1. Manuals
  2. Brands
  3. F-SECURE Manuals
  4. Software
  5. POLICY MANAGER 8.0
  6. Administrator's manual

F-SECURE POLICY MANAGER 8.0 Administrator's Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
F-Secure Policy
Manager 8.0
Administrator's Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the POLICY MANAGER 8.0 and is the answer not in the manual?

Questions and answers

Related Manuals for F-SECURE POLICY MANAGER 8.0

Summary of Contents for F-SECURE POLICY MANAGER 8.0

  • Page 1 F-Secure Policy Manager 8.0 Administrator’s Guide...
  • Page 2 Although F-Secure Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure Corporation reserves the right to modify specifications cited in this document without prior notice.

  • Page 3: Table Of Contents

    F-Secure Policy Manager Server ................24 F-Secure Policy Manager Console ................25 Chapter 3 Installing F-Secure Policy Manager Server Overview ........................27 Security Issues......................28 3.2.1 Installing F-Secure Policy Manager in High Security Environments ..28 Installation Steps......................34 Configuring F-Secure Policy Manager Server............47...
  • Page 4 3.4.1 Changing the Communication Directory Path ........47 3.4.2 Changing the Ports Where the Server Listens for Requests ....48 3.4.3 F-Secure Policy Manager Server Configuration Settings ...... 49 Uninstalling F-Secure Policy Manager Server ............54 Chapter 4 Installing F-Secure Policy Manager Console Overview ........................57...
  • Page 5 5.9.2 Shared Preferences ................137 Chapter 6 Maintaining F-Secure Policy Manager Server Overview ........................140 Backing Up & Restoring F-Secure Policy Manager Console Data......140 Replicating Software Using Image Files ..............143 Chapter 7 Updating F-Secure Virus Definition Databases Automatic Updates with F-Secure Automatic Update Agent........146 Using the Automatic Update Agent ................148...
  • Page 6 8.2.2 Installing F-Secure Policy Manager Server ........158 8.2.3 Installing F-Secure Policy Manager Console ........159 8.2.4 Installing F-Secure Policy Manager Web Reporting ......160 Configuration......................161 Uninstallation......................161 8.4.1 Uninstalling F-Secure Policy Manager Web Reporting......161 8.4.2 Uninstalling F-Secure Policy Manager Console ........162 8.4.3 Uninstalling F-Secure Policy Manager Server ........
  • Page 7 Appendix A SNMP Support A.1 Overview ......................... 194 A.1.1 SNMP Support for F-Secure Management Agent ........194 A.2 Installing F-Secure Management Agent with SNMP Support ........195 A.2.1 F-Secure SNMP Management Extension Installation ........195 A.3 Configuring The SNMP Master Agent..............196 A.4 Management Information Base ................197 Appendix B Ilaunchr Error Codes B.1 Overview .........................
  • Page 8 Contact Information....................213 Glossary About F-Secure Corporation viii...

  • Page 9: About This Guide

    BOUT UIDE Overview..................10 How This Guide is Organized............. 11...

  • Page 10: Overview

    Overview F-Secure Policy Manager provides tools for administering the following F-Secure software products: F-Secure Client Security F-Secure Internet Gatekeeper for Windows F-Secure Anti-Virus for Windows Workstations Windows Servers Citrix Servers Microsoft Exchange MIMEsweeper F-Secure Linux Security F-Secure Linux Client Security F-Secure Linux Server Security F-Secure Policy Manager Proxy.

  • Page 11: How This Guide Is Organized

    About This Guide How This Guide is Organized The F-Secure Policy Manager Administrator’s Guide is divided into the following chapters. Chapter 1. Introduction. Describes the architecture and components of the policy-based management. Chapter 2. System Requirements. Defines the software and hardware requirement for F-Secure Policy Manager Console and F-Secure Policy Manager Server.
  • Page 12 Autodiscover Windows Hosts operation. Appendix D. NSC Notation for Netmasks. Defines and offers information on NSC notation for Netmasks. Glossary — Explanation of terms Technical Support — Web Club and contact information for assistance. About F-Secure Corporation — Company background and products.

  • Page 13: Conventions Used In F-Secure Guides

    Conventions Used in F-Secure Guides This section describes the symbols, fonts, and terminology used in this manual. Symbols WARNING: The warning symbol indicates a situation with a risk of irreversible destruction to data. IMPORTANT: An exclamation mark provides important information that you need to consider.
  • Page 14 In our constant attempts to improve our documentation, we would welcome your feedback. If you have any questions, comments, or suggestions about this or any other F-Secure document, please contact us at documentation@f-secure.com.

  • Page 15: Introduction

    NTRODUCTION Overview..................16 Installation Order ................ 17 Features ..................18 Policy-Based Management............19...

  • Page 16: Overview

    Overview F-Secure Policy Manager provides a scalable way to manage the security of numerous applications on multiple operating systems, from one central location. It can be used to keep security software up-to-date, manage configurations, oversee enterprise compliance, and can be scaled to handle even the largest, most mobile workforce.

  • Page 17: Installation Order

    Internet applications, so the users can always be sure they will have the latest updates without having to search the Web. If F-Secure Automatic Update Agent is always connected to the Internet, it will automatically receive new virus definition updates within about two hours after they have been published by F-Secure.

  • Page 18: Features

    Updates can be provided in several ways: From the F-Secure CD. From the F-Secure Web site to the customer. These can be automatically ‘pushed’ by F-Secure Automatic Update Agent, or voluntarily ‘pulled’ from the F-Secure website.

  • Page 19: Policy-Based Management

    A security policy is a set of well-defined rules that regulate how sensitive information and other resources are managed, protected, and distributed. The management architecture of F-Secure software uses policies that are centrally configured by the administrator for optimum control of security in a corporate environment.
  • Page 20 F-Secure Policy Manager Console, protecting the file against changes while it is passing through the network and while it is stored in the host’s file system. These files are sent from F-Secure Policy Manager Console to the F-Secure Policy Manager Server. The host periodically polls for new policies created by F-Secure Policy Manager Console.

  • Page 21: Management Information Base

    The Management Information Base (MIB) is a hierarchical management data structure used in the Simple Network Management Protocol (SNMP). In F-Secure Policy Manager, the MIB structure is used for defining the contents of the policy files. Each variable has an Object Identifier (OID) and a value that can be accessed using the Policy API.
  • Page 22 The following types of traps are sent by most of the F-Secure products: Info. Normal operating information from a host. Warning. A warning from the host.

  • Page 23: Chapter 2 System Requirements

    YSTEM EQUIREMENTS F-Secure Policy Manager Server ..........24 F-Secure Policy Manager Console..........25...

  • Page 24: F-Secure Policy Manager Server

    F-Secure Policy Manager Server In order to install F-Secure Policy Manager Server, your system must meet the following minimum requirements: Operating system: Microsoft Windows: Microsoft Windows 2000 Server (SP 4 or higher) Windows 2003 Server (32- and 64-bit) Windows 2008 Server (32- and 64-bit)

  • Page 25: F-Secure Policy Manager Console

    CHAPTER 2 System Requirements F-Secure Policy Manager Console In order to install F-Secure Policy Manager Console, your system must meet the following minimum requirements: Operating system: Microsoft Windows: Microsoft Windows 2000 Professional (SP4 or higher) Windows XP Professional (SP2 or higher)

  • Page 26: Chapter 3 Installing F-Secure Policy Manager Server

    NSTALLING ECURE OLICY ANAGER ERVER Overview..................27 Security Issues ................28 Installation Steps ................ 34 Uninstalling F-Secure Policy Manager Server......54...

