To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Policy manager - Autodiscover window and installing updates

jhc_dk
jhc_dk Posts: 9 Cyber Knight

Hello

 

How come (in the autodiscover window) that the console is unable to register the installed version of FSMA?

 

As seen on the below screenshot, all are registered as unknown or unknown, unavailable. This has been the case for as long as I can remember (We have used F-secure for several years). I would be nice to know if the clients are updated or dont have anything installed!

 

f-sec.jpg

 

 

Another issue that has been bugging me is that the console is unable to bypass the firewall on the F-secure klient version, so you cannot roll out updates without disabling the firewall first. I take it there is a way to setup access between the management server and the client in the firewall settings? Anyone know what I should add to make it work without disabling the firewall?

 

Thanks in advance

Comments

  • daempii
    daempii MyAccount Posts: 7 Security Scout

    Hi there. This may be old, but I still want to know if this problem has been fixed or any feature has been added to resolve this? Thanks. image

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master

    To resolve the Version PMC would need access to the remote registry which is blocked by either Windows Firewall or F-Secure Firewall.

  • jhc_dk
    jhc_dk Posts: 9 Cyber Knight

    Well neither are running. So that's not the answer

  • jhc_dk
    jhc_dk Posts: 9 Cyber Knight

    Im guessing I have to enable remote access to some registry settings (?) - but which?

     

    I tried enabling remote access to:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Data Fellows\F-Secure\Management Agent

     

    Which has a version number and other info, but client fsma version is still being listed as unknown.

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master

    I guess that is because it is searching the old 32-bit entries...

  • jhc_dk
    jhc_dk Posts: 9 Cyber Knight

    I take it there is no solution to this problem?

  • jackma
    jackma Posts: 25 Cyber Knight
    Hi,

    I cannot comment on your direct effect you have, you should contact support for that: http://www.f-secure.com/en/web/business_global/support/contact

    But I believe you are trying to upgrade already installed F-Secure clients?

    Then optimally not a push installation should be used, but our policy based installation type. Is there a reason you do not prefer it this way?

    There is a "installation" tab where you will see how many systems have which version of the product installed. Unfortunately that will not help you identify which systems have no F-Secure at all - but by using the auto discover hosts you are also only relying on seeing online hosts, hosts switched off will not give any feedback at all.

    Possibly a rollout script can also help make sure the product is installed everywhere like this one :

    Example script (install.bat):

    ECHO OFF
    IF EXIST C:\dummyfile.0 EXIT
    START /WAIT psbinstallationfile.exe /SILENT /K:xxxx-xxxx-xxx /LANG:ENG /REBOOTDELAY:360
    PRINT > C:\dummyfile.0
    EXIT

    Comment: The script will obviously have to be run with at least local administrator privileges. It will not install the products twice as long as it can find the C:\dummyfile.0 file which is checked before the actual installation starts.
  • jhc_dk
    jhc_dk Posts: 9 Cyber Knight

    Thanks for your lengthy reply, but we stalled at the inability of the "autodiscover windows hosts" window to display the installed fsma version (unable to connect to registry problem).

     

    I have tried to grant access to lots of f-secure registry settings with a gpo, but still the manager can't access that information.

     

    I am able to deploy f-secure from that window, although new clients aren't showing up in the console (even when they are forced to generate a unique ID), but that's for another topic, I guess. It's been a while since I dug deep into the f-secure issues, but there seems to be so many issues, once you get going.. it's hard to recommend the product, but we are getting it cheap as a school license, so I guess we will just have to live with these annoying bugs.

     

     

  • thommck
    thommck Posts: 6 Security Scout

    I was getting this on Windows 7 PCs that I had pushed the installation too.

     

    I started the "Remote Registry" service from the PCs' Windows Services Management Console and the Auto-discover then worked as expected.

    If you change the services startup type to "automatic" then it should start up when the PC does.

     

    I was thinking of doing this through group policy but that may open up more security holes than it may be worth?

This discussion has been closed.

Categories