Business Suite Policy Manager 15.x Changelog

AleksandrG · 2023-11-09T10:34:34+00:00

There was an error rendering this rich post.

This changelog provides updates for WithSecure™ Policy Manager 15.x, the centralized management solution within the Business Suite product line. It includes the latest enhancements, feature updates, and fixes specific to the 15.x version series, supporting efficient policy control, software deployment, and security management across on-premises environments.

Find more posts tagged with

Changelog

Comments

AleksandrG

Policy Manager, Policy Manager Proxy 15.30

Policy Manager differences between the Windows and Linux versions:

Push Installation and Microsoft Windows Installer (MSI) package support features are available only when Policy Manager Console is running on Windows platforms.

New features and improvements

This version is using a custom Java runtime image with unused modules removed to lower the attack surface for vulnerabilities like log4j
Introduced the centralized management for Atlant
Linux products upgrades can be triggered separately from definition updates
New Operating System support
- Windows 11 and Windows Server 2022 support has been added
- Alma Linux and CentOS Stream support has been added
Automatically install all missing updates
- Software Updater can be configured to install all missing patches automatically, including all non-security updates
Added support for SHA256 checksums for Application control rules
Added the dashboard for read-only root administrators
Updated the default included extensions list for manual scanning
Fixed issues
- The issue with monthly scheduled reports that were sent multiple times is now fixed
- The issue with predefined Firewall ICMP network services not getting created properly is now fixed
- The issue with AWS-hosted software updates failing downloads (i.e. Notepad++) is now fixed
- The issue with the Policy Manager not being able to forward some alerts to Syslog in CEF format is now fixed
- Wrong captions for the ESS sender/recipient notifications are now fixed

Known issues

Policy-based repair operations and shifting between Premium and Standard editions are not supported for Client Security 15.x. Use uninstallation and installation operations instead.
Policy Manager and Policy Manager Proxy cannot be installed to directories that contain double-byte characters in the path. This includes national characters in non-ISO-latin character schemes, for example, Japanese and Chinese versions of the supported platforms. We recommend that you use the default installation path.
Issue with "useradd" in Policy Manager debian packages can cause problems if UID/GID spaces are synchronized between several servers. As a workaround, you may create Policy Manager users/groups manually before installation.
The following warnings may appear on rpm upgrades, but you can safely ignore them:
- warning: erase unlink of /opt/f-secure/fspms/lib/xmlgraphics-commons-2.1.jar failed: No such file or directory
- warning: erase unlink of /opt/f-secure/fspms/lib/xml-apis-1.0.b2.jar failed: No such file or directory
- warning: erase unlink of /opt/f-secure/fspms/lib/websocket-servlet-9.3.16.v20170120.jar failed: No such file or directory

Installation

Installation flow remains the same.

System requirements for Policy Manager Server, Policy Manager Proxy, Windows

Two CPU cores 2 GHz or higher, 4GB RAM.

Minimum of 10 GB of free hard disk space. When managing Premium clients, an additional 20 GB is required for software updates.

One of the following 64-bit Windows platforms:

Microsoft Windows Server 2008 R2 with latest SP, editions: Standard, Enterprise, Web Server
Microsoft Windows Server 2012, editions: Essentials, Standard, Datacenter
Microsoft Windows Server 2012 R2, editions: Essentials, Standard, Datacenter
Microsoft Windows Server 2016, editions: Essentials, Standard, Datacenter
Microsoft Windows Server 2019, editions: Essentials, Standard, Datacenter
Microsoft Windows Server 2022, editions: Essentials, Standard, Datacenter

Note: Server Core installation option is not supported.

One of the following browsers:

Google Chrome version 73 and newer
Microsoft Edge version 79 and newer
Mozilla Firefox version 63 and newer

System requirements for Policy Manager Console, Windows

CPU 2 GHz or higher, 2GB RAM.

300 MB of free hard disk space.

One of the following 64-bit Windows platforms:

Microsoft Windows 7 with or without SP1, editions: Professional, Enterprise, Ultimate.
Microsoft Windows 8, all editions
Microsoft Windows 8.1, all editions
Microsoft Windows 10
Microsoft Windows 11
Microsoft Windows Server 2008 R2 with latest SP, editions: Standard, Enterprise, Web Server
Microsoft Windows Server 2012, editions: Essentials, Standard, Datacenter
Microsoft Windows Server 2012 R2, editions: Essentials, Standard, Datacenter
Microsoft Windows Server 2016, editions: Essentials, Standard, Datacenter
Microsoft Windows Server 2019, editions: Essentials, Standard, Datacenter
Microsoft Windows Server 2022, editions: Essentials, Standard, Datacenter

Note: Server Core installation option is not supported.

System requirements for F-Secure Policy Manager Server, Policy Manager Proxy, Linux

Two CPU cores 2 GHz or higher, 4GB RAM.
Minimum of 10 GB of free hard disk space. When managing Premium clients, an additional 20 GB is required for software updates.
If the /tmp folder is mounted as a separate file system, it should have at least 1 GB of free hard disk space.
One of the following 64-bit Linux platforms:
- Red Hat Enterprise Linux 6, 7, 8
- CentOS 7, 8
- Alma Linux 8.5
- CentOS Stream 8
- SuSE Linux Enterprise Server 11, 12, 15
- SuSE Linux Enterprise Desktop 11, 12, 15
- openSUSE Leap 43, 15
- Debian GNU Linux 9 (Stretch)
- Debian GNU Linux 10 (Buster)
- Ubuntu 16.04 (Xenial Xerus)
- Ubuntu 18.04 (Bionic Beaver)
- Ubuntu 20.04 (Focal Fossa)
- Oracle Linux 8

Note: The product may also work on other Linux versions. However, no other Linux version is officially supported.

One of the following browsers:
- Google Chrome version 73 and newer
- Microsoft Edge version 79 and newer
- Mozilla Firefox version 63 and newer

System requirements for F-Secure Policy Manager Console, Linux

AMD64 or Intel 64 CPU, 2 GHz or higher, 2GB RAM.
300 MB of free hard disk space
One of the following 64-bit Linux platforms:
- Red Hat Enterprise Linux 6, 7, 8
- CentOS 7, 8
- Alma Linux 8.5
- CentOS Stream 8
- SuSE Linux Enterprise Server 11, 12, 15
- SuSE Linux Enterprise Desktop 11, 12, 15
- openSUSE Leap 43, 15
- Debian GNU Linux 9 (Stretch)
- Debian GNU Linux 10 (Buster)
- Ubuntu 16.04 (Xenial Xerus)
- Ubuntu 18.04 (Bionic Beaver)
- Ubuntu 20.04 (Focal Fossa)
- Oracle Linux 8

Note: You must have X Windows System installed to run desktop applications.

