Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Manager 8.0
Administrator’s Guide
"F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-
Secure product names and symbols/logos are either trademarks or registered trademarks of F-
Secure Corporation. All product names referenced herein are trademarks or registered
trademarks of their respective companies. F-Secure Corporation disclaims proprietary interest in
the marks and names of others. Although F-Secure Corporation makes every effort to ensure that
this information is accurate, F-Secure Corporation will not be liable for any errors or omission of
facts contained herein. F-Secure Corporation reserves the right to modify specifications cited in
this document without prior notice.
Companies, names and data used in examples herein are fictitious unless otherwise noted. No
part of this document may be reproduced or transmitted in any form or by any means, electronic or
mechanical, for any purpose, without the express written permission of F-Secure Corporation.
This product may be covered by one or more F-Secure patents, including the following:
Chapter 1 Introduction 15
1.1 Overview ....................................................................................................................16
1.2 Installation Order........................................................................................................ 17
1.3 Features ..................................................................................................................... 18
1.4 Policy-Based Management ........................................................................................ 19
1.4.1 Management Information Base ...................................................................... 21
iii
3.4.1 Changing the Communication Directory Path ................................................ 47
3.4.2 Changing the Ports Where the Server Listens for Requests.......................... 48
3.4.3 F-Secure Policy Manager Server Configuration Settings ............................... 49
3.5 Uninstalling F-Secure Policy Manager Server ........................................................... 54
iv
5.5.5 Policy Inheritance .........................................................................................123
5.6 Managing Operations and Tasks .............................................................................126
5.7 Alerting .....................................................................................................................126
5.7.1 Viewing Alerts and Reports ..........................................................................126
5.7.2 Configuring Alert Forwarding........................................................................128
5.8 Reporting Tool..........................................................................................................129
5.8.1 Policy Domain / Host Selector Pane.............................................................130
5.8.2 Report Type Selector Pane ..........................................................................131
5.8.3 Report Pane .................................................................................................132
5.8.4 Bottom Pane.................................................................................................133
5.9 Preferences..............................................................................................................133
5.9.1 Connection-Specific Preferences .................................................................134
5.9.2 Shared Preferences......................................................................................137
v
8.2.2 Installing F-Secure Policy Manager Server ..................................................158
8.2.3 Installing F-Secure Policy Manager Console................................................159
8.2.4 Installing F-Secure Policy Manager Web Reporting.....................................160
8.3 Configuration............................................................................................................161
8.4 Uninstallation............................................................................................................161
8.4.1 Uninstalling F-Secure Policy Manager Web Reporting ................................161
8.4.2 Uninstalling F-Secure Policy Manager Console ...........................................162
8.4.3 Uninstalling F-Secure Policy Manager Server..............................................162
8.4.4 Uninstalling F-Secure Automatic Update Agent ...........................................163
8.5 Frequently Asked Questions ....................................................................................163
vi
10.2 Main Differences between Anti-Virus Proxy and Policy Manager Proxy..................183
vii
F-Secure Technical Product Training ...............................................................................213
Training Program .................................................................................................... 213
Contact Information................................................................................................. 214
Glossary 215
About F-Secure Corporation
viii
ABOUT THIS GUIDE
Overview.................................................................................... 10
How This Guide is Organized..................................................... 11
9
10
Overview
F-Secure Policy Manager provides tools for administering the following
F-Secure software products:
F-Secure Client Security
F-Secure Internet Gatekeeper for Windows
F-Secure Anti-Virus for
Windows Workstations
Windows Servers
Citrix Servers
Microsoft Exchange
MIMEsweeper
F-Secure Linux Security
F-Secure Linux Client Security
F-Secure Linux Server Security
F-Secure Policy Manager Proxy.
About This Guide 11
Symbols
TIP - A tip provides information that can help you perform a task
more quickly or easily.
Fonts
Arial bold (blue) is used to refer to menu names and commands, to
buttons and other items in a dialog box.
Arial Italics (blue) is used to refer to other chapters in the manual, book
titles, and titles of other manuals.
Arial Italics (black) is used for file and folder names, for figure and table
captions, and for directory tree names.
Courier New is used for messages on your computer screen.
14
Courier New bold is used for information that you must type.
SMALL CAPS (BLACK) is used for a key or key combination on your
keyboard.
Arial underlined (blue) is used for user interface links.
Arial italics is used for window and dialog box names.
PDF Document
This manual is provided in PDF (Portable Document Format). The PDF
document can be used for online viewing and printing using Adobe®
Acrobat® Reader. When printing the manual, please print the entire
manual, including the copyright and disclaimer statements.
Overview..................................................................................... 16
Installation Order ........................................................................ 17
Features ..................................................................................... 18
Policy-Based Management......................................................... 19
15
16
1.1 Overview
F-Secure Policy Manager provides a scalable way to manage the security
of numerous applications on multiple operating systems, from one central
location. It can be used to keep security software up-to-date, manage
configurations, oversee enterprise compliance, and can be scaled to
handle even the largest, most mobile workforce. F-Secure Policy
Manager provides a tightly integrated infrastructure for defining security
policies, distributing policies and installing application software to local as
well as remote systems, and monitoring the activities of all systems in the
enterprise to ensure compliance with corporate policies and centralized
control.
The power of the F-Secure Policy Manager lays in the F-Secure
management architecture, which provides high scalability for a widely
distributed, mobile workforce. F-Secure Policy Manager is comprised of
F-Secure Policy Manager Console and F-Secure Policy Manager Server.
They are seamlessly integrated with the F-Secure Management Agent
that handles all management functions on local hosts.
1.3 Features
Software Distribution
First-time installation on Windows domains with F-Secure Push
Installation.
Updating of executable files and data files, including virus
definition databases.
Support for policy-based updates. Policies force the F-Secure
Management Agent to perform updates on a host. Both policies
and software packages are signed, making the entire update
process strongly authenticated and secure.
Updates can be provided in several ways:
From the F-Secure CD.
From the F-Secure Web site to the customer. These can be
automatically ‘pushed’ by F-Secure Automatic Update Agent,
or voluntarily ‘pulled’ from the F-Secure website.
F-Secure Policy Manager Console can be used to export
pre-configured installation packages, which can also be delivered
using third-party software, such as SMS, and similar tools.
Event Management
Reporting through the Management API to the Event Viewer
(local and remote logs), SNMP agent, e-mail, report files, etc.
Event redirection through policies.
Event statistics.
Performance Management
Statistics and performance data handling and reporting.
Task Management
Management of virus scanning tasks and other operations.
The information flow between F-Secure Policy Manager Console and the
hosts is accomplished by transferring policy files. There are three kinds of
policy files:
Default Policy files (.dpf)
Base Policy files (.bpf)
Incremental Policy files (.ipf)
The current settings of a product consist of all three policy file types:
23
24
Disk space: Disk space: 200 MB of free hard disk space; 500
MB or more is recommended. The disk space
requirements depend on the size of the
installation.
In addition to this it is recommended to allocate
about 1 MB per host for alerts and policies. The
actual disk space consumption per host is hard
to anticipate, since it depends on how the
policies are used and how many installation
packages are stored.
Overview..................................................................................... 27
Security Issues ........................................................................... 28
Installation Steps ........................................................................ 34
Uninstalling F-Secure Policy Manager Server............................ 54
26
CHAPTER 3 27
Installing F-Secure Policy Manager Server
3.1 Overview
The following are advanced instructions for installing F-Secure
Policy Manager Server on a machine dedicated only to the Server.
F-Secure Policy Manager Server can also be installed on the same
machine as F-Secure Policy Manager Console.
F-Secure Policy Manager Server is the link between F-Secure Policy
Manager Console and the managed hosts and acts as the repository for
policies and software packages distributed by the administrator, as well
as status information and alerts sent by the managed hosts.
Communication between F-Secure Policy Manager Server and other
components can be achieved through the standard HTTP protocol, which
ensures trouble-free performance on LAN and global networks.
The information stored by F-Secure Policy Manager Server includes the
following files:
Policy Domain Structure.
Policy Data, which is the actual policy information attached to
each policy domain or host.
Base Policy files generated from the policy data.
Status Information, including incremental policy files, alerts, and
reports.
Autoregistration requests sent by the hosts.
