RELEASE NOTES F-Secure® Server Security Version 10.50 build 287 (RTM) Copyright © 1993-2013 F-Secure Corporation. All Rights Reserved. Portions Copyright © 2004 BackWeb Technologies Inc. This product includes software developed by the Apache Software Foundation (http://www.apache.org/). Copyright © 2000-2004 The Apache Software Foundation. All rights reserved. This product includes PHP, freely available from http://www.php.net/. Copyright © 1999-2006 The PHP Group. All rights reserved. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). Copyright © 1998-2012 The OpenSSL Project. All rights reserved. This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved. This product includes software written by Tim Hudson (tjh@cryptsoft.com). This product includes optional Microsoft SQL Server 2008 R2 SP1 Express Edition. Copyright © 2010 Microsoft Corporation. All rights reserved. This product may be covered by one or more F-Secure patents, including the following: GB2353372, GB2366691, GB2366692, GB2366693, GB2367933, GB2368233, GB2374260 1. General This document contains late-breaking information about F-Secure Server Security 10.50. We strongly recommend that you read the entire document before installing the software. 2. Product contents F-Secure Server Security provides protection for your Microsoft® Windows Server® and Microsoft® Small Business Server. The solution can be licensed and deployed as F-Secure Server Security, on per-server basis. F-Secure Server Security replaces previous F-Secure Anti-Virus for Windows Servers. With F-Secure Server Security license, you can install the following features: Virus & spyware protection – protects your computer against viruses, trojans, spyware, rootkits and other malware. DeepGuard™ – proactive, instant protection against unknown threats. It monitors application behavior and stops potentially harmful activities in real-time. Web traffic scanning – detects and blocks malicious content in web traffic (HTTP protocol) to provide additional protection against malware. Browsing protection – protection for your terminal users against web browser exploits and rogue web sites. Offload scanning – allows to offload malware scanning to F-Secure Scanning and Reputation Server. The solution is available in the following languages: English, German, French, Japanese, Italian, Korean, Polish, Spanish, and Swedish. 3. What’s new 3.1 New features and improvements Offload Scanning Agent – It can be installed in order to offload malware scanning and content reputation checking to a dedicated server running F-Secure Scanning and Reputation Server. This allows to minimize the performance impact to virtualization infrastructure. Host Identification changes – You can chose additional Host Identification methods. The added Host Identification methods are identifying the host by WINS name or MAC address. Randomization of scheduled scan tasks – It is now possible to start scheduled scan tasks with a randomized delay interval. This allows to minimize performance impact when scheduled scanning starts on multiple virtual machines simultaneously. Added support for Microsoft Windows Server 2012 R2 – You can install and use the product on Microsoft Windows Server 2012 R2. Other enhancements made in this release: 3.2 AUA content folder has been moved from %ProgramFIles% to %ProgramData% folder. Fixed issues This section lists important issues fixed in this release: SVCE-301: No scanners available after fsav-1100-bin update is installed SVCE-328: Too many errors with the full computer scan SPT-253: Web Traffic Scanning can cause delay on network services SVCE-413: The client is using random UID even though the MSI package was prepared to use MAC based host identification 4. System requirements Before you install the product, we recommend that you review sections in this topic to ensure that your network, hardware, software, and other system components meet the requirements. Note: The minimum hardware requirements may not be sufficient if you run multiple services on the same system. 4.1 System requirements for F-Secure Server Security installation To install F-Secure Server Security, the following minimum hardware and system requirements are recommended. Hardware 4.2 Computer: Any computer that meets the requirements for the supported operating system. Disk space: 1 GB (1.5 GB free or more is recommended). Internet connection: Internet connection is required to receive updates and use cloudbased detection. Supported Operating Systems The product can be installed on a computer running one of the following operational systems: Microsoft® Windows Server 2003 Microsoft® Windows Server 2003 R2 Microsoft® Windows Server 2008 Microsoft® Windows Server 2008 R2 Microsoft® Small Business Server 2003 Microsoft® Small Business Server 2003 R2 Microsoft® Small Business Server 2008 Microsoft® Small Business Server 2011, Standard edition Microsoft® Small Business Server 2011, Essentials Microsoft® Windows Server 2012 Microsoft® Windows Server 2012 Essentials Microsoft® Windows Server 2012 R2 All Microsoft Windows Server editions are supported except: Windows Server for Itanium processor Windows DataCenter and HPC editions Windows Storage editions Windows MultiPoint Server Windows Home Server Note: All operating systems are required to have the latest Service Pack installed. Note: For performance and security reasons, you can install the product only on NTFS partition. 