F-Secure Computer Protection: Main differences compared to Workstation Security 12

PetriKuikka
PetriKuikka W/ Member Posts: 236 Threat Terminator

Protection Service for Business’s latest generation of endpoint security client is F-Secure Computer Protection. This product is replacing Workstation Security 12 clients that will be End of Life on 31st of March, 2019.

 

F-Secure Computer Protection has been in production for a year.

F-Secure has now introduced a migration tool that allows the Solution Provider to migrate easily to Computer Protection clients.

Both security clients can be used with the same license key, no change in subscription is required.

 

Computer Protection UI when using “Computer Protection Premium & Rapid Detection and Response” license..png

 

Major changes in Computer Protection

  • Anti-malware:
    • Significantly revised scanning architecture using the latest technology from the F-Secure Lab, including native support for 64-bit technology.
    • Unifies behavior of security components and brings the possibility to add new security features more easily in the future.
  • Firewall:
    • Remotely managed Microsoft Firewall.
    • Our security experts updated the default Firewall profiles to handle the most significant threats.
  • General:
    • Silent Computer Protection upgrades without the need to reboot the computer allowing regular updates of the client.
    • Completely revised update technology, bringing significant reduction in network bandwidth usage.
    • MSI package available (see the article Remote Installation  of Computer Protection article)
    • Uninstallation can be protected by a password configured in PSB Portal
    • Many performance and stability improvements.
    • Extensible client architecture, allowing easier integration of new features. For example, the premium features and Rapid Detection and Response (RDR) can easily be activated..
  • Remote change of subscription key (without client re-installation) from PSB portal. The computer automatically take into use the new product associated with the key (e.g. Computer Protection Premium and RDR). That replaces the ability to change the key from the client.
  • Remote isolation of a computer
  • Device Control:
    • To restrict the usage of USB devices, such as a memory stick or web cam
    • Provide visibility to the USB devices of a computer
  • F-Secure Endpoint Proxy: It reduces the bandwith usage by caching malware database updates
  • Improved visibility in device details view:
    • Scan report in portal: If an admin suspect an issue with a Windows computer, he will be able to check the latest scan report (it might be a scan triggered from portal, or scheduled or manual) remotely.
    • Active Directory information: Active Directory name, Organizational unit, Domain Components and GUID are visible.
    • Domain and Windows name are visible
  • Active Directory (AD) filtering: By searching an AD domain in the device list view, only the computers using this domain are displayed. A new category for Active Directory is also available

  • Remote diagnostic file (fsdiag): In case of problem with a computer, the PSB administrator can select the computer and request a diagnostic file to be uploaded to F-Secure. The administrator should then provide the reference number (available from the device operations tab, or the view fsdiag operation in support page) to F-Secure in a support ticket.
  • RMM Support (Remote Management and Monitoring) as described in the article: Computer Protection integration with RMM software

Computer Protection Premium:

The Premium offer can simply be activated by upgrading the subscription or remotely changing the key without any action required on the client. It includes:

  • Application Control: Providing fine grain rules to control the applications running on a computer.
    • Default security rules to block the most common threats providing yet another layer of defense
    • Configurable rules to block or allow applications and scripts
    • White and black list
    • Monitoring mode to evaluate rules before enforcing them
  • DataGuard: Protecting specific folder to block for example ransomware from modifying them

 

Rapid Detection and Response (RDR) 

RDR can simply be activated by upgrading the subscription or remotely changing the subscription key without any action required on the client.

RDR is an automatic advanced threat identification, that allows an IT team or managed service provider can detect and stop targeted attacks quickly and efficiently. It consists of:

  • Lightweight sensors monitor your endpoint users' behaviour and stream the events to F-Secure cloud in real-time.
  • F-Secure's real-time behavioural analytics and Broad Context Detection™ distinguish malicious behaviour patterns and identify real attacks.
  • Visualised broad context and descriptive attack information make confirming a detection easy. F-Secure Partner or your own IT team manages the alerts, and there's an option to elevate tough investigations to F-Secure.
  • Following a confirmed detection, our solution provides advice and recommendations to guide you through the necessary steps to contain and remediate the threat.

 

Features dropped:

  • Support for Windows Vista: They account for less than 0,2% of our installed base.
  • Email and Spam scanning: This is removed due to the generalization of end to end encryption for email and of widespread use of cloud emails.
  • Neighborcast: The introduction of F-Secure Endpoint Proxy and the reduction of overall bandwith usagereduces the need for complex solution such as neighborcast.
«1

Comments

  • PetriKuikka
    PetriKuikka W/ Member Posts: 236 Threat Terminator

    Hi,

     

    couple of clarifications to questions coming to our direction.