Note: The product may also work on other Linux versions. However, no other Linux version is officially supported.

AleksandrG

Policy Manager, Policy Manager Proxy 15.21

Policy Manager differences between the Windows and Linux versions:

Push Installation and Microsoft Windows Installer (MSI) package support features are available only when Policy Manager Console is running on Windows platforms.

Changes compared to version 15.20

Added support for the new features in Email and Server Security (ESS) 15.10.
Added the Maintenance tool mode (if started with -resetEventLogs command line parameter) to recreate event logs and to start the Index from scratch.
Added an option to enable and disable network discovery to Centralized management > Internet connections.
Added additional metadata for Tamper protection, Application control and ESS alerts.
Added support for fsanalyze alerts.
Added support for MariaDB versions 10.3 and newer.
Added predefined Network services with port aliases (RPC, RPC-EPMap, etc) to be used for Firewall rules.
GUTS2 downloads over TLS are now possible from the Policy Manager Server having a custom certificate.
Indexing issues related to Software Updater are now fixed.
Updated the channels list for the fspm-definitions-update-tool.
The broken layout of the email alert forwarding dialog is now fixed.

New features and improvements

Revised Device Control
- Added new rules for MTP (Media Transfer Protocol) and PTP (Picture Transfer Protocol) devices
- Added the possibility to configure the per-rule alerting behavior
- Added an option to manage the Device control alerting - you can choose whether to receive alerts for all connection attempts or only for the devices that have not been connected previously
- Added the possibility to allow executable files to run on specified removable storage devices
Introduced the Atlant status and statistics
- The Atlant scanning service now reports the following: its own health status and statistics at 24-hour, weekly, and monthly intervals: the active connections count, the maximum connected hosts, the number of transactions, the transaction average latency, the number of the detected infections, the last infection name, etc. You can check all these statuses using Data mining.
Proxy Service Enabler Backend (SEBE) requests from Linux Security 64 and Atlant
- It is now possible to use the version pinning feature for the Linux product updates (that was introduced in the previous release) without a direct internet access on the Linux host.
Show the current Policy Manager Proxy in use
- Windows clients now report the Policy Manager Proxy address that they are using to reach the Policy Manager Server. You can access the status in Data mining.
Syslog forwarding over TLS
- It is now possible to forward alerts to Syslog using TCP over TLS
GUTS2 downloads over TLS
- It is now possible to fetch virus definitions over TLS
Other changes and improvements:
- You can now configure the update logic for host identity through policies
- You can now configure the period for considering which virus definitions are outdated
- An option was added to exclude a spyware or riskware infection by the infection name
- Dedicated actions now exist on infections for spyware and riskware
- Application control alerts now include more details on the blocked process
- The Rapid Detection and Response Status page now shows the registration time and the connection status change time
- Match list size limits for Microsoft Exchange protection are now increased
- The database backup for Policy Manager now runs in the server's timezone and no longer in UTC
- The host friendly name is now included in the Data mining CSV exports
- Linux products now support the authenticated HTTP proxy
- Platform security data was added to Data mining
- Added the possibility to copy a status table cell as text
Fixed issues
- Japanese characters are now fully supported in Data mining and Web reporting
- The 'last seen' time for users is now updated in the Policy Manager Console
- Fixed an issue that affected the alerts flow in the Policy Manager instances that were running on a MySQL database
- You can now start an operation for multiselection
- Dashboard performance is improved for big domain selections
- Data is no longer missing from the Virus protection status page
- Fixed layout issues in the email alert forwarding for domain dialog
- Improved the layout for printed reports in Web reporting
Policy Manager Proxy improvements
- Fixed an issue that caused timeouts in connections from Policy Manager Proxy to Policy Manager

Known issues

Policy-based repair operations and shifting between Premium and Standard editions are not supported for Client Security 15.x. Use uninstallation and installation operations instead.
Policy Manager and Policy Manager Proxy cannot be installed to directories that contain double-byte characters in the path. This includes national characters in non-ISO-latin character schemes, for example, Japanese and Chinese versions of the supported platforms. We recommend that you use the default installation path.
Issue with "useradd" in Policy Manager debian packages can cause problems if UID/GID spaces are synchronized between several servers. As a workaround, you may create Policy Manager users/groups manually before installation.
The following warnings may appear on rpm upgrades, but you can safely ignore them:
- warning: erase unlink of /opt/f-secure/fspms/lib/xmlgraphics-commons-2.1.jar failed: No such file or directory
- warning: erase unlink of /opt/f-secure/fspms/lib/xml-apis-1.0.b2.jar failed: No such file or directory
- warning: erase unlink of /opt/f-secure/fspms/lib/websocket-servlet-9.3.16.v20170120.jar failed: No such file or directory

Installation

Installation flow and system requirements remain the same.

AleksandrG

Policy Manager, Policy Manager Proxy 15.11

Policy Manager differences between the Windows and Linux versions:

Push Installation and Microsoft Windows Installer (MSI) package support features are available only when Policy Manager Console is running on Windows platforms.

Changes compared to version 15.10

Added support for MySQL 8.0.22
Status monitor Error 12057 is now resolved
Policy Manager Console now supports Windows hosts where the language is set to Norwegian
Corrupt Solr index is now reindexed automatically to avoid startup issues with Policy Manager Server
Possible problem with database migration is now resolved
Missing software update details are now not cleaned in environments using old client versions