  • Page 27: Overview

    The following are advanced instructions for installing F-Secure Policy Manager Server on a machine dedicated only to the Server. F-Secure Policy Manager Server can also be installed on the same machine as F-Secure Policy Manager Console. F-Secure Policy Manager Server is the link between F-Secure Policy...

  • Page 28: Security Issues

    3.2.1 Installing F-Secure Policy Manager in High Security Environments F-Secure Policy Manager is designed to be used in internal corporate networks mainly for managing F-Secure Anti-Virus products. F-Secure does not recommend using F-Secure Policy Manager over public networks such as Internet.
  • Page 29 If this is done accidentally, or intentionally by an unauthorized user, the authorized user will notice the change when he tries to login to F-Secure Policy Manager the next time. In the worst case, the authorized user needs to recover backups in order to remove the possible changes made by the unauthorized user.
  • Page 30 Listen 127.0.0.1:8080 <- Allow connections only from localhost to PMC port 8080 2. Access to F-Secure Policy Manager Server will be limited only to the separately defined IP addresses by editing the httpd.conf file. If the access to port 8080 was limited only to the localhost during...
  • Page 31 After this, only the person who has access to the machines with the defined IP addresses can use F-Secure Policy Manager Console. 3. If there is a very strong need to use F-Secure Policy Manager over a public network (such as the Internet), it is recommended to encrypt the connection between F-Secure Policy Manager Server and F-Secure Policy Manager Console with a VPN or SSH type product.
  • Page 32 F-Secure Policy Manager Web Reporting. When access to F-Secure Policy Manager Web Reporting is limited only to the localhost during the installation (see , 41), F-Secure Setup modifies the #Web Reporting listen directive in httpd.conf file as...
  • Page 33 Allow from 10.128.129.209 <- Allow access from Administrator’s workstation </Location> </VirtualHost> After this, only the person who has access to the local host or the machine with the defined IP address can use F-Secure Policy Manager Web Reporting.

  • Page 34: Installation Steps

    Installation Steps To install F-Secure Policy Manager Server, you need physical access to the server machine. Step 1. 1. Insert the F-Secure CD in your CD-ROM drive. 2. Select Corporate Use. Click Next to continue. 3. Go to the Install or Update Managed Software menu and select F-Secure Policy Manager.
  • Page 35 CHAPTER 3 Installing F-Secure Policy Manager Server Step 3. Read the license agreement information. If you agree, select I accept this agreement. Click Next to continue.
  • Page 36 Step 4. If you are installing on a clean computer, select F-Secure Policy Manager Server. Click Next to continue.
  • Page 37 Step 5. Choose the destination folder. Click Next. It is recommended to use the default installation directory. If you want to install F-Secure Policy Manager Server in a different directory, you can use the Browse feature. WARNING: If you have F-Secure Management Agent installed...
  • Page 38 F-Secure Policy Manager Server will use as a repository. You can use the previous commdir as a backup, or you can delete it once you have verified that F-Secure Policy Manager Server is correctly installed.
  • Page 39 Step 7. Select whether you want to keep the existing settings or change them. This dialog is displayed only if a previous installation of F-Secure Policy Manager Server was detected on the computer. By default the setup keeps the existing settings. Select this option if you have manually updated the F-Secure Policy Manager Server configuration file (HTTPD.conf).
  • Page 40 Step 8. Select the F-Secure Policy Manager Server modules to enable: Host module is used for communication with the hosts. The default port is 80. Administration module is used for communication with F-Secure Policy Manager Console. The default HTTP port is 8080.
  • Page 41 CHAPTER 3 Installing F-Secure Policy Manager Server Click Next to continue.
  • Page 42 Step 9. Select to add product installation package(s) from the list of available packages (if you selected F-Secure Installation Packages in Step 4 on page 17). Click Next.
  • Page 43 CHAPTER 3 Installing F-Secure Policy Manager Server Step 10. Setup displays the components that will be installed. Click Next.
  • Page 44 Step 11. When the setup is completed, the setup shows whether all components were installed successfully.
  • Page 45 CHAPTER 3 Installing F-Secure Policy Manager Server Step 12. F-Secure Policy Manager Server is now installed. Restart the computer if you are prompted to do so. Click Finish to complete the installation.
  • Page 46 The F-Secure Policy Manager Server starts serving hosts only after F-Secure Policy Manager Console has initialized the Communication directory structure, which happens automatically when you run F-Secure Policy Manager Console for the first time. Step 14. The setup wizard creates the user group FSPM users. The user who was logged in and ran the installer is automatically added to this group.

  • Page 47: Configuring F-Secure Policy Manager Server

    F-Secure Policy Manager Server. After any change to the configuration, you need to stop F-Secure Policy Manager Server, and restart it for the changes to become active.

  • Page 48: Changing The Ports Where The Server Listens For Requests

    80. You can, however, define what ports they should listen in, if the defaults are not suitable. If you want to change the port in which F-Secure Policy Manager Server Admin Module listens, add a Listen entry in the configuration file with the new port (e.g.

  • Page 49: F-Secure Policy Manager Server Configuration Settings

    F-Secure Policy Manager Server Configuration Settings This section introduces and explains all the relevant entries present in the F-Secure Policy Manager Server configuration file, and how they are used. ServerRoot: This directive sets the directory in which the server is installed.
  • Page 50 <VirtualHost _default_:port>: This directive defines a set of directives that will apply only to a VirtualHost. A VirtualHost is a virtual server, i.e., a different server that is run in the same process as other servers. F-Secure...
  • Page 51 Installing F-Secure Policy Manager Server Policy Manager Server; for example, has two virtual hosts, one running in port 80 (F-Secure Policy Manager Server Host Module) and another one running in port 8080 (FSMSA or Admin Module). Here is the default configuration for F-Secure Policy Manager Server: # FSMSH port <VirtualHost _default_:80>...
  • Page 52 CustomLog: This entry is used to log requests to the server. The first parameter is either a file (file to which the requests should be logged) or a pipe ('|') followed by the path to a program to receive the log information on its standard input.
  • Page 53 '+' = connection may be kept alive after the response is sent. '-' = connection will be closed after the response is sent. 5. F-Secure Policy Manager Server Admin Module error code (0 for success). 6. Bytes transferred to the server (“-” for none).

  • Page 54: Uninstalling F-Secure Policy Manager Server

    For more information on the settings you can read the httpd.sample file that is located in the same directory as the configuration file of F-Secure Policy Manager Server (<fspms installation directory>\conf). mod_gzip_on Yes: This setting is one of the several compression settings, and the one that enables or disables support for the compression in F-Secure Policy Manager Server.
  • Page 55 CHAPTER 3 Installing F-Secure Policy Manager Server 3. The F-Secure Uninstall dialog box appears. Click Start to begin uninstallation. 4. When the uninstallation is complete, click Close. 5. Click to exit Add/Remove Programs.

  • Page 56: Chapter 4 Installing F-Secure Policy Manager Console

    NSTALLING ECURE OLICY ANAGER ONSOLE Overview..................57 Installation Steps ................ 57 Uninstalling F-Secure Policy Manager Console ......73...