4.3 Centralized management requirements The following versions of F-Secure Policy Manager are required if you plan to centrally manage F-Secure Server Security installations: 4.4 F-Secure Policy Manager (Windows) 11.10 or newer F-Secure Policy Manager (Linux) 10.30 or newer Other requirements To administer the product with F-Secure Web Console, one of the following web browser software is required: Microsoft Internet Explorer 7.0 or later Mozilla Firefox 3.0 or later Google Chrome (up-to-date versions) Any other Web browser supporting HTTP 1.0, SSL, Java scripts and cookies may be used as well. Before you log in to F-Secure Web Console, check that JavaScript and cookies are enabled in the browser. You need to add the address of F-Secure Web Console (https://127.0.0.1:25023/) to the Trusted sites in the Internet Explorer security options to make sure that F-Secure Web Console works properly. 5. Setup and configuration 5.1 Installation instructions Note: Before you install F-Secure Server Security, uninstall any potentially conflicting products, such as other antivirus or server security software. To install the product, you need to log in with administrator-level privileges. Refer to the manual for detailed installation instructions. 5.2 Installation instructions in Virtual Environments using the F-Secure Offload Scanning Agent If you want to deploy F-Secure Server Security in virtual environment using the Offload Scanning Agent to minimize the performance impact to virtualization infrastructure you need to select the installation of the Offload Scanning Agent during the installation or export of the MSI package. For detailed installation instructions of this feature please refer to the F-Secure Security for Virtual and Cloud Environments deployment guide. Note: Please note that you need to have the Scanning and Reputation Server in place for this functionality to work. 5.3 Remote installation Remote installation with F-Secure Policy Manager is possible for F-Secure Server Security. 5.4 Compatibility with F-Secure Policy Manager The product is not compatible with older versions of F-Secure Policy Manager. To administer the product, use Policy Manager (Windows) version 11.10, Policy Manager (Linux) version 10.30 or newer. 5.5 Upgrade installation You can upgrade F-Secure Server Security from the previous versions of F-Secure products by running the setup program and following the installation instructions. You can upgrade the following product versions: F-Secure Anti-Virus for Windows Servers 9.0 F-Secure Server Security 9.20, 10.00, 10.01 Refer to the manual for detailed upgrade instructions. Note: Upgrade or reinstall the product above similar PSB products are not supported. Uninstall PSB Sever Security or PSB E-mail and Server Security before installing this product. 5.6 Uninstallation instructions To uninstall F-Secure Server Security, use Add or Remove Programs from the Windows Control Panel. Restart the server after uninstalling all the components. Note: Some files and directories may remain under the product installation directory (%ProgramFiles(x86)%\F-Secure), programs data directory (%ALLUSERSPROFILE%\F-Secure), and user’s temporary directories (%TEMP%) after you uninstall the product. We recommend that you remove these directories and files manually. 6. Known issues 6.1 Installation and uninstallation Admin.pub cannot be located during installation on Windows Server Core edition (CTS-69882) When installing the product on Windows Server Core platform, the Browse button in the Setup wizard is not functioning because the common Windows dialog is missing. As the workaround, you can enter the path to the admin.pub file manually. Entering full license key does not activate On Access Scanning and On Demand Scanning immediately (CTS-70470) When your evaluation version of the product expires and you enter the full license key, on-access and ondemand scanning may not be activated immediately and thus not provide full server protection. It may take up to half an hour before the product gets fully functional. In order to speed up the license activation process, you can restart FSGKHS service or reboot the server. Shifting evaluation license from one product to another is not supported You cannot register the evaluation installation of F-Secure Server Security with the full license key for F Secure E-mail and Server Security or vice versa. If you want to purchase a license for different product, uninstall the evaluation product first. 