-12-10)

New Linux Security 64 update (version 12.0.497) has been released. This update includes the following changes:

Miscellaneous bug fixes and improvements.

New Linux Security 64 update has been released (2024-12-04)

New FSBG update (version 1.0.914) has been released. FSBG is a component of Linux Security 64. This update includes the following changes:

LNX-755: Fixed an issue where scanning certain files would cause scanning to fail.

New Linux Security 64 update has been released (2024-12-02)

New FSBG update (version 1.0.913) has been released. FSBG is a component of Linux Security 64. This update includes the following changes:

LNX-692: Improved product's responsiveness in the presence of network connectivity issues. The product now tries to automatically detect if certain backend services are unreachable and temporarily disable their use if they cannot be reached.
LNX-658: Introduced a new hotfix update mechanism to the product. This new hotfix service is used for rapidly delivering critical fixes to the product.
Miscellaneous bug fixes and improvements.

New pinnable Linux Security 64 version is available (2024-10-02)

New pinnable Linux Security 64 version linuxsecurity-2024_2 has been released. Product version pinning enables Linux Security 64 installation to be locked to a specific version of the product. When the product version has been pinned the installation will still receive new engine and definition updates. Linux Security 64 supports product version pinning when managed by Policy Manager.

Each pinnable product version is supported for a year from the release of the subsequent pinnable version.

linuxsecurity-2024_2 contains the following components:

Linux Security 64 version 12.0.493
FSBG version 1.0.909

To learn more about product version pinning, please refer to the Linux Security 64 manual.

Connectivity Requirements for WithSecure Linux Security64

To function correctly, WithSecure Linux Security64 requires access to several online services. The detailed list of these services can be found in the User Guide.

Required Domains

WithSecure Linux Security 64 needs access to the following domains:

a.karma.sc2.fsapi.com
api.disobus.fsapi.com
api.prd.glb.us-prd.fsapi.com
baseguard.doorman.fsapi.com
client-api.public.prod.ew1.cosmos-prd.fsapi.com
download.fsapi.com
guts2.fsapi.com
guts2.sp.f-secure.com
mind-failover.sc2.fsapi.com
poll.push.fsapi.com
registrar.push.fsapi.com
restmc.mind.sc2.fsapi.com
update.sebe.fsapi.com

The domains ending with f-secure.com will not be necessary after January 1st, 2025.

Proxy Configuration

If the WithSecure Linux Security 64 is configured to use an HTTP proxy for internet access, it will utilize this proxy for the above connections.

Offline Mode

In environments where access to these services is restricted, Linux Security 64 can operate in offline mode. To enable offline mode, execute the following command after installing linuxsecurity-2024_2:

/opt/f-secure/fsbg/bin/offline-mode enable

This command disables the product's connections to certain non-essential online services, allowing it to function effectively even with limited network access.

Known Issues

When upgrading from a previous pinnable product version, the lsctl status command might display the product version status as in-progress for several hours. During this time, you may notice several HTTP 404 errors in the update.log file. These errors are harmless, and the product should eventually reach a state where lsctl status reports the product version as fully applied.

New Linux Security 64 update has been released (2024-09-25)

New FSBG update (version 1.0.909) has been released. FSBG is a component of Linux Security 64. This update includes the following changes:

LNX-703: The update will automatically enable offline mode during installation if the system cannot access all necessary backend services.
Miscellaneous bug fixes and improvements.

New Linux Security 64 update has been released (2024-09-16)

New Linux Security 64 update (version 12.0.493) has been released. This update includes the following changes:

LNX-663: Upgraded license configuration on certain Policy Manager managed installations.
Miscellaneous bug fixes and improvements.