  • Page 57: Overview

    The same console installation can be used for both Administrator and Read-Only connections. The following sections explain how to run the F-Secure Policy Manager Console setup from the F-Secure CD, and how to select the initial operation mode when the console is run for the first time.
  • Page 58 Step 2. View the Welcome screen, and follow the setup instructions. Select the installation language from the drop-down menu. Click Next to continue.
  • Page 59 CHAPTER 4 Installing F-Secure Policy Manager Console Step 3. Read the license agreement information. If you agree, select I accept this agreement. Click Next to continue.
  • Page 60 Step 4. Select F-Secure Policy Manager Console. Click Next to continue.
  • Page 61 CHAPTER 4 Installing F-Secure Policy Manager Console Step 5. Choose the destination folder. Click Next. It is recommended to use the default installation directory. Use the Browse feature to install F-Secure Policy Manager Console in a different directory.
  • Page 62 Step 6. Specify F-Secure Policy Manager Server address, and Administration port number. Click Next to continue.
  • Page 63 CHAPTER 4 Installing F-Secure Policy Manager Console Step 7. Review the changes that setup is about to make. Click Next to continue.
  • Page 64 Step 8. Click Finish to close the installer.
  • Page 65 Run F-Secure Policy Manager Console by clicking on Start >Programs > F-Secure Policy Manager Console > F-Secure Policy Manager Console. When F-Secure Policy Manager Console is run for the first time, the Console Setup Wizard collects the information needed to create an initial connection to the server.
  • Page 66 Step 10. Select your user mode according to your needs: Administrator mode - enables all administrator features. Read-Only mode - allows you to view administrator data, but no changes can be made. If you select Read-only mode, you will not be able to administer hosts.
  • Page 67 CHAPTER 4 Installing F-Secure Policy Manager Console Step 11. Enter the address of the F-Secure Policy Manager Server that is used for communicating with the managed hosts.
  • Page 68 Step 12. Enter the path where the administrator’s public key and private key files will be stored. By default, key files are stored in the F-Secure Policy Manager Console installation directory: Program Files\F-Secure\Administrator. Click Next to continue. If the key-pair does not pre-exist, it will be created later in the setup...
  • Page 69 CHAPTER 4 Installing F-Secure Policy Manager Console Step 13. Move your mouse cursor around in the window to initialize the random seed used by the management key-pair generator. Using the path of the mouse movement ensures that the seed number for the key-pair generation algorithm has enough randomness.
  • Page 70 Step 14. Enter a passphrase, which will secure your private management key. Re-enter your passphrase in the Confirm Passphrase field. Click Next.
  • Page 71 The setup wizard creates the user group FSPM users. The user who was logged in and ran the installer is automatically added to this group. To allow another user to run F-Secure Policy Manager you must manually add this user to the user group FSPM users.
  • Page 72 View menu and selecting Advanced Mode. When setting up workstations, you must provide them with a copy of the Admin.pub key file (or access to it). If you install the F-Secure products on the workstations remotely with F-Secure Policy Manager, a copy of the Admin.pub key file is installed automatically on them.

  • Page 73: Uninstalling F-Secure Policy Manager Console

    Installing F-Secure Policy Manager Console Changing the Web Browser Path The F-Secure Policy Manager Console acquires the file path to the default Web browser during setup. If you want to change the Web browser path, open the Tools menu, and select Preferences.

  • Page 74: Chapter 5 Using F-Secure Policy Manager Console

    SING ECURE OLICY ANAGER ONSOLE Overview..................75 F-Secure Policy Manager Console Basics ......... 76 F-Secure Client Security Management........80 Managing Domains and Hosts ........... 94 Software Distribution ..............104 Managing Policies ..............120 Managing Operations and Tasks..........126 Alerting ..................126 Reporting Tool ................

  • Page 75: Overview

    View reports in HTML format, or export reports to various exports formats. F-Secure Policy Manager Console generates the policy definition, and displays status and alerts. Each managed host has a module (F-Secure Management Agent) enforcing the policy on the host. The conceptual world of F-Secure Policy Manager Console consists of hosts that can be grouped within policy domains.

  • Page 76: F-Secure Policy Manager Console Basics

    Save policy data. Distribute policies. Delete alerts or reports. There can be only one Administrator mode connection to F-Secure Policy Manager Server at a time. There can be several read-only connections to F-Secure Policy Manager Server simultaneously. F-Secure Policy Manager Console Basics The following sections describes the F-Secure Policy Manager Console logon procedure, menu commands and basic tasks.

  • Page 77: Logging In

    CHAPTER 5 Using F-Secure Policy Manager Console 5.2.1 Logging In When you start F-Secure Policy Manager Console, the following dialog box will open (click Options to expand the dialog box to include more options) Figure 5-1 F-Secure Policy Manager Console Login dialog The dialog box can be used to select defined connections.
  • Page 78 Polling Period Options. Host connection status controls when hosts are considered disconnected from F-Secure Policy Manager. All hosts that have not contacted F-Secure Policy Manager Server within the defined interval are considered disconnected. The disconnected hosts will have a notification...
  • Page 79 CHAPTER 5 Using F-Secure Policy Manager Console icon in the domain tree and they will appear in the Disconnected Hosts list in the Domain status view. Note that it is possible to define an interval that is shorter than one day by simply typing in a floating point number in the setting field.

  • Page 80: F-Secure Client Security Management

    F-Secure Client Security Administrator’s Guide. You should be able to complete most tasks with the Anti-Virus mode user interface, however particularly if you need to administer products other than F-Secure Client Security, you will need to use the Advanced Mode user interface.

  • Page 81: The Advanced Mode User Interface

    CHAPTER 5 Using F-Secure Policy Manager Console 5.2.3 The Advanced Mode User Interface To use all the functionality available in F-Secure Policy Manager Console you need to change to the Advanced mode user interface. To do so, select View > Advanced Mode.

  • Page 82: Policy Domain Pane

    5.2.4 Policy Domain Pane In the Policy Domain pane, you can do the following: Add a new policy domain (click the icon, which is located on the toolbar). A new policy domain can be created only when a parent domain is selected. Add a new host (click the icon).

  • Page 83: Product View Pane

    CHAPTER 5 Using F-Secure Policy Manager Console The Properties pane has the following tabs: Policy - The Policy tab allows you to use the Product View pane to define settings, restrictions, and operations for domains or hosts. These changes become effective after the policy has been distributed and the Agent has fetched the policy file.
  • Page 84 (Policy) and local setting/statistics (Status) in a product component specific MIB tree. The F-Secure Management Agent Product View is on the following page as an example (the same generic operations and functionality are found in all Product Views).
  • Page 85 Certificates - allows definition of trusted certificates Certificate Directory - defines the directory settings where certificates are stored. About - contains a link to F-Secure Web Club (for more details, “Web Club”, 211). You can edit the policy settings normally, and use the restriction setting (final, hidden) to define end user access rights.
  • Page 86 Using the Context Menu for Policy Settings Most editor fields in the Product View include a context menu (activated by right-clicking your mouse). The context menu contains the following options: Go To, Clear Value, Force Value and Show domain values. Figure 5-7 Context menu Shortcut to the MIB Tree Node Sometimes it is convenient to see what setting of the MIB tree is actually...
  • Page 87 CHAPTER 5 Using F-Secure Policy Manager Console Force Value This Force Value menu item is available only when a Policy Domain is selected. You can enforce the current domain setting to also be active in all subdomains and hosts. In practice, this operation clears the...
  • Page 88 This information may help to investigate why the host was disconnected. If the reason is clear, for example, if the host's F-Secure software has been uninstalled, the host can be deleted normally. After...
  • Page 89 However, the host will send an autoregistration message once it discovers that it has been removed from the F-Secure Policy Manager. The host can be re-imported to the domain tree, but from the Policy Manager point of view it's like any other newly added host.