Host certificates.
Security News received from F-Secure.
Product installation and virus definition database update
packages.
The Web Reporting component stores statistics and historical
trend data about the hosts.
28
If the access to port 8080 was limited only to the localhost during
the setup, you should now open the port and then define the list of
allowed IP addresses (see the Listen 8080 directive in the example
below).
CHAPTER 3 31
Installing F-Secure Policy Manager Server
#FSMSA port
<VirtualHost _default_:8080>
<Location /fsmsa/fsmsa.dll>
Order Deny,Allow
Deny from all <- First deny all
Allow from 127.0.0.1 <- Then allow access to the server
from local machine
Allow from 10.128.129.2 <- Allow access from the server
machine
Allow from 10.128.129.209 <- Allow access from
Administrator's workstation
SetHandler fsmsa-handler
</Location>
</VirtualHost>
After this, only the person who has access to the machines with the
defined IP addresses can use F-Secure Policy Manager Console.
3. If there is a very strong need to use F-Secure Policy Manager over a
public network (such as the Internet), it is recommended to encrypt
the connection between F-Secure Policy Manager Server and
F-Secure Policy Manager Console with a VPN or SSH type product.
As an alternative, F-Secure Policy Manager Console and F-Secure Policy
Manager Server can be installed on the same machine, and access
limited to the localhost. Remote administrator access to the F-Secure
Policy Manager Console can be arranged by using a secure remote
desktop product.
32
If the access to port 8081 was limited only to the localhost during
the setup, you should now open the port and then define the list of
allowed IP addresses (see the Listen 8081 directive in the example
below).
CHAPTER 3 33
Installing F-Secure Policy Manager Server
Step 2. Setup begins. View the Welcome screen, and follow the setup
instructions. Select the installation language from the drop-down menu.
Click Next to continue.
CHAPTER 3 35
Installing F-Secure Policy Manager Server
Step 3. Read the license agreement information. If you agree, select I accept this
agreement. Click Next to continue.
36
Step 4. If you are installing on a clean computer, select F-Secure Policy Manager
Server. Click Next to continue.
CHAPTER 3 37
Installing F-Secure Policy Manager Server
Step 7. Select whether you want to keep the existing settings or change them.
By default the setup keeps the existing settings. Select this option
if you have manually updated the F-Secure Policy Manager
Server configuration file (HTTPD.conf). This option automatically
keeps the existing administration, host and web reporting ports.
If you want to change the ports from the previous installation,
select the Change settings option. This option overwrites the
HTTPD.conf file, and restores the settings to defaults.
40
Step 9. Select to add product installation package(s) from the list of available
packages (if you selected F-Secure Installation Packages in Step 4 on
page 17). Click Next.
CHAPTER 3 43
Installing F-Secure Policy Manager Server
Step 10. Setup displays the components that will be installed. Click Next.
44
Step 11. When the setup is completed, the setup shows whether all components
were installed successfully.
CHAPTER 3 45
Installing F-Secure Policy Manager Server
Step 12. F-Secure Policy Manager Server is now installed. Restart the computer if
you are prompted to do so. Click Finish to complete the installation.
46
Step 13. To determine if your installation was successful, open a web browser in
the machine where F-Secure Policy Manager Server was installed, enter
http://localhost:80 (if you used the default port number during the
installation) and press ENTER. If the server installation was successful, the
following page will be displayed.
The F-Secure Policy Manager Server starts serving hosts only after
F-Secure Policy Manager Console has initialized the
Communication directory structure, which happens automatically
when you run F-Secure Policy Manager Console for the first time.
Step 14. The setup wizard creates the user group FSPM users. The user who was
logged in and ran the installer is automatically added to this group. To
allow another user to run F-Secure Policy Manager you must manually
add this user to the user group FSPM users.
CHAPTER 3 47
Installing F-Secure Policy Manager Server
Timeout: This directive defines the period of time that the server will wait
before closing a connection, when there is no outbound or inbound traffic
in the network connection.
LoadModule: This directive defines the symbolic name of the module to
read and the path to the library that contains the module binaries.
Example: LoadModule fsmsh_module
"C:\serverroot\modules\fsmsh.dll"
Listen: This directive defines what port the server should listen on. The
default configuration for a web server, for example is: Listen 80. You
can restrict where the connections can be received from, for example,
Listen 127.0.0.1:80 will only allow connections to port 80 from the
machine where the server is running (localhost).
You can configure F-Secure Policy Manager Server to listen on different
ports by changing this setting and the associated <VirtualHost> setting
that we also discuss in this section. For more information, see “Changing
the Ports Where the Server Listens for Requests”, 48.
DocumentRoot: This directive should contain an absolute path. It defines
the directory that everyone will be able to access, so don’t use a path to a
directory with sensitive data. By default F-Secure Policy Manager Server
allocates a directory under F-Secure Policy Manager Server installation
directory, htdocs\. This directory is where the “welcome page” for the
server is located. If you change it, this page will no longer be displayed.
<Directory “c:\somepath”>: This directive will define what kind of
security settings will be associated with the directory specified in the path
component of the directive.
ErrorLog: The error log directive sets the name of the file to which the
server logs any errors it encounters. If the file path does not begin with a
slash (/), it is assumed to be relative to the ServerRoot. If the file path
begins with a pipe (|), it is assumed to be a command to spawn handling
of the error log. This feature is used for spawning the rotatelogs (see the
rotatelogs entry in this section) utility so that log file is actually rotated
and not written to an ever growing file.
<VirtualHost _default_:port>: This directive defines a set of directives
that will apply only to a VirtualHost. A VirtualHost is a virtual server, i.e., a
different server that is run in the same process as other servers. F-Secure
CHAPTER 3 51
Installing F-Secure Policy Manager Server
Policy Manager Server; for example, has two virtual hosts, one running in
port 80 (F-Secure Policy Manager Server Host Module) and another one
running in port 8080 (FSMSA or Admin Module).
Here is the default configuration for F-Secure Policy Manager Server:
# FSMSH port
<VirtualHost _default_:80>
<Location /fsms/fsmsh.dll>
SetHandler fsmsh-handler
</Location>
<Location /commdir>
SetHandler fsmsh-handler
</Location>
</VirtualHost>
#FSMSA port
<VirtualHost _default_:8080>
<Location /fsmsa/fsmsa.dll>
SetHandler fsmsa-handler
</Location>
</VirtualHost>
Commdir and Commdir2: These directives define the path to the
communication directory or repository. This is the directory where
F-Secure Policy Manager Server stores all the Management Data that it
receives from Policy Manager Console and F-Secure Management
Agent. You can alter the Communication Directory location by changing
these directives, but you must make sure that the account under which
the server is run (fsms_<machine wins name>) has full rights to that
directory.
Commdir "C:\Program Files\F-Secure\Policy Manager
Server\CommDir"
Commdir2 "C:\Program Files\F-Secure\Policy Manager
Server\CommDir"
52
CustomLog: This entry is used to log requests to the server. The first
parameter is either a file (file to which the requests should be logged) or a
pipe ('|') followed by the path to a program to receive the log information
on its standard input. This feature is used for spawning the rotatelogs
(see the rotatelogs entry in this section) utility so that the log file is
actually rotated and not written to an ever growing file.
The second parameter specifies what will be written to the log file, and is
defined under a previous LogFormat directive.
Below is an example of an entry in the access.log file:
10.128.131.224 - - [18/Apr/2002:14:06:36 +0300]
/fsmsa/
fsmsa.dll?FSMSCommand=ReadPackage&Type=27&SessionID=248 HTTP/
1.1"
200 5299 0 - 0 - "FSA/5.10.2211 1.3.1_02 Windows2000/5.0 x86"
mod_gzip: DECHUNK:DECLINED:TOO_SMALL CR:0pct.
10.128.131.224 - - [18/Apr/2002:14:06:36 +0300] tells you when the
request to the server was made and by which host (described by its IP
address).
The fxnext component informs you which module the command sent to /
fsmsa/fsmsa.dll. This module (fsmsa.dll) is the Admin Module. fsmsh.dll
would be the Host Module.
Then come the command and parameters
FSMSCommand=ReadPackage&Type=27&SessionID=248. In this case the
host requested an object of Type 27 (there is only one).