     

    Q: Do I need a separate subscription for F-Secure Computer Protection than for Workstation Security 12?

    A: No you don't. Both of these clients can be installed with same "F-Secure PSB Workstation Security" -subscription.

     

    Q: Can I installs both "F-Secure Computer Protection" and "F-Secure PSB Workstation Security"  to same company?

    A: Yes you can. At the moment you can choose which product you want to use. Each installation uses one seat from the subscription and you cannot install both product to same computer.

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    Derar Sirs,

     

    Supposedly there is also "artificial intelligence" equipped DeepGuard included in F-Secure CP 17.1 (although I don't know what exactly that means).

     

    Meanwhile, FSAV PSB 12 has only DG5.0, even though DG6 has been available in the home-user products for a long time and we were promised it is going to be adopted in the for-business product line as well.

     

    Yours Sincerely: Tamas Feher, Hungary.

  • Paintsu
    Paintsu W/ Alumni Posts: 1 Security Scout

    Are we getting automatic update from Workstation Security 12 at some point?

  • maaretp
    maaretp W/ Alumni Posts: 62 W/ Former Staff
    All existing Workstation 12 users will be upgraded, but the schedule of that is open as of yet. We're looking into schedules of late this year / early next year.
  • BeckyL
    BeckyL W/ Alumni Posts: 1 Security Scout

     

      • Installer is currently only available as a network installer.

    Does this mean software currently only available for download from PSB portal direct to single clients - can I still download a single installer from clients portal, copy to USB and install on multiple devices?

  • maaretp
    maaretp W/ Alumni Posts: 62 W/ Former Staff

    It means that while you can take the installer on your USB stick, when run it will, for each installed client, download the product.

     

          --Maaret

  • Calango_IT
    Calango_IT W/ Alumni Posts: 1 Security Scout

    Hi,

    As I understood the Computer Protection client could be downloaded trough the Management Portal...

    https://community.f-secure.com/t5/PSB-piloting/F-Secure-Computer-Protection/m-p/94241

     

    But on my/our portal, I can only see PSB 12 available for download...

    How do I get the new client?

     

    Best regards

    Alvaro

  • MattiasN
    MattiasN W/ Alumni Posts: 10 Security Scout

    Is it possible to silent install it and provide the license key in the installation process for mass deployment ?

  • maaretp
    maaretp W/ Alumni Posts: 62 W/ Former Staff

    Ability to install silently (without any dialogs) is still on the list of things to add later. You can embed the keycode in the file name and it is used then as part of the installation process.

  • maaretp
    maaretp W/ Alumni Posts: 62 W/ Former Staff

    The power of deciding which companies see the new Computer Protection is with the Solution Providers, and thus not all companies have the download option yet visible. We are increasing visibility to all companies gradually, and with our launch in end of September, it will be available for all.

  • AndyRD
    AndyRD W/ Alumni Posts: 16 Junior Protector

    Hi Tamas,

     

    I'm pleased to inform you that Computer Protection introduces DeepGuard 6.

  • Lunacom
    Lunacom W/ Alumni Posts: 1 Security Scout

    Hi,

    Why did you delete Email and Spam scanning features?

    Thanks

    Michele

  • SergeH
    SergeH W/ Partner, W/ Staff, W/ Product Leadership, W/ Article Coordinator Posts: 45 W/ Product Leadership

    The email scanning and spam filtering in Workstation Security 12 had a too limited scope. It supports only non-encrypted POP3 emails.

    There is less and less usage of non-encrypted POP3 emails, as many companies are using encryption to protect the connection to the email server. In addition, there is a rapid growth of cloud based email solution.

    It is not really possible to analyze encrypted emails from a client. F-Secure Computer protection has multiple layers of security to prevent a malware from executing and propagating after it is received, whether it is received from an email or any other channels.

    So we decided to remove email scanning from the new client.

    There is definitively value in blocking threats as early as possible, and companies should consider deploying an extra layer of security by adding an email security solution such as F-Secure Internet Gatekeeper next to their email server. Using encryption between the email client and server is also a good security practice.

  • RIS-PHILIPPE
    RIS-PHILIPPE W/ Alumni Posts: 4 Security Scout

    hello,

     

    Actually we used only the silent install of FSB.... we need a standalone installer quickly to deploy the new version of Computer Protection. Please help us !

