0
(0)

© 1993-2016 F-Secure Corporation. All rights reserved.
Portions Copyright © 2004 BackWeb Technologies Inc.
Portions Copyright © 1997-2014 BitDefender.

This product includes software developed by the Apache Software Foundation (http://www.apache.org/).
Copyright © 2000-2004 The Apache Software Foundation. All rights reserved.

This product includes PHP, freely available from http://www.php.net/.
Copyright © 1999-2015 The PHP Group. All rights reserved.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
Copyright © 1998-2015 The OpenSSL Project.  All rights reserved.

This product includes cryptographic software written by Eric Young ([email protected]).
Copyright © 1995-1998 Eric Young ([email protected]). All rights reserved.

This product includes software written by Tim Hudson ([email protected]).

This product includes optional Microsoft SQL Server 2008 R2 SP1 Express Edition.
Copyright © 2010 Microsoft Corporation. All rights reserved.

This product may be covered by one or more F-Secure patents, including the following:
GB2353372, GB2366691, GB2366692, GB2366693, GB2367933, GB2368233, GB2374260

General

This document contains late-breaking information about F-Secure E-mail and Server Security 12.00 release, Standard and Premium editions. We strongly recommend that you read the entire document before installing the software.

F-Secure continuously improves documentation. Refer to the latest version of this document online at F-Secure website.

Important notice: This release of F-Secure E-mail and Server Security 12.00 Standard and Premium can be used with F-Secure Policy Manager (or managed with the local Web User Interface). This version cannot be used with the cloud-based F-Secure Protection Service for Business management portal. F-Secure E-mail and Server Security for Protection Service for Business will be released later during 2016.

Product contents

F-Secure E-mail and Server Security provides protection for your Microsoft Windows Server, Microsoft SharePoint Server, Microsoft Exchange Server, Microsoft Small Business Server, Citrix XenApp, and Windows Terminal servers. The solution can be licensed and deployed as F-Secure Server Security (Standard) or F-Secure Server Security Premium, on per-server basis, or F-Secure E-mail and Server Security (Standard) or F-Secure E-mail and Server Security Premium, on per-user or terminal connection basis.

This new F-Secure E-mail and Server Security solution release includes the following features:

  • Virus & spyware protection – protects your computer against viruses, trojans, spyware, rootkits and other malware.
  • DeepGuard™ – proactive, instant protection against unknown threats. It monitors application behavior and stops potentially harmful activities in real-time.
  • Web traffic scanning – detects and blocks malicious content in web traffic (HTTP protocol) to provide additional protection against malware.
  • Browsing protection – protection for your terminal users against web browser exploits and rogue web sites.
  • Anti-Virus for Microsoft Exchange – protects incoming, outgoing, and internal mail traffic and Exchange public folders from malware and other security threats and provides content and attachment filtering.
  • Spam Control – detects and filters spam messages from e-mail traffic providing real-time protection against all types of spam, regardless of its content, format or language.
  • Offload scanning agent for virtual environments – allows to offload malware scanning to F-Secure Scanning and Reputation Server in Virtual and Cloud Environments.
  • Software Updater – keeps your system and applications up-to-date by installing patches as they are released by vendors.
  • Anti-Virus for Microsoft SharePoint – real-time protection for the Microsoft SharePoint servers, scanning the uploaded and downloaded content for malware and other security threats.
  • EMC CAVA support – provides Anti-Virus configuration when working in EMC CAVA environment.

The table below shows which features are enabled with different product licenses.

Feature F-Secure Server Security F-Secure Server Security Premium F-Secure E-mail and Server Security F-Secure E-mail and Server Security Premium
Virus & spyware protection
DeepGuard™
Web traffic scanning
Browsing protection
Software Updater
Offload Scanning Agent
Anti-Virus for Microsoft Exchange
Spam Control
Anti-Virus for Microsoft SharePoint
EMC CAVA support

The solution is available in the following languages: English, Chinese Simplified, Chinese Traditional, French, German, Italian, Japanese, Korean, Polish, Spanish (Latin America), and Swedish.

