Professional Documents
Culture Documents
There are additional release notes distributed with the F-Secure Policy Manager Setup kit. Please
consult them for the latest information about those components.
Technical Support
Web: http://www.F-Secure.com/support/
Your local contact: <country>@F-Secure.com
F-Secure contact: Anti-Virus-Support@F-Secure.com
Sales
Web: http://www.F-Secure.com/solutions/
Your local contact: <country>@F-Secure.com
F-Secure contact: Sales@F-Secure.com
F-Secure USA F-Secure Europe
F-Secure Inc. F-Secure Corporation
100 Century Center Court, Suite 700 PL 24
San Jose, CA 95112, USA FIN-00181, Helsinki, Finland
Tel (408) 938 6700 Tel +358 9 2520 0700
Fax (408) 938 6701 Fax +358 9 2520 5001
http://www.F-Secure.com/ http://www.Europe.F-Secure.com/
Please do not call F-Secure directly if you have a local F-Secure Business Partner in your area. For an up-to-date listing of F-
Secure Business Partners worldwide, see http://www.F-Secure.com/partners/.
Copyright © 1993-2004 F-Secure Corporation All Rights Reserved.
Portions: Copyright © 1991-2003 Kaspersky Labs, Ltd.
Portions: Copyright © 2001 BackWeb Technologies Inc.
This product may be covered by one or more F-Secure patents, including the following: GB2353372, GB2366691, GB2366692,
GB2366693, GB2367933, GB2368233.
F-Secure Framework is the name of the common F-Secure policy based management architecture. F-
Secure Policy Manager is a product implementing the server and console tiers of the Framework
architecture.
F-Secure Policy Manager provides a scalable way to manage the security of multiple applications on
multiple operating systems, from one central location. It can be used to keep security software up-to-
date, manage configurations, oversee enterprise compliance, and scale to handle even the largest,
most mobile workforce. The F-Secure Policy Manager is comprised of two components: the F-Secure
Policy Manager Console and F-Secure Policy Manager Server. They provide the two upper layers on
the management architecture and are seamlessly integrated with the F-Secure Management Agents
that handle all management functions on local hosts.
F-Secure Policy Manager Console provides a centralized management console for the security of the
managed hosts in the network. It enables the administrator to organize the network into logical units for
sharing policies. The policies are defined in F-Secure Policy Manager Console and then distributed to
the workstations through the F-Secure Policy Manager Server. F-Secure Policy Manager Console is a
Java-based application, which can be run on several different platforms. It can be used to remotely
deploy the Management Agent on other workstations without the need for local login scripts, rebooting,
or any intervention by the end user.
F-Secure Policy Manager Server is the repository for policies and software packages distributed by
the administrator, and status information and alerts sent by the managed hosts. It provides scalability
by working as an extension to the Microsoft Internet Information Server (IIS). Communication between
F-Secure Policy Manager Server and the managed hosts is accomplished through the standard HTTP
protocol, which ensures trouble-free performance on the LAN and WAN.
F-Secure Policy Manager Reporting Option F-Secure Policy Manager Reporting Option is a stand-
alone command line program that, with an existing Communication Directory (CommDir) in F-Secure
Policy Manager Server, collects alert, status and property data from the managed security domain or
host of choice. F-Secure Policy Manager Reporting Option allows users to generate reports concerning
the data from the Communication Directory in F-Secure Policy Manager Server by using XSL templates
(which are like predefined queries). These reports can then be exported as files in HTML, XML, CSV or
TXT file format.
F-Secure BackWeb With F-Secure BackWeb users can get anti-virus database updates and
informational content without interrupting their work to wait for files to download from the Web. F-
Secure BackWeb downloads files automatically in the background using bandwidth not being used by
other Internet applications, so the users can always be sure they will have the latest updates without
having to search the Web. If the F-Secure BackWeb client is always connected to the Internet, it will
automatically receive new anti-virus updates within about two hours after they have been published by
F-Secure.
F-Secure Management Agent enforces the security policies set by the administrator on the managed
hosts, and provides the end user with a user interface and other services. It handles all management
functions on the local workstations and provides a common interface for all F-Secure applications, and
operates within the policy-based management infrastructure.