The HTTP version used is also noted HTTP/1.1
Immediately after the http version comes six different numbers, as
follows:
1. HTTP response code: In this example 200 is used, meaning OK in
HTTP specification. There are other codes, all of them covered under
the HTTP specification that can be obtained from http://www.w3.org.
2. Bytes transferred from the server: The example entry informs of 5299
bytes transferred.
3. How long the server took to serve the request (in seconds).
4. Connection status when response is completed.
CHAPTER 3 53
Installing F-Secure Policy Manager Server
For more information on the settings you can read the httpd.sample file
that is located in the same directory as the configuration file of F-Secure
Policy Manager Server (<fspms installation directory>\conf).
mod_gzip_on Yes: This setting is one of the several compression
settings, and the one that enables or disables support for the
compression in F-Secure Policy Manager Server. Compression is
disabled if the setting is changed to mod_gzip_on No.
FastPolicyDistribution On: This is a performance versus maximum
backward compatibility switch. When enabled (On) it will allow the
F-Secure Policy Manager Server to distribute policies in a way that
speeds up the process greatly (30-100 times, depending on the number
of hosts). The disabled switch (Off) should be used when there are other
components accessing the communication directory concurrently (e.g.
F-Secure Management Agent).
RetryFileOperation 10: This setting tells the server how many times it
should retry a failed file operation (with a 1 second retry-interval) before
giving up.
CommdirCacheSize 10: The number-value of this setting informs the
server how much memory, percentage-wise, it should use for storing files
in memory before serving them. This will allow the server to serve the files
much faster, since it will not have to read them from the disk all the time. If
you use the default (10), the server will use 10% of the memory available
for this cache. For example, in a 512MB RAM machine, it will use 51,2
MB for the cache.
Overview..................................................................................... 57
Installation Steps ........................................................................ 57
Uninstalling F-Secure Policy Manager Console ......................... 73
56
CHAPTER 4 57
Installing F-Secure Policy Manager Console
4.1 Overview
F-Secure Policy Manager Console can operate in two modes:
Administrator mode - you can use F-Secure Policy Manager
Console to its full extent.
Read-Only mode - you can view F-Secure Policy Manager
Console information but cannot perform any administrative tasks
(this mode is useful for such users as Helpdesk personnel).
The same console installation can be used for both Administrator and
Read-Only connections. The following sections explain how to run the
F-Secure Policy Manager Console setup from the F-Secure CD, and how
to select the initial operation mode when the console is run for the first
time. The CD setup is identical for both modes, and it is always possible
to add new Administrator and Read-Only connections after the initial
startup.
Step 2. View the Welcome screen, and follow the setup instructions. Select the
installation language from the drop-down menu. Click Next to continue.
CHAPTER 4 59
Installing F-Secure Policy Manager Console
Step 3. Read the license agreement information. If you agree, select I accept this
agreement. Click Next to continue.
60
Step 7. Review the changes that setup is about to make. Click Next to continue.
64
Step 9. Run F-Secure Policy Manager Console by clicking on Start >Programs >
F-Secure Policy Manager Console > F-Secure Policy Manager Console.
When F-Secure Policy Manager Console is run for the first time, the
Console Setup Wizard collects the information needed to create an initial
connection to the server.
The first page of F-Secure Policy Manager Console setup wizard
summarizes the installation process. Click Next to continue.
66
Step 11. Enter the address of the F-Secure Policy Manager Server that is used for
communicating with the managed hosts.
68
Step 12. Enter the path where the administrator’s public key and private key files
will be stored. By default, key files are stored in the F-Secure Policy
Manager Console installation directory:
Program Files\F-Secure\Administrator.
Click Next to continue.
If the key-pair does not pre-exist, it will be created later in the setup
process
CHAPTER 4 69
Installing F-Secure Policy Manager Console
Step 13. Move your mouse cursor around in the window to initialize the random
seed used by the management key-pair generator. Using the path of the
mouse movement ensures that the seed number for the key-pair
generation algorithm has enough randomness. When the progress
indicator has reached 100%, the Passphrase dialog box will open
automatically.
70
Step 14. Enter a passphrase, which will secure your private management key.
Re-enter your passphrase in the Confirm Passphrase field. Click Next.
CHAPTER 4 71
Installing F-Secure Policy Manager Console
Step 16. The setup wizard creates the user group FSPM users. The user who was
logged in and ran the installer is automatically added to this group. To
allow another user to run F-Secure Policy Manager you must manually
add this user to the user group FSPM users.
72
Overview..................................................................................... 75
F-Secure Policy Manager Console Basics ................................. 76
F-Secure Client Security Management....................................... 80
Managing Domains and Hosts ................................................... 94
Software Distribution ................................................................ 104
Managing Policies .................................................................... 120
Managing Operations and Tasks.............................................. 126
Alerting ..................................................................................... 126
Reporting Tool .......................................................................... 129
Preferences .............................................................................. 133
74
CHAPTER 5 75
Using F-Secure Policy Manager Console
5.1 Overview
F-Secure Policy Manager Console is a remote management console for
the most commonly used F-Secure security products, designed to provide
a common platform for all of the security management functions required
in a corporate network.
An administrator can create different security policies for each host, or
create a single policy for many hosts. The policy can be distributed over a
network to the workstations, servers, and security gateways.
With F-Secure Policy Manager Console, you can:
Set the attribute values of managed products,
Determine rights for users to view or modify attribute values that
were remotely set by the administrator.
Group the managed hosts under policy domains sharing common
attribute values.
Manage host and domain hierarchies easily.
Generate signed policy definitions, which include attribute values
and restrictions.
Display status.
Handle alerts.
Handle F-Secure Anti-Virus scanning reports.
Handle remote installations.
View reports in HTML format, or export reports to various exports
formats.
F-Secure Policy Manager Console generates the policy definition, and
displays status and alerts. Each managed host has a module (F-Secure
Management Agent) enforcing the policy on the host.
The conceptual world of F-Secure Policy Manager Console consists of
hosts that can be grouped within policy domains. Policies are
host-oriented. Even in multi-user environments, all users of a specific host
share common settings.
F-Secure Policy Manager Console recognizes two types of users:
administrators and read-only mode users.
76
5.2.1 Logging In
When you start F-Secure Policy Manager Console, the following dialog
box will open (click Options to expand the dialog box to include more
options)
Connection Properties
The link to the data repository is defined as the HTTP URL of the
F-Secure Policy Manager Server.
icon in the domain tree and they will appear in the Disconnected Hosts list
in the Domain status view. Note that it is possible to define an interval that
is shorter than one day by simply typing in a floating point number in the
setting field. For example, with a value of "0.5" all hosts that have not
contacted the server within 12 hours are considered disconnected. Values
less than one day are normally useful only for trouble shooting purposes,
because in a typical environment some hosts are naturally disconnected
from the server every now and then. For example, laptop computers may
not be able to access the server daily, but in most cases this is perfectly
acceptable behavior.
Force Value
This Force Value menu item is available only when a Policy Domain is
selected. You can enforce the current domain setting to also be active in
all subdomains and hosts. In practice, this operation clears the
corresponding setting in all subdomains and hosts below the current
domain, enabling the inheritance of the current value to all subdomains
and hosts. Use this menu entry cautiously: all values defined in the
subdomain or hosts under the selected domain are discarded, and cannot
be restored.
Show Domain Values
The Show Domain Values menu item is available only when a Policy
Domain is selected. You can view a list of all policy domains and hosts
below the selected policy domain, together with the value of the selected
field.
Click any domain or host name to quickly select the domain or host in the
Policy Domains pane. It is possible to open more than one Domain Value
dialog simultaneously.
Viewing Status
Open the Status tab and select the product from the Properties pane.
F-Secure Policy Manager Console will render a Product View to the
Product View pane, where you can view the more important local settings
and statistics.
Values cannot be edited, but the MIB help texts can be displayed
by clicking a field or its label.
For the policy domains, the Status tab will show the domain level status
overview: number of hosts in the domain, and list of disconnected hosts.
The toolbar contains buttons for the most common F-Secure Policy
Manager Console tasks.