  • Page 90: Messages Pane

    F-Secure Policy Manager Console installation directory. Logs of the messages are kept both in English and the language you have set for F-Secure Policy Manager Console. A separate log file is created for each message category (tab names in the Message pane).
  • Page 91 Imports autoregistered hosts to the currently selected domain. Green signifies that the host has sent an autoregistration request. Displays available installation packages. Displays all alerts. The icon is highlighted if there are new alerts. When you start F-Secure Policy Manager Console, the icon is always highlighted.

  • Page 92: Menu Commands

    Saves policy data with a specified name. Distribute Policies Distributes the policy files. Export Host Policy File Exports the policy files. Exit Exits F-Secure Policy Manager Console. Edit Cuts selected items. Paste Pastes items to selected location. Delete Deletes selected items.
  • Page 93 Anti-Virus Mode Changes to the Anti-Virus mode user interface, which is optimized for managing centrally F-Secure Client Security. Refresh <Item> Manually refreshes the status, alert, or report view. The menu item changes according to the selected tab in the Properties pane.

  • Page 94: Managing Domains And Hosts

    Console. These properties only affect the local installation of F-Secure Policy Manager Console. Help Contents Displays the Help index. Web Club Opens your Web browser and connects to the F-Secure Policy Manager Web Club. Contact Information Displays contact information for F-Secure Corporation. About F-Secure Policy Displays version information.
  • Page 95 CHAPTER 5 Using F-Secure Policy Manager Console Figure 5-11 An example of a policy domain structure All domains and hosts must have a unique name in this structure. Another possibility is to create the different country offices as subdomains. Figure 5-12 An example of a policy domain: country offices as sub-domains...

  • Page 96: Adding Policy Domains

    5.3.1 Adding Policy Domains Figure 5-13 An example of a policy domain with sub-domains From the Edit menu, select New Policy Domain (a parent domain must be selected), or click in the toolbar (alternatively press ctrl+ insert). The new policy domain will be a subdomain of the selected parent domain.

  • Page 97: Adding Hosts

    F-Secure Intelligent Installation by choosing ‘Autodiscover Windows hosts’ from the Edit menu in F-Secure Policy Manager Console. Note that this also installs F-Secure Management Agent on the imported hosts. In order to import hosts from a Windows domain, select the target domain, and choose ‘Autodiscover...
  • Page 98 Figure 5-15 Import Autoregistered Hosts dialog > Autoregistered Hosts tab The Autoregistration view offers a tabular view to the data which the host sends in the autoregistration message. This includes the possible custom autoregistration properties that were included in the remote installation package during installation (see step 6 in “Using the Customized Remote Installation JAR...
  • Page 99 CHAPTER 5 Using F-Secure Policy Manager Console Autoregistration Import Rules Figure 5-16 Import Autoregistered Hosts dialog > Import Rules tab You can define the import rules for the autoregistered hosts on the Import Rules tab in the Import Autoregistered Hosts window. You can use the...
  • Page 100 192.1.2.3) and IP sub-domain matching (for example: 10.15.0.0/16). You can hide and display columns in the table by using the right-click menu that opens when you right-click any column heading in the Import Rules window. Only the values in the currently visible columns are used as matching criteria when importing hosts to the policy domain.
  • Page 101 (alternatively press . This operation is useful in the following cases: Insert Learning and testing – You can try out a subset of F-Secure Policy Manager Console features without actually installing any software in addition to F-Secure Policy Manager Console.

  • Page 102: Host Properties

    Also, no status information will be available. Any changes made to the domain structure are implemented even though you exit F-Secure Policy Manager Console without saving changes to the current policy data. 5.3.3...
  • Page 103 CHAPTER 5 Using F-Secure Policy Manager Console The network name for the host is the name that the host uses internally in the network to access policies. Figure 5-18 Host Properties dialog Every host has a UID. This is a unique identifier: a string of characters and numbers that is used to uniquely identify every host in the system.

  • Page 104: Software Distribution

    F-Secure Virus Definition Database Updates - F-Secure Policy Manager can update the latest Anti-Virus databases by downloading them automatically from F-Secure’s Automatic Update site. Managed hosts will fetch the updates from F-Secure Policy Manager according to the host policy, either automatically...
  • Page 105 CHAPTER 5 Using F-Secure Policy Manager Console or with remotely triggered operations. For more information, see “Automatic Updates with F-Secure Automatic Update Agent”, 146. Shortcuts to all the installation-related features are gathered in the Properties pane under the Installation tab.

  • Page 106: F-Secure Push Installations

    5.4.1 F-Secure Push Installations The only difference between the Autodiscover Windows Hosts and the Push Install to Windows Hosts features is how the target hosts are selected: Autodiscover browses the Windows domains and user can select the target hosts from a list of hosts, Push Install to Windows Hosts allows you to define the target hosts directly with IP addresses or host names.
  • Page 107 F-Secure applications installed. Resolve hosts with all details (slower) With this selection, all details about the hosts are shown, such as the versions of the operating system and F-Secure Management Agent. Resolve host names and comments only (quicker) If all hosts are not shown in the detailed view or it takes too much time to retrieve the list, this selection can be used.
  • Page 108 2. Open the Edit menu and select Push Install to Windows Hosts (alternatively, click the button). 3. Enter the target host names of those hosts to which you want to push install, and click Next to continue. You can click Browse to check the F-Secure Management Agent version(s) on the host(s).
  • Page 109 CHAPTER 5 Using F-Secure Policy Manager Console 4. After you have selected your target hosts, continue to “Push Installation After Target Host Selection”, 109 for instructions on push-installing the applications to hosts. Push Installation After Target Host Selection To push install the installation package(s) after you have selected the target hosts: 1.
  • Page 110 4. Choose the user account and password for the push installation. Push Installation requires administrator rights for the target machine during the installation. If the account you entered does not have administrator rights on one of the remote hosts, an “Access denied” error message will be indicated for that host, while installation will continue on the other hosts.
  • Page 111 In the final dialog box, click Finish, and go to the next step. 6. F-Secure Policy Manager installs F-Secure Management Agent and the selected products on the hosts. During this process, the Status line will display the procedure in process. You can click...

  • Page 112: Policy-Based Installation

    F-Secure Management Agent installed. F-Secure Policy Manager Console creates an operation-specific installation package, which it stores on the F-Secure Policy Manager Server, and writes an installation task to the base policy files (thus, policy distribution is required to start installations). Both base policy files and the installation package are signed by the management key-pair so that only genuine information is accepted by the hosts.
  • Page 113 F-Secure Management Agent installed. To access the Installation Editor, open the Policy tab in the Properties pane and select the root node (the F-Secure sub-tree). Alternatively, open the Install tab in the Properties pane. The Installation Editor opens in the Product View pane.
  • Page 114 Version to Install Version numbers of the available installation packages for the product. Version Being The current version being installed on a host or Installed domain. Progress Progress of the installation task. The ‘Progress’ field displays information that is different for hosts and for domains.
  • Page 115 Installation Editor launches the Installation Wizard, which queries the user for the installation parameters. The Installation Editor then prepares a distribution installation package that is customized for the specific installation operation. The new package is saved on F-Secure Policy Manager Server. Start button is used to start the installation operations selected in the Version to Install field.

