Issue: When the Web traffic scanning feature is enabled, some applications are unable to connect to an internal server and some URLs are inaccessible or some applications have connectivity or performance issuesJava-based applications unable to connect to an internal server or there are connectivity issues.Resolution: If the Web Traffic Scanning is causing issues for an application that connects to an internal server, you can add the server address as trusted. This will exclude the network traffic from Web Traffic Scanning. How to add the server address as trusted differs between Client Security and Server Security versions: For Client Security 13.x: Log in to Policy Manager ConsoleSelect the host or domain from the Domain TreeGo to the Settings tab and select Advanced viewNavigate to F-Secure Anti-Virus -> Settings -> Settings for Web Traffic Scanning -> Trusted ServersClick Add and enter the server address Distribute the policy (Ctrl+D) With Client Security 13.x clients the address needs to have the /* wildcard added after the server address, for example: http://193.110.109.55/*http://sql-server-2008:8080/*SAMPLESERVER:8080/* For Client Security / Server Security 14.x and 15.x: Log in to Policy Manager ConsoleSelect the host or domain from the Domain TreeGo to the Settings tab and select Standard viewGo to the Web content control pageClick Add on the right side of the Trusted sites listEnter the server address in the Address columnDistribute the policy (Ctrl+D) With Client Security / Server Security 14.x and 15.x clients no wildcard is needed in the address, for example: http://193.110.109.55http://sql-server-2008:8080SAMPLESERVER:8080 If the steps above did not solve your problem, disable Botnet Blocker to see if it is the cause for the issue. How to disable Botnet blocker: Log in to Policy Manager ConsoleSelect the host or domain from the Domain TreeGo to the Settings tab and select Standard viewNavigate to Web traffic scanning and select Botnet BlockerSet the DNS query filtering to Allow all queriesDistribute the policy (Ctrl+D) If disabling disabling the Botnet blocker did not solve the issue, disable DeepGuard temporarily and then try to reproduce the issue. How to disable DeepGuard: Open the Client Security local user interfaceGo to the Malware Protection tabClick Edit settings from the left side of the user interface to enable administrator rightsDisable DeepGuard using the on / off switch If the issue is resolved by disabling DeepGuard, you can create a DeepGuard exclusion in the policy: Log in to the Policy Manager ConsoleSelect a host or policy domain from the Domain TreeGo to the Settings tabGo to the Real-time scanning settings pageScroll down to the Files and applications excluded from scanning table and enable Do not scan the following files and applications Click Add on the right side of the table Add the application path and click OKDistribute the policy (Ctrl + D) It is also good to make sure ORSP Service (Security Cloud) is enabled. You may find more information about the Security Cloud here How to enable ORSP via Policy Manager console: Log in to Policy Manager ConsoleSelect the host or domain from the Domain TreeGo to the Settings tab (Advanced view)Navigate to F-Secure Security Cloud Client > SettingsEnable Allow deeper analysis and Client is enabledDistribute the policy (Ctrl+D) You can ping the ORSP Service on your local client and see if its reachable: orsp.f-secure.com From Web Browser Open http://orsp.f-secure.com/getc and browser must be able to download the certificate file from the URL. If it is reporting an error or the browser hangs for several minutes, then there is a problem. Connectivity to DOORMAN service: Open https://doorman.sc.fsapi.com/doorman/v1/healthcheck and the browser must reply 'OK' You might have to check your firewall settings and allow *.f-secure.com and *.fsapi.com. More about URL addresses for F-Secure update services can be found here.