Windows Domains
In a Windows domain, the most convenient method of adding hosts to
your policy domain is by importing them through F-Secure Intelligent
Installation by choosing ‘Autodiscover Windows hosts’ from the Edit menu
in F-Secure Policy Manager Console. Note that this also installs F-Secure
Management Agent on the imported hosts. In order to import hosts from a
Windows domain, select the target domain, and choose ‘Autodiscover
Windows hosts’ from the Edit menu. After the autodiscover operation is
completed, the new host is automatically added to the Policy Domain
tree. For more information, see “Software Distribution”, 104.
Autoregistered Hosts
Another possibility for importing hosts into F-Secure Policy Manager
Console is by using the autoregistration feature. You can do this only after
F-Secure Management Agent has been installed on the hosts and after
the hosts have sent an autoregistration request. The F-Secure
Management Agent will have to be installed from a CD-ROM, from a login
script, or some other way. To import autoregistered hosts, click , or
choose Import Autoregistered Hosts from the Edit menu, or from the
Installation view. When the operation is completed, the host is added to
the domain tree. The autoregistered hosts can be imported to different
domains based on different criteria, such as the hosts’s IP or DNS
address. For more information, see “Autoregistration Import Rules”, 99.
98
Figure 5-15 Import Autoregistered Hosts dialog > Autoregistered Hosts tab
The Autoregistration view offers a tabular view to the data which the host
sends in the autoregistration message. This includes the possible custom
autoregistration properties that were included in the remote installation
package during installation (see step 6 in “Using the Customized Remote
Installation JAR Package”, 116 section). It is possible to sort
autoregistration messages according to the values of any column by
clicking the corresponding table header. Column ordering can be
changed by dragging and dropping the columns to the suitable locations,
and column widths can be freely adjusted. The table context menu (click
the right mouse button on table header bar) can be used to specify which
autoregistration properties are visible in the table.
CHAPTER 5 99
Using F-Secure Policy Manager Console
Figure 5-16 Import Autoregistered Hosts dialog > Import Rules tab
You can define the import rules for the autoregistered hosts on the Import
Rules tab in the Import Autoregistered Hosts window. You can use the
following as import criteria in the rules:
WINS name, DNS name, Dynamic DNS name, Custom
Properties
These support * (asterisk) as a wildcard. * can replace any
number of characters. For example: host_test* or
*.example.com.
Matching is case in-sensitive, so upper case and lower case
characters are treated as the same character.
IP address, Dynamic IP address
These support exact IP address matching (for example:
100
If you want to create several rules for a domain, you can use the Clone
option. Start by creating one rule for the domain. Then select the row and
click Clone. Now you can edit the criteria on the new duplicated row.
When you want to start the import operation, select the Autoregistered
Hosts tab and click Import. The importing rules you have defined will be
validated before the importing starts. After the hosts have been imported,
you will see a summary dialog displaying the number of successfully
imported hosts and the number of unsuccessful import operations.
Note, that an empty set of conditions is treated as always matching.
Creating Hosts Manually
To create a host manually, select a policy domain and select New Host
from the Edit menu, or click the Add Host button (alternatively press
Insert). This operation is useful in the following cases:
Learning and testing – You can try out a subset of F-Secure Policy
Manager Console features without actually installing any software in
addition to F-Secure Policy Manager Console.
Defining policy in advance – You can define and generate a policy for a
host before the software is installed on the host.
Special cases – You can generate policies for hosts that will never
access the server directly (that is, when it is not possible to import the
host). For example, it is possible to generate Base Policy files for a
computer that does not access the F-Secure Policy Manager Server. The
Base Policy file must be transferred either manually or by using another
external transport mechanism. To do this, select Export Policy File from
the Edit menu.
102
Figure 5-17 An example of a domain with hosts and servers in their own
sub-domains
The network name for the host is the name that the host uses internally in
the network to access policies.
Windows XP 5.1/5.10
An alias for the host can be defined in the Miscellaneous tab. If an alias is
defined, the alias will replace the real identity of the host in the display of
the domain tree.
104
3. From the NT Domains list, select one of the domains and click
Refresh.
The host list is updated only when you click Refresh. Otherwise
cached information is displayed for performance reasons. Before
clicking Refresh, you can change the following Autodiscover
options:
Hide already managed hosts
Select the Hide Managed Hosts check box to show only those
hosts, which do not have F-Secure applications installed.
Resolve hosts with all details (slower)
With this selection, all details about the hosts are shown, such as
the versions of the operating system and F-Secure Management
Agent.
Resolve host names and comments only (quicker)
If all hosts are not shown in the detailed view or it takes too much
time to retrieve the list, this selection can be used. Note, that
sometimes it may take a while before Master Browser can see a
new host recently installed into network.
4. Select the hosts to be installed. Press the space bar to check
selected host(s).
Several hosts can be easily selected by holding down the shift key
and doing one of the following:
clicking the mouse on multiple host rows,
dragging the mouse over several host rows,
using the up or down arrow keys.
108
Alternatively, you can right-click your mouse. Use the host list’s
context menu to select:
Check - checkmarks the selected host(s) (same as pressing the
space bar).
Uncheck - removes the checkmark from the selected host(s)
(same as pressing the space bar).
Check All - checkmarks all hosts in the selected Windows
domain.
Uncheck All - removes the checkmark from all hosts in the
selected Windows domain.
Click Install to continue.
5. After you have selected your target hosts, continue to “Push
Installation After Target Host Selection”, 109 for instructions on
push-installing the applications to hosts.
4. Choose the user account and password for the push installation.
Push Installation requires administrator rights for the target machine during
the installation. If the account you entered does not have administrator
rights on one of the remote hosts, an “Access denied” error message will
be indicated for that host, while installation will continue on the other hosts.
CHAPTER 5 111
Using F-Secure Policy Manager Console
place the new hosts in the domain that you selected in Step 1, unless
you specified another domain in this dialog. You can also choose not
to place the hosts to any domain automatically. The new hosts will
send autoregs and the hosts can be imported that way.
7. After a few minutes, the Product View pane (the right pane) will list
the products that were installed. To see this list, select the Installation
tab in the Properties pane (alternatively select the top domain in the
Policy Domain pane).
When all required version numbers are selected, click Start. The
Installation Editor launches the Installation Wizard, which queries the user
for the installation parameters. The Installation Editor then prepares a
distribution installation package that is customized for the specific
installation operation. The new package is saved on F-Secure Policy
Manager Server.
The Start button is used to start the installation operations selected in the
Version to Install field. If the installation editor is closed without first clicking
the Start button, then all changes will be discarded.
Because the installation operation uses policy-based triggering, you must
distribute new policy files. The policy file will contain an entry that tells the
host to fetch the installation package and perform the installation.
Note that it may take a considerable length of time to carry out an
installation operation. This may happen if an affected host is not currently
connected to the network, or if the active installation operation requires a
user to restart his host before the installation is completed. If the hosts are
connected to the network and they send and receive policy files correctly,
then there could be a real problem. The host may not be correctly
acknowledging the installation operation. In any case, it is possible to
remove the installation operation from the policy by clicking Stop All. This
will cancel the installation operations defined for the selected policy
domain or host. It is possible to stop all installation tasks in the selected
domain and all subdomains by selecting the Recursively cancel
installation for subdomains and hosts option in the confirmation dialog.
116
The Stop All button is enabled only if the current host or domain has an
installation operation defined. Any subdomain operations do not affect the
button state. Stop All only removes the operation from the policy. If a host
has already polled the previous policy file, it may try to carry out the
installation operation even though it is no longer visible in the Installation
Editor.
Remote Uninstallation
Uninstallation can be performed as easily as an update. A distribution
package is created that contains only the software needed to uninstall the
product. If the product does not support remote uninstallation, the
Installation Editor does not display an option for uninstallation.
Choosing Reinstall will reinstall the current version. This option should
only be used for troubleshooting. Most of the time, there is no reason to
reinstall a product.
3. Specify the file format, JAR or MSI, and the location where you want
to save the customized installation package. Click Export.
4. Specify the file location where you want to save the customized
installation JAR package. Click Save.
5. Select the products you want to install. Click Next to continue.
6. Choose to accept the default policy, or specify which host or domain
policy should be used as an anonymous policy. Click Next to
continue.
