Business Suite Server Security 15.x Release Notes
This thread contains Release notes for the Server Security and Server Security Premium products.
Comments
-
Server Security 15.01
Server Security Premium 15.01
Copyright information
© 1993-2020 F-Secure Corporation. All rights reserved.
'F-Secure' and F-logo are registered trademarks of F-Secure Corporation. F-Secure product and technology names and F-Secure logos are either trademarks or registered trademarks of F-Secure Corporation. Other product names and logos referenced herein are trademarks or registered trademarks of their respective companies.
This product may be covered by one or more F-Secure patents, including the following: GB2353372, GB2366691, GB2366692, GB2366693, GB2367933, GB2368233, GB2374260
Product contents
Server Security provides protection for your Microsoft® Windows Server®, Microsoft® Small Business Server, Citrix® XenApp, and Windows Terminal servers. The solution can be licensed and deployed as Server Security or Server Security Premium, on per-server or terminal connection basis.
This Server Security solution release includes the following features:
- Virus & spyware protection – protects your computer against viruses, trojans, spyware, riskware, rootkits and other malware.
- DeepGuard™ – proactive, instant protection against unknown threats. It monitors application behavior and stops potentially harmful activities in real-time.
- DataGuard – monitors protected folders to prevent untrusted applications from modifying your files.
- Web traffic scanning – detects and blocks malicious content in web traffic (HTTP protocol) to provide additional protection against malware.
- Firewall – consists of Windows Firewall integration and Network access control.
- Application control - allows you to restrict virtually any application from starting.
- Botnet Blocker – allows the Policy Manager administrator to block Domain Name System (DNS) queries from the host for domains that have a malicious reputation.
- Browsing protection – provides additional protection against unsafe web sites.
- Web Content Control – allows blocking of web sites that contain unsuitable content.
- Device control – lets you control and disable hardware devices.
- Software Updater – keeps your system and applications up to date by automatically installing patches as they are released by vendors.
- Offload Scanning Agent – moves malware scanning operations to Scanning and Reputation Server.
- Rapid Detection & Response – uses lightweight, discreet sensors that collect behavioral data from endpoint devices to identify a wide range of attacks.
The table below shows which features are enabled with different product licenses.
Feature
Server Security Standard
Server Security Premium
Virus & spyware protection
●
●
DeepGuard™
●
●
DataGuard
●
Application control
●
Web traffic scanning
●
●
Firewall
●
●
Browsing protection
●
●
Botnet Blocker
●
●
Device control
●
●
Offload Scanning Agent
●
●
Software Updater
●
Web content control
●
Rapid Detection & Response
●
●
The supported languages are: English, Chinese (P.R.C, Taiwan, Hong Kong), Czech, Danish, Dutch, Estonian, Finnish, French, Canadian French, German, Greek, Hungarian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese, Brazilian Portuguese, Romanian, Russian, Slovenian, Spanish, Latin American Spanish, Swedish, and Turkish.
New features and improvements
- Added support for Policy Manager Proxy auto-selection rules to configure the location-aware selection of proxies based on the following criteria: DNS server IP address, DHCP server IP address, Default gateway IP address, WINS server IP address, and My network address. The Proxies matched with the rules are always prioritized first while the rest of the Proxies are used only if the fallback behavior is in use.
- Basic and NTLM authentications are now supported when downloading virus definitions (GUTS2) via HTTP proxies.
- Added support for Antimalware Scan Interface (AMSI). The integration is turned on by default and can be turned off from Policy Manager.
- Various firewall related improvements:
- Firewall block rules support a configurable option to send alerts when the rule is triggered.
- Added support to define the rule's scope with Windows application package IDs.
- Policy Manager administrators can hide certain profiles from end-users.
- The product generates alerts when encountering malformed firewall rules.
- Tray icon can be hidden from end-users. This can be configured from Policy Manager.
- The command line fsscan.exe scanner can report a list of all scanned files.
- Introduced Browsing Protection alerts that are triggered when malicious or suspicious sites are blocked.
- Introduced the Tamper protection feature to protect endpoints from unusual interruptions.
- Device control block alerts are also generated when USB storage devices are reconnected.
- Notification events about overlapping manual and scheduled scan operations are logged to the Windows application event log.
- Client failover to GUTS2 services now happens without noticeable delays when the computer is booted or returns from sleep.
- New Software Updater engine. This new engine gives F-Secure flexibility to introduce Software Updater functionality on other platforms in the future.
- New "Scan all accessed files" scan mode for network drives introduced. Previously, only one scan mode ("Scan executed files") was always in use for network drives, which is kept as the default mode in this release..
- Policy Manager admins can specify a password to release items from local quarantine or prohibit this option completely.