  • Page 116: Local Installation And Updates With Pre-Configured Packages

    There are two ways of doing this: by using a customized remote installation JAR package or by using a customized MSI package. Using the Customized Remote Installation JAR Package 1. Run F-Secure Policy Manager Console. 2. Choose Installation Packages from the Tools menu. This will open the Installation Packages dialog box.
  • Page 117 CHAPTER 5 Using F-Secure Policy Manager Console 3. Specify the file format, JAR or MSI, and the location where you want to save the customized installation package. Click Export. 4. Specify the file location where you want to save the customized installation JAR package.
  • Page 118 Start to continue to the installation wizard. F-Secure Policy Manager Console displays the Remote Installation Wizards that collect all necessary setup information for the selected products.It is possible to include any number of custom autoregistration properties to the installation package. A host will add these custom properties to the autoregistration message it sends to the F-Secure Policy Manager after local installation.
  • Page 119 ILAUNCHR has the following command line parameters: /U — Unattended. No messages are displayed, even when a fatal error occurs. /F — Forced installation. Completes the installation even if F-Secure Management Agent is already installed. Enter ILAUNCHR /? at the command line to display complete help.

  • Page 120: Information Delivery

    5.4.4 Information Delivery All of the installation information is delivered as files through the F-Secure Policy Manager Server The Installation packages are JAR archives that can be viewed (in WinZip, for example), but other files types (such as the policy files and INI files) are used for triggering the actual installation process.

  • Page 121: Settings

    CHAPTER 5 Using F-Secure Policy Manager Console 5.5.1 Settings To configure settings, browse the policy tree and change the values of the policy variables. There are two types of policy variables: (1) leaf nodes under a subtree, and (2) table cells. All policy variables have an associated type. You can set their values in the Product View pane.
  • Page 122 Access restrictions are Final and Hidden. Final always forces the policy: the policy variable overrides any local host value, and the end user cannot change the value as long as the Final restriction is set. Hidden merely hides the value from the end user. Unlike the Final restriction, the Hidden restriction may be ignored by the managed application.

  • Page 123: Saving The Current Policy Data

    . F-Secure Policy Manager Console saves the current policy data and then generates Base Policy. Policy files are copied to the Communication directory, where the F-Secure software on the hosts will check for it periodically. No changes will take effect before you have distributed the policy and the host has fetched the policy file.
  • Page 124 Policy inheritance simplifies the defining of a common policy. The policy can be further refined for subdomains or even individual hosts. The granularity of policy definitions can vary considerably among installations. Some administrators might want to define only a few different policies for large domains.
  • Page 125 MIB defaults are obtained based on the product version installed on hosts. For a domain, the values from the newest product version are used. Certain F-Secure products override the default table implementation, and as such they do not implement the normal table inheritance as stated above.

  • Page 126: Managing Operations And Tasks

    Managing Operations and Tasks To launch an operation from F-Secure Policy Manager Console: 1. Select one of the actions from the selected product’s Operations branch in the Policy tab of the Properties pane. 2. Click Start in the product view pane to start the selected operation.
  • Page 127 When an alert is selected from the list, the Product View pane displays more specific information about the alert. F-Secure Anti-Virus scanning alerts may have an attached report. This report will also be in the Product View pane.

  • Page 128: Configuring Alert Forwarding

    Forwarding. F-Secure Management Agent>Settings>Alert Forwarding Figure 5-22 The same table can also be found in the F-Secure Management Agent product view in the Alert Forwarding tab. You can specify where alerts are sent according to severity level. The target can be F-Secure Policy Manager Console, the local user interface, an alert agent (such as the Event Viewer, a log file, or SMTP), or a management extension.

  • Page 129: Reporting Tool

    You can further configure the alert target by setting the policy variables under target-specific branches. For example “Settings->Alerting->F-Secure Policy Manager Console->Retry Send Interval” specifies how often a host will attempt to send alerts to F-Secure Policy Manager Console when previous attempts have failed. Reporting Tool The Reporting tool allows users to view and export reports of F-Secure Policy Manager Console managed data.

  • Page 130: Policy Domain / Host Selector Pane

    Figure 5-24 Reporting Tool 5.8.1 Policy Domain / Host Selector Pane In the Policy Domain / Host Selector pane you can select the domains and/or hosts you are interested in from the reporting point of view. The domain selected in the Policy Domain pane is selected by default in the Reporting tool.

  • Page 131: Report Type Selector Pane

    CHAPTER 5 Using F-Secure Policy Manager Console 5.8.2 Report Type Selector Pane In the Report Type Selector pane you can do the following: Select the type of report to be made. Select the filtering by product (only information on selected products is included to the report to be made).

  • Page 132: Report Pane

    Alert Report Type Export/view reports containing information of all alerts at the selected domains. You can also sort alerts with Sort Order Selector, by defining sort order among alert description fields. With Severity Selector you can select, which severity alerts are included to the report to be made. Configuration Report Export/view reports containing information of Type...

  • Page 133: Bottom Pane

    CHAPTER 5 Using F-Secure Policy Manager Console 5.8.4 Bottom Pane In the bottom pane, you can: Reset the defaults to all user interface components. Launch the report exporting process. Launch the report viewing process. Stop the report generating process. Close the Reporting Tool user interface. This does not stop generation of the report to be exported;...

  • Page 134: Connection-Specific Preferences

    These options: Reports Options control the automatic deletion of old alerts and reports the background loading of alerts and reports Advanced Status Cache You can adjust the number of hosts for which F-Secure Policy communication Manager Console caches status information. options...
  • Page 135 You can disable initial status loading if you want to reduce status loading F-Secure Policy Manager Console startup time in a large environment (this is an advanced option that should be used with care, since it causes the following functional differences to the normal status handling): 1.
  • Page 136 Base Policy file fetched by the hosts. Push Installation Installation The maximum time F-Secure Policy Manager Console waits Timeout for the results of an installation operation. Browsing Important only if the Hide Already Managed Hosts option is in Timeout use.

  • Page 137: Shared Preferences

    You may clear all cached information concerning browsed hosts and installed software to clean up disk space. Location Web Club Area Choose your location to connect to the F-Secure web server closest to you. HTML Browser The full path to the HTML browser’s executable file. The...
  • Page 138 Message Logs You can select to enter the path to a directory where log files Path for each tab on the Message view are created. Each log file contains the title of the corresponding tab and a message per line including severity and creation time. Save Messages Toggle message saving on and off.

  • Page 139: Chapter 6 Maintaining F-Secure Policy Manager Server

    AINTAINING ECURE OLICY ANAGER ERVER Overview ................140 Backing Up & Restoring F-Secure Policy Manager Console Data ................. 140 Replicating Software Using Image Files ......143...

  • Page 140: Overview

    Overview F-Secure Policy Manager Server can be maintained by routinely backing up and restoring the console data in the Server. Backing Up & Restoring F-Secure Policy Manager Console Data It is highly recommended that you back up the most important management information regularly.
  • Page 141 Maintaining F-Secure Policy Manager Server To back up the management key-pair, copy the admin.prv file and the admin.pub file from the root of the local F-Secure Policy Manager Console installation directory. Keep the admin.prv file stored in a secure place. It is very important to save a backup copy of the admin.prv key file.
  • Page 142 5. Back up the lib\Administrator.properties file from the local F-Secure Policy Manager Console installation directory. 6. Restart F-Secure Policy Manager Server service. 7. Reopen the F-Secure Policy Manager Console management sessions. Policy Data and Domain Structure Backup 1. Close all F-Secure Policy Manager Console management sessions.