118
selection all the hosts from one unit can be imported to their target
domain. Note that the target domain can be changed directly from the
autoregistration view, and after that the hosts from another unit can
be imported to their target domain.
When you reach the last wizard page, click Finish to continue.
9. You can install the exported JAR to the hosts by running the
ilaunchr.exe tool. The ilaunchr.exe tool is located in Policy Manager
Console installation directory under the ...\Administrator\Bin directory.
To do this:
a. Copy ilaunchr.exe and the exported JAR to a location where the
login script can access them.
b. Enter the command:
ilaunchr <package name>.jar
where <package name> is replaced by the actual name of the
JAR package being installed.
When the installation runs, the user will see a dialog displaying
the installation progress. If a restart is required after the
installation, the user is prompted to restart the computer as
defined when the installation package was exported.
If you want the installation to run in silent mode, enter the
command in format:
ilaunchr <package name>.jar /Q
Also in this case the user may be prompted to restart the
computer after the installation, and if a fatal error occurs during
the installation, a message is displayed.
ILAUNCHR has the following command line parameters:
/U — Unattended. No messages are displayed, even when a fatal
error occurs.
/F — Forced installation. Completes the installation even if F-Secure
Management Agent is already installed.
Enter ILAUNCHR /? at the command line to display complete help.
See Appendix B. Ilaunchr Error Codes for a list of exit error codes
and an example that can be used in batch files.
120
5.5.1 Settings
To configure settings, browse the policy tree and change the values of the
policy variables.
There are two types of policy variables: (1) leaf nodes under a subtree,
and (2) table cells. All policy variables have an associated type. You can
set their values in the Product View pane. A policy variable can be one of
the following types:
Integer: normal integer number
Display String: 7-bit ASCII text string
IP Address: four-octet IP address
Counter: incrementing integer
Gauge: non-wrapping integer
TimeTicks: elapsed time units (measured in 1/100s of a second)
Octet String: binary data (this type is also used in UNICODE text
strings)
OID: object identifier
Opaque: binary data that can represent additional data types
A policy variable may have a pre-defined default value. The default
values behave as if they were inherited from above the root domain. That
is, they appear to be inherited values even if the top (root) domain is
selected. Default values can be overridden just like any other value.
Values on the selected policy domain level are color-coded as follows:
Black – Changed values on the selected policy domain or host
level
Gray – Inherited values
Red – Invalid values
Dimmed red – Inherited invalid values.
5.5.2 Restrictions
There are two types of restriction: Access restrictions and Value
restrictions.
122
Access restrictions are Final and Hidden. Final always forces the policy:
the policy variable overrides any local host value, and the end user
cannot change the value as long as the Final restriction is set. Hidden
merely hides the value from the end user. Unlike the Final restriction, the
Hidden restriction may be ignored by the managed application.
No changes will take effect before you have distributed the policy and the
host has fetched the policy file. This also applies to operations, because
they are implemented using the policy-based mechanism.
You can also use the Reporting Tool to create Inheritance Reports
that show where inherited settings have been overridden. For more
information, see “Reporting Tool”, 129.
CHAPTER 5 125
Using F-Secure Policy Manager Console
2. Click Start in the product view pane to start the selected operation.
3. The operation begins on the host as soon as you have distributed the
new policy and the host has fetched the policy file. You may click
Cancel at any time to undo the operation.
5.7 Alerting
This section describes how to view alerts and reports, and how to
configure alert forwarding.
When an alert is selected from the list, the Product View pane displays
more specific information about the alert. F-Secure Anti-Virus scanning
alerts may have an attached report. This report will also be in the Product
View pane.
128
To view reports, click on the Reports tab in the Properties pane, or choose
Messages from the Product View menu. The Reports tab has the same
structure as the Alerts tab.
Alerts tables and Reports tables can be sorted by clicking on the column
heading.
The same table can also be found in the F-Secure Management Agent
product view in the Alert Forwarding tab.
You can specify where alerts are sent according to severity level. The
target can be F-Secure Policy Manager Console, the local user interface,
an alert agent (such as the Event Viewer, a log file, or SMTP), or a
management extension.
The Alert Forwarding table has its own set of default values.
CHAPTER 5 129
Using F-Secure Policy Manager Console
5.9 Preferences
Preference settings are either shared or applied to the specific
connection.
134
Advanced Status Cache You can adjust the number of hosts for which F-Secure Policy
communication Manager Console caches status information.
options
CHAPTER 5 135
Using F-Secure Policy Manager Console
Disable initial You can disable initial status loading if you want to reduce
status loading F-Secure Policy Manager Console startup time in a large
environment (this is an advanced option that should be used
with care, since it causes the following functional differences
to the normal status handling):
1. All hosts appear to have no software installed. This
affects the Properties pane and the Installation Editor.
2. Status items are not initially available. This affects the
Properties pane and product views, whenever the Status
tab is selected.
3. All hosts will receive policies generated from the latest
MIB version, because MIB version information is not
available.
Skipping the initial status loading option does not affect
manual status refreshment or periodic status polling. If
necessary, you can disable the automatic status polling. To
do this, open the Tools menu and select Preferences. Select
the Communications tab and click Polling Period options.
Check the Disable all polling checkbox.
Policy Files Policy File Indentation defines if separation characters will be added to
Optimizations the file when it is being created, which would make it more
human-readable. If you choose to switch Indentation off, no
separator characters will be added, and the files will be less
human-readable, but still completely correct and
machine-readable. It is possible to select either space or tab
characters as separators. Tabs are recommended because
the resulting file is smaller than with space separators.
Include Comments affects the size of the policy files
produced by F-Secure Policy Manager Console. These
comments are used to make the file more understandable by
the users if they want to read the values directly from the file.
These settings are normally used only for debugging
purposes, and both indentation and comments could be
disabled in normal production use.
136
Policy File Serial The serial file of generated Base Policy files. The serial
Number number increments automatically. Normally, there is no need
to adjust it manually. You only need to increase the value if
hosts are not accepting policy files because of serial numbers
that are too low (the hosts report this as errors.) In this case,
the serial number must be increased to be larger than the
serial number in the latest Base Policy file fetched by the
hosts.
Push Installation Installation The maximum time F-Secure Policy Manager Console waits
Timeout for the results of an installation operation.
Maximum You can adjust the number of network operations. The default
concurrent is recommended, but if you have a slow network connection
network that is causing problems when you are push installing,
operations decrease the number of concurrent network connections
accordingly.
Progress You can choose to display the progress indicator to end users
Indicator during remote installation.
CHAPTER 5 137
Using F-Secure Policy Manager Console
Appearance -> Highlight You can highlight disconnected hosts in a policy domain tree.
Policy Domains Disconnected
Hosts
Look & Feel Defines the appearance and behavior of the user interface
components. The change will take place after program restart.
Policy Files Products Allows you to deactivate MIBs for products which you do not
have installed, and exclude them from the distributed policy
files. Deactivating MIBs reduces the size of the policy files sent
to managed hosts.
WARNING: Do not deactivate MIBs unless you have been
instructed to do so by F-Secure. Deactivating MIBs for
products that are actually installed in some managed
hosts will result in system malfunction.
Push Installation Clear Cache You may clear all cached information concerning browsed
hosts and installed software to clean up disk space.
Location Web Club Area Choose your location to connect to the F-Secure web server
closest to you.
HTML Browser The full path to the HTML browser’s executable file. The
Path browser is utilized for displaying online Help pages, Web Club
pages, and Anti-Virus reports.
138
Message Logs You can select to enter the path to a directory where log files
Path for each tab on the Message view are created. Each log file
contains the title of the corresponding tab and a message per
line including severity and creation time.
Anti-Virus Virus Definitions With this value you can define the time after which virus
definitions are shown as outdated in Anti-Virus mode.
6 MAINTAINING F-SECURE
POLICY MANAGER
SERVER
139
140
6.1 Overview
F-Secure Policy Manager Server can be maintained by routinely backing
up and restoring the console data in the Server.
It is also possible to back up the entire repository. By doing so, you will be
able to restore not only the policy domain structure, but also the alerts,
host statistics, and installation operations. You will also be able to quickly
restore policy files. When you only back up the fsa\domains directory, you
must distribute the policies afterwards. The disadvantage of backing up
the entire repository is that there can be tens of times more data than in
the fsa\domains directory. Another disadvantage is that F-Secure Policy
Manager Server must be stopped before doing the full backup.
