Email and Server Security Changelog

AleksandrG

This thread is a changelog for the WithSecure Email and Server Security product.

AleksandrG

Email and Server Security 15.00

Email and Server Security Premium 15.00

Copyright information

© 1993-2021 F-Secure Corporation. All rights reserved.

'F-Secure' and F-logo are registered trademarks of F-Secure Corporation. F-Secure product and technology names and F-Secure logos are either trademarks or registered trademarks of F-Secure Corporation. Other product names and logos referenced herein are trademarks or registered trademarks of their respective companies.

This product may be covered by one or more F-Secure patents, including the following: GB2353372, GB2366691, GB2366692, GB2366693, GB2367933, GB2368233, GB2374260

Product contents

Email and Server Security provides protection for your Microsoft® Windows Server®, Microsoft® SharePoint Server, Microsoft® Exchange Server, Microsoft® Small Business Server, Citrix® XenApp, and Windows Terminal servers. The solution can be licensed and deployed as Email and Server Security (Standard) or Email and Server Security Premium, on per-user or terminal connection basis.

This Email and Server Security solution release includes the following features:

• Virus & spyware protection – protects your computer against viruses, trojans, spyware, rootkits and other malware.
• DeepGuard™ – proactive, instant protection against unknown threats. It monitors application behavior and stops potentially harmful activities in real-time.
• DataGuard – monitors protected folders to prevent untrusted applications from modifying your files.
• Application control – allows you to restrict virtually any application from starting.
• Firewall – consists of Windows Firewall integration and centralized management.
• Web traffic scanning – detects and blocks malicious content in web traffic (HTTP protocol) to provide additional protection against malware.
• Browsing protection – protects your terminal users against web browser exploits and rogue web sites.
• Software Updater – keeps your system and applications up to date by installing patches as they are released by vendors.
• Rapid Detection & Response – uses lightweight, discreet sensors that collect behavioral data from endpoint devices to identify a wide range of attacks.
• Offload Scanning Agent – allows you to offload malware scanning to Scanning and Reputation Server.
• Anti-Virus for Microsoft Exchange – protects incoming, outgoing, and internal mail traffic and Exchange public folders from malware and other security threats and provides content and attachment filtering.
• Spam Control – detects and filters spam messages from email traffic providing real-time protection against all types of spam, regardless of its content, format or language.
• Email Quarantine Manager – allows dedicated users to release, reprocess, and delete quarantined emails and attachments from the email quarantine.
• Anti-Virus for Microsoft SharePoint – provides real-time protection for Microsoft SharePoint servers, scanning uploaded and downloaded content for malware and other security threats.

Feature	Email and Server Security	Email and Server Security Premium
Virus & spyware protection	●	●
DeepGuard™	●	●
DataGuard		●
Application control		●
Firewall	●	●
Web traffic scanning	●	●
Browsing protection	●	●
Software Updater		●
Rapid Detection & Response	●	●
Offload Scanning Agent	●	●
Anti-Virus for Microsoft Exchange	●	●
Spam Control	●	●
Email Quarantine Manager	●	●
Anti-Virus for Microsoft SharePoint	●	●
EMC CAVA integration	●	●

The solution is available in the following languages: English, Chinese Simplified, Chinese Traditional, French, German, Italian, Japanese, Korean, Polish, Spanish (Latin America), and Swedish.

New features and improvements

• Introduced scanning for unsafe URLs in the email message body for Transport protection. Emails containing unsafe links can be now dropped before getting to the recipient.
• Introduced an FTR (intelligent file type recognition) exclusions setting that allows you to define a list of extensions to exclude from FTR processing. This can be defined for Transport agent (Incoming / Outgoing / Internal email), Email storage scanning, and Upload/Download SharePoint scanning.
• Introduced an option to remove deleted items from quarantine database. 
• Introduced an option to limit the maximum file size for MS Sharepoint file scanning.
• NTLM proxy authentication is now supported for Spam Control.
• Added support for localizing template variables. 
• Added support for Policy Manager Proxy auto-selection rules to configure the location-aware selection of proxies based on the following criteria: DNS server IP address, DHCP server IP address, Default gateway IP address, WINS server IP address, and My network address. Proxies matched with the rules are always prioritized first while the rest of the proxies are used only if fallback behavior is in use.
• Basic and NTLM authentications are now supported when downloading virus definitions (GUTS2) via HTTP proxies.
• Added support for Antimalware Scan Interface (AMSI). The integration is turned on by default and can be turned off in Policy Manager.
• Various firewall-related improvements:
  • Firewall block rules support a configurable option to send alerts when the rule is triggered.
  • Added support to define the rule's scope with Windows application package IDs.
  • Policy Manager administrators can hide certain profiles from end-users.
  • The product generates alerts when encountering malformed firewall rules.
• The tray icon can be hidden from end-users. This can be configured in Policy Manager.
• The command-line fsscan.exe scanner can report a list of all scanned files.
• Introduced Browsing Protection alerts that are triggered when malicious or suspicious sites are blocked.
• Introduced the Tamper protection feature to protect endpoints from unusual interruptions.
• Device control block alerts are also generated when USB storage devices are reconnected.
• Notification events about overlapping manual and scheduled scan operations are logged to the Windows application event log.
• Client failover to GUTS2 services now takes place without noticeable delays when the computer is booted or returns from sleep.
• New Software Updater engine. This new engine gives flexibility to introduce Software Updater functionality on other platforms in the future.
• Introduced a new "Scan all accessed files" scan mode for network drives. Previously, only one scan mode ("Scan executed files") was always in use for network drives, which is kept as the default mode in this release.

Note: This Email and Server Security version requires Policy Manager 15.10.

Known issues

• HTTP 2.0 has to be disabled for Chrome and Firefox browsers to work with Web Console.

License terms

License terms are included in the Policy Manager software. You must read and accept them before you can install and use the software.

System requirements

Before you install the product, we recommend that you review sections in this topic to ensure that your network, hardware, software, and other system components meet the requirements.

Note: The minimum hardware requirements may not be sufficient if you run multiple services on the same system.

System requirements for Email and Server Security installation

To install Email and Server Security, the following minimum hardware and system requirements are recommended.

• Any computer that meets the requirements for the supported operating system.
• 10 GB or more disk space is recommended.
• Internet connection is required to receive updates and to use cloud-based detection.

AleksandrG

Supported operating systems

The product can be installed on a computer running one of the following operating systems:

• Microsoft® Windows Server 2008 R2
• Microsoft Windows Small Business Server 2011
• Microsoft® Windows Server 2012
• Microsoft® Windows Server 2012 Essentials
• Microsoft® Windows Server 2012 R2
• Microsoft® Windows Server 2012 R2 Essentials
• Microsoft® Windows Server 2012 R2 Foundation
• Microsoft® Windows Server 2016 Standard
• Microsoft® Windows Server 2016 Essentials
• Microsoft® Windows Server 2016 Datacenter
• Microsoft® Windows Server 2016 Core
• Microsoft® Windows Server 2019 Standard
• Microsoft® Windows Server 2019 Essentials
• Microsoft® Windows Server 2019 Datacenter
• Microsoft® Windows Server 2019 Core

Note: Windows Server 2016 Nano is not supported.

All Microsoft Windows Server editions are supported  except:

• Windows Server for Itanium processor
• Windows HPC editions for specific hardware
• Windows Storage editions
• Windows MultiPoint Server
• Windows Home Server

Note: All operating systems are required to have the latest Service Pack installed.

Note: For performance and security reasons, you can install the product only on an NTFS partition.

Prerequisites

Microsoft .Net 4.7.2 must be installed on the system.

Supported Microsoft Exchange Servers

Email and Server Security can be installed on a computer running the following Microsoft Exchange Server versions:

• Microsoft® Exchange Server 2013 w/o service pack, service pack 1 (CU23, CU22, CU21)
• Microsoft® Exchange Server 2016 (CU19, CU18, CU17, CU16, CU15, CU14, CU13, CU12, CU11)
• Microsoft® Exchange Server 2019 (CU8, CU7, CU6, CU5, CU4,CU3, CU2, CU1)

The cumulative updates (CU) that support .NET Framework 4.7.2 are indicated in parentheses. For more detailed information, see https://docs.microsoft.com/en-us/Exchange/plan-and-deploy/supportability-matrix?view=exchserver-2019#microsoft-net-framework.

Note: Microsoft Exchange Server 2013 SP1 requires a special fix, which allows third-party or custom-developed transport agents to be installed correctly. The fix and its installation instructions are available in Microsoft Knowledge Base article 2938053.

To use Email Quarantine Manager, you need Microsoft Internet Information Server up and running in your environment. This is available as part of Microsoft Exchange Server.

Cluster environments

Email and Server Security can be installed on Microsoft Exchange Server clusters. The following cluster configurations are supported:

• Microsoft® Exchange Server 2013 Database Availability Groups
• Microsoft® Exchange Server 2016 Database Availability Groups
• Microsoft® Exchange Server 2019 Database Availability Groups

SQL Server requirements

Email and Server Security requires Microsoft® SQL Server for the quarantine management. The following versions of Microsoft SQL Server are recommended:

• Microsoft® SQL Server 2008 (Enterprise, Standard, Workgroup or Express Edition)
• Microsoft® SQL Server 2008 R2 (Enterprise, Standard, Workgroup or Express Edition)
• Microsoft® SQL Server 2012 (Enterprise, Business Intelligence, Standard, or Express Edition)
• Microsoft® SQL Server 2014
• Microsoft® SQL Server 2016
• Microsoft® SQL Server 2017
• Microsoft® SQL Server 2019

Important: We do not recommend using MSDE or Microsoft SQL Server Express edition if you are planning to use the centralized quarantine management or if your organization sends and receives a large number of emails. For more information about the limitations of the Microsoft SQL Server Express or MSDE, see the product manual.

Supported terminal servers

Email and Server Security supports the following terminal server platforms:

• Microsoft Windows Terminal/RDP Services (on the above mentioned Windows Server platforms)
• Citrix® XenApp 5.0
• Citrix® XenApp 6.0
• Citrix® XenApp 6.5
• Citrix® XenApp 7.0 - 7.18

Supported Microsoft SharePoint servers

Email and Server Security can be installed on a computer running the following Microsoft SharePoint Server versions:

• Microsoft® SharePoint 2013 with the latest service pack
• Microsoft® SharePoint 2016
• Microsoft® SharePoint 2019

Browser requirements

To administer the product with Web Console, one of the following web browsers is required:

• Microsoft Internet Explorer 11
• Mozilla Firefox (up-to-date versions)
• Google Chrome (up-to-date versions)

Note: Allowing hosts to access the web console requires configuring an SSL certificate for the site in Internet Information Services (IIS). SSL 2.0 is not supported due to vulnerabilities.

Setup and configuration

Installation instructions

Note: Push installation through Policy Manager Console is not supported for clean installations of Email and Server Security, only for upgrades.

Before you install Email and Server Security, uninstall any potentially conflicting products, such as other antivirus or server security software.

To install the product, you need to log in with administrator-level privileges.

Note: Microsoft® SQL Server should be available for the installation. As of ESS version 14, SQL Express is no longer included in the installer.

Upgrade installation

You can upgrade Email and Server Security from the previous versions of products by running the setup program and following the installation instructions. You can upgrade the following product versions:

• Server Security 12.x or 14.x
• Email and Server Security 12.x or 14.x

Refer to the manual for detailed upgrade instructions.

Installation and configuration of Email Quarantine Manager

After installing Email and Server Security 15.00 with Anti-Virus for Microsoft Exchange on your server, see the following file for further instructions:

C:\Program Files (x86)\F-Secure\Email and Server Security\EQM\EQM installation instructions.htm

Contact information and feedback

We look forward to hearing your comments and feedback on the product functionality, usability and performance.

Please report any technical issues:

• Support web site: https://www.withsecure.com/en/support
• Community: https://community.withsecure.com/

Please attach the system summary report collected with the preinstalled “F-Secure Email and Server Security Premium Support Tool” when you report a technical problem. It contains basic information about hardware, operating system, network configuration, and installed F-Secure and third-party software.

Note: You need to have the local administrator rights to collect the system summary report.

AleksandrG

Email and Server Security 15.10

Email and Server Security Premium 15.10

New features and improvements

• Added support for Exchange 2016 CU 20+ and Exchange 2019 CU9+: the administrator account that is used to scan items in mailboxes and public folders must be defined in the Email and Server Security configuration. The user must be a member of the built-in Administrators group and have the permission to access and edit items in the public folders.
• Added localization to the manual scanning report of the public folders and mailboxes.
• Added an option to set trusted and denied addresses for the Unsafe URL scanning
• The WebConsole login process has been improved and made more stable
• Added a warning message for WebConsole if the user trying to log in does not have enough privileges
• Added a separate log for tracking email notifications
• Added an option to send a notification if the password protected archive is stripped
• Added an option to send a notification if the archive nesting level is exceeded
• Notifications have been improved: if the email is dropped for several reasons, notifications will be send accordingly
• 'Direction' field has been added to all Transport Agent alerts
• Fix for the potential issue with AV4SHP services starting before FS Cosmos is ready
• Fix for the Unsafe URL display in EQM
• Fix for EQM unable to release emails to all recipients
• Revised Device Control:
  • Added new rules for MTP (Media Transfer Protocol) and PTP (Picture Transfer Protocol) devices
  • Added a configurable per-rule alerting behavior
  • Added a device control alerting management option - one can either choose whether to receive alerts for all connection attempts or only for devices that have not been connected previously
  • Executables can now be allowed to run on specified removable storage devices
  • Fixed an issue with USB mass storage devices in Windows 10
• Software Updater components are now updated automatically
• Software Updater can prompt users to close applications that are being updated
• Added an option to unregister the RDR sensor or change the RDR sensor keycode without reinstallation
• Added an option to download product updates over HTTPS
• Added a connection testing tool (fsconnectionchecker.exe) to the product. This tool can be used to check connection issues to the required servers on the machine where the product is already installed, or on a clean machine.
• Host identity update logic is now configurable through policies
• Other small improvements and enhancements:
  • The period for considering virus definitions outdated is now configurable
  • Added an option to report false positives from local client
  • Added an option to exclude the spyware/riskware infection by the infection name
  • Added a dedicated action on an infection for spyware and riskware
  • New status 'RebootPending' has been added for the centralized quarantine
  • Centrally managed UI status now reflects the status of the connectivity to PM
  • Introduced an option to turn off all security features / firewall for the set amount of time
  • Email and Server Security installation completeness status has been added to the registry HKLM\SOFTWARE\WOW6432Node\F-Secure\NS\default\OneClient\CosmosMirror\ProtectionStatus
  • The firewall profile auto-selection problem occurring in some conditions has been fixed
  • The incomplete product update downloads that caused problems with the updates flow in some conditions have been fixed
  • The issue that caused an abnormal amount of "check now" requests has been fixed
• Cleaned up the deprecated ORSP proxy setting that was left in the registry, which could break the HTTP proxy detection logic
• Improved the proxy detection logic for Ultralight/Security cloud
• The scheduled scan action on infection policy is now taken into use
• A possible memory leak in Device control has been fixed
• Introduced Windows Dark mode support
• Note: This Email and Server Security version requires Policy Manager 15.20.

Supported operating systems

The product can be installed on a computer running one of the following operating systems:

• Microsoft® Windows Server 2008 R2
• Microsoft Windows Small Business Server 2011
• Microsoft® Windows Server 2012
• Microsoft® Windows Server 2012 Essentials
• Microsoft® Windows Server 2012 R2
• Microsoft® Windows Server 2012 R2 Essentials
• Microsoft® Windows Server 2012 R2 Foundation
• Microsoft® Windows Server 2016 Standard
• Microsoft® Windows Server 2016 Essentials
• Microsoft® Windows Server 2016 Datacenter
• Microsoft® Windows Server 2016 Core
• Microsoft® Windows Server 2019 Standard
• Microsoft® Windows Server 2019 Essentials
• Microsoft® Windows Server 2019 Datacenter
• Microsoft® Windows Server 2019 Core
• Microsoft® Windows Server 2022 Preview

Note: Windows Server 2016 Nano is not supported.

Note: ARM is not supported

All Microsoft Windows Server editions are supported  except:

• Windows Server for Itanium processor
• Windows HPC editions for specific hardware
• Windows Storage editions
• Windows MultiPoint Server
• Windows Home Server

Note: All operating systems are required to have the latest Service Pack installed.

Note: For performance and security reasons, you can install the product only on an NTFS partition.

Prerequisites

Microsoft .Net 4.7.2 must be installed on the system.

Supported Microsoft Exchange Servers

Email and Server Security can be installed on a computer running the following Microsoft Exchange Server versions:

• Microsoft® Exchange Server 2013 w/o service pack, service pack 1 (CU23, CU22, CU21)
• Microsoft® Exchange Server 2016 (CU23, CU22, CU21, CU20, CU19, CU18, CU17, CU16, CU15, CU14, CU13, CU12, CU11)
• Microsoft® Exchange Server 2019 (CU12, CU11, CU10, CU9, CU8, CU7, CU6, CU5, CU4,CU3, CU2, CU1)

The cumulative updates (CU) that support .NET Framework 4.7.2 are indicated in parentheses. For more detailed information, see https://docs.microsoft.com/en-us/Exchange/plan-and-deploy/supportability-matrix?view=exchserver-2019#microsoft-net-framework.

Note: Microsoft Exchange Server 2013 SP1 requires a special fix, which allows third-party or custom-developed transport agents to be installed correctly. The fix and its installation instructions are available in Microsoft Knowledge Base article 2938053.

To use Email Quarantine Manager, you need Microsoft Internet Information Server up and running in your environment. This is available as part of Microsoft Exchange Server.

Cluster environments

Email and Server Security can be installed on Microsoft Exchange Server clusters. The following cluster configurations are supported:

• Microsoft® Exchange Server 2013 Database Availability Groups
• Microsoft® Exchange Server 2016 Database Availability Groups
• Microsoft® Exchange Server 2019 Database Availability Groups

SQL Server requirements

Email and Server Security requires Microsoft® SQL Server for the quarantine management. The following versions of Microsoft SQL Server are recommended:

• Microsoft® SQL Server 2008 (Enterprise, Standard, Workgroup or Express Edition)
• Microsoft® SQL Server 2008 R2 (Enterprise, Standard, Workgroup or Express Edition)
• Microsoft® SQL Server 2012 (Enterprise, Business Intelligence, Standard, or Express Edition)
• Microsoft® SQL Server 2014 (all editions)
• Microsoft® SQL Server 2016 (all editions)
• Microsoft® SQL Server 2017 (all editions)
• Microsoft® SQL Server 2019 (all editions) 

Important: We do not recommend using MSDE or Microsoft SQL Server Express edition if you are planning to use the centralized quarantine management or if your organization sends and receives a large number of emails. For more information about the limitations of the Microsoft SQL Server Express or MSDE, see the product manual.

AleksandrG

Supported terminal servers

Email and Server Security supports the following terminal server platforms:

• Microsoft Windows Terminal/RDP Services (on the above mentioned Windows Server platforms)
• Citrix® XenApp 5.0
• Citrix® XenApp 6.0
• Citrix® XenApp 6.5
• Citrix® XenApp 7.5, 7.6, 7.14, 7.15
• Citrix® Virtual Apps and Desktops 2009

Supported Microsoft SharePoint servers

Email and Server Security can be installed on a computer running the following Microsoft SharePoint Server versions:

• Microsoft® SharePoint 2013 with the latest service pack
• Microsoft® SharePoint 2016
• Microsoft® SharePoint 2019
• Microsoft® SharePoint Server Subscription Edition

Browser requirements

To administer the product with Web Console, one of the following web browsers is required:

• Microsoft Edge (up-to-date versions)
• Mozilla Firefox (up-to-date versions)
• Google Chrome (up-to-date versions)

Note: Allowing hosts to access the web console requires configuring an SSL certificate for the site in Internet Information Services (IIS). SSL 2.0 is not supported due to vulnerabilities.

Setup and configuration

Installation instructions

Note: Push installation through Policy Manager Console is not supported for clean installations of Email and Server Security, only for upgrades.

Before you install Email and Server Security, uninstall any potentially conflicting products, such as other antivirus or server security software.

To install the product, you need to log in with administrator-level privileges.

Note: Microsoft® SQL Server should be available for the installation. As of ESS version 14, SQL Express is no longer included in the installer.

Upgrade installation

You can upgrade Email and Server Security from the previous versions of products by running the setup program and following the installation instructions. You can upgrade the following product versions:

• Server Security 12.x, 14.x, 15.x
• Email and Server Security 12.x, 14.x, 15.x (for 14.x and 15.x AV4MSE installations an additional run of c:\Program Files (x86)\F-Secure\Email and Server Security\ui\F-Secure.Ess.Config.exe in order to set the Exchange Administrator account is required)

Refer to the manual for detailed upgrade instructions.

Installation and configuration of Email Quarantine Manager

After installing Email and Server Security 15.10 with Anti-Virus for Microsoft Exchange on your server, see the following file for further instructions:
c:\Program Files (x86)\F-Secure\Email and Server Security\EQM\EQM installation instructions.htm