Prerequisites (F-Secure)

• Hardware:
  • Minimum 4 GB RAM (recommended: 8GB)
  • Minimum 2 GHz processor
  • Minimum 30 GB disk space
• The following browsers are supported:
  • Microsoft Internet Explorer (end of support 1st of May 2020)
  • Microsoft Edge
  • Mozilla Firefox
  • Google Chrome
  • Safari
• On-site installations of Elements Vulnerability Management require the following Windows operating system: Windows Server 2012 R2 or newer (full installation, not Server Core)
  • Local or Active Directory user with admin rights is required during installation
  • The application is configured to use a default IIS Application Pool Identity. If you want to use another user, make sure that it has a “Log on as a batch job” policy in GPO.

  Note: We recommend using English versions of the operating system for installing Elements Vulnerability Management. For example, some required IIS features may not be properly detected in localized operating system versions.

• Windows features (these can be enabled by Server Manager, using the Dism tool, or directly from the Elements Vulnerability Management installer):
  • .NET Framework 4.7.2 or later (/FeatureName:NetFx4)
  • .NET Core 5 – Windows Server Hosting
• IIS (Internet Information Services):
  • A valid SSL certificate must be installed. Alternatively, a self-signed certificate can be generated during the installation (not recommended).
  • The following IIS features must be enabled:
    

    Description	Dism FeatureName
    World Wide Web Services	IIS-WebServer
    Process Model	WAS-ProcessModel
    Internet Information Services Hostable Web Core	IIS-HostableWebCore
    Dynamic Content Compression	IIS-HttpCompressionDynamic
    Static Content Compression	IIS-HttpCompressionStatic
    Default Document	IIS-DefaultDocument
    Directory Browsing	IIS-DirectoryBrowsing
    HTTP Redirection	IIS-HttpRedirect
    Static Content	IIS-StaticContent
    URL Authorization	IIS-URLAuthorization
    Basic Authentication	IIS-BasicAuthentication
    Windows Authentication	IIS-WindowsAuthentication
    IP Security	IIS-IPSecurity
    Request Filtering	IIS-RequestFiltering
    Custom Logging	IIS-CustomLogging
    HTTP Errors	IIS-HttpErrors
    Logging Tools	IIS-LoggingLibraries
    HTTP Logging	IIS-HttpLogging
    ISAPI Extensions	IIS-ISAPIExtensions
    ISAPI Filters	IIS-ISAPIFilter
    IIS Management Scripts and Tools	IIS-ManagementScriptingTools
    IIS Management Console	IIS-ManagementConsole
    .NET Environment 3.5	WAS-NetFxEnvironment
    .NET Extensibility 3.5	IIS-NetFxExtensibility
    ASP. NET 4.5	IIS-ASPNET45
    Configuration APIs	WAS-ConfigurationAPI

• MS SQL database:
  • • MS SQL Server 2012 or higher (Express edition can be used) and a compatibility level of 110 (see https://docs.microsoft.com/en-us/sql/t-sql/statements/alter-database-transact-sql-compatibility-level?view=sql-server-ver15 for more information on compatibility levels)

      Important: Only the English version of MS SQL Server is supported. The only supported database collation is SQL_Latin1_General_CP1_CI_AS, so other language versions will not work.

    • Minimum 30 GB disk space
    • Database collation: SQL_Latin1_General_CP1_CI_AS
    • The Default Full-Text Language or LCID (Locale ID) value for the Elements Vulnerability Management database has to be set to 1033 (English)
    • Elements Vulnerability Management installer requires the following database privileges:
      • db_owner if Elements Vulnerability Management database exists; otherwise the sysadmin role
      • securityadmin – it is always necessary to check whether the application DB user exists and has the required privileges. The installer creates the user or grants the required privileges if needed.
    • A database user for an application has to have at least db_datareader and db_datawriter roles and an ALTER permission to a dbo.ScanNodeStatusEvent table. These privileges are automatically granted during the installation. The installer can also create a SQL user.

      Warning: Installing Elements Vulnerability Management with Windows authentication mode selected for the application is not supported when the database server runs on another machine. The reason for this is that the application is configured with a default IIS Application Pool Identity that is a local user, not known in the remote database.

  There are two workarounds both of which require a running installer with the following command: Radar_Security_Center_installer.exe -ai -! “-useValues=Installer.IgnoreRemoteServerWinAuthCheck:=<[@True@]>”

  Option 1: You can perform the first installation with a standard database user (no Windows authentication). After the installation you have to change the identity for IIS Application Pool named “Radar Security Center” and run the Elements Vulnerability Management update with the same installer to be able to grant privileges.

  Option 2: You can perform the first installation without configuring IIS. After the installation, you have to configure the application in IIS manually and run the Elements Vulnerability Management update with the same installer to be able to grant privileges.

• Network:
  • Outbound access to https://updates-api.radar.f-secure.com/, https://gateway.radar.f-secure.com/ and https://updates.radar.f-secure.com/ (Radar Update Service)
    • Elements Vulnerability Management requires a connection with Radar Update Service for various reasons, such as vulnerability definitions updates, vulnerability coverage, automatic updates, scan node ordering, license renewal, and Radar Endpoint Agent support.
  • If proxies are required to access the service, it must allow GET, HEAD, and POST HTTP methods
• Other:
  • SMTP server settings are required during installation (server, username, password)

Source : Official F-Secure Brand
Editor by : BEST Antivirus KBS Team