Hot-Fix: are these downloadable and deployable from PMS?
We have just upgraded from a really old f-secure client where we had locally administrated installations and now we decided to use PMS, which seems really nice so far.
Three questions remains:
1. Are hotfixes downloaded and deployed to all clients/servers from the FSAUA or are these supposed to be managed using policies and pushed to all clients/servers from PMS and how can i tell what hotfixes are applied to each installation?
2. Are all hotfixes included in the JAR-packages from the download page or is the JAR-file "static", meaning that we have to download all hotfixes and deploy them manually (depending on answer on Q1)?
3. After installing Server Security on a bunch of servers we discovered that the FS icon is marked with a red cross and, when clicking on it , reporting "malfunction" because no scanners are loaded. If I open the webpage admin on a(ny) of these servers, everything is working as intended. The question here is: is the "malfunction" by design (ie. it should not be possible to perform a scan using the non-web-gui) or have we missed something critical? This is only happening with the Server Security package, Email and Server Security is working fine and also the Client Security is working just fine.
Servers are all running 2012 R2, Clients are Window 7 and Windows 10, Exchange server 2013. All servers are patched up completely. We have tried reinstallation (both manually and using PMS to push out the package) several times without success. We cannot initiate a scan using the non-web-gui on any server but there are no problems when using the web-gui.
1. You will need to deploy the hotfix packages with .jar package and a policy distribution.
You can check that a hotfix is applied in antivirus mode under the Status>Installed software tabs.
2. The Hotfix available are to be deployed after installation and are not included in the installer packages you can download.
3. You most likely have included the offload scanning agent module in the installation package of the Server Security.
This component is meant to be installed on virtual servers & workstations and in use with SRS servers.
Offload Scanning Agent can be installed in order to offload malware scanning and content reputation checking to a dedicated server running F-Secure Scanning and Reputation Server. This allows to minimize the performance impact to virtualization infrastructure.
In order to solve this issue, you unfortunately need to uninstall and reinstall the impacted clients, without this component OSA.
Superb, thanks! Already begun the process of deployment to servers, clients and it looks fine so far.
So, of course I have a follow-up question and also a new question
1. Does this malfunction in any way impact the products capability to scan on demand or scan in realtime? It looks OK from the web-guis' point of view, we can scan there and realtime scan seems OK. If you suggest that we should re-install the software and remove the OSA, I'll do that, its not a big issue for me actually.
2. Do you have any thoughts on using Exchange built-in spam control together with F-secure Email and Server Security? We have not yet enabled the spam control in Exchange since F-secure is doing a really good job at it so far, I was thinking of testing on one mailbox but I am a bit uncertain because Microsoft (and others) seem to suggest NOT to enable the spam control in Exchange if there is any third party software installed to do the job.
Take care and thanks for the quick reply!
1.If the Offload Scanning Agent is installed without SRS server than the scanning and protection will indeed be hindered.
2. It might indeed create some conflict and as Microsoft does not recommend it, it should be disabled with a third party sofware.
Thanks a bunch! I'll get right on it