What’s new

New features and improvements
  • Support for Microsoft Exchange 2016
  • Support for Microsoft SharePoint 2016
  • Windows Server 2016 ready
  • Integration with F-Secure Security Cloud for email and attachment scanning
  • Secure communication with Policy Manager
    • Communication with F-Secure Policy Manager Server uses the HTTPS protocol now. F-Secure Policy Manager Server exposes a new connector listening on 443 port by default. As in prior versions, antivirus update files are digitally signed and sent over HTTP.
  • Support remote collection of diagnostics reports

    • Policy Manager administrator can collect diagnostics reports (FSDiag) from the servers remotely.
  • Botnet Blocker
    • This feature gives the Policy Manager administrator the ability to block Domain Name System (DNS) queries from the host for domains that have a malicious reputation. The configuration options for queries are “Allow all”, “Block unsafe”, “Block unsafe and suspicious”, and “Allow safe only”. The default option is “Block unsafe queries”.
  • Web traffic scanning advanced protection
    • You can filter out potentially dangerous content types on unknown web sites. By default, the filtering is disabled.
  • Brand update for the graphical user interface

Note: You need F-Secure Policy Manager 12.10 to centrally manage F-Secure E-mail and Server Security 12.00.

Dropped features
  • Windows Server 2003
  • Microsoft Exchange 2003
Fixed issues
This section lists important issues fixed in this release:

  • CSEP-2822: F-Secure Quarantine Manager instances conflict when working in centralized quarantine mode.
  • CSEP-2823: Emails are not quarantined if any engine is malfunctioning.
  • CSEP-2004: ESS services auto-recover in case of any failure.

System requirements

Before you install the product, we recommend that you review sections in this topic to ensure that your network, hardware, software, and other system components meet the requirements.

Note: The minimum hardware requirements may not be sufficient if you run multiple services on the same system.

System requirements for F-Secure E-mail and Server Security installation
To install F-Secure E-mail and Server Security, the following minimum hardware and system requirements are recommended.

  • Any computer that meets the requirements for the supported operating system.
  • 10 GB or more disk space is recommended.
  • Internet connection is required to receive updates and to use cloud-based detection.
Supported Operating Systems
The product can be installed on a computer running one of the following operational systems:

  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2008 R2
  • Microsoft Small Business Server 2008
  • Microsoft Small Business Server 2011, Standard edition
  • Microsoft Small Business Server 2011, Essentials
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 Essentials
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2012 R2 Essentials
  • Microsoft Windows Server 2016 Technical Preview

All Microsoft Windows Server editions are supported except:

  • Windows Server Foundation editions
  • Windows Server for Itanium processor
  • Windows HPC editions for specific hardware
  • Windows Storage editions
  • Windows MultiPoint Server
  • Windows Home Server

Note: All operating systems are required to have the latest Service Pack installed.

Note: For performance and security reasons, you can install the product only on NTFS partition.

Supported Microsoft Exchange Servers
F-Secure E-mail and Server Security can be installed on a computer running the following Microsoft Exchange Server versions:

  • Microsoft Exchange Server 2007 (64-bit version) with the latest service pack
  • Microsoft Exchange Server 2010 service pack 2, service pack 3
  • Microsoft Exchange Server 2013 w/o service pack, service pack 1
  • Microsoft Small Business Server 2008
  • Microsoft Small Business Server 2011, Standard edition
  • Microsoft Exchange Server 2016

The product supports the following roles of Microsoft Exchange Server 2007/2010:

  • Edge Server role
  • Hub Server role
  • Mailbox Server role
  • Combo Server (Mailbox Server and Hub Server roles)

Note: The 32-bit version of Microsoft Exchange Server 2007 is not supported.

Important: The Collaboration Data Objects for Exchange (CDOEX) update is required if you plan to install F-Secure E-mail and Server Security on Microsoft Exchange Server 2007 running on Microsoft Windows Server 2008 R2. The update and installation instructions are available in Microsoft Knowledge Base article 98270. It is important to note that the CDOEX update must be installed before installing Microsoft Exchange Server 2007 SP3.

Note: Microsoft Exchange Server 2013 SP1 requires a special fix, which allows third-party or custom-developed transport agents to be installed correctly. The fix and its installation instructions are available in Microsoft Knowledge Base article 2938053.