  • Page 143: Replicating Software Using Image Files

    F-Secure Anti-Virus. Configure F-Secure Anti-Virus to use the correct F-Secure Policy Manager Server. However, do not import the host to F-Secure Policy Manager Console if the host has sent an autoregistration request to the F-Secure Policy Manager Server. Only hosts to where the image file will be installed should be imported.
  • Page 144 5. The utility program resets the Unique ID in the F-Secure Anti-Virus installation. A new Unique ID is created automatically when the system is restarted. This will happen individually on each machine where the image file is installed. These machines will send autoregistration requests to F-Secure Policy Manager and the request can be processed normally.

  • Page 145: Updating F-Secure Virus Definition Databases

    PDATING ECURE IRUS EFINITION ATABASES Automatic Updates with F-Secure Automatic Update Agent . 146 Using the Automatic Update Agent........148 Forcing the Update Agent to Check for New Updates Immediately................153 Updating the Databases Manually........153 Troubleshooting..............154...

  • Page 146: Automatic Updates With F-Secure Automatic Update Agent

    With F-Secure Automatic Update Agent, you are able to receive automatic updates and informational content without interrupting your work to wait for files to download from the Web. F-Secure Automatic Update Agent downloads files automatically in the background using bandwidth not being used by other Internet applications, so users can always be sure they will have the latest updates without having to search the Web.
  • Page 147 CHAPTER 7 Updating F-Secure Virus Definition Databases In F-Secure Policy Manager 6.0 and onwards, the Automatic Update Agent installed with F-Secure products tries to download the automatic updates from the configured update sources in the following order: a. If there are Policy Manager Proxies in use in the company network, the client tries to connect to F-Secure Policy Manager Server through each Policy Manager Proxy in turn.

  • Page 148: Using The Automatic Update Agent

    Automated updates You don't have to look for the updates and manually download them. With F-Secure Automatic Update Agent, you will automatically get the virus definition updates when they have been published by F-Secure. Using the Automatic Update Agent With F-Secure Policy Manager 7.0 and onwards, the F-Secure Automatic Update Agent installed with F-Secure Policy Manager is configured by editing the fsaua.cfg configuration file.

  • Page 149: How To Read The Log File

    1 hour. poll_interval=3600 If the minimum polling interval defined at the F-Secure Update Server is, for example, 2 hours, the settings in F-Secure Automatic Update Agent configuration file cannot override that limitation. Step 4. Save and close the file.
  • Page 150 [ 3988]Thu Oct 26 12:40:39 2006(3): Downloaded 'F-Secure Anti-Virus Update 2006-10-26_04' - 'DFUpdates' version '1161851933' from fsbwserver.f-secure.com, 12445450 bytes (download size 3853577) A brief explanation of what happened. When an update is downloaded, the update name and version are shown.
  • Page 151 Anti-Virus Update result of updating the communication directory. Note that 2006-10-26_04' : Success F-Secure Automatic Update Agent is not able to display whether the new files have been taken into use by the host(s) or not. An error message indicating that the update check failed.
  • Page 152 What Updates are Logged in fsaua.log? Below is a list of updates you can find in the log: 'F-Secure Anti-Virus Update 2006-10-24_01' - 'DFUpdates' 'F-Secure Spam Control Update 2006-10-19_02' - 'SCDB3' 'F-Secure Anti Spyware Update 2006-10-18_07' - 'SWCDB' 'F-Secure News Update 2006-10-20_01' - 'VirusNews'...

  • Page 153: Forcing The Update Agent To Check For New Updates Immediately

    Forcing the Update Agent to Check for New Updates Immediately If you need to force F-Secure Automatic Update Agent to check for new updates immediately, you need to stop and restart the fsaua service. To do this, enter the following commands on command line:...

  • Page 154: Troubleshooting

    Troubleshooting Below are some examples of problems that may be logged as error messages in the fsaua.log file. Problem: There was a DNS lookup failure, or connection failed, was lost or refused. Reason: Network problems Solution: Check that the network is configured correctly. Problem: Proxy Authentication failed.

  • Page 155: Chapter 8 F-Secure Policy Manager On Linux

    ECURE OLICY ANAGER ON INUX Overview................... 156 Installation ................157 Configuration ................161 Uninstallation................161 Frequently Asked Questions ............ 163...

  • Page 156: Overview

    Overview F-Secure Policy Manager can also be installed on Linux. 8.1.1 Differences Between Windows and Linux Services not available when F-Secure Policy Manager Console is running on Linux: Push Installation features Windows installer package (MSI) export Autodiscovery of workstations on the network.

  • Page 157: Installation

    CHAPTER 8 F-Secure Policy Manager on Linux Installation F-Secure Policy Manager is installed in four parts. They must be installed in the following order: 1. F-Secure Automatic Update Agent 2. F-Secure Policy Manager Server 3. F-Secure Policy Manager Console 4. F-Secure Policy Manager Web Reporting.

  • Page 158: Installing F-Secure Policy Manager Server

    6. If you want to specify how often F-Secure Automatic Update Agent checks for new updates, enter a new polling interval value when the configuration script asks for it. The default is 3600 seconds, which is 1 hour. If the minimum polling interval defined at the F-Secure Update Server is, for example, 2 hours, the settings in F-Secure Automatic Update Agent configuration file cannot override that limitation.

  • Page 159: Installing F-Secure Policy Manager Console

    A new user group called fspmc is created automatically. Users must be added to the fspmc user group before they can run F-Secure Policy Manager Console: 4. Check which groups the user belongs to: groups <user id>...

  • Page 160: Installing F-Secure Policy Manager Web Reporting

    These questions are the same as for the Windows version (see “Installation Steps”, 57). 8.2.4 Installing F-Secure Policy Manager Web Reporting 1. Log in as root. 2. Open a terminal. 3. To install type: Debian Based Distributions...

  • Page 161: Configuration

    CHAPTER 8 F-Secure Policy Manager on Linux Configuration F-Secure Policy Manager components have separate configuration scripts. To configure each component type the corresponding configuration command and answer the questions. F-Secure Policy Manager Component Configuration Command F-Secure Policy Manager Server /opt/f-secure/fspms/bin/fspms-config...

  • Page 162: Uninstalling F-Secure Policy Manager Console

    8.4.2 Uninstalling F-Secure Policy Manager Console 1. Log in as root. 1. Open a terminal. 2. Type: Debian Based Distributions RPM Based Distributions dpkg -r f-secure-policy-manager-console rpm -e f-secure-policy-manager-console Log files and configuration files are not removed as these are irreplaceable and contain valuable information.