New features and improvements

New Software Updater engine support
- Added support for checking missing software updates even in isolated environments for clients using the New Software Updater engine
Alerts filtering
- Added a new feature that allows admins to switch off certain alerts or alert groups sent from Windows clients
Web Reporting and Data mining improvements
- Added explicit configuration of the report time period for scheduled configurations
- Added a 'More than X days ago’ option for timestamp filters
- Added a tooltip for the Web Reporting scheduled reports dialog to Recipients configuration control
- Added domainId information to the API query output
- Custom reports are now localized
- Added default sorting for search results
Linux products updates version pinning
New Host and Domain Status Summary pages
- Note: The Recent alerts section is shown for 14.x clients and newer
Policy Manager now uses a CA certificate to issue its own 1-year certificates to fulfill modern requirements
- This fixes the inability of some CS for Mac clients to connect to Policy Manger
- This provides the possibility to use a custom intermediate CA certificate to build the PM/PMP trusted certificate chain
Added the possibility to specify certificate custom properties for automatically generated certificates
Added the possibility to specify Network type for the Firewall rule scope
Other changes and improvements:
- Added Policy Manager Proxy configuration for Linux products
- The installation status of Email and Server Security Exchange and SharePoint components is shown in the Console
- Improved Email and Server Security scanning report is shown in the Console
- The date stamp for Atlant databases is now shown properly
- Policy Manager host welcome page can be disabled using the additional -DhideWelcomePage=true Java argument, which may be useful security-wise when the product is installed in a DMZ, for example
Support for weak cipher suites for TLS protocol
- Due to the number of issues where MS Schannel continues using obsolete cipher suites and TLS protocols even on latest OS versions, Policy Manager support for weak cipher suites is re-enabled. You can disable it with -DenableVistaInteroperability=false added to additional_java_args (check the following KB for more info: https://community.withsecure.com/en/kb/articles/5631-policy-manager-advanced-configuration-settings ).
Policy Manager Proxy improvements
- Added the possibility to specify certificate custom properties for automatically generated certificates
- Policy Manager Proxy host welcome page can be disabled using the additional -DhideWelcomePage=true Java argument, which can be useful security-wise when the product is installed in a DMZ, for example

Known issues

Policy-based repair operations and shifting between Premium and Standard editions are not supported for Client Security 15.x. Use uninstallation and installation operations instead.
Policy Manager and Policy Manager Proxy cannot be installed to directories that contain double-byte characters in the path. This includes national characters in non-ISO-latin character schemes, for example, Japanese and Chinese versions of the supported platforms. We recommend that you use the default installation path.
Issue with "useradd" in Policy Manager debian packages can cause problems if UID/GID spaces are synchronized between several servers. As a workaround, you may create Policy Manager users/groups manually before installation.
The following warnings may appear on rpm upgrades, but you can safely ignore them:
- warning: erase unlink of /opt/f-secure/fspms/lib/xmlgraphics-commons-2.1.jar failed: No such file or directory
- warning: erase unlink of /opt/f-secure/fspms/lib/xml-apis-1.0.b2.jar failed: No such file or directory
- warning: erase unlink of /opt/f-secure/fspms/lib/websocket-servlet-9.3.16.v20170120.jar failed: No such file or directory

Installation

Installation flow and system requirements remain the same.

AleksandrG

Frequently asked questions (Linux)

1) Where are the log files, configuration files and communication directory located in the Linux version?

Files Location

The Policy Manager Server database files are located at:

/var/opt/f-secure/fspms/data/h2db

Enter the following commands as a normal user to list all files and their location:

Red Hat, SuSE:

# rpm -ql f-secure-<component-name>

Debian, Ubuntu:

# dpkg -L f-secure-<component-name>

Log Files

Policy Manager Console:

/opt/f-secure/fspmc/lib/Administrator.error.log

Policy Manager Server:

/var/opt/f-secure/fspms/logs

/var/opt/f-secure/fsaus/log

Configuration Files

Policy Manager Console:

/opt/f-secure/fspmc/lib/Administrator.properties

Policy Manager Server:

/etc/opt/f-secure/fspms/fspms.conf

/var/opt/f-secure/fspms/data/fspms.db.config

/var/opt/f-secure/fspms/data/fspms.proxy.config

2) Why are the files located in unusual places?

All Policy Manager files have their own location that is based on the File Hierarchy Standard (FHS). For more information on FHS, see http://www.pathname.com/fhs/.

3) Why does Policy Manager Server not start?

Make sure that you have run the configuration script:

# /opt/f-secure/fspms/bin/fspms-config

Make sure that the ports which have been configured for Policy Manager Server are active by logging in as the root user and running the 'netstat -lnpt' command.

4) How can I start, stop, restart, or check the status of Policy Manager components?

Policy Manager Server:

# /etc/init.d/fspms {start|stop|restart|status}

5) How can I specify a HTTP Proxy?

You should edit /var/opt/f-secure/fspms/data/fspms.proxy.config configuration file.

Restart Policy Manager Server to take the new settings into use.

6) How can I change the default ports (80 and 8080) of Policy Manager Server?

Configure these ports with the configuration script:

# /opt/f-secure/fspms/bin/fspms-config

7) How can I change the default port (8081) of Web Reporting?

Configure the Web Reporting port with the configuration script:

# /opt/f-secure/fspms/bin/fspms-config

8) Is there any diagnostic tool I can use?

Yes, use 'fsdiag' to collect information about your system and related packages. Enter the following command as the root user:

# /opt/f-secure/fspms/bin/fsdiag

All collocted information is stored in the 'fsdiag.tar.gz' archive that is located in the current directory.

9) How can I install software to remote hosts from Policy Manager Console on Linux?

Export installation packages to JAR files and use ilaunchr.exe tool to install software to hosts, for example by using logon scripts. Follow the process that is described in the manual (section 3.4.3 "Local Installation and Updates with Pre-Configured Packages").

The ilaunchr.exe tool is in the '/opt/f-secure/fspmc/bin' directory.

10) How can I configure Policy Manager for large environments?

Increase 'Host polling interval' value to 30-60 minutes in Policy Manager Console.
Use Policy Manager Proxy to minimize the database update load on Policy Manager Server.

AleksandrG

Installation on Linux

System requirements for Policy Manager Server, Policy Manager Proxy

Two CPU cores 2 GHz or higher, 4GB RAM.
Minimum of 10 GB of free hard disk space. When managing Premium clients, an additional 20 GB is needed for serving software updates.
If the /tmp folder is mounted as a separate file system, it should have at least 1 GB of free hard disk space.
One of the following Linux platforms:
- Red Hat Enterprise Linux 6, 7, 8
- CentOS 7, 8
- SuSE Linux Enterprise Server 11, 12, 15
- SuSE Linux Enterprise Desktop 11, 12, 15
- openSUSE Leap 43, 15
- Debian GNU Linux 9 (Stretch)
- Debian GNU Linux 10 (Buster)
- Ubuntu 16.04 (Xenial Xerus)
- Ubuntu 18.04 (Bionic Beaver)
- Ubuntu 20.04 (Focal Fossa)
- Oracle Linux 8

Note: The product may also work on other Linux versions. However, no other Linux version is officially supported.