- Added an 'Ask after scan' action for malware that shows a UI dialog with quarantine, remove, and allow options.
- Fresh versions of Software Updater binaries and SDK.
Version requirements
- This Server Security version requires Policy Manager 15.10 or later, and Policy Manager Proxy 15.10 or later in case Proxy is in use.
- This Server Security version requires Windows Universal C Runtime (https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows) for installation.
- This Server Security version requires Microsoft .Net 4.7.2 or later for the local user interface to function.
Known issues
- Software Updater dropped Windows Server features and service pack patches.
License terms
License terms are included in the Policy Manager software. You must read and accept them before you can install and use the software.
Supported operating systems
The product can be installed on a computer running one of the following operating systems:
- Microsoft® Windows Server 2008 R2
- Microsoft® Small Business Server 2011 Standard, Essentials
- Microsoft® Windows Server 2012 Standard, Essentials
- Microsoft® Windows Server 2012 R2 Standard, Essentials, Foundation
- Microsoft® Windows Server 2016 Standard, Essentials, Datacenter, Core (Nano is not supported)
- Microsoft® Windows Server 2019 Standard, Essentials, Datacenter, Core
All Microsoft Windows Server editions are supported except:
- Windows Server for Itanium processor
- Windows HPC editions for specific hardware
- Windows Storage editions
- Windows MultiPoint Server
- Windows Home Server
Note: All operating systems are required to have the latest Service Pack installed.
Note: For performance and security reasons, you can install the product only on an NTFS partition.
Supported terminal servers
Server Security supports the following terminal server platforms:
- Microsoft Windows Terminal/RDP Services (on the above mentioned Windows Server platforms)
- Citrix® XenApp 5.0, 6.0, 6.5, 7.5, 7.6, 7.14, 7.15
- Citrix® Virtual Apps and Desktops 2009
Hardware requirements
- Any computer that meets the requirements for the supported operating system.
- Disk space: 2 GB of free disk space for installation, automatic updates and functioning. Quarantine and scanning reports may occupy additional disk space depending on viruses found. 10 GB is recommended.
- An internet connection is required to receive updates and use cloud-based technology features.
Note: The minimum hardware requirements may not be sufficient if you run multiple services on the same system.
0 -
Setup and configuration
Installation instructions
Note: If you are using an installation package that does not include the sidegrade procedure, uninstall any potentially conflicting products, such as other antivirus or server security software, before you install Server Security.
To install the product, you need to log in with administrator privileges.
Installation instructions in virtual environments using the Offload Scanning Agent
If you want to deploy Server Security to a virtual environment using the Offload Scanning Agent to minimize the performance impact on the virtualization infrastructure, you need to select the installation of the Offload Scanning Agent during installation.
For detailed instructions of installation of this feature, please refer to the Security for Virtual and Cloud Environments deployment guide.
Note: You need to have Scanning and Reputation Server in place for this functionality to work.
Remote installation
Server Security supports remote installation with Policy Manager.
Centralized management installation
To configure centralized management during the interactive installation, specify the Management Server address in the form of host name or host IP address without protocol prefix and port suffix. Use the default HTTP port and HTTPS port values unless you have a non-standard environment.
Contact information and feedback
We look forward to hearing your comments and feedback on the product functionality, usability and performance.
Please report any technical issues:
- Support web site: https://www.withsecure.com/en/support
- Community: https://community.withsecure.com/
Please attach the system summary report collected with the preinstalled “F-Secure Server Security Premium Support Tool” when you report a technical problem. It contains basic information about hardware, operating system, network configuration, and installed F-Secure and third-party software.
Note: You need to have the local administrator rights to collect the system summary report.
0 -
Server Security 15.11
Server Security Premium 15.11
New features and improvements
- Revised Device Control:
- Added new rules for MTP (Media Transfer Protocol) and PTP (Picture Transfer Protocol) devices
- Added configurable per-rule alerting behavior
- Added a Device control alerting management option - you can receive alerts for all connection attempts or only for devices that have not been connected previously
- Executables can now be allowed to run on specified removable storage devices
- Fixed an issue with USB mass storage devices in Windows Server 2019
- Software Updater components are now updated automatically
- Software Updater can prompt users to close applications that are being updated
- Added an option to unregister the RDR sensor or change the RDR sensor keycode without reinstallation
- Added an option to download product updates over HTTPS
- Added a connection testing tool (fsconnectionchecker.exe) to the product. This tool can be used to check connection issues to required F-Secure servers on the machine where the product is already installed, or on a clean machine.
- The host identity update logic is now configurable through policies.