IMPORTANT NOTES
•Re-installing or upgrading FSAV 5 will overwrite any virus definition databases used by the previous
FSAV 5 installation, thus making the virus protection level somewhat older. In centrally managed
installations the new virus definition databases will be updated by the next policy polling interval. If
FSAV 5 is installed in stand-alone mode, the user should re-apply the latest virus definition
databases either by using the Update now function or by getting the latest databases from
http://www.F-Secure.com/.
•When upgrading an older Windows operating system having FSAV 5 installed, it is necessary to first
uninstall FSAV 5 before proceeding with the upgrade. Not doing this may lead to a system not
functioning properly. This is because of differences in the low-level driver architecture in older
Windows platforms compared to newer ones. This is not necessary when installing service packs
or other operating system patches.
•Windows 2000/XP contains a feature that calculates the disk space usage of installed programs and
tells how frequently they have been used. This info is provided in the Add/Remove Programs list,
but it may be incorrect for the F-Secure Anti-Virus modules. The Add/Remove Programs list may
for example claim that F-Secure Anti-Virus has been used occasionally, even if the on-access
protection is enabled all the time. This is perfectly normal and does not mean that the product is
disabled or malfunctioning in any way. Very high disk space usage figures may also be reported.
Always use the Explorer to find out the real disk space usage of the F-Secure products, rather than
the figure reported by Add/Remove Programs.
F-Secure Anti-Virus 5 includes significant improvements over version 4. The new version is based on
F-Secure Framework, the enabling technology behind the new policy-based management architecture.
F-Secure Anti-Virus 5 is designed from the ground up for the corporate environment and large
heterogeneous networks. It provides the network administrator with comprehensive security
management features and a three-tier architecture that will scale from a small LAN with only a few
workstations all the way up to a large WAN with hundreds of thousands of nodes distributed around the
globe.
The user interface has been simplified. Every major function of the program is transparent to the user,
which reduces maintenance costs. The powerful F-Secure Gatekeeper technology detects and
disinfects viruses in real-time. This completely eliminates the complexity of on-demand and scheduled
scanning tasks.
Software distribution and alerting functions are no longer based on file-sharing in a LAN. Instead, they
work within a three-tier system that uses the HTTP protocol to work in any TCP/IP network. The HTTP
protocol will work easily with your existing routers, firewalls, and other components of your network
infrastructure.
F-Secure Anti-Virus 5.40 contains the following major changes from previous release:
•Added platform support for Windows XP.
•New scanning architecture (exceptions in scanning engines handled without user intervention ◊
more up-time, less forced reboots/system crashes).
•Improved default handling of malware (secondary action if disinfection fails, disinfection of locked
files, system clean-up module for removing complicated malware that need e.g. cleaning the
Windows registry).
•Scheduler functionality (for scheduled scanning tasks / database updates, accessible through F-
Secure Policy Manager Console).
•Hotfix-support (for applying F-Secure-signed patches to the product if needed).
•Support for “ext.dat” in virus definition database updates (modifying scanned file extensions through
database updates).
•Extended set of file extensions to be scanned (DLL-scanning in real-time, new archive formats
supported).
•Command-line scanner release version (power-user tool for command-line usage of F-Secure Anti-
Virus 5).
•Added localization for Hungarian, Greek and Korean languages.
F-Secure Anti-Virus 5.41 for Workstations contains the following major changes from previous
release:
•Fixes for most important problems found in version 5.40.
•Added localization for Swedish and Czech languages.
•Workstation-only support – this version can not be installed with server keycode.
F-Secure Anti-Virus 5.42 for Workstations contains the following major changes from previous
release:
•Fixes for most common problems found in version 5.41.
•F-Secure SNMP Management Extension re-included in the package as optional component.
•Optimizations in scanning engines.
F-Secure Anti-Virus 5.43 for Workstations contains the following major changes from previous
release:
Administration
•F-Secure Policy Manager provides central administration under three-tier management architecture.
The administration tasks include software distribution, updating, alerting, and configuration
management.
•F-Secure Anti-Virus is scalable to enterprise-wide networks through distributed F-Secure Policy
Manager Servers and the HTTP protocol.
•The F-Secure Management Agent provides statistics from each workstation and sends alerts when
a virus is found.