6.2 Virus and Spyware Protection Scanning big folders does not disinfect found malware if scanning is interrupted (CTS-68901) When a manual scan task that was started from the Web Console is interrupted, the admin-defined actions may not take place for found malware or spyware items. You need to run the manual scanning again and wait until it is completed for the actions to take place. EFS encrypted file cannot be scanned via scheduled scanning (CTS-88303/CSEP-221) Scheduled scan failed to scan an encrypted file with eicar.com inside and returns the error "file cannot be opened". There can be many users on server and every user can have own encrypted files. To scan those files, scanning must run with every user credentials which is impossible. Workaround is to use manual scanning for those files. 6.3 DeepGuard DeepGuard installation requires Microsoft Windows 2003 Server reboot If the product is installed with DeepGuard protection component on Microsoft Windows 2003 Server platforms, you need to restart the server to finalize the installation. DeepGuard 5 does not work on Windows Server 2003 64-bit The 64-bit version of Windows Server 2003 does not include upgraded driver support routines of Microsoft's PatchGuard, which prevents kernel modifications. This makes this specific version of Windows incompatible with DeepGuard. If you are using the 64-bit version of Windows Server 2003, we recommend that you upgrade your operating system to benefit from our award winning DeepGuard technology. 6.4 Browsing Protection Change in Browsing protection settings may look ineffective due to caching Sometimes it may seem that a change in Browsing protection settings is not applied, because the browser finds the page content from the cache. Use Ctrl-F5 to ignore the cache and reload the content. Browsing protection search results Browsing protection does not show safety ratings on search result pages that use HTTPS. 6.5 Web Traffic Scanning Web Traffic Scanning does not handle encrypted traffic The current version of NIF-based Web Traffic Scanning cannot handle the content of encrypted network traffic, e.g. HTTPS protocol. Web Traffic Scanning causes download speed to decrease (CTS-90775/SPT-255) In some cases, the download speed is affected by Web Traffic Scanning resulting in slow download speeds. 6.6 Web Console Manual Scanning does not allow to scan mapped network drives/shares (CTS-70572) When you log in to Web Console, it does not load the full user profile, so you cannot scan a network drive or share from the manual scanning page. Scan network drives/shares with “Virus and spyware scanning” menu from F-Secure icon in the system tray or with the “Scan Folder for Viruses” menu from Windows Explorer. Internet Explorer 8 may show the security warning on the login page (CTS-70956) If the session expires, the Web Console returns to the login page automatically. When this happens, Internet Explorer 8 may show the security warning about content that may be delivered using non-secure connection. You can ignore this warning. Web Console might delay on refreshing the page automatically Sometimes after you change and save a new setting (for example, Language of the user interface), there may be a few second delay while the Web Console tries to automatically refresh the page. 7. Contact information and feedback We look forward to hearing your comments and feedback on the product functionality, usability and performance. Please report any technical issues via: F-Secure support web site: http://support.f-secure.com/ F-Secure Community: http://community.f-secure.com/t5/Business/ctp/Business_Security_Solutions Before sending us a report about your issue, run F-Secure Support Tool FSDiag.exe on the host that is running F-Secure Server Security or F-Secure E-mail and Server Security. This utility gathers basic information about hardware, operating system, network configuration and installed F-Secure and third-party software. You can run the F-Secure Support Tool from the Web Console as follows: 1. 2. 3. 4. Log in to the Web Console. Type https://127.0.0.1:25023/fsdiag/ in the address field of the browser. (If you are accessing the server remotely, use the real IP address of the server instead of 127.0.0.1). F-Secure Support Tool starts automatically and the dialog displays the data collection progress. When the tool has finished collecting the data, click Report to download and save the collected data You can also run the FSDiag.exe utility under F-Secure\Common folder. The tool generates a file called FSDiag.tar.gz. 8. F-Secure license terms F-Secure license terms are included in the software. You must read and accept them before you can install and use the software.
© Copyright 2024