Business Suite Client Security and Server Security 16.x Changelog

AleksandrG · 2023-09-28T10:27:48+00:00

There was an error rendering this rich post.

AleksandrG

This thread is a changelog for the WithSecure Client Security and Server Security products.

📝 Click here to see the most recent change log and bookmark the discussion to be notified of any updates.

Find more posts tagged with

Changelog

Comments

AleksandrG

WithSecure Client Security 16.01 and WithSecure Server Security 16.01

System requirements

Client Security supports the following operating systems:

Microsoft® Windows 10
Microsoft® Windows 11

Server Security supports the following operating systems:

Microsoft® Windows Server 2016
Microsoft® Windows Server 2019
Microsoft® Windows Server 2022
Microsoft® Windows Server 2025

Note: see Client Security and Server Security user guides for full list of system requirements.

Changes in this release

New features:

Added a warning tray icon if UlCore is not installed due to an ACS issue.
Added removable SCSI drives (UAS) detection to the following features:
- write/execute access control in the Device Control.
- device access rules in Device Control.
- automatic scan of removable drives in Manual scanning settings.
To avoid accidents on misconfigurations Device Control now enables devices back to avoid system devices to be blocked on boot, if attempt to block was not allowed by the operating system.
Added a delay to network information (i.e. IP addresses) upstream to PM - wait for a network configuration to stabilize.

Bug fixes and improvements:

Issue with a lost connection to the Policy Manager after upgrade from 14.xx to 16.xx is now fixed.
Possible issue with a delayed alert is now fixed.
Cancel for scheduled scanning is now also available on hosts with UAC disabled.
The managed client now checks for policies right after the system start.
Issue with the Firefox triggering Tamper protection alerts is now fixed.
IPv6 loopback (::1) for the localhost address is not added into Firewall config anymore.
Policy Manager Datamining directory is now automatically excluded from the Realtime scanning for the better performance.
Support tool result filename is changed from fsdiag.zip to wsdiag.zip.
Always wrap path to fsscan.exe into quotes in the Windows scheduler to avoid possible abuse.
Connectivity Tool improvements:
- proxy and custom endpoint are automatically added if the user forgot to add them and clicked “Next”.
- the option to copy the URL to the clipboard is now added.

Known issues

On Microsoft® Windows 11 and Microsoft® Windows Server 2025 'Scan for malware' shell extension might disappear in certain conditions.

LiselotteP

A new version of the Ultralight Core update, part of the Windows endpoint client has been released on 3rd of July, WithSecure Ultralight Core 2024-06-24_01.

With this release, we are removing the ORSP service (fsulorsp) and corresponding executables (fsorsp.exe / fsorsp64.exe). This should have no affect for customers, but any custom agent monitoring in place might be affected, as this change might break health checks.

Released for GA on 3rd of July 2024.

AleksandrG

WithSecure Client Security 16.00 and WithSecure Server Security 16.00

WithSecure Client Security provides protection for workstations: Microsoft® Windows 10 and 11, all editions excluding ARM.

WithSecure Server Security provides protection for your Microsoft® Windows Server® 2012R2, 2016, 2019, 2022, Microsoft® Small Business Server, Citrix® XenApp, and Windows Terminal servers.

The solution can be licensed and deployed as Standard or Premium. For WithSecure Server Security both per-server or terminal connection basis are applicable.

Products contain following features:

Virus & spyware protection – protects your computer against viruses, trojans, spyware, riskware, rootkits, and other malware.
DeepGuard™ – offers proactive, instant protection against unknown threats. It monitors application behavior and stops potentially harmful activities in real-time.
DataGuard (Premium) – monitors protected folders to prevent untrusted applications from modifying your files.
Web traffic scanning – detects and blocks malicious content in web traffic (HTTP protocol) to provide additional protection against malware.
Firewall – consists of Windows Firewall integration and the network access control.
Application control (Premium) - allows you to restrict virtually any application from starting.
Botnet Blocker – allows the Policy Manager administrator to block Domain Name System (DNS) queries from the host for domains that have a malicious reputation.
Browsing protection – provides additional protection against unsafe web sites.
Web Content Control (Premium) – blocks web sites that contain unsuitable content.
Connection control (Premium) – detects when users access an online banking web site (HTTPS only) or another defined web site that handles sensitive information.
Device control – lets you control and disable hardware devices.
Software Updater (Premium) – keeps your system and applications up to date by automatically installing patches as they are released by vendors.
Offload Scanning Agent – moves malware scanning operations to WithSecure Atlant for Offload Scanning Server.
Rapid Detection & Response – uses lightweight, discreet sensors that collect behavioral data from endpoint devices to identify a wide range of attacks.