•The administrator can create and distribute policies that specify different settings for manual scans
and real-time protection.
•Alerts, reports, and messages are viewed in F-Secure Policy Manager Console.
•Improved support for the industry-standard SNMP protocol.
•Installation and updates are supported under the Microsoft Systems Management Server (SMS) on
Windows networks.
End-User Interface
•A new and simple user interface makes the most common functions available from a shortcut menu.
•A new Disinfection Wizard guides the user through the removal of viruses from the system.
•The new and easy-to-use virus information database on the F-Secure Web site can be conveniently
accessed.
•All F-Secure Anti-Virus settings can be centrally managed by the administrator.
•The administrator can determine what is visible in the user interface, thus controlling the level of
transparency to the user.
Following list contains the most important fixes and known problems in this release of F-Secure Anti-
Virus 5. The numbers refer to F-Secure’s internal change-tracking database entries. For more detailed
information, contact Anti-Virus-Support@F-Secure.com.
Known Problems
•Using the Offline-file synchronization feature in Windows XP/2000 may cause slowdowns with large
number of files. This can be worked around by excluding the Offline files storage folder from real-
time scanning. By default, the offline storage folder is located at <nt-system-root>\csc. To exclude
the folder, use the "Exclude objects" function on the "Real-time Protection" page of F-Secure Anti-
Virus settings.
•Real-time protection always causes some overhead on file I/O, which can cause problems for time-
critical file operations such as creating CD-R/CD-RW images.
•13178, “Do not allow install if machine does not meet memory requirements [#10584]”: Although F-
Secure Anti-Virus 5 has minimum system requirements (see “System requirements” in this
document), they are not checked during setup, allowing the product to be installed on systems
without enough resources.
•15447, “FSMUIAV.DLL not initialized if FSMA isn't running”: In some environments the user may be
able to login before F-Secure Management Agent is started, causing the F-Secure Anti-Virus
settings and statistics to be unavailable. This can be worked around by waiting a moment before
logging into the system. Even if this problem occurs, the real-time virus protection is fully
functional.
•12307, “FSAV unable to disinfect from folder C:\_Restore in WinME”: F-Secure Anti-Virus can not
disinfect/delete/rename infections found under the special system folder “_Restore” of Windows
ME. Infections are detected normally, however. There is a workaround that is officially
documented by Microsoft: http://support.microsoft.com/support/kb/articles/q263/4/55.ASP
•21876, “OAS scan prevents formatting of diskettes in most cases”: On WinNT/2000/XP, due to the
scanning logic of floppy boot sectors, the user may encounter problems when attempting to format
a floppy disk. If this happens, the user should retry formatting the floppy disk right after it first
failed, this should remove the problem. This problem does not exist on Win95/98/ME.
Following list contains the technical changes of this release of F-Secure Anti-Virus when compared to
the previous release. Refer to user’s manual or visit www.F-Secure.com for more info about other
features in this release.
•Using a separate communication directory user account can fail if the logged-in user also has
mounts for the server where the communication directory is located. This is caused by the
"Multiple credentials" (error 1219) problem described in Microsoft TechNet article Q173199. A
workaround is to use different network host names for the communication directory path and the
share used by the logged-in user. For example, using "\\192.1.2.3\commdir" as the communication
directory and "\\companyserver\datafiles" as the logged-in user's share should work even though
"companyserver" and "192.1.2.3" were the same machine.
•F-Secure BackWeb is incompatible with the new Fast User Switching and Remote Desktop features
of Windows XP. To have F-Secure BackWeb always available, use normal logoff/login procedure
to use another user account, instead of choosing ‘Switch User’.
•Microsoft Proxy supports two different types of user authentication: standard HTTP authentication
(a.k.a Basic Authentication), and NTLM authentication. F-Secure BackWeb is compatible with only
the standard HTTP authentication and does not work if the proxy is configured to allow only NTLM
authentication.
•Detecting HTTP proxy settings from installed browser works only with Internet Explorer 4.0 or later
and with Netscape 4.x. It does not work with Netscape Navigator 6.0.