New Linux Security 64 update has been released (2024-09-02)

New FSBG (version 1.0.907) update has been released. FSBG is a component of Linux Security 64. This update includes the following changes:

LNX-566: Fixed an issue where the product could cause SELinux warnings to be shown under certain conditions.
LNX-548: Switched the product to use a new online reputation backend service.
LNX-612: Fixed an issue where reinstalling the product could fail due to leftover configuration from the previous installation.
LNX-578: Fixed an issue where the product could cause excessive CPU usage if Policy Manager was unreachable.
LNX-634: Fixed an issue where the product could fail to identify device's IP address and DNS name.
LNX-661: Fixed an issue regarding database version data included into diagnostic packages.
LNX-299: Removed obsolete BaseGuard update service.
LNX-668: Improved support for using the product in environments with limited connectivity.
Miscellaneous bug fixes and improvements.

Connectivity Requirements for WithSecure Linux Security64

To function correctly, WithSecure Linux Security64 requires access to several online services. The detailed list of these services can be found in the User Guide.

Required Domains

WithSecure Linux Security64 needs access to the following domains:

a.karma.sc2.fsapi.com
api.disobus.fsapi.com
api.prd.glb.us-prd.fsapi.com
baseguard.doorman.fsapi.com
client-api.public.prod.ew1.cosmos-prd.fsapi.com
download.fsapi.com
guts2.fsapi.com
guts2.sp.f-secure.com
mind-failover.sc2.fsapi.com
poll.push.fsapi.com
registrar.push.fsapi.com
restmc.mind.sc2.fsapi.com
update.sebe.fsapi.com

The domains ending with f-secure.com will not be necessary after January 1st, 2025.

Proxy Configuration

If the WithSecure Linux Security64 is configured to use an HTTP proxy for internet access, it will utilize this proxy for the above connections.

Offline Mode

In environments where access to these services is restricted, Linux Security64 can operate in offline mode. To enable offline mode, execute the following command:

To enable offline mode, execute the following command:

/opt/f-secure/fsbg/bin/offline-mode enable

This command disables the product's connections to certain non-essential online services, allowing it to function effectively even with limited network access.

New Linux Security 64 update has been released (2024-06-10)

New Linux Security 64 update (version 12.0.492) has been released. This update includes the following changes:

LNX-366: The Linux agent for Elements Endpoint Detection and Response now supports executing Advanced Response actions on endpoints, once the feature is activated in the profile through the Elements Security Center.
LNX-504: Added support for Ubuntu 24.04.
LNX-576: Product activation will now issue a warning if the product is installed using an old installer. Using the latest available installer is always recommended.
LNX-566: Fixed an issue where resetting the security context for /var/opt/f-secure directory would cause SELinux warnings to be shown.
LNX-561: Removed support for TLS 1.0 protocol.
LNX-631: Fixed an issue where certain installations had an invalid license configuration.
Miscellaneous bug fixes and improvements.

Extending the Support for linuxsecurity-2022_5 Pinnable Product Version

We have decided to extend the support period for the pinnable product version "linuxsecurity-2022_5". The new expiry date for this version is 2024-09-30. Previously, we had committed to supporting this pinnable version until the end of June 2024.

New Linux Security 64 update has been released (2024-05-27)

New FSBG update (version 1.0.841) has been released. FSBG is a component of Linux Security 64. This update includes the following changes:

Miscellaneous bug fixes and improvements.

New Linux Security 64 and Elements Agent installers have been released (2024-05-16)

The new product installers released are as follows:

Linux Security 64 Policy Manager installation package version 5.0.10, compatible with Policy Manager Server version 16.0 and above.
WithSecure Elements Agent for Servers.

The updates include the following changes:

Changed the activation to use new update server addresses by default. The new installer may download product content from guts2.fsapi.com and api.prd.glb.us-prd.fsapi.com.
See related announcements for network address changes: https://community.withsecure.com/en/kb/articles/31209-network-addresses-for-withsecure-products
Installer file and package names have been changed. This would affect any automated deployment and uninstall.
Fixed an issue where product activation would fail if Squid proxy version 6.0 or higher was used.
Fixed an issue where invoking activate with --download and --help options would incorrectly mark the product as activated.
Miscellaneous bug fixes and improvements.