One of the following browsers:
- Google Chrome version 73 and newer
- Microsoft Edge version 79 and newer
- Mozilla Firefox version 63 and newer

System requirements for Policy Manager Console

CPU 2 GHz or higher, 2GB RAM.
300 MB of free hard disk space
One of the following Linux platforms:
- Red Hat Enterprise Linux 6, 7, 8
- CentOS 7, 8
- SuSE Linux Enterprise Server 11, 12, 15
- SuSE Linux Enterprise Desktop 11, 12, 15
- openSUSE Leap 43, 15
- Debian GNU Linux 9 (Stretch)
- Debian GNU Linux 10 (Buster)
- Ubuntu 16.04 (Xenial Xerus)
- Ubuntu 18.04 (Bionic Beaver)
- Ubuntu 20.04 (Focal Fossa)
- Oracle Linux 8

Note: You must have X Windows System installed to run desktop applications.

Note: The product may also work on other Linux versions. However, no other Linux version is officially supported.

Installation and start-up

Server

Red Hat, CentOS, SuSE, Oracle Linux

Enter the following commands as the root user:

# rpm -i fspms-15.00.<build_number>-1.x86_64.rpm
# /opt/f-secure/fspms/bin/fspms-config

Note: Policy Manager Server requires Linux capabilities and the 32-bit version of the libstdc++ library. Make sure these packages are installed before installing Policy Manager Server. SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 administrators might need to explicitly enable Linux File System Capabilities by adding 'file_caps=1' as a kernel boot option (see SUSE Linux Enterprise Server 11 release notes for more details: https://www.suse.com/releasenotes/x86_64/SUSE-SLES/11-SP4).

Debian, Ubuntu

Enter the following commands as the root user:

# dpkg -i fspms_15.00.<build_number>_amd64.deb
# /opt/f-secure/fspms/bin/fspms-config

Note: Policy Manager Server requires Linux capabilities and the 32-bit version of the libstdc++ library. Make sure these packages are installed before installing Policy Manager Server. Use Multiarch capabilities (https://wiki.debian.org/Multiarch/HOWTO) to install the 32-bit library onto a 64-bit platform.

You can check the server components' status by entering following commands as a normal user:

# /etc/init.d/fspms status

Console

Red Hat, CentOS, SuSE, Oracle Linux

Enter the following command as the root user:

# rpm -i fspmc-15.00.<build_number>-1.x86_64.rpm

Debian, Ubuntu

Enter the following command as the root user:

# dpkg -i fspmc_15.00.<build_number>_amd64.deb

Policy Manager Console installs to /opt/f-secure/fspmc/ directory. A new "fspmc" user group is created automatically.

After the installation, add users to the "fspmc" user group to provide permissions to use Policy Manager Console. Enter the following command as the root user:

# /usr/sbin/usermod -aG fspmc <user id>

Enter the following command to list all current groups the user is a member:

# groups <user id>

After you have added users to the group, click the Policy Manager Console item in F-Secure group in programs menu to start it.

You can also start Policy Manager Console from the command line by entering:

# sg fspmc -c /opt/f-secure/fspmc/fspmc

Upgrade

Create a full backup of Policy Manager data (h2db, preferences etc). Consult Policy Manager Administrator's Guide, "Backing Up & Restoring Policy Manager Console Data" section for instructions on how to create a full backup.
To upgrade Policy Manager components, follow the instructions in the following sections.

Note: You should uninstall Automatic Update Agent manually if it is not needed for any other F-Secure products on the same machine.

Red Hat, CentOS, SuSE, Oracle Linux

Enter the following commands as the root user:

# rpm -U fspms-15.00.<build_number>-1.x86_64.rpm

# rpm -U fspmc-15.00.<build_number>-1.x86_64.rpm

Note: Policy Manager Server requires Linux capabilities. Make sure this packages is installed before installing Policy Manager Server. SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 administrators might need to explicitly enable Linux File System Capabilities by adding 'file_caps=1' as a kernel boot option (see SUSE Linux Enterprise Server 11 release notes for more details: https://www.suse.com/releasenotes/x86_64/SUSE-SLES/11-SP4).

Debian, Ubuntu

Enter the following commands as the root user:

# dpkg -i fspms_15.00.<build_number>_amd64.deb

# dpkg -i fspmc_15.00.<build_number>_amd64.deb

Note : Policy Manager Server requires Linux capabilities. Make sure this package is installed before installing Policy Manager Server.

Uninstallation

Red Hat, CentOS, SuSE, Oracle Linux

To uninstall Policy Manager components, enter the following commands as the root user:

# rpm -e f-secure-policy-manager-server

# rpm -e f-secure-policy-manager-console

Debian, Ubuntu

To uninstall Policy Manager components, enter the following commands as the root user:

# dpkg -r f-secure-policy-manager-server

# dpkg -r f-secure-policy-manager-console

Note: To prevent accidentally deleting potentially irreproducible data created by Policy Manager components - log files, MIB files, domain tree, policies, configuration files and preferences - the uninstallation does not remove the following directories. Remove these directories manually to completely remove the software by entering the following commands as the root user:

# rm -rf /var/opt/f-secure/fspms

# rm -rf /var/opt/f-secure/fsaus

# rm -rf /etc/opt/f-secure/fspms

# rm -rf /etc/opt/f-secure/fsaus

# rm -rf /opt/f-secure/fspmc

IMPORTANT: Make sure that you do not destroy keys that you may need in the future.

AleksandrG

Installation on Windows

System requirements for Policy Manager Server, Policy Manager Proxy

Two CPU cores 2 GHz or higher, 4GB RAM.

Minimum of 10 GB of free hard disk space. When managing Premium clients, an additional 20 GB is needed for serving software updates.

One of the following 64-bit Windows platforms:

Microsoft Windows Server 2008 R2 with latest SP, editions: Standard, Enterprise, Web Server
Microsoft Windows Server 2012, editions: Essentials, Standard, Datacenter
Microsoft Windows Server 2012 R2, editions: Essentials, Standard, Datacenter
Microsoft Windows Server 2016, editions: Essentials, Standard, Datacenter
Microsoft Windows Server 2019, editions: Essentials, Standard, Datacenter

Note: Server Core installation option is not supported.

One of the following browsers:

Google Chrome version 73 and newer
Microsoft Edge version 79 and newer
Mozilla Firefox version 63 and newer

System requirements for Policy Manager Console

CPU 2 GHz or higher, 2GB RAM.