- Other small improvements and enhancements:
- You can configure when virus definitions are considered outdated
- You can report false positives from the local client UI
- You can exclude a spyware/riskware infection by the infection name
- Added a dedicated action on infection for spyware and riskware
- The centralized quarantine has a new status 'RebootPending'
- The centrally managed UI status now reflects connectivity to the PM status
- You can turn off all security features and firewall for the set amount of time
- Client Security installation completeness status has been added to the registry HKLM\SOFTWARE\WOW6432Node\F-Secure\NS\default\OneClient\CosmosMirror\ProtectionStatus
- The firewall profile auto-selection issue under certain conditions has been fixed
- The incomplete product update downloads that caused problems with the updates flow in some conditions have been fixed
- The product upgrade problem from SS 12.x has been fixed
- The issue that caused an unusual amount of "check now" requests has been fixed
- Fixed issues compared to version 15.10
- The issue resulting in missing network isolation binary after upgrade from 14/15 version is now fixed
- Cleaned up the deprecated ORSP proxy setting that was left in the registry, which could break the HTTP proxy detection logic
- Improved proxy detection logic for Ultralight/Security cloud
- Scheduled scan action on infection policy is now taken into use
- A possible memory leak in Device control has been fixed
Dropped features
- To improve interoperability with corporate environments and to simplify the scanner changes for more cloud security features in the future, all security platform components are forwarded to cloud services via a single HTTP proxy configuration. Therefore, a separate proxy configuration for the ORSP client (OID=1.3.6.1.4.1.2213.57.1.5) is not supported anymore.
Version requirements
- Policy Manager 15.20 or later, and Policy Manager Proxy 15.20 or later if Proxy is in use.
- Windows Universal C Runtime (https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows) for the installation.
- Microsoft .Net 4.7.2 or later for the local user interface.
Known issues
- To avoid performance degradation, do not activate Browsing Protection for products that are running in isolated environments.
- Software Updater dropped Windows 10 features and service pack patches.
- When shifting between Premium and Standard editions, all local changes made by the end user are lost.
- Running the Server Security MSI installation package from a shared folder or mapped drive is not supported if there is another antivirus product that has to be uninstalled during installation.
- A restart is required after uninstalling Server Security.
- Web Traffic Scanning Advanced Protection blocks content only for harmful sites.
0 - Revised Device Control:
-
Server Security 15.30
Server Security Premium 15.30
New features and improvements
- USB device scan supports BitLocker-encrypted drives.
- Software Updater improvements:
- It is now possible to deselect the Software Updater component installation for Premium products.
- It is now possible to configure Software Updater to install all missing patches (including all non-security ones) automatically.
- A new firewall rule is added to the default rules if the Software Updater feature is enabled.
- Search result filter has been added to Web Content Control.
- A link to the F-Secure Connectivity tool has been added to the Support tab in the local user interface. The tool can check that the host is able to connect to the F-Secure backend systems.
- Several issues that could occur during the upgrade have been fixed in this release.
- Improved DataGuard icon behavior.
Version requirements
- This Server Security version requires Policy Manager 15.30 or later, and Policy Manager Proxy 15.30 or later if Proxy is in use.
- This Server Security version requires Windows Universal C Runtime (https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows) for installation.
- This Server Security version requires Microsoft .Net 4.7.2 or later for the local user interface to function.
Known issues
- To avoid performance degradation, do not activate the Browsing Protection feature for products running in isolated environments.
- Software Updater dropped Windows 10 features and service pack patches.
- When shifting between Premium and Standard editions, all local changes that the user has made are lost.
- Running the Server Security MSI installation package from a shared folder or a mapped drive is not supported if another antivirus product has to be uninstalled during the installation.
- A restart is required after uninstalling Server Security.
- Web Traffic Scanning Advanced Protection blocks content only for harmful sites.
Supported operating systems
The product can be installed on a computer running one of the following operating systems:
- Microsoft® Windows Server 2008 R2
- Microsoft® Small Business Server 2011 Standard, Essentials
- Microsoft® Windows Server 2012 Standard, Essentials
- Microsoft® Windows Server 2012 R2 Standard, Essentials, Foundation
- Microsoft® Windows Server 2016 Standard, Essentials, Datacenter, Core (Nano is not supported)
- Microsoft® Windows Server 2019 Standard, Essentials, Datacenter, Core
- Microsoft® Windows Server 2022 Standard, Essentials, Datacenter, Core
All Microsoft Windows Server editions are supported except:
- Windows Server for Itanium and ARM processors
- Windows HPC editions for specific hardware
- Windows Storage editions
- Windows MultiPoint Server
- Windows Home Server
Note: All operating systems are required to have the latest Service Pack installed.
Note: For performance and security reasons, you can install the product only on an NTFS partition.
0
Categories
- All Categories
- 4.7K WithSecure Community
- 3.6K Products
- 1 Get Support