To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Policy Manager & CS 11.5

boboboi
boboboi Posts: 12 Security Scout

Hello

 

Sometimes I need to install the CS on offline machines on  the network, I need someone to let me understand exactly what happen when I go to Policy Manager -> Installation tab -> Installation Packages -> Import button "here I imported CS V11.5-309". Then there is Export button so the package will be exported as .msi so I can send it to the offline machines  on the network by any media storage like a usb flash disk or a CD. now  what I need to know  is:

- is the exported msi package include my exact custumized domain policy ? if it included then can I update its policy from time to time with an easy method rather than compile a new msi then install again?

- is the exported msi package include the latest definitions database ?  if  not then how to include it or update that offline machine.

 

Thanks

Comments

  • tle
    tle Posts: 16 Security Scout

    Why isn't the lack of fsdbupdate9.exe mentioned in the release notes!?

     

    This is a major issue for some.

  • boboboi
    boboboi Posts: 12 Security Scout

    Yea true, plus if you used the fsdbupdate9 then your av will be malfunctioned.

     
  • Siltanen
    Siltanen Posts: 47 Digital Defender

    Hello boboboi,

     

    Client Security 11.50 is not currently working properly together with fsdbupdate9.exe. We'll currently working on making them work together properly. I'll let you know once we have more details regarding the issue.

  • Gall
    Gall Posts: 4 Security Scout

    Is this related to changed path or the problem is more complicated? How can I update CS 11.5 (and policy manager 11.10) manually?

  • boboboi
    boboboi Posts: 12 Security Scout

    I tried to import the policy file on the client as you told me but I got this message:

    F-Secure Management Agent: The file C:\Windows\TEMP\~avtemp.bpf did not pass signature verification.

     

    Oh I searched on Google and someone mentioned that might happen if the policy manager server got altered.

    Yes that's right I have uninstalled it completely then reinstalled it because I wanted to revert back to default root policy.

    So now what is the solution?

     

  • Siltanen
    Siltanen Posts: 47 Digital Defender

    >I tried to import the policy file on the client as you told me but I got this message:

    >F-Secure Management Agent: The file C:\Windows\TEMP\~avtemp.bpf did not pass signature verification.

     

    The message basically means that the host policy file has been signed with a different admin keypair than what the client expects. Therefore the client refuses to take the new settings into use and the error message is displayed. This is intended (security) feature.

     

    >Yes that's right I have uninstalled it completely then reinstalled it because I wanted to revert back to default root policy.

    >So now what is the solution?

     

    It looks like the hosts you have currently deployed in your environment are essentially unmanaged hosts, because they do not trust the new admin keypair of the (reinstalled) Policy Manager Server.

     

    However, luckily there are still means to recover from this situation.

     

    At this stage I would suggest you contact our support either via phone or via filling a support ticket through our website.

    http://www.f-secure.com/en/web/business_global/support/contact

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Hello,

     

    > Sometimes I need to install the CS on offline machines on  the network

     

    Generally speaking, I don't think that's a good idea. You should either set up a VPN to let the clients see the FSPM box all the time or use the FSAV PSB alternative, with its public web cloud based management. (I think a part of the FS CS license fleet can be converted to PSB / Protection Service for Business seats, if you ask hard enough.)

     

    Anyhow, sending out antivirus packages, which the end users will surely turn off or disable at the first occasion and you never learn about that, is not really useful. It kind of defeats the very purpose of centralized management!

     

    Sincerely: Tamas Feher, Hungary.

  • Vad
    Vad Posts: 1,069 Cybercrime Crusader

    Hello all,

     

    Fixed version of fsdbupdate9.exe is available now. It supports PM 11.10, CS 11.50 and SS/ESS 10.50.

     

    Best regards,

    Vad

  • boboboi
    boboboi Posts: 12 Security Scout

    even i used fsdbupdate9.exe  still FCS dowloands many updates afterwards !

     
  • Vad
    Vad Posts: 1,069 Cybercrime Crusader

    Hello boboboi,

     

    Note that F-Secure is publishing several new DB updates every day. So fsdbupdate9.exe will have not latest updates (become outdated) in a few hours. This is normal, that the product will continue downloading newer updates if they are available already after fsdbupdate9.exe installation.

     

    Best regards,

    Vad

     

This discussion has been closed.

Categories