Cluster environments
F-Secure E-mail and Server Security can be installed on Microsoft Exchange Server clusters. The following cluster configurations are supported:

  • Microsoft Exchange Server 2007 Cluster Continuous Replication (CCR) model
  • Microsoft Exchange Server 2007 Single Copy Cluster (SCC) model
  • Microsoft Exchange Server 2010 Database Availability Groups
  • Microsoft Exchange Server 2013 Database Availability Groups
  • Microsoft Exchange Server 2016 Database Availability Groups
SQL Server requirements
F-Secure E-mail and Server Security requires Microsoft SQL Server for the quarantine management. The following versions of Microsoft SQL Server are recommended to use:

  • Microsoft SQL Server 2005 (Enterprise, Standard, Workgroup or Express Edition) with the latest service pack
  • Microsoft SQL Server 2008 (Enterprise, Standard, Workgroup or Express Edition)
  • Microsoft SQL Server 2008 R2 (Enterprise, Standard, Workgroup or Express Edition)
  • Microsoft SQL Server 2012 (Enterprise, Business Intelligence, Standard, or Express Edition)
  • Microsoft SQL Server 2014
  • Microsoft SQL Server 2016

Microsoft SQL Server 2008 R2 SP1 Express Edition is distributed with the product and can be installed during F-Secure E-mail and Server Security setup.

Note: Microsoft .NET Framework version 3.5 and Microsoft Windows Installer 4.5 are required to install Microsoft SQL Server 2008 R2 SP1 Express Edition. They can be downloaded from Microsoft Download Center. If you plan to have Microsoft SQL Server on the same server, install these components before installing F-Secure E-mail and Server Security.

Important: We do not recommend using MSDE or Microsoft SQL Server 2005/2008/2008R2 Express Edition if you are planning to use the centralized quarantine management or if your organization sends and receives a large amount of e-mails. For more information about the limitations of the Microsoft SQL Server 2005/2008/2008R2 Express Edition or MSDE, see the product manual.

Supported terminal servers
F-Secure E-mail and Server Security supports the following terminal server platforms:

  • Microsoft Windows Terminal/RDP Services (on the above mentioned Windows Server platforms)
  • Citrix XenApp 5.0
  • Citrix XenApp 6.0
  • Citrix XenApp 6.5
  • Citrix XenApp 7.5 & 7.6
Supported Microsoft SharePoint servers
F-Secure E-mail and Server Security can be installed on a computer running the following Microsoft SharePoint Server versions:

  • Microsoft SharePoint 2016
  • Microsoft SharePoint 2013 with the latest service pack
  • Microsoft SharePoint 2010 with the latest service pack
Centralized management requirements
F-Secure Policy Manager 12.10 is required if you plan to centrally manage F-Secure Server Security or F-Secure E-mail and Server Security products.
Other requirements
To administer the product with F-Secure Web Console, one of the following web browser software is required:

  • Microsoft Internet Explorer 9.0 or later
  • Mozilla Firefox (up-to-date versions)
  • Google Chrome (up-to-date versions)

Any other Web browser supporting HTTP 1.0, SSL, Java scripts and cookies may be used as well. Before you log in to F-Secure Web Console, check that JavaScript and cookies are enabled in the browser. You need to add the address of F-Secure Web Console (https://127.0.0.1:25023/) to the Trusted sites in the Internet Explorer security options to make sure that F-Secure Web Console works properly.

Setup and configuration

Installation instructions
Note: Push installation through Policy Manager Console is not supported for clean installations of F-Secure Email and Server Security, only for upgrades.

Before you install F-Secure Server Security or F-Secure E-mail and Server Security, uninstall any potentially conflicting products, such as other antivirus or server security software.

To install the product, you need to log in with administrator-level privileges.

Installation instructions in Virtual Environments using the F-Secure Offload Scanning Agent
If you want to deploy F-Secure E-mail and Server Security in virtual environment using the Offload Scanning Agent to minimize the performance impact to virtualization infrastructure, you need to select the installation of the Offload Scanning Agent during the installation.

For detailed instructions of installation of this feature, please refer to the F-Secure Security for Virtual and Cloud Environments deployment guide.

Note: You need to have the F-Secure Scanning and Reputation Server in place for this functionality to work.

Remote installation
Remote installation with F-Secure Policy Manager is possible for F-Secure Server Security components only. To deploy F-Secure E-mail and Server Security, make the attended installation either locally or over the remote desktop connection.
Centralized management installation
To configure centralized management during the interactive installation, specify the F-Secure Management Server address in the form of host name or host IP address without protocol prefix and port suffix. Use the default HTTP port and HTTPS port values unless you have a non-standard environment.
Upgrade installation
You can upgrade F-Secure E-mail and Server Security from the previous versions of F-Secure products by running the setup program and following the installation instructions. You can upgrade the following product versions:

  • F-Secure Server Security 10.00, 10.01, 10.50, 11.00 or 11.01
  • F-Secure E-mail and Server Security 10.00, 10.01, 10.50, 11.00 or 11.01

Refer to the manual for detailed upgrade instructions.