300 MB of free hard disk space.

One of the following 64-bit Windows platforms:

Microsoft Windows 7 with or without SP1, editions: Professional, Enterprise, Ultimate.
Microsoft Windows 8, all editions
Microsoft Windows 8.1, all editions
Microsoft Windows 10
Microsoft Windows Server 2008 R2 with latest SP, editions: Standard, Enterprise, Web Server
Microsoft Windows Server 2012, editions: Essentials, Standard, Datacenter
Microsoft Windows Server 2012 R2, editions: Essentials, Standard, Datacenter
Microsoft Windows Server 2016, editions: Essentials, Standard, Datacenter
Microsoft Windows Server 2019, editions: Essentials, Standard, Datacenter

Note: Server Core installation option is not supported.

Installation

The following single computer installation is the quickest way to set up a Policy Manager environment. Consult the Client Security Administrator’s Guide or Policy Manager Administrator’s Guide for the full step-by-step instructions.

Install all Policy Manager components on the same computer.

Note: If you install Policy Manager Server on a computer that has Windows Firewall turned on, open the necessary ports in the firewall.

Run Policy Manager Console from the Start menu and log in with the password that you created for the ‘admin’ user during installation.

When Policy Manager Console opens, you need to define the policy domain structure. You can create policy domains based on your company structure or products that you want to manage. Select the domain pane and choose New Domain from the Edit menu.

To add hosts to the policy domain tree:

Install Client Security to hosts and choose Import New Hosts from the Edit menu to import the hosts into the domain,
Choose Autodiscover Windows Hosts from the Edit menu to browse the Windows domain and to install Client Security to the selected hosts, or
Choose New Host from the Edit menu. Note that this is mainly for testing Policy Manager Console. If you have no actual hosts, the status information, alerts, and reports are not available.

Choose Distribute from the File menu to generate policy files and to register the hosts with Policy Manager.

Upgrade

Note: Before starting the upgrade, close Policy Manager Console and make sure that javaw.exe is not started in any other Windows sessions. If the following error appears: "Error: could not create the Java Virtual Machine. Error: A fatal exception has occurred. Program will exit.", uninstall the product and install it again. This issue does not affect your existing data.

To upgrade from a previous version of Policy Manager:

Create a full backup of Policy Manager data (h2db, preferences, and other files). Consult Policy Manager Administrator’s Guide, "Backing up & restoring Policy Manager data" section for instructions on how to create a full backup.

Run the Policy Manager setup on a computer that has Policy Manager components installed.

Policy Manager setup recommends that you upgrade the components that are installed on the computer. Continue with the default options to upgrade the installed components while keeping the existing configuration.

Uninstallation

To uninstall Policy Manager Server, follow these instructions:

Use Add/Remove Programs in the Windows Control Panel to Uninstall Policy Manager Server.

The Policy Manager Server database is not removed automatically. Remove it manually.

To uninstall Policy Manager Console, follow these instructions:

Use Add/Remove Programs in the Windows Control panel to uninstall Policy Manager Console.

Policy Manager Console preferences, log files and some other files are not removed automatically. Remove them manually.

AleksandrG

Policy Manager, Policy Manager Proxy 15.01

Policy Manager differences between the Windows and Linux versions:

Push Installation and Microsoft Windows Installer (MSI) package support features are available only when Policy Manager Console is running on Windows platforms.

Fixed issues compared to version 15.00

Upgrading Policy Manager or Policy Manager Proxy with locked files potentially caused Java Runtime to break. Restarting the system now properly fixes such situations.
Server-generated PDFs for custom reports in the new Web Reporting now contains the full set of columns
The limitation to 500 rows for the host properties report in the new Web Reporting has now been removed
Some Windows regional settings (for example with Latvian) might have caused the Policy Manager Console to crash
The Policy Manager Proxy's fspmp-enroll-tls-certificate tool does not show warnings anymore

New features and improvements

Data mining view
- The data mining view is an assistant for administrators to search and browse the data to resolve issues, verify concerns, and create queries for custom reports, and to export data to react in a timely and smart fashion.
- Data mining works with four data set types: hosts, alerts, software updates, and deleted hosts. A full-text search is available in addition to property filters that search through all relevant item properties. One search query can work with multiple related data sets.
- Search queries can be saved for subsequent reuse in Console and can be used for custom reports and data export with REST API.
- For more details, see 'Policy Manager's data mining feature explained' Knowledge Base article: .
New Web Reporting
- Policy Manager introduces the new Web Reporting with a wider range of reports and features.
- Besides the revised set of reports, the new version improvements include more flexible scheduler options and all scheduled configurations can be seen in one view.
- The new Web Reporting adds support for creating custom reports. Custom reporting is built on top of the search queries. Currently, all published queries become available as custom reports with table representations.
- Both the new and the old Web Reporting are running in parallel. The new Web Reporting is opened on the default Web Reporting port (8081), while port 8085 is used for the old version. The automatic migration of the scheduled report configurations is not available.
REST API for fetching the data
- Business Suite can be integrated with a monitoring and reporting ecosystem using Policy Manager REST API that serves data.
- Search queries are used as a basis for data fetching. A saved query has to be published so that it is accessible over the API. Copy the URLs from the Console > Data mining > My queries dialog. Search query results are served in JSON and CSV formats.
Support for Client Security 15
- Support for Policy Manager Proxy auto-selection rules to configure the location-aware selection of proxies.
- Added the Windows > Real-time scanning > General > Enable Antimalware Scan Interface (AMSI) setting to configure integration with the AMSI interface.
- Added the Windows > Real-time scanning > DeepGuard > Block rare and suspicious files setting to configure DeepGuard prevalence-based rules.
- Added the Windows > Centralized management > Local user interface > Enable local user interface setting to define whether the F-Secure tray icon is shown to the end-users.
- Added the Windows > Software Updater > General > Show Software Updater options to users setting to allow software updates be managed with the local user interface.
- Added the Windows > Centralized management > Bypassing product security > Enable Tamper protection setting to configure endpoint protection against unusual interruptions.
- Support for Browsing Protection alerts being triggered when malicious or suspicious sites are blocked.
- Support for various firewall improvements:
  - Added the Windows > Firewall > Enable firewall configuration through Policy Manager setting to improve compatibility with environments using Microsoft or other tools for firewall management.
  - Firewall block rules support a configurable option to send alerts when the rule is triggered.
  - Added support to define the rule's scope with Windows application package IDs.
  - Policy Manager administrators can hide certain profiles from end-users using the Windows > Firewall > Changing profiles > Hide profiles from user editor.
Support for Atlant for Virtual Environments
- Introduced the new Virtual security tab that contains the configuration policies for Offload Scanning Agent and Atlant for Virtual Environments, which supersedes Scanning and Reputation Server.
Other changes and improvements
- Resolved an issue in Policy Manager Console where Firewall and Browsing protection features were shown as active even for hosts with these features deselected during installation.
- The time limit for outdated virus definitions is now configurable as the Policy Manager Server parameter on the Tools > Server configuration > Anti-virus page and applied accordingly in the Policy Manager Console user interface. This also affects the virus definition alerts sent by Policy Manager itself as well as managed Policy Manager Proxies.
- Infection alerts from 14.x and 15.x series endpoints that are forwarded to SIEM and Syslog include infected objects, infection names, and action on infection as CEF and LEEF parameters.
- Better maintenance of Software Updater cache to promptly invalidate cached software updates that are updated on vendor sites.
- Support for the new signature-based criteria for Application control rules.
- Policy Manager Console is now properly rendered on DPI monitors.
- Scanning reports now show a reason if scanning an object was skipped due to password-protected archives.
- Automatic backup now includes various audit log files needed to build the search index.
- Dropped support for weak cipher suites for TLS protocol. This may result in connectivity issues with outdated Windows hosts that are missing e.g. KB3042058 updates from May 2015.
Policy Manager Proxy improvements
- The time limit used by Policy Manager Proxy to issue outdated virus definition alerts is configurable from Policy Manager Server on the Tools > Server configuration > Anti-virus page.
- Better maintenance of Software Updater cache to promptly invalidate cached software updates that are updated on vendor sites.