What’s new in this version

This section describes the new features, enhancements and most important issues that have been solved since the previous release.

System requirements

Client Security supports the following operating systems:

Microsoft Windows 10
Microsoft Windows 11

Server Security supports the following operating systems:

Microsoft® Windows Server 2016
Microsoft® Windows Server 2019
Microsoft® Windows Server 2022

Note: see Client Security and Server Security user guides for full list of system requirements.

New requirements

Connections to following backends are now required:

guts2.fsapi.com
guts2-old.fsapi.com
corp-reg.fsapi.com
api.doorman.fsapi.com
baseguard.doorman.fsapi.com
a.karma.sc2.fsapi.com
restmc.mind.sc2.fsapi.com

This version introduces new version of the Browser extensions. Chrome and Edge migrate them automatically, while manual action is required for Firefox. Local user will be asked for new plugin activation if “Remind user to activate browser plugin” toggle is checked.

New features and improvements

Ultimate mode – managed clients are now trying to use connected Policy Manager or Policy Manager Proxy for Karma lookups if ‘From browser settings’ for User HTTP proxy policy is defined.
Added an option to configure Web Content Control alerts per category.
Added an option to disable alerts for certain Application control rules.
Added an option to show flyer to warn user if browsing protection is enabled but browser extensions are not installed or not activated.
Added an option to change sample submit URL in browser block pages.
Added an option to include the blocked URLs in all alerts.
Online Safety alerts are added.
Business Suite + EDR installation experience is now improved.
WithSecure Firewall has a new feature to allow certain rules and groups of rules when "disable all rules" option is selected. It's useful if you want, for instance, to disable all rules except Network Discovery.
User specific environment variables are now supported in Firewall.
If Firewall option is unchecked from the installation wizard, even our built-in FW rules should not be added.
Remove unnecessary built-in inbound Firewall rules.
Enriched info for scanning alerts.
Mailbox scanning feature analyzing OST/PST files for infection.
Effective exclusions are not shown to end users and excluded from the scanning report. Option to switch back the former user experience is now added to the Policy Manager.
The whole URL for the malicious/suspicious/harmful links is now included to alerts.
New application control rule is now added on top of the profile (instead of the end).
Improvement in host IP addresses reporting to PM.
Symlinks in product data folders are not created on clean installations.
WMI is extended with RebootStatus class.
Multiple improvements in Connection tool: allow to copy list of all required URLs, added description for SSL errors, allow to install missing certificates.
Tray icon shows now red and yellow statuses in case of protection problems.
Running scheduled scan is possible to cancel now in the event history.
Improved proxy detection - it always uses default system proxy as well when automatic proxy discovery is enabled.
"Reset reputation cache" button is added to settings UI.
The list of possible malware scanning actions for the inserted USB devices has been extended

Limitations

Before upgrading Client Security and Server Security on golden images and snapshots to this version please check that installed version of F-Secure Ultralight Updater update is 2023_05_08_01 or newer.
After the Policy Manager upgrade to version 16.00, automatic Firewall rule for Policy Manager ports created by Server Security 14.10 and newer will stop functioning. You would need to create corresponding Firewall rule manually or upgrade Server Security to version 16.00 and install HF 16.00HF1 to allow external connections to Policy Manager ports.

Installation

It is now required to have Policy Manager server address defined at the Root domain level. It is still possible to override values for subdomains, i.e. Policy Manager host has specific alias for certain location.
It is now impossible to modify Policy Manager Server address in the Remote Installation Wizard. It should be defined in policies instead