     

    philippe

  • maaretp
    maaretp W/ Alumni Posts: 62 W/ Former Staff

    We are working on a significant change on the installations so that we could have those available. There is an open proposal on a intermediate silent installer that would hide the dialogs when all things go well would in case of problems would resolve to showing dialogs (not completely silent). Would an intermediate step like that be helpful / desired to you?

  • jeeper
    jeeper W/ Alumni Posts: 1 Security Scout

    What's in a name. Computer protection sounds much cheaper then Protection Service for Business. It wasn't  easy to sell this in the first place for the current price. It will be much harder to sell this. Computer protection you can buy everywhere.

  • maaretp
    maaretp W/ Alumni Posts: 62 W/ Former Staff

    Thanks for sharing your sentiment. The product overall is still Protection Service for Businesses, and Computer Protection is one component in that product replacing Workstation Security 12.

  • Dibyo1
    Dibyo1 W/ Alumni Posts: 1 Security Scout
    Removing of email scanning is not the right move. Many organisation uses cloud based email services which may not have proper spam guard. here you are forcing people to buy mail security gateway. 2ndly , I as a channel partner, has cloud based email and my people roam with laptops only. hence the email scanning for me is very essential. Even in near past around 2 months back, some of the spams/ malware mails penetrate my mail server and reached my mail box. But due to F-Secure email scanning it was blocked successfully. Hence email scanning should be included. Moreover encrypted Email services are costly. 2ndly, the device control in PSB should be available after this new upgrade, but I am not getting any hints of that.
  • maaretp
    maaretp W/ Alumni Posts: 62 W/ Former Staff

    Thank you for your feedback. Your proposal on email scanning has been noted but we cannot make any promises on adding it back - that is not a straightforward yes/no thing.

     

    As for the device control, it is off by default which may be why you are not seeing hints on it. Go to portal and turn it on, and you will see more of its blocking functionalities.

     

         Maaret

  • Nicolas26000
    Nicolas26000 W/ Alumni Posts: 2 Security Scout

    Hello,

     

    Can we hope to see in the next upgrade, the capability to set the paramater "By-pass active connexions or not" on the Connexion control ?

     

    Actually it is possible to fix it manually via the Computer Client but not via the Profil PSB...

    On huge infrastructure with numerous clients, it will be appreciable.

     

    Thanks for your feedback.

  • RIS-PHILIPPE
    RIS-PHILIPPE W/ Alumni Posts: 4 Security Scout

    Hello!
    in fact I would need a solution equivalent to the one previously used see this example:

    fspsbwks.exe / SILENT / VARS: DISABLE_REBOOT = true / LANG: EN / K: xxxx-xxxx-xxxx-xxxx-xxxx
    I will also need to have a variable to force the update after the installation or as a second solution, can Computer Protection perhaps launch from the command line with the update request?

    -------------------------------

    salut!
    en fait il me faudrait une solution équivalente a celle précédement utilisé voir cette exemple ci :

    fspsbwks.exe /SILENT /VARSSmiley Very HappyISABLE_REBOOT=true /LANG:FR /K:xxxx-xxxx-xxxx-xxxx-xxxx
    j'aurai aussi besoin d'avoir une variable pour forcer l'update après l'installation ou en seconde solution, Computer Protection peut peut-être lancer en ligne de commande avec la demande de mise à jour ?

  • maaretp
    maaretp W/ Alumni Posts: 62 W/ Former Staff

    Since CP 17.2, it has been possible to run the installer with --silent switch that gives you possibility to install silently in basic case. Need to remove incompatible products (sidegrade) and need to provide subscription info would result in dialogs. Subscription info can be given as part of the installer name (installer_<subscription-code>_.exe).

     

    We are currently preparing a script example for installing with GPO.

     

    We hope this would unblock some people waiting for the installation changes that will take a while longer to be available.

     

         Maaret

  • RIS-PHILIPPE
    RIS-PHILIPPE W/ Alumni Posts: 4 Security Scout
    merci je vais tester tout çà.

    thank you I will test everything here.

  • asanka
    asanka W/ Alumni Posts: 49 Security Scout

    Dear maaret,

     

    Does computer protection only support windows firewall?is there a way to enable F-Secure firewall?

    can we seperatly buy only dataguard without purchasing computer protection premium version?