Known issues

Policy-based repair operations and shifting between Premium and Standard editions are not supported for Client Security 15.x. Use uninstallation and installation operations instead.
Policy Manager and Policy Manager Proxy cannot be installed to directories that contain double-byte characters in the path. This includes national characters in non-ISO-latin character schemes, for example, Japanese and Chinese versions of the supported platforms. We recommend that you use the default installation path.
Issue with "useradd" in Policy Manager debian packages can cause problems if UID/GID spaces are synchronized between several servers. As a workaround, you may create Policy Manager users/groups manually before installation.
The following warnings may appear on rpm upgrades, but you can safely ignore them:
- warning: erase unlink of /opt/f-secure/fspms/lib/xmlgraphics-commons-2.1.jar failed: No such file or directory
- warning: erase unlink of /opt/f-secure/fspms/lib/xml-apis-1.0.b2.jar failed: No such file or directory
- warning: erase unlink of /opt/f-secure/fspms/lib/websocket-servlet-9.3.16.v20170120.jar failed: No such file or directory

AleksandrG

E. DISTRIBUTION BY PUBLISHERS. This section pertains to your distribution of the JavaTM SE Development Kit Software (“JDK”) with your printed book or magazine (as those terms are commonly used in the industry) relating to Java technology ("Publication"). Subject to and conditioned upon your compliance with the restrictions and obligations contained in the Agreement, Oracle hereby grants to you a non-exclusive, nontransferable limited right to reproduce complete and unmodified copies of the JDK on electronic media (the "Media") for the sole purpose of inclusion and distribution with your Publication(s), subject to the following terms: (i) You may not distribute the JDK on a stand-alone basis; it must be distributed with your Publication(s); (ii) You are responsible for downloading the JDK from the applicable Oracle web site; (iii) You must refer to the JDK as JavaTM SE Development Kit; (iv) The JDK must be reproduced in its entirety and without any modification whatsoever (including with respect to all proprietary notices) and distributed with your Publication subject to a license agreement that is a complete, unmodified reproduction of this Agreement; (v) The Media label shall include the following information: “Copyright [YEAR], Oracle America, Inc. All rights reserved. Use is subject to license terms. ORACLE and JAVA trademarks and all ORACLE- and JAVA-related trademarks, service marks, logos and other brand designations are trademarks or registered trademarks of Oracle in the U.S. and other countries.” [YEAR] is the year of Oracle's release of the Software; the year information can typically be found in the Software’s “About” box or screen. This information must be placed on the Media label in such a manner as to only apply to the JDK; (vi) You must clearly identify the JDK as Oracle's product on the Media holder or Media label, and you may not state or imply that Oracle is responsible for any third-party software contained on the Media; (vii) You may not include any third party software on the Media which is intended to be a replacement or substitute for the JDK; (viii) You agree to defend and indemnify Oracle and its licensors from and against any damages, costs, liabilities, settlement amounts and/or expenses (including attorneys' fees) incurred in connection with any claim, lawsuit or action by any third party that arises or results from the use or distribution of the JDK and/or the Publication; ; and (ix) You shall provide Oracle with a written notice for each Publication; such notice shall include the following information: (1) title of Publication, (2) author(s), (3) date of Publication, and (4) ISBN or ISSN numbers. Such notice shall be sent to Oracle America, Inc., 500 Oracle Parkway, Redwood Shores, California 94065 U.S.A , Attention: General Counsel.

F. JAVA TECHNOLOGY RESTRICTIONS. You may not create, modify, or change the behavior of, or authorize your licensees to create, modify, or change the behavior of, classes, interfaces, or subpackages that are in any way identified as "java", "javax", "sun", “oracle” or similar convention as specified by Oracle in any naming convention designation.

G. LIMITATIONS ON REDISTRIBUTION. You may not redistribute or otherwise transfer patches, bug fixes or updates made available by Oracle through Oracle Premier Support, including those made available under Oracle's Java SE Support program.

H. COMMERCIAL FEATURES NOTICE. For purpose of complying with Supplemental Term Section C.(v)(b) and D.(v)(b), your license agreement shall include the following notice, where the notice is displayed in a manner that anyone using the Software will see the notice:

Use of the Commercial Features for any commercial or production purpose requires a separate license from Oracle. “Commercial Features” means those features that are identified as such in the Licensing Information User Manual – Oracle Java SE and Oracle Java Embedded Products Document, accessible at http://www.oracle.com/technetwork/java/javase/documentation/index.html , under the “Description of Product Editions and Permitted Features” section.

I. SOURCE CODE. Software may contain source code that, unless expressly licensed for other purposes, is provided solely for reference purposes pursuant to the terms of this Agreement. Source code may not be redistributed unless expressly provided for in this Agreement.

J. THIRD PARTY CODE. Additional copyright notices and license terms applicable to portions of the Software are set forth in the Java SE LIUM accessible at http://www.oracle.com/technetwork/java/javase/documentation/index.html . In addition to any terms and conditions of any third party opensource/freeware license identified in the Java SE LIUM, the disclaimer of warranty and limitation of liability provisions in paragraphs 4 and 5 of the Binary Code License Agreement shall apply to all Software in this distribution.

