Standalone/Air-Gap Usage

Hi Folks,

I'm looking over various anti-virus solutions right now for potential use, but I have a unique wrinkle. I work in an air-gapped environment, where the systems do not have access to the internet for signature and product updates.

My question is: Does F-Secure have a method of using their endpoint protection products on standalone networks and to update those products via offline methods? If so, is there a paper, or instruction, I can look at?

Next wrinkle, I need to install the same products on some standalone systems, which literally have no network connection as you may understand it (stuff like MODBUS). Any support here?

Thanks!

Mike

Find more posts tagged with

Comments

mtoecker

Thank you everyone for your replies, I'll be taking a look at the solutions provided. Unfortunately, I don't have a choice in going for the offline version, regulations regarding cyber security in the industry I work in are very specific on what interactions are allowed to the outside internet: none.

Mike

etomcat

Hello,

Some remarks:

- F-Secure's corporate market, workstation protection suite (called FSAV Client Security 12) doesn't have .EXE or .MSI installation package any more. It comes as a .JAR file that can only be made into an .MSI using the "F-Secure Policy Manager" centralized control system.

( If you can demonstrate the need to F-Secure support, "Policy Manager" centralized control system can be licensed with an off-line token file. Tthe normal method uses recurring online licenc checks. )

- Even if you could operate AV protection in totally off-line mode, the protection level will be about 33% less, compared to the networked (access to public net) mode, because instant online reputation lookups (the Cloud) is now a very important aspect of antivirus technology. That's true of almost all AV vendors, not just F-Secure.

- The "offline" virus recognition database updating method provided by F-Secure is somewhat unefficient, as it means downloading a ~270MB sized file again and again (preferrably once every day for optimal protection) and transferring the file to the isolated machines using a USB stick, for example.

Best regards: Tamas Feher, Hungary.

Ben

Hi mToecker,

You can use the fsdbupdates tools to update isolated environments
https://www.f-secure.com/en/web/labs_global/database-updates

Our end-point clients don't all support officially standalone installation.