CHAPTER 6 141
Maintaining F-Secure Policy Manager Server
To back up the management key-pair, copy the admin.prv file and the
admin.pub file from the root of the local F-Secure Policy Manager
Console installation directory. Keep the admin.prv file stored in a secure
place. It is very important to save a backup copy of the admin.prv key file.
145
146
How it works
When the F-Secure Automatic Update Agent service is started, it
connects to F-Secure’s Automatic Update server. The agent will keep
polling the server regularly to see whether there is new content available.
Any new content will be automatically downloaded. The polling interval is
set on the server side and cannot be adjusted from the client side.
CHAPTER 7 147
Updating F-Secure Virus Definition Databases
Automated updates
You don't have to look for the updates and manually download them. With
F-Secure Automatic Update Agent, you will automatically get the virus
definition updates when they have been published by F-Secure.
7.2.1 Configuration
Examples:
http_proxies=http://proxy1:8080/,http://backup_proxy:8880/,http://
domain\username:usernamespassword@ntlmproxy.domain.com:80
Step 5. For the changes to take effect, you need to stop and restart the fsaua
service. To do this, enter the following commands on command line:
net stop fsaua
net start fsaua
Messages in fsaua.log
Below are examples of some messages that you can find in the log file.
Message Meaning
Update check completed The connection to the update source was successful.
successfully
Update check completed The connection to the update source was successful, but
successfully. No updates are there was nothing new to download.
available.
Downloaded 'F-Secure The connection was successful and some files were
Anti-Virus Update downloaded.
2006-10-26_04' - 'DFUpdates' For a list of update types that you can find in the log, see
version '1161851933' from “What Updates are Logged in fsaua.log?”, 152.
fsbwserver.f-secure.com,
12445450 bytes (download size
3853577)
Installation of 'F-Secure The files were successfully placed into the destination
Anti-Virus Update directory (and the existing files were removed). This is the
2006-10-26_04' : Success result of updating the communication directory. Note that
F-Secure Automatic Update Agent is not able to display
whether the new files have been taken into use by the
host(s) or not.
Update check failed. There An error message indicating that the update check failed.
was an error connecting For more information on the most common errors and
fsbwserver.f-secure.com (DNS instructions on how to solve the problems, see
lookup failure) “Troubleshooting”, 154.
152
You can also see a summary of the Virus, Spyware and System Control
update statuses on the server on the Summary tab in F-Secure Policy
Manager Console.
To check the update status on a centrally managed host, go to the Status
> Overall Protection page in F-Secure Policy Manager Console.
7.5 Troubleshooting
Below are some examples of problems that may be logged as error
messages in the fsaua.log file.
Reason: Unknown
Solution: -
8 F-SECURE POLICY
MANAGER ON LINUX
Overview................................................................................... 156
Installation ................................................................................ 157
Configuration ............................................................................ 161
Uninstallation............................................................................ 161
Frequently Asked Questions .................................................... 163
155
156
8.1 Overview
F-Secure Policy Manager can also be installed on Linux.
8.2 Installation
F-Secure Policy Manager is installed in four parts. They must be installed
in the following order:
1. F-Secure Automatic Update Agent
2. F-Secure Policy Manager Server
3. F-Secure Policy Manager Console
4. F-Secure Policy Manager Web Reporting.
F-Secure Policy Manager Server, F-Secure Policy Manager Web
Reporting and F-Secure Automatic Update Agent must all be installed on
the same computer.
F-Secure Policy Manager Console can be installed on the same or a
separate computer.
dpkg -i rpm -i
f-secure-automatic-update-agent_<versio f-secure-automatic-update-agent-<vers
n_number>.<build number>_i386.deb ion_number>.<build number>-1.i386.rpm
4. To configure, type
/opt/f-secure/fsaua/bin/fsaua-config
and answer the questions. Push ENTER to choose the default setting
(shown in square brackets).
5. If you want to configure F-Secure Automatic Update Agent to use
HTTP proxies, enter the HTTP proxy addresses when the
configuration script asks for them. Use the following format:
158
http://[user:passwd@]address[:port]/[,proxy2[,proxyN]]
6. If you want to specify how often F-Secure Automatic Update Agent
checks for new updates, enter a new polling interval value when the
configuration script asks for it. The default is 3600 seconds, which is
1 hour.
dpkg -i rpm -i
f-secure-policy-manager-server_<version f-secure-policy-manager-server-<versi
_number>.<build number>_i386.deb on_number>.<build number>-1.i386.rpm
4. To configure type:
/opt/f-secure/fspms/bin/fspms-config
and answer the questions.
Push ENTER to choose the default setting (shown in square brackets)
for each of these questions.
F-Secure Policy Manager Server is now running and will start
automatically whenever the computer is restarted.
CHAPTER 8 159
F-Secure Policy Manager on Linux
dpkg -i rpm -i
f-secure-policy-manager-console_<versio f-secure-policy-manager-console-<vers
n_number>.<build number>_i386.deb ion_number>.<build number>-1.i386.rpm
The comma separated group list will replace what ever groups
the user previously belonged to.
6. Log out.
7. Log in.
8. To start type:
/opt/f-secure/fspmc/fspmc
160
dpkg -i rpm -i
f-secure-policy-manager-web-reporting_< f-secure-policy-manager-web-reporting
version_number>.<buildnumber>_i386.deb -<version_number>.<buildnumber>-1.i38
6.rpm
4. To configure type:
/opt/f-secure/fspmwr/bin/fspmwr-config
and answer the questions.
Push ENTER to choose the default setting (shown in square brackets)
for each of these questions.
5. To start type:
/etc/init.d/fspmwr start
CHAPTER 8 161
F-Secure Policy Manager on Linux
8.3 Configuration
F-Secure Policy Manager components have separate configuration
scripts. To configure each component type the corresponding
configuration command and answer the questions.
8.4 Uninstallation
You must uninstall the four components in this order:
1. F-Secure Policy Manager Web Reporting
2. F-Secure Policy Manager Console
3. F-Secure Policy Manager Server
4. F-Secure Automatic Update Agent.
dpkg -r rpm -e
f-secure-policy-manager-web-reporting f-secure-policy-manager-web-reporting
Log files and configuration files are not removed as these are
irreplaceable and contain valuable information. To remove these,
type:
rm -rf /opt/f-secure/fspmwr
162
Log files and configuration files are not removed as these are
irreplaceable and contain valuable information. To remove these,
type:
rm -rf /opt/f-secure/fspmc
Log files and configuration files are not removed as these are
irreplaceable and contain useful information. To remove these,
type:
rm -rf /var/opt/f-secure/fsaus
rm -rf /var/opt/f-secure/fspms
rm -rf /etc/opt/f-secure/fspms
rm -rf /etc/opt/f-secure/fsaus
CHAPTER 8 163
F-Secure Policy Manager on Linux
Overview................................................................................... 169
Introduction............................................................................... 169
Web Reporting Client System Requirements ........................... 170
Generating and Viewing Reports.............................................. 170
Maintaining Web Reporting ...................................................... 174
Web Reporting Error Messages and Troubleshooting.............. 179
168
CHAPTER 9 169
Web Reporting
9.1 Overview
This chapter contains
An introduction to F-Secure Policy Manager Web Reporting and
its features
Instructions how to generate and view web reports
Instructions how to configure and maintain the F-Secure Policy
Manager Web Reporting application; for example, how to restrict
or give a wider access to web reports and how to back up and
restore the Web Reporting database.
9.2 Introduction
F-Secure Policy Manager Web Reporting is a graphical reporting system
included in F-Secure Policy Manager Server. The detailed graphical
reports in F-Secure Policy Manager Web Reporting allow you to identify
computers that are unprotected or vulnerable to virus outbreaks. With
F-Secure Policy Manager Web Reporting you can quickly create
graphical reports based on historical trend data using a web based
interface. You can produce a wide range of useful reports and queries
from F-Secure Client Security alerts and status information sent by the
F-Secure Management Agent to the F-Secure Policy Manager Server.
You can export the reports into HTML.