  • Page 163: Uninstalling F-Secure Automatic Update Agent

    RPM Based Distributions dpkg -r f-secure-automatic-update-agent rpm -e f-secure-automatic-update-agent Frequently Asked Questions Q. Why doesn't F-Secure Policy Manager Console start? A. Runtime errors and warnings are logged to: /opt/f-secure/fspmc/lib/Administrator.error.log Q. Why doesn't F-Secure Policy Manager Server start? A. Runtime errors, warnings and other information are logged to:...
  • Page 164 F-Secure Policy Manager Server and F-Secure Automatic Update Agent by typing: sudo -u fspms /opt/f-secure/fspms/bin/fsavupd --debug Q. Where are the F-Secure Policy Manager Console files located in the Linux version? A. To list all files and their places type: Debian Based Distributions...
  • Page 165 Configuration files /etc/opt/f-secure/fspms/ Communication Directory /var/opt/f-secure/fspms/commdir Q. How do I change the ports at which F-Secure Policy Manager Server listens for requests? A. See “Access to F-Secure Policy Manager Server will be limited only to the separately defined IP addresses by editing the httpd.conf file.”,...
  • Page 166 Restart F-Secure Automatic Update Agent so that the changes take effect: /etc/init.d/fsaua restart Q. How can I use an HTTP proxy with F-Secure Automatic Update Agent? A. HTTP proxies are set through the file /opt/f-secure/fsaua/etc/ fsaua_config a. Open the file /opt/f-secure/fsaua/etc/fsaua_config with a text editor.
  • Page 167 CHAPTER 8 F-Secure Policy Manager on Linux Q. How can I restart F-Secure Automatic Update Agent after changing the configuration file? A. To restart F-Secure Automatic Update Agent, type: /etc/init.d/fsaua restart...
  • Page 168 EPORTING Overview................... 169 Introduction................169 Web Reporting Client System Requirements ......170 Generating and Viewing Reports..........170 Maintaining Web Reporting ............174 Web Reporting Error Messages and Troubleshooting....179...

  • Page 169: Overview

    The Web Reporting database collects all data that is currently stored in the F-Secure Policy Manager Server, and adds new data as it arrives. The collected data includes most of the data in alerts and some of the data in...

  • Page 170: Web Reporting Client System Requirements

    Summary, Alerts, Installed Software and Host Properties) in the Web Reporting user interface. The starting of F-Secure Policy Manager Web Reporting can take a lot of time in big environments. When the Web Reporting is starting the reports are not available, and if you try to access them some error messages might be displayed.

  • Page 171: Generating A Report

    You can generate a web report as follows: 1. First open the F-Secure Policy Manager Web Reporting main page. Enter the name or IP address of the F-Secure Policy Manager Server followed by the Web Reporting port (separated by a colon) in your browser.
  • Page 172 2. Wait until the Web Reporting page opens. In large environments this can take a lot of time. When the F-Secure Policy Manager Web Reporting page opens, it displays a default report for the currently selected report category. Root is selected by default in the Policy Domains pane.

  • Page 173: Creating A Printable Report

    (desktop, Bookmarks or some other location). The next time you access F-Secure Policy Manager Web Reporting through this link, the report is regenerated and thus it contains the latest data.

  • Page 174: Maintaining Web Reporting

    Reporting maintenance tasks. 9.5.1 Disabling Web Reporting You can disable F-Secure Policy Manager Web Reporting by using the Service Control Panel as follows: 1. Open the Service Control Panel from the Windows Start menu. 2. Select F-Secure Policy Manager Web Reporting from the list of services.

  • Page 175: Restricting Or Allowing Wider Access To Web Reports

    F-Secure Policy Manager Server and F-Secure Policy Manager Web Reporting. After any change to the configuration, you need to stop F-Secure Policy Manager Server, and restart it for the changes to become active.

  • Page 176: Changing The Web Reporting Port

    9.5.4 Changing the Web Reporting Port The recommended method for changing the F-Secure Policy Manager Web Reporting port is to re-run the F-Secure Policy Manager Setup, and change the Web Reporting port there. For more information, see “Installation Steps”, 34.

  • Page 177: Creating A Backup Copy Of The Web Reporting Database

    3. Start F-Secure Policy Manager Server. If there is a port conflict, F-Secure Policy Manager Server will not start, and an error message will be printed in the log file. In this case you should try another, unused port.

  • Page 178: Changing The Maximum Data Storage Time In The Web Reporting Database

    1. Stop the F-Secure Policy Manager Web Reporting service. 2. Copy and decompress the fspmwr.fdb file from the backup media to the following directory: 3. C:\Program Files\F-Secure\Management Server 5\Web Reporting\firebird\data 4. Restart the F-Secure Policy Manager Web Reporting service. 9.5.7...

  • Page 179: Web Reporting Error Messages And Troubleshooting

    Web Reporting is not installed on that machine, or F-Secure Policy Manager Server service is not running. Check all of these in this order. A firewall may also prevent the connection.

  • Page 180: Troubleshooting

    Web Reporting, keeping the existing database. 9.6.2 Troubleshooting In general, if F-Secure Policy Manager Web Reporting does not work, try one of the following, in this order: Reload the page. If the problem is caused by all processes not having started yet, wait for a while, and then try to reload the page.
  • Page 181 1. Stop the F-Secure Policy Manager Web Reporting service. 2. Copy fspmwr.fdb.empty on top of fspmwr.fdb, replacing fspmwr.fdb. They are in the same directory. If the fspmwr.fdb.empty file accidentally gets lost, you need to re-install F-Secure Policy Manager Server. 3. Start the F-Secure Policy Manager Web Reporting service.
  • Page 182 ECURE OLICY ANAGER ROXY Overview................... 183...

  • Page 183: Overview

    F-Secure Policy Manager Server or F-Secure Update Server. F-Secure Policy Manager Proxy resides in the same remote network as the hosts that use it as a database distribution point. There should be one F-Secure Policy Manager Proxy in every network that is behind slow network lines.
  • Page 184 ROUBLESHOOTING Overview................... 185 F-Secure Policy Manager Server and Console ......185 F-Secure Policy Manager Web Reporting ........ 190 Policy Distribution..............191...

  • Page 185: Overview

    This chapter contains troubleshooting information and frequently asked questions about F-Secure Policy Manager Server and F-Secure Policy Manager Console. For information on how to configure F-Secure Policy Manager Server, and how to change the ports the server listen for requests, see “Configuring F-Secure Policy Manager Server”, 47.
  • Page 186 Manager Server service or reboot the computer. The fsms_<COMPUTERNAME> account is created during the installation of F-Secure Policy Manager Server, and the service is started under this user account. With normal installation, the directory access rights for Management Server 5 directory are automatically set correctly. If the directory is copied by hand or, for example, restored from backup, the access rights might be deleted.
  • Page 187 CHAPTER 11 Troubleshooting Q. How can the server role change stop F-Secure Policy Manager Server from working? A. Domain Controller server and Member/Standalone server use different types of accounts: domain accounts on Domain Controller and local accounts on Member server. Because F-Secure Policy Manager Server uses its own account to run, this account becomes invalid with the role change.
  • Page 188 Manager Server service from starting. For more information on these please consult the Microsoft Windows Server documentation. Q. Why am I unable to connect to F-Secure Policy Manager Server? A. If you are getting the ‘Unable to connect to management server.
  • Page 189 Q. Why does F-Secure Policy Manager Console lose the connection to F-Secure Policy Manager Server? A. If F-Secure Policy Manager Console is run on a separate computer from F-Secure Policy Manager Server, then the connection may be affected by network problems. There have been numerous reports...

  • Page 190: F-Secure Policy Manager Web Reporting

    <F-Secure>\Management Server 5\Web Reporting\logs The configuration files are in: <F-Secure>\Management Server 5\Web Reporting\fspmwr.conf <F-Secure>\Management Server 5\Web Reporting\jetty\ etc\fspmwr.xml <F-Secure>\Management Server 5\Web Reporting\firebird\ aliases.conf <F-Secure>\Management Server 5\Web Reporting\firebird\firebird.conf See also the F-Secure Policy Manager Server configuration files: <F-Secure>\Management Server 5\conf\httpd.conf <F-Secure>\Management Server 5\conf\workers.properties...