Note: Upgrade or reinstall the product above similar PSB products is not supported. Uninstall PSB Sever Security or PSB E-mail and Server Security before installing this product.

Using included Microsoft SQL Server
Microsoft SQL Server 2008 R2 SP1 Express Edition is distributed with the product and included in the product installation package. If you do not have an installed version of Microsoft SQL Server, you can install and configure this version during the F-Secure E-mail and Server Security setup.
Using pre-installed Microsoft SQL Server
If you want to use F-Secure E-mail and Server Security with your own installation of Microsoft SQL Server, make sure that you select the Mixed mode in the Authentication mode page. To change the authentication mode after the installation, refer to the Microsoft SQL Server documentation.
Reconfiguration of Quarantine storage
During the installation, F-Secure E-mail and Server Security is configured to exclude all its working folders from the real-time file scanning to prevent interferences with any operation of the e-mail scanning. If the location of the Quarantine storage folder is changed in future, reconfigure the product to exclude the folder from the real-time file scan. Refer to the manual for detailed instructions on how to exclude folders.
Uninstallation instructions
To uninstall F-Secure Server Security or F-Secure E-mail and Server Security, use Programs and Features in the Windows Control Panel. Restart the server after uninstalling all the components.

Note: Some files and directories may remain under the product installation directory (%ProgramFiles(x86)%\F-Secure), product data directory (%ProgramData%\F-Secure), and user’s temporary directories (%TEMP%) after you uninstall the product. We recommend that you remove these directories and files manually.

Note: Uninstalling F-Secure E-mail and Server Security does not uninstall Microsoft SQL Server 2008 R2 Express Edition if it was installed with the product. Use the corresponding item in Control Panel to uninstall it.

Known issues

Installation and uninstallation
Admin.pub cannot be located during installation on Windows Server Core edition (CTS-69882)

When installing the product on Windows Server Core platform, the Browse button in the Setup wizard does not work because the common Windows dialog is missing. Enter the path to the admin.pub file manually to continue.

Entering full license key does not activate On Access Scanning and On Demand Scanning immediately (CTS-70470)

When your evaluation version of the product expires and you enter the full license key, on-access and on-demand scanning may not be activated immediately and thus not provide full server protection. It may take up to half an hour before the product is fully functional. To speed up the license activation process, restart FSGKHS service or reboot the server.

Shifting evaluation license from one product edition to another is not supported

You cannot wp-signup.php the evaluation installation of F-Secure Server Security with the full license key for F Secure E-mail and Server Security or vice versa. If you want to purchase a license for a different product, uninstall the evaluation product first.

Setup displays “STSADM. EXE – Application Error” dialog when user enters account with not enough permissions (CSEP-1362)

In some cases if you use an account that does not have proper permissions, you can get an application error message. Close the message to get the correct dialog.

Uninstallation status Failed: F-Secure Management Agent could not get the results for the previous installation… (CSEP-1395)

In some cases, the uninstallation from Policy Manager Console produces this status message, which does not reflect the real status. The uninstallation succeeds.

At uninstallation: call the STSADM. EXE may fail (CSEP-1345)

Uninstallation of Anti-Virus for Microsoft SharePoint tries to change SharePoint anti-virus settings back. This operation may not succeed if you use an account that does not have permissions to change SharePoint settings (changing these settings requires a special account). After the uninstallation completes, log in to SharePoint Management Console and make sure “Scan on upload” and “Scan on download” anti-virus settings are switched off.

The ORSP service is not started after updating from the channel sometimes (CSEP-1413)

Sometimes when the ORSP update is installed from the channel, the ORSP service is not started. To solve this, start ORSP service manually.

Anti-Virus for Microsoft SharePoint
Quarantine is not supported

The current release of Anti-Virus for Microsoft SharePoint blocks infected files and malware in real-time – when they are uploaded or downloaded. It does move these files to quarantine. To disinfect or quarantine these files, use Anti-Virus at file level.

Scanning on demand is not supported

The current release of Anti-Virus for Microsoft SharePoint blocks infected files and malware