•Detecting HTTP proxy settings from installed browser does not work in most Windows NT, 2000 and
XP systems, where the proxy settings are specified for currently logged-on user. As F-Secure
BackWeb is running as a system service it won’t use the current user’s proxy settings. The proxy
settings can be configured manually in BackWeb’s Advanced Settings. Alternatively corporate
administrators could also configure the correct proxy settings for the default user in Windows
registry.
•Windows NT, 2000 and XP only: reinstalling or upgrading F-Secure BackWeb may in some cases
fail with “installation aborted” or “unknown error” if the files of a previous installation have been
deleted or damaged but the application has not been properly uninstalled. If running F-Secure
BackWeb uninstallation from Add/Remove Programs does not resolve the problem, you have to
use Windows registry editor to delete InstallDir registry value from
HKEY_LOCAL_MACHINE\Software\BackWeb\BackWeb-Client\Applications\7681197\General.
•During uninstallation of F-Secure BackWeb you may get a message about failing to delete file
UninstallRC.dll and a second message about failing to remove the directory where the file is. This
file and directory will remain on disk after uninstallation.
•If Windows has been configured to display a desktop wallpaper, uninstalling F-Secure BackWeb will
remove the wallpaper. To get the wallpaper back you have to choose it again from Display
Properties after F-Secure BackWeb has been uninstalled.
•If Internet Explorer 5.0 was installed before BackWeb and was uninstalled afterwards, the BackWeb
Client may cease to function. In that case Internet Explorer 5.0 must be reinstalled in order to
continue using BackWeb.
Installation
System Requirements
The system requirements for F-Secure Anti-Virus 5.43 for Workstations are:
•Microsoft Windows XP, Windows 2000, Windows NT 4.0, Windows 95, Windows 98 or Windows
ME running on Intel Pentium hardware
•32 MB of RAM (64 MB recommended minimum for Windows NT/2000 platforms, 128 MB
recommended minimum for Windows XP platforms)
•30 MB free hard disk space
•Internet connection recommended
The recommended Microsoft Windows NT 4.0 installation is with Service Pack 6.
The system requirements for F-Secure Policy Manager are listed in the F-Secure Policy Manager
release notes.
If you don’t yet have Policy Manager installed, or you are updating to a newer version of Policy
Manager.
Install/Update Policy Manager, as part of the installation the Anti-Virus packages will be automatically
added. For complete instructions refer to the accompanying installation instructions booklet.
Installing Installation Packages (JARs) from CD-Rom to an existing Policy Manager installation.
1. Insert the Workstation & Server Security CD-Rom, when asked choose “Corporate Use”.
2. From “Install or Update Managed Software” choose “Policy Manager”.
3. Choose “Installation Packages” and setup will start. Follow the on-screen instructions.
Manually copying Installation Packages from CD-ROM to an existing Policy Manager installation.
1.
Copy the JAR file from CD-ROM to the communication directory path “.\install\entry”.
2.
Select “View Packages” in Policy Manager Console.
3.
Select “Refresh” in the “Installation Packages” dialog.
4.
Policy Manager Console verifies the signature of the new installation packages. After
this, you are ready to distribute F-Secure Anti-Virus 5 in the policy domain.
NOTE: The JAR can be found directly on the CD-ROM in \win32\fspm\<version no>\jars\fsav*.jar
1. Install the system and all the software that should be in the image file, including F-
Secure Anti-Virus. Configure F-Secure Anti-Virus to use the correct Policy Manager
Server. However, DO NOT import the host to F-Secure Policy Manager Console if the
host has sent an auto registration request to the F-Secure Policy Manager Server. Only
hosts on which the image file will be installed to should be imported.
2. Run the "FSMAUTIL RESETUID" command from the command prompt. This utility is
typically located in the "C:\Program Files\F-Secure\Common" directory (the directory
may be different if you are using a localized version of Windows or if you have specified
a non-default installation path).
3. Shut down the computer. Do NOT restart the computer at this stage.
4. Create the disk image file.
The utility program resets the UID in the F-Secure Anti-Virus installation. A new UID is created
automatically when the system is restarted. This will happen individually on each machine where the
image file is installed. These machines will send auto registration requests to the Policy Manager system
and the request can be processed normally.
Uninstallation
Uninstalling F-Secure Anti-Virus requires some manual operations. Administrator rights are also required
for uninstalling.