  • Page 191: Policy Distribution

    CHAPTER 11 Troubleshooting 11.4 Policy Distribution Q. When distributing a policy, F-Secure Policy Manager Console shows an error message about an invalid policy value. What should I do? A. See below for information on error messages you may see during policy distribution, and for the reasons and solutions.
  • Page 192 1. Group the hosts into subdomains based on the installed product version. For example, group hosts that have F-Secure Client Security 6.x installed into one sub-domain, and hosts that have F-Secure Client Security 7.x installed into another domain 2. Set most of the settings on the root domain and create a sub-domains for exceptions.
  • Page 193 SNMP Support Overview................... 194 Installing F-Secure Management Agent with SNMP Support... 195 Configuring The SNMP Master Agent ........196 Management Information Base ..........197...

  • Page 194: Overview

    The NT master agent hosts the extensions and passes the requests to the Management Agent, which is responsible for returning the request to the management console that made it. The F-Secure SNMP Management Extension may be loaded even if no other modules...

  • Page 195: Installing F-Secure Management Agent With Snmp Support

    F-Secure SNMP Management Extension Installation SNMP support for F-Secure Management Agent is installed by installing Management Extensions. If the SNMP master agent is installed when installing the F-Secure SNMP Management Extension, the corresponding Service Pack has to be re-installed (see...

  • Page 196: Configuring The Snmp Master Agent

    Configuring The SNMP Master Agent The SNMP Service is installed from the Windows Control Panel Network Options window. The SNMP Service option is in the TCP/IP Installation Options window. After the SNMP Service software is installed on your computer, you must configure it with valid information in order for SNMP to operate.

  • Page 197: Management Information Base

    Traps are sent to the management station through the SNMP agent only if forwarding is selected in the product’s redirection table in F-Secure Policy Manager Console. For more information about trap redirection, see “Configuring Alert...
  • Page 198 Ilaunchr Error Codes Overview................... 199 Error Codes ................200...

  • Page 199: B.1 Overview

    APPENDIX B Ilaunchr Error Codes Overview When Ilaunchr.exe is completed silently, it reports installation results with the standard exit codes. With the login script, you can test for the cause of the problem. Here is one example, which you can insert into your login script: Start /Wait ILaunchr.exe \\server\share\mysuite.jar /U if errorlevel 100 Go to Some_Setup_Error_occurred...

  • Page 200: B.2 Error Codes

    Error Codes Installation OK. FSMA already installed. User has no administrative rights. JAR not found. JAR corrupted. Error occurred when unpacking an installation package. Target disk has insufficient free space for installation. File package.ini was not found in JAR file. File package.ini did not contain any work instructions.
  • Page 201 APPENDIX B Ilaunchr Error Codes Update is disabled. (Setup attempted to update the installation.) Setup was unable to read the product.ini file. Invalid data is encountered in prodsett.ini. Management Agent canceled the installation or conflicting software was found. Installation aborted. The CD-KEY was entered incorrectly or is missing.
  • Page 202 Setup was unable to load installation support dll. Setup was unable to load wrapper dll. Setup was unable to initialize a cabinet file. Management Agent Setup plug-in returned error. Plug-in returned an unexpected code. Plug-in returned a wrapper code. One of the previous install/uninstall operations was not completed.
  • Page 203 FSII Remote Installation Error Codes Overview................... 204 Windows Error Codes............... 204 Error Messages ................ 205...

  • Page 204: C.1 Overview

    Access Denied -- If using “This Account”, it is important that the administrator is logged on to the F-Secure Policy Manager Console machine with Domain Administrator privileges. With Domain Trusts, make sure you have logged on to the F-Secure Policy Manager Console using the account from the trusted domain. 1069 Logon Failure.

  • Page 205: Appendix C Fsii Remote Installation Error Codes

    A. By default even the administrator does not have a required “Act as part of operating system” privilege on the F-Secure Policy Manager Console machine. Without this privilege, Windows NT does not allow FSII to authenticate the entered user accounts. To add this privilege to administrator’s account on the F-Secure Policy Manager Console,...
  • Page 206 Q. Newer F-Secure product detected, installation aborted A. If the target host has a newer product version already installed, the installation cannot be completed without first uninstalling it. Q. Invalid data is encountered in prodsett.ini. A. The prodsett.ini configuration file has invalid information.If you have edited it manually, make sure the syntax is correct.
  • Page 207 NSC Notation for Netmasks Overview................... 208...

  • Page 208: D.1 Overview

    Overview NSC notation is a standard shorthand notation, which combines a network address with its associated netmask. NSC notation defines the number of contiguous one-bits in the netmask with a slash and a number following the network address. Here is a simple example: Network Address Netmask...
  • Page 209 APPENDIX D NSC Notation for Netmasks Netmask Bits Netmask Bits 255.255.128.0 255.255.255.128 255.255.192.0 255.255.255.192 255.255.224.0 255.255.255.224 255.255.240.0 255.255.255.240 255.255.248.0 255.255.255.248 255.255.252.0 255.255.255.252 255.255.254.0 255.255.255.254 255.255.255.0 255.255.255.255...

  • Page 210: Technical Support

    ECHNICAL UPPORT Overview................... 211 Web Club.................. 211 Advanced Technical Support............ 211 F-Secure Technical Product Training ........212...

  • Page 211: Web Club

    The F-Secure Web Club provides assistance to users of F-Secure products. To enter, choose the Web Club command from the Help menu in the F-Secure application. The first time you use this option, enter the path and name of your Web browser and your location.

  • Page 212: F-Secure Technical Product Training

    After installing the F-Secure software, you may find a ReadMe file in the F-Secure folder in the Windows Start > Programs menu. The ReadMe file contains late-breaking information about the product.
  • Page 213 The courses take place in modern and well-equipped classrooms. All of our courses consist of theory and hands-on parts. At the end of each course there is a certification exam. Contact your local F-Secure office or F-Secure Certified Training Partner to get information about the courses and schedules.
  • Page 214 LOSSARY...
  • Page 215 Data that has been modified without the user’s authorization or approval. Domain Name A unique name that identifies an Internet site (for example, F-Secure.com) Domain Name System. A service that converts symbolic node names to IP addresses. DNS uses a distributed database. Firewall A combination of hardware and software that separates a network into two or more parts for security purposes.
  • Page 216 (File Transfer Protocol) A very common method of moving files between two Internet sites. Host Any computer on a network that is a repository for services available to other computers on the network. HTTP The Hyper Text Transfer Protocol is the protocol used between a Web browser and a server to request a document and transfer its contents.
  • Page 217 Glossary Kernel Mode The part of the Windows operating system, through which, among other things, user-mode applications and services use an API to interact with the computer's hardware. The Kernel mode also contains an interface to user-mode, and a facility for synchronizing it's own services and coordinating all I/O functions.
  • Page 218 Random Seed The seed value for the cryptographically strong random number generator, which is updated each time an F-Secure application closes. Server A computer, or a piece of software, that provides a specific kind of service to client software.
  • Page 219 Glossary SNMP Simple Network Management Protocol. A standard TCP/IP protocol used for monitoring and setting network parameters and counters of LAN- and WAN-connected repeaters, bridges, routers, and other devices. TCP/IP (Transmission Control Protocol/Internet Protocol) This is the suite of protocols that defines the Internet. Originally designed for the UNIX operating system, TCP/IP software is now available for every major kind of computer operating system.
  • Page 220 They include antivirus and desktop firewall with intrusion prevention, antispam and antispyware solutions. Founded in 1988, F-Secure has been listed on the Helsinki Exchanges since 1999, and has been consistently growing faster than all its publicly listed competitors.

Table of Contents