F-Secure Policy Manager Web Reporting is integrated with SQL database
which guarantees it's suitability for every size of company. The Web
Reporting database collects all data that is currently stored in the
F-Secure Policy Manager Server, and adds new data as it arrives. The
collected data includes most of the data in alerts and some of the data in
170
Incremental Policy Files (.ipf). You can configure how long the data is
stored in the Web Reporting database and in this way also optimize the
database performance.
2. Wait until the Web Reporting page opens. In large environments this
can take a lot of time.
When the F-Secure Policy Manager Web Reporting page opens, it
displays a default report for the currently selected report category.
Root is selected by default in the Policy Domains pane.
3. To view a new report, first select the domain, subdomain or host for
which you want to generate the report.
4. Then select a report category (Virus Protection Summary, Internet
Shield Summary, Alerts, Installed Software and Host Properties) and
the exact report to be generated.
5. Wait until the report is displayed in the lower part of the main window.
CHAPTER 9 173
Web Reporting
3. Open the Action menu and select Properties. Click Start to start the
service.
4. Set the startup type to Automatic.
5. Click OK.
The Policy Manager Admin Module must also be enabled for Web
Reporting to work.
The new setting will be taken into use immediately. For example, if
you shortened the maximum time that data will be stored in the
database, all the data that is older than the new time limit will be
deleted.
The time it takes for the service to start depends on the size of the
managed environment. You can reduce the startup time by deleting some
of the alerts from the CommDir.
180
9.6.2 Troubleshooting
In general, if F-Secure Policy Manager Web Reporting does not work, try
one of the following, in this order:
Reload the page.
If the problem is caused by all processes not having started yet,
wait for a while, and then try to reload the page. You can also
reduce the startup time by deleting the unnecessary alerts from
the CommDir.
Restart the F-Secure Policy Manager Web Reporting service.
Restart the F-Secure Policy Manager Server.
Restart the computer.
Re-install F-Secure Policy Manager Server, keeping the existing
configuration.
If all else fails, reset the F-Secure Policy Manager Web Reporting
database or restore it from a backup copy.
CHAPTER 9 181
Web Reporting
Overview................................................................................... 183
Main Differences between Anti-Virus Proxy and Policy Manager
Proxy ........................................................................................ 183
182
CHAPTER 10 183
F-Secure Policy Manager Proxy
10.1 Overview
F-Secure Policy Manager Proxy is a new product, and should not
be confused with F-Secure Anti-Virus Proxy. For more information
about F-Secure Policy Manager Proxy, see F-Secure Policy
Manager Proxy Administrator’s Guide.
F-Secure Policy Manager Proxy offers a solution to bandwidth problems
in distributed installations of F-Secure Client Security by significantly
reducing load on networks with slow connections. It caches virus
definition database updates retrieved from F-Secure Policy Manager
Server or F-Secure Update Server.
F-Secure Policy Manager Proxy resides in the same remote network as
the hosts that use it as a database distribution point. There should be one
F-Secure Policy Manager Proxy in every network that is behind slow
network lines. F-Secure Policy Manager Proxy retrieves virus definition
database updates directly from F-Secure's distribution server, and hosts
running F-Secure Anti-Virus fetch the updates locally from F-Secure
Policy Manager Proxy. Workstations in the remote offices communicate
also with the Policy Manager Server in the main office, but this
communication is restricted to remote policy management, status
monitoring, and alerting. Since the heavy database update traffic is
redirected to the F-Secure Anti-Virus Proxy in the same local network, the
network connection between manager workstations and F-Secure Policy
Manager Server has a substantially lighter load.
Both types of proxies can exist on the same network but they cannot
provide updates for the product for which they are not designed for. For
example, F-Secure Anti-Virus Proxy cannot be used to deliver updates to
F-Secure Client Security 6.x and later.
F-Secure Anti-Virus Proxy acts as a standalone server in the network,
and it can provide updates to hosts without a connection to an upstream
server. The only upstream server it can connect to is the F-Secure Update
Server.
F-Secure Policy Manager Proxy acts as a true proxy in the network and
requires a connection to an upstream server to be able to serve updates
to clients. F-Secure Policy Manager Proxy can connect to both F-Secure
Update Server and F-Secure Policy Manager Server.
11 TROUBLESHOOTING
Overview................................................................................... 186
F-Secure Policy Manager Server and Console ........................ 186
F-Secure Policy Manager Web Reporting ................................ 191
Policy Distribution..................................................................... 192
185
186
11.1 Overview
This chapter contains troubleshooting information and frequently asked
questions about F-Secure Policy Manager Server and F-Secure Policy
Manager Console.
For information on how to configure F-Secure Policy Manager Server,
and how to change the ports the server listen for requests, see
“Configuring F-Secure Policy Manager Server”, 47.
user manually, and set the access rights to Full Control. Propagate
the access rights to the Management Server 5 directory (by default
C:\Program Files\F-Secure\Management Server 5) and all its
subdirectories. After these changes, restart the F-Secure Policy
Manager Server service or reboot the computer.
The fsms_<COMPUTERNAME> account is created during the installation
of F-Secure Policy Manager Server, and the service is started under
this user account. With normal installation, the directory access rights
for Management Server 5 directory are automatically set correctly. If
the directory is copied by hand or, for example, restored from backup,
the access rights might be deleted. In this case execute the steps
described in the previous paragraph
Q. How can the server role change stop F-Secure Policy Manager
Server from working?
A. Domain Controller server and Member/Standalone server use
different types of accounts: domain accounts on Domain Controller
and local accounts on Member server. Because F-Secure Policy
Manager Server uses its own account to run, this account becomes
invalid with the role change.
The easiest way to restore the F-Secure Policy Manager Server after
server role change is to re-install F-Secure Policy Manager Server
with the Keep existing settings option selected. This will recreate the
F-Secure Policy Manager Server account and reset all file access
rights to the correct ones.
Q. Why does F-Secure Policy Manager Server use its own account
to run instead of the system account?
A. Policy Manager Server account (fsms_<COMPUTERNAME>) is used for
security reasons. By running under its own account, any security
vulnerability in F-Secure Policy Manager Server will only affect it and
not the whole system. If a system account would be used, the whole
system could be compromised in the unlikely event of a security
problem in F-Secure Policy Manager Server.
CHAPTER 11 189
Troubleshooting
Overview................................................................................... 195
Installing F-Secure Management Agent with SNMP Support... 196
Configuring The SNMP Master Agent ...................................... 197
Management Information Base ................................................ 198
194
APPENDIX A 195
SNMP Support
A.1 Overview
This section covers the following topics about SNMP support:
F-Secure Management Agent with SNMP Agent
Installing F-Secure Management Agent with SNMP support
F-Secure Management Agent Management Information Base
(MIB)
SNMP traps sent by F-Secure Management Agent
Network Manager Software Add-ons
SNMP support is currently implemented for all versions of Windows NT,
including Windows 2000, Windows XP and Windows Server 2003,
Windows Server 2008 and Windows Vista.
Overview................................................................................... 200
Error Codes .............................................................................. 201
199
200
B.1 Overview
When Ilaunchr.exe is completed silently, it reports installation results with
the standard exit codes. With the login script, you can test for the cause of
the problem. Here is one example, which you can insert into your login
script:
Start /Wait ILaunchr.exe \\server\share\mysuite.jar /U
if errorlevel 100 Go to Some_Setup_Error_occurred
if errorlevel 5 Go to Some_Ilaunchr_Error_occurred
if errorlevel 3 Go to Problem_with_JAR_package
if errorlevel 2 Go to User_does_not_have_admin_rights
if errorlevel 1 Go to FSMA_was_already_installed
if errorlevel 0 Echo Installation was OK!
APPENDIX B 201
Ilaunchr Error Codes
4 JAR corrupted.
14 Undefined error.
Overview................................................................................... 205
Windows Error Codes............................................................... 205
Error Messages ........................................................................ 206
204
APPENDIX C 205
FSII Remote Installation Error Codes
C.1 Overview
This appendix describes the most common error codes and messages
that can occur during the Autodiscover Windows Hosts operation.
1722 RPC server is unavailable. This error message might appear if the host
was restarted immediately after installation and F-Secure Policy
Manager Console did not have time to verify that the installation was
successfully completed.