K. TERMINATION FOR INFRINGEMENT. Either party may terminate this Agreement immediately should any Software become, or in either party's opinion be likely to become, the subject of a claim of infringement of any intellectual property right.

L. INSTALLATION AND AUTO-UPDATE. The Software's installation and auto-update processes transmit a limited amount of data to Oracle (or its service provider) about those specific processes to help Oracle understand and optimize them. Oracle does not associate the data with personally identifiable information. You can find more information about the data Oracle collects as a result of your Software download at http://www.oracle.com/technetwork/java/javase/documentation/index.html .

For inquiries please contact: Oracle America, Inc., 500 Oracle Parkway, Redwood Shores, California 94065, USA.

Apache Software License - Version 2.0

See https://www.apache.org/licenses/LICENSE-2.0

Eclipse Public License - v 1.0

See https://www.eclipse.org/legal/epl-v10.html

H2 License - Version 1.0

See http://www.h2database.com/html/license.html

Common Development and Distribution License (CDDL) Version 1.0

See https://opensource.org/licenses/CDDL-1.0

spring-asm Copyright Notice and Permissions

See https://asm.ow2.io/license.html

SLF4J Copyright Notice and Permissions

See https://www.slf4j.org/license.html

AleksandrG

7. EXPORT REGULATIONS. You agree that U.S. export control laws and other applicable export and import laws govern your use of the Software, including technical data; additional information can be found on Oracle's Global Trade Compliance web site ( http://www.oracle.com/us/products/export ). You agree that neither the Software nor any direct product thereof will be exported, directly, or indirectly, in violation of these laws, or will be used for any purpose prohibited by these laws including, without limitation, nuclear, chemical, or biological weapons proliferation.

8. TRADEMARKS AND LOGOS. You acknowledge and agree as between you and Oracle that Oracle owns the ORACLE and JAVA trademarks and all ORACLE- and JAVA-related trademarks, service marks, logos and other brand designations ("Oracle Marks"), and you agree to comply with the Third Party Usage Guidelines for Oracle Trademarks currently located at http://www.oracle.com/us/legal/third-party-trademarks/index.html . Any use you make of the Oracle Marks inures to Oracle's benefit.

9. U.S. GOVERNMENT LICENSE RIGHTS. If Software is being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), then the Government's rights in Software and accompanying documentation shall be only those set forth in this Agreement.

10. GOVERNING LAW. This agreement is governed by the substantive and procedural laws of California. You and Oracle agree to submit to the exclusive jurisdiction of, and venue in, the courts of San Francisco, or Santa Clara counties in California in any dispute arising out of or relating to this agreement.

11. SEVERABILITY. If any provision of this Agreement is held to be unenforceable, this Agreement will remain in effect with the provision omitted, unless omission would frustrate the intent of the parties, in which case this Agreement will immediately terminate.

12. INTEGRATION. This Agreement is the entire agreement between you and Oracle relating to its subject matter. It supersedes all prior or contemporaneous oral or written communications, proposals, representations and warranties and prevails over any conflicting or additional terms of any quote, order, acknowledgment, or other communication between the parties relating to its subject matter during the term of this Agreement. No modification of this Agreement will be binding, unless in writing and signed by an authorized representative of each party.

SUPPLEMENTAL LICENSE TERMS

These Supplemental License Terms add to or modify the terms of the Binary Code License Agreement. Capitalized terms not defined in these Supplemental Terms shall have the same meanings ascribed to them in the Binary Code License Agreement. These Supplemental Terms shall supersede any inconsistent or conflicting terms in the Binary Code License Agreement, or in any license contained within the Software.

A. COMMERCIAL FEATURES. You may not use the Commercial Features for running Programs, Java applets or applications in your internal business operations or for any commercial or production purpose, or for any purpose other than as set forth in Sections B, C, D and E of these Supplemental Terms. If You want to use the Commercial Features for any purpose other than as permitted in this Agreement, You must obtain a separate license from Oracle.

B. SOFTWARE INTERNAL USE FOR DEVELOPMENT LICENSE GRANT. Subject to the terms and conditions of this Agreement and restrictions and exceptions set forth in the Java SE LIUM incorporated herein by reference, including, but not limited to the Java Technology Restrictions of these Supplemental Terms, Oracle grants you a non-exclusive, non-transferable, limited license without fees to reproduce internally and use internally the Software complete and unmodified for the purpose of designing, developing, and testing your Programs.

C. LICENSE TO DISTRIBUTE SOFTWARE. Subject to the terms and conditions of this Agreement and restrictions and exceptions set forth in the Java SE LIUM, including, but not limited to the Java Technology Restrictions and Limitations on Redistribution of these Supplemental Terms, Oracle grants you a non-exclusive, non-transferable, limited license without fees to reproduce and distribute the Software, provided that (i) you distribute the Software complete and unmodified and only bundled as part of, and for the sole purpose of running, your Programs, (ii) the Programs add significant and primary functionality to the Software, (iii) you do not distribute additional software intended to replace any component(s) of the Software, (iv) you do not remove or alter any proprietary legends or notices contained in the Software, (v) you only distribute the Software subject to a license agreement that: (a) is a complete, unmodified reproduction of this Agreement; or (b) protects Oracle's interests consistent with the terms contained in this Agreement and that includes the notice set forth in Section H, and (vi) you agree to defend and indemnify Oracle and its licensors from and against any damages, costs, liabilities, settlement amounts and/or expenses (including attorneys' fees) incurred in connection with any claim, lawsuit or action by any third party that arises or results from the use or distribution of any and all Programs and/or Software. The license set forth in this Section C does not extend to the Software identified in Section G.

D. LICENSE TO DISTRIBUTE REDISTRIBUTABLES. Subject to the terms and conditions of this Agreement and restrictions and exceptions set forth in the Java SE LIUM, including but not limited to the Java Technology Restrictions and Limitations on Redistribution of these Supplemental Terms, Oracle grants you a non-exclusive, non-transferable, limited license without fees to reproduce and distribute those files specifically identified as redistributable in the Java SE LIUM ("Redistributables") provided that: (i) you distribute the Redistributables complete and unmodified, and only bundled as part of Programs, (ii) the Programs add significant and primary functionality to the Redistributables, (iii) you do not distribute additional software intended to supersede any component(s) of the Redistributables (unless otherwise specified in the applicable Java SE LIUM), (iv) you do not remove or alter any proprietary legends or notices contained in or on the Redistributables, (v) you only distribute the Redistributables pursuant to a license agreement that: (a) is a complete, unmodified reproduction of this Agreement; or (b) protects Oracle's interests consistent with the terms contained in the Agreement and includes the notice set forth in Section H, (vi) you agree to defend and indemnify Oracle and its licensors from and against any damages, costs, liabilities, settlement amounts and/or expenses (including attorneys' fees) incurred in connection with any claim, lawsuit or action by any third party that arises or results from the use or distribution of any and all Programs and/or Software. The license set forth in this Section D does not extend to the Software identified in Section G.