     

    Thanks   

  • PetriKuikka
    PetriKuikka W/ Member Posts: 236 Threat Terminator

    Hi asanka,

     

    even though I'm not Maaret here are the answers for your questions:

    - Computer Protection uses only Windows firewall with additional F-Secure management and rules on top of it. There is no F-Secure own firewall in it.

    - Current plan is to sell the F-Secure DataGuard only as part of the premium product without any standalone product of it.

     

    Petri

  • asanka
    asanka W/ Alumni Posts: 49 Security Scout

    Dear Petri,

     

    Thanks for your prompt reply.is there any reason to remove f-secure firewall from business product?

    Since ransomware protection(dataguard) is a significant feature,do you have a plan to intergrate with business suite?

     

    Thanks

  • ultimatebhatia
    ultimatebhatia W/ Alumni Posts: 1 Security Scout

    @asanka wrote:

    Dear Petri,

     

    Thanks for your prompt reply.is there any reason to remove f-secure firewall from business product?

    Since ransomware protection(dataguard) is a significant feature,do you have a plan to intergrate with business suite?

     

    Thanks


  • RIS-PHILIPPE
    RIS-PHILIPPE W/ Alumni Posts: 4 Security Scout
     
    hello everything is good for me.

    I use an automatic batch that retrieves the serial from a text file to put it in a variable.
    Then I rename with the move command the file automatically.
    :: the variable that retrieves the serial
    set FSECURESN = 1111-2222-3333-4444-5555
    :: you have to put yourself in the right directory then
    move PSBInstallerPSB1.exe install_% fsecuresn% _. exe
    :: and to launch it
    START / WAIT install_% fsecuresn% _. Exe --SILENT

     

    ------------------------------------------------------------

    salut tout est bon pour moi.

     

    J'utilise un batch automatique qui récupère le serial venant d'un fichier texte pour le mettre dans une variable.

    Ensuite je renome avec la commande move le fichier automatiquement.

    :: la variable qui récupère le serial
    set FSECURESN=1111-2222-3333-4444-5555

    :: il faut se placer dans le bon répertoire puis

    move PSBInstallerPSB1.exe installer_%fsecuresn%_.exe

    :: et pour le lancer

    START /WAIT installer_%fsecuresn%_.exe --SILENT

     

    ca marche merci à toute l'équipe

    philippe

  • PetriKuikka
    PetriKuikka W/ Member Posts: 236 Threat Terminator

    Hi asanka and ultimatebhatia,

     

    here is the official statement for the F-Secure own firewall removal:

    Our new security client, F-Secure Computer Protection, was released on September 27th and is growing fast in popularity. It will eventually replace the Workstation Security clients in our Protection Service for Business product family.

     

    On top of the various architectural and performance improvements, the release includes an exciting set of new features, such as Device Control and the capability to deliver rebootless upgrades. Later, we will also release F-Secure DataGuard and Application Control 2.0.

     

    Furthermore, we have improved our firewall protection capabilities.

    Rather than executing firewall rules with a separate component, we now use the default Windows rule engine to execute F-Secure Firewall rules. This approach brings several considerable enhancements:

    1. It increases compatibility with appliances, such email, web, firewall, or VPN gateways, including UTMs.
    2. It increases compatibility with business applications, such as Salesforce, ServiceNow, etc.
    3. It increases compatibility with any SIEM, RMM, or any other 3rd party auditing, logging, or monitoring tool.
    4. It allows us to provide a broader set of configurable options, such as using the service name or application path. Additionally, we can provide better IPV6 support.
    5. It allows us to focus on building additional intelligence and value-added firewall security capabilities.
    6. It simplifies the network topology and reduces the amount of required configurations.

     

    The F-Secure Expert ruleset, executed by the Windows rules engine, contains an extensive list of advanced rules created by our penetration testers. These provide increased protection against various threats, such as self-propagating ransomware like WannaCry and lateral movement from one client to another. The administrator can create or extend the rulesets to tackle company and context-specific threats.

     

    I hope this answers your question fully for the firewall removal.

     

    DataGuard is coming in next Client Security 13.10 release for the Business Suite customers.

     

    Petri

  • RobertBrown
    RobertBrown W/ Alumni Posts: 4 Security Scout

    Hello All

     

    it would be really nice if you called the program in add/remove programs "F-Secure Computer Protection" rather than "Computer Protection"

     

    Microsoft and most other vendor put there name in front - heaps easier to find and sort that way.

     

    thoughts ?