Overview................................................................................... 209
208
APPENDIX D 209
NSC Notation for Netmasks
D.1 Overview
NSC notation is a standard shorthand notation, which combines a
network address with its associated netmask.
NSC notation defines the number of contiguous one-bits in the netmask
with a slash and a number following the network address. Here is a
simple example:
NSC notation is not compatible with networks that use "comb" style
netmasks, where all one-bits are not contiguous. The following table gives
the number of bits for each permitted netmask.
The .0.0.0/0 is a special network definition reserved for the default route.
Netmask Bits Netmask Bits
128.0.0.0 1 255.128.0.0 9
192.0.0.0 2 255.192.0.0 10
224.0.0.0 3 255.224.0.0 11
240.0.0.0 4 255.240.0.0 12
248.0.0.0 5 255.248.0.0 13
252.0.0.0 6 255.252.0.0 14
254.0.0.0 7 255.254.0.0 15
255.0.0.0 8 255.255.0.0 16
210
255.255.192.0 18 255.255.255.192 26
255.255.224.0 19 255.255.255.224 27
255.255.240.0 20 255.255.255.240 28
255.255.248.0 21 255.255.255.248 29
255.255.252.0 22 255.255.255.252 30
255.255.254.0 23 255.255.255.254 31
255.255.255.0 24 255.255.255.255 32
TECHNICAL SUPPORT
Overview................................................................................... 212
Web Club.................................................................................. 212
Advanced Technical Support.................................................... 212
F-Secure Technical Product Training ....................................... 213
211
212
Overview
F-Secure Technical Support is available by e-mail and from the F-Secure
Web site. You can access our Web site from within your F-Secure
application or from your Web browser.
Web Club
The F-Secure Web Club provides assistance to users of F-Secure
products. To enter, choose the Web Club command from the Help menu
in the F-Secure application. The first time you use this option, enter the
path and name of your Web browser and your location.
To connect to the Web Club directly from your Web browser, go to:
http://www.f-secure.com/webclub/
After installing the F-Secure software, you may find a ReadMe file
in the F-Secure folder in the Windows Start > Programs menu. The
ReadMe file contains late-breaking information about the product.
Training Program
For more detailed information about our course offerings, please go to our
F-Secure Technical Product Training page on the Internet at:
http://www.f-secure.com/partners/training-partners/
214
Contact Information
General issues: Training@f-secure.com
Registration: Training-Registration@f-secure.com
Feedback: Training-Feedback@f-secure.com
GLOSSARY
215
216
Authentication
The act of proving one’s identity.
Authorization
The right to perform an action on an object. Also the act of proving
this right.
Bit
The smallest unit of memory size, sets of which make up bytes,
arranged in a sequential pattern to express text, numbers, or other
detailed information, recognizable by the computer’s processing
system.
Byte
A set of bits that represent a single character. There are 8 bits in a
byte.
Certificate
See Public Key.
Client
A program that is used to contact and obtain data from a Server
program on another computer.
Corrupted
Data that has been modified without the user’s authorization or
approval.
Domain Name
A unique name that identifies an Internet site (for example,
F-Secure.com)
DNS
Domain Name System. A service that converts symbolic node names
to IP addresses. DNS uses a distributed database.
Firewall
A combination of hardware and software that separates a network
into two or more parts for security purposes.
Glossary 217
FTP
(File Transfer Protocol) A very common method of moving files
between two Internet sites.
Host
Any computer on a network that is a repository for services available
to other computers on the network.
HTTP
The Hyper Text Transfer Protocol is the protocol used between a Web
browser and a server to request a document and transfer its contents.
The specification is maintained and developed by the World Wide
Web Consortium.
IP Address
Internet Protocol Address. A unique network address consisting of 4
numeric strings separated by dots. This will change in IPv6.
IPSec
(IETF) The IP Security Protocol is designed to provide interoperable,
high quality, cryptography-based security for IPv4 and IPv6. The set
of security services offered includes access control, connection-less
integrity, data origin authentication, protection against replays,
confidentiality (encryption), and limited traffic flow confidentiality.
These services are provided at the IP layer, offering protection for IP
and/or upper layer protocols.
ISP
Internet Service Provider. An institution that provides access to the
Internet in some form.
JAR
Java ARchive. A file format used for aggregating many files into one.
218
Kernel Mode
The part of the Windows operating system, through which, among
other things, user-mode applications and services use an API to
interact with the computer's hardware. The Kernel mode also
contains an interface to user-mode, and a facility for synchronizing it's
own services and coordinating all I/O functions. Kernel mode memory
is protected from user mode access.
LAN
(Local Area Network) A computer network limited to the immediate
area, usually the same building or floor of a building. Sometimes
using a simple network protocol.
Login (noun)
The account name used to gain access to a computer system.
Mbit
Megabit.
MD5
Message Digest number 5, a secure hash function published in RFC
1321.
MIB
(SNMP terminology) Management Information Base. Detailed
information about MIBs can be found from RFC1155-SMI,
RFC1212-CMIB and RFC1213-MIB2.
Netmask
Tells how the IP-address is divided into the network portion and to the
host portion.
Network
Two or more computers connected together in order to share
resources. Two or more networks connected together is an internet.
Ping
Sending ICMP echo packets and listening for echo reply packets to
verify connections to a remote computer or computers.
Glossary 219
Policy
The set of conditions under which users of a system can access the
system’s resources.
Policy-based management
Controlling the actions and configurations of a system using policy
statements.
Private Key
The part of the key in a public key system which is kept secret and is
used only by its owner. This is the key used for decrypting messages,
and for making digital signatures.
Protocol
A protocol is an algorithm, or step by step procedure, carried out by
more than one party.
Public Key
The part of the key in a public key system which is widely distributed
(and not kept secure). This key is used for encryption (not decryption)
or for verifying signatures. A public key also contains other
information about the subject, issuer, lifetimes, etc.
Random Seed
The seed value for the cryptographically strong random number
generator, which is updated each time an F-Secure application
closes.
Server
A computer, or a piece of software, that provides a specific kind of
service to client software.
Service
An application that is running on a host regardless of who is logged in
and which provides some service to other applications.
220
SNMP
Simple Network Management Protocol. A standard TCP/IP protocol
used for monitoring and setting network parameters and counters of
LAN- and WAN-connected repeaters, bridges, routers, and other
devices.
TCP/IP
(Transmission Control Protocol/Internet Protocol) This is the suite of
protocols that defines the Internet. Originally designed for the UNIX
operating system, TCP/IP software is now available for every major
kind of computer operating system. To be truly on the Internet, your
computer must have TCP/IP software.
Text file
Any file whose contents are intended by the file’s creator to be
interpreted as a sequence of one or more lines containing ASCII or
Latin printable characters.
URL
(Uniform Resource Locator) The standard way to give the address of
any resource on the Internet.
User mode
The protected part of an operating system where user applications
are run and that calls kernel mode to perform operating system
functions.
Virus Definition Database
Virus Definition Databases are used to detect viruses. Whenever a
new virus is found, the databases need to be updated for virus
protection to be able to detect that virus.
WAN
(Wide Area Network) Any internet or network that covers an area
larger than a single building or campus.
About F-Secure Corporation
F-Secure Corporation protects consumers and businesses against computer
viruses and other threats from the Internet and mobile networks. We want to
be the most reliable provider of security services in the market. One way to
demonstrate this is the speed of our response. According to independent
studies in 2004, 2005 and 2006 our response time to new threats is
significantly faster than our major competitors. Our award-winning solutions
are available for workstations, gateways, servers and mobile phones. They
include antivirus and desktop firewall with intrusion prevention, antispam and
antispyware solutions. Founded in 1988, F-Secure has been listed on the
Helsinki Exchanges since 1999, and has been consistently growing faster
than all its publicly listed competitors. F-Secure headquarters are in Helsinki,
Finland, and we have regional offices around the world. F-Secure protection
is also available as a service through major ISPs, such as Deutsche Telekom,
France Telecom, PCCW and Charter Communications. F-Secure is the global
market leader in mobile phone protection provided through mobile operators,
such as T-Mobile and Swisscom and mobile handset manufacturers such as
Nokia. The latest real-time virus threat scenario news are available at the
F-Secure Data Security Lab weblog at http://www.f-secure.com/weblog/