AleksandrG

Proprietary information

'F-Secure' and F -logo are registered trademarks of F-Secure Corporation. F-Secure product and technology names and F-Secure logos are either trademarks or registered trademarks of F-Secure Corporation. Other product names and logos referenced herein are trademarks or registered trademarks of their respective companies.

This product may be covered by one or more F-Secure patents, including the following:
GB2353372, GB2366691, GB2366692, GB2366693, GB2367933, GB2368233

This product includes H2 Database developed by H2 Group (http://www.h2database.com).

License terms

F-Secure license terms are included in the software setup and available at WithSecure site ( https://www.withsecure.com/en/about-us/legal/terms#terms ). You must read and accept them before you can install and use the software.

Third-party license terms

This software includes and uses third-party code licensed under the following licenses.

Oracle Binary Code License Agreement for the Java SE Platform Products and JavaFX

ORACLE AMERICA, INC. ("ORACLE"), FOR AND ON BEHALF OF ITSELF AND ITS SUBSIDIARIES AND AFFILIATES UNDER COMMON CONTROL, IS WILLING TO LICENSE THE SOFTWARE TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS BINARY CODE LICENSE AGREEMENT AND SUPPLEMENTAL LICENSE TERMS (COLLECTIVELY "AGREEMENT"). PLEASE READ THE AGREEMENT CAREFULLY. BY SELECTING THE "ACCEPT LICENSE AGREEMENT" (OR THE EQUIVALENT) BUTTON AND/OR BY USING THE SOFTWARE YOU ACKNOWLEDGE THAT YOU HAVE READ THE TERMS AND AGREE TO THEM. IF YOU ARE AGREEING TO THESE TERMS ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE LEGAL AUTHORITY TO BIND THE LEGAL ENTITY TO THESE TERMS. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT WISH TO BE BOUND BY THE TERMS, THEN SELECT THE "DECLINE LICENSE AGREEMENT" (OR THE EQUIVALENT) BUTTON AND YOU MUST NOT USE THE SOFTWARE ON THIS SITE OR ANY OTHER MEDIA ON WHICH THE SOFTWARE IS CONTAINED.

1. DEFINITIONS. "Software" means the software identified above in binary form that you selected for download, install or use (in the version You selected for download, install or use) from Oracle or its authorized licensees and/or those portions of such software produced by jlink as output using a Program’s code, when such output is in unmodified form in combination, and for sole use with, that Program, as well as any other machine readable materials (including, but not limited to, libraries, source files, header files, and data files), any updates or error corrections provided by Oracle, and any user manuals, programming guides and other documentation provided to you by Oracle under this Agreement. The Java Linker (jlink) is available with Java 9 and later versions. "General Purpose Desktop Computers and Servers" means computers, including desktop and laptop computers, or servers, used for general computing functions under end user control (such as but not specifically limited to email, general purpose Internet browsing, and office suite productivity tools). The use of Software in systems and solutions that provide dedicated functionality (other than as mentioned above) or designed for use in embedded or function-specific software applications, for example but not limited to: Software embedded in or bundled with industrial control systems, wireless mobile telephones, wireless handheld devices, kiosks, TV/STB, Blu-ray Disc devices, telematics and network control switching equipment, printers and storage management systems, and other related systems are excluded from this definition and not licensed under this Agreement. "Programs" means (a) Java technology applets and applications intended to run on the Java Platform, Standard Edition platform on Java-enabled General Purpose Desktop Computers and Servers; and (b) JavaFX technology applications intended to run on the JavaFX Runtime on JavaFX-enabled General Purpose Desktop Computers and Servers. “Java SE LIUM” means the Licensing Information User Manual – Oracle Java SE and Oracle Java Embedded Products Document accessible at http://www.oracle.com/technetwork/java/javase/documentation/index.html . “Commercial Features” means those features that are identified as such in the Java SE LIUM under the “Description of Product Editions and Permitted Features” section.

2. LICENSE TO USE. Subject to the terms and conditions of this Agreement including, but not limited to, the Java Technology Restrictions of the Supplemental License Terms, Oracle grants you a non-exclusive, non-transferable, limited license without license fees to reproduce and use internally the Software complete and unmodified for the sole purpose of running Programs. THE LICENSE SET FORTH IN THIS SECTION 2 DOES NOT EXTEND TO THE COMMERCIAL FEATURES. YOUR RIGHTS AND OBLIGATIONS RELATED TO THE COMMERCIAL FEATURES ARE AS SET FORTH IN THE SUPPLEMENTAL TERMS ALONG WITH ADDITIONAL LICENSES FOR DEVELOPERS AND PUBLISHERS.

3. RESTRICTIONS. Software is copyrighted. Title to Software and all associated intellectual property rights is retained by Oracle and/or its licensors. Unless enforcement is prohibited by applicable law, you may not modify, decompile, or reverse engineer Software. You acknowledge that the Software is developed for general use in a variety of information management applications; it is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use the Software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle disclaims any express or implied warranty of fitness for such uses. No right, title or interest in or to any trademark, service mark, logo or trade name of Oracle or its licensors is granted under this Agreement. Additional restrictions for developers and/or publishers licenses are set forth in the Supplemental License Terms.

4. DISCLAIMER OF WARRANTY. THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. ORACLE FURTHER DISCLAIMS ALL WARRANTIES, EXPRESS AND IMPLIED, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT.

5. LIMITATION OF LIABILITY. IN NO EVENT SHALL ORACLE BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR DATA USE, INCURRED BY YOU OR ANY THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT OR TORT, EVEN IF ORACLE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. ORACLE'S ENTIRE LIABILITY FOR DAMAGES HEREUNDER SHALL IN NO EVENT EXCEED ONE THOUSAND DOLLARS (U.S. $1,000).

6. TERMINATION. This Agreement is effective until terminated. You may terminate this Agreement at any time by destroying all copies of Software. This Agreement will terminate immediately without notice from Oracle if you fail to comply with any provision of this Agreement. Either party may terminate this Agreement immediately should any Software become, or in either party's opinion be likely to become, the subject of a claim of infringement of any intellectual property right. Upon termination, you must destroy all copies of Software.