Please note that the old installer packages are going to stop working at the end of the year. It is recommended to always use the latest available installer.

If you have already successfully installed the product there is no need to download or install these package. The product installer is only needed for the initial setup process and does not need to be kept up to date afterwards.

New Linux Security 64 update has been released (2024-04-10)

New Linux Security 64 update (version 12.0.489) has been released. This update includes the following changes:

LNX-603: Fixed an issue where update installation would fail due to an issue with pinned certificates.
LNX-600: Fixed an issue where product activation would fail on systems with certain locales.
Miscellaneous bug fixes and improvements.

New Linux Security 64 update has been released (2024-03-18)

New Linux Security 64 update (version 12.0.482) has been released. This update includes the following changes:

LNX-280: This update changes the address of the server that is used for downloading updates. This change does not affect installations that download updates from a local Policy Manager except in situations where the local
Policy Manager cannot be reached.This update also changes the address of the service that is used for downloading metadata about pinned product versions.For installations in environments with restrictive firewall policies, this update might require manual intervention to ensure that the installation can still contact all the necessary services. See https://www.withsecure.com/userguides/product.html#business/linux-security-64/latest/en/concept_A84C5DCA8047449CB3449D114E1CD0DB-latest-en for more information about the addresses that Linux Security 64 installations may contact.
Miscellaneous bug fixes and improvements.

Note for customers using ZIP files to update their installations

This product update includes changes which will affect the procedure to install future malware definition or product updates from ZIP archives. Please continue reading if you are currently making use of ZIP archives to install updates using the offline-update program.

After updating your product installation to the new version, follow these steps to prepare update ZIP archives in the future:

Log on to the endpoint on which you intend to install updates from a ZIP archive.
Run the command
/opt/f-secure/fsbg/bin/withsecure-migrator status
Check the last line of output from the above command.
If the system reports that the command does not exist, or the command reports “not-performed” or “not-ready”, you can prepare a new f-secure-updates.zip archive for updates by using any version of fspm-definitions-update-tool and channels.json files you might already have available, and install the updates as before from the f-secure-updates.zip file using the offline-update program. Before starting to prepare another ZIP archive later, however, return to step 1 of these instructions.
If the command at step 2 reports "migrated", the procedure for installing the updates changes as follows:
1. First, please verify that you are using a recent enough version of fspm-definitions-update-tool for creating update archives.
  - If you are using fspm-definitions-update-tool from a Policy Manager Server 16 installation, you are already at a new enough version.
  - If you are not using Policy Manager 16, or are unsure about the version of fspm-definitions-update-tool, download the latest version of fspm-definitions-update-tool from the product download page, and extract the files to a directory.
    https://www.withsecure.com/en/support/product-support/business-suite/linux-security
2. Second, download the latest version of the channels.json file to use to configure fspm-definitions-update-tool:
  https://download.f-secure.com/corpro/ls64/current/channels.json
  As before, replace the channels.json file under fspm-definitions-update-tool's conf/ subdirectory with the downloaded file, remove the data/ directory if it exists.
3. Run the fspm-definitions-update-tool program. fspm-definitions-update-tool will create a fresh data/ subdirectory with two ZIP archives: f-secure-updates.zip and withsecure-updates.zip. You must now use the withsecure-updates.zip file to install updates on the endpoint using the offline-update program.
  (The f-secure-updates.zip file should no longer be used for installing updates on that endpoint. When run, fspm-definitions-update-tool will however continue to create this file to support packaging updates for endpoints which still need this file.)
4. After installing the product updates for the first time from the withsecure-updates.zip file on an endpoint, it won't be necessary to verify the status of the installation again on that endpoint (step 2); all later product updates can be installed using the withsecure-updates.zip file.

New Linux Security 64 update has been released (2024-03-11)

New FSBG update (version 1.0.834) has been released. FSBG is a component of Linux Security 64. This update includes the following changes:

Miscellaneous bug fixes and improvements.

New Linux Security 64 update has been released (2024-02-20)

New FSBG update (version 1.0.828) has been released. FSBG is a component of Linux Security 64. This update includes the following changes:

LNX-200: The product will require /sys/class/dmi/id/product_uuid file to be in place only when it is being managed by Policy Manager. Previously this file was always required.
LNX-526: Fixed an issue where HTTP proxy was not used for downloading updates from fallback update server in Policy Manager managed mode.
LNX-471: Fixed issues with compatibility with nosetuid file systems.
Miscellaneous bug fixes and improvements.

Extending the Support for linuxsecurity-2022_5 Pinnable Product Version

We have decided to extend the support period for the pinnable product version "linuxsecurity-2022_5". The new expiry date for this version is 2024-06-30. Previously, we had committed to supporting this pinnable version until the end of 2023.

New Linux Security 64 update has been released (2023-10-24)

New Linux Security 64 update (version 12.0.459) has been released. This update includes the following changes:

LNX-377: Added support for Debian 12. Currently Debian 12 support does not cover Linux Protection installations that include RDR functionality.
LNX-414: Upgraded to OpenSSL 3.

New Linux Security 64 update has been released (2023-10-16)

New FSBG update (version 1.0.787) has been released. FSBG is a component of Linux Security 64. This update includes the following changes:

LNX-387: Solved an issue where integrity checker could cause high CPU usage under certain conditions.
LNX-360: Solved an issue where an error about failing to clean up previous channel content could be printed after an update.
LNX-363: Solved an issue where certain updates could fail due to errors about incompatible product-control.
LNX-414: Upgraded to OpenSSL 3
LNX-298: Removed f-secure-baseguard-av service from the product.

New Linux Security 64 update has been released (2023-07-04)

New Linux Security 64 update (version 12.0.445) has been released. This update includes the following changes:

LNX-358: Fixed an issue where uninstallation would not always work if the installation had not finished completely.
LNX-396: Fixed an issue where on certain systems the product could fail to start properly when a certain on-access scanning configuration was used.

New Linux Security 64 update has been released (2023-06-06)

New FSBG update (version 1.0.741) has been released. FSBG is a component of Linux Security 64. This update includes the following changes:

LNX-359: Improved setup robustness.

New Linux Security 64 update has been released (2023-04-27)

New Linux Security 64 (version 1.0.442) update has been released. This update includes the following changes:

LNX-349: Fixed an issue that prevented fresh installations from completing successfully.

New Linux Security 64 update has been released (2023-04-25)

New Linux Security 64 (version 12.0.441) and FSBG (version 1.0.738) updates have been released. FSBG is a component of Linux Security 64. These updates include the following changes:

LNX-278: Fixed an issue where an unreachable proxy could prevent certain product services from starting up.
CSLP-4211: Fixed an issue where certain product updates would ignore update installation schedule.
Added support for Rocky Linux 8 and 9.
Updated OpenSSL.
LNX-174: Fixed an issue where /etc/apt/apt.conf.d/10fsicd-apt-hook configuration file was not uninstalled properly.
CSLP-4043: Fixed an issue with offline updates where updater could attempt to install channels in an incorrect order.
LNX-245: Fixed an issue where offline-update command did not include any help text.
LNX-23: Merged BaseGuard contents into FSBG. Previously some parts product's functionality was distributed as a separate BaseGuard component.
CSLP-3646: Improved error messages in offline-update to indicate that channels cannot be downgraded.
CSLP-4205: Added a new setting to configure (or disable) maximum file size limit for scanned files.
LNX-238: Fixed an issue where fsanalyze command would print archive member names incorrectly.
CSLP-4174: Fixed a possible crash configuration management service.
CSLP-3958: Allowed offline updates to be installed even when automatic updates are enabled.
LNX-211: Fixed an issue where invalid utf-8 could be included to the access log.
LNX-304: Fixed an issue where scanning service could fail under a heavy load.

Quick Links