To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

How to disable connections to F-Secure Servers on internet completly?

tle W/ Alumni Posts: 16 Security Scout

Just wondering how to disable connections to F-Secure servers on internet from PM / CS / Linux Security products completely?


Even if the settings on PM are made that do not participate in Real-Time protection network, checkbox still remains checked in CS 9.1


Also, computers are doing DNS queries against DNS servers for and I'd like to stop this behaviour because internet connection is not available...


  • Vad
    Vad W/ Alumni Posts: 1,069 Cybercrime Crusader



    Regarding participation in Real-Time protection network. The settings made in PM Console works fine. There is a bug in GUI - it doesn't reflect the changes made from PM correctly. This bug is fixed in CS 9.20.


    Don't know, if anything could be done with DNS queries.

  • Peter
    Peter W/ Alumni Posts: 127 Threat Terminator

    To clarify, the checkbox in the local GUI affects whether the client provides/contributes additional anonymous information upstream which helps us develop the service (URLs visited etc).

    It does not affect whether the Real-Time Protection Network Client is in use or not.  In fact if you disable the setting, Real-Time Protection client still stays connected & active.


    To check the status of the Real-time Protection Network:

    - On the main page, click Settings
    - select Other settings, Connection

    Network status stays "Connected" even if you uncheck the checkbox in the GUI.

    If you need to disable the client completely which is not recommended(!) but is an option in a completely closed network environment, use Policy Manager Console:

    F-Secure Real-time Protection Network Client
        Client is enabled = No

    This disables the Real-time protection client.

    With regards to the DNS queries, I do recollect a previous problem where if Automatic Update Agent fails to resolve it will continuously retry the attempt, even if fallback to F-Secure Update Servers is disabled.


    The issue is not fixed but there is a workaround: configure a local DNS server to resolve to some dummy address.


    Hope this helps!


  • MJ-perComp
    MJ-perComp W/ Alumni Posts: 669 Firewall Master



    would you mind to elaborate WHY you want to switch off communication with the F-Secure servers?

    Maybe we can give you a better advise or justification to keep it on!




  • tle
    tle W/ Alumni Posts: 16 Security Scout



    Closed environment, no internet connection available so those queries for are useless.


  • MJ-perComp
    MJ-perComp W/ Alumni Posts: 669 Firewall Master



    so you are complaining about connections to fsbwserver and not ORSP?!


    If you have a PMS/AUS running inside you can disable "fallback to F-Secure" in the policy.

    But that requires that the PMS gets regular updates (either automatically or via FSDBUPDATE.

    Please keep in mind that when you install a fsdbupdate only once a day you will miss fixes for false positives too!


    Stopping ORSP communication is possible as well as Peter wrote and he is very right to point out this is NOT RECOMMENDED.


    All vendors use reputation services to

    - speed up detection of new malware

    - reduce the risk of false positives

    - doublechecking a "possible infection"


    The DBs have grown to 250 MB and keep growing at high rate. This can only be stopped if detections become more generic. More generic means higher risk for a false positive. And to avoid that the scanner needs to check the hash of the   "possible" malware against the reputation servers.


    My recommendation is to drill a hole into the firewall and allow communication to the well defined F-Secure servers only. The list of IPs is documented in the knowledgebase:


    The concept of  "no outside communicaton" is about 15 years old and does no longer fit todays IT reallity.




  • tle
    tle W/ Alumni Posts: 16 Security Scout

    ...All the settings regarding connections to F-Secure servers are disabled from the PM, still connections are made and I just want it to stop.


    I'm aware that no internet connection is something old etc, that's not what I was asking.


    Is it so that you cannot stop these products to connect or not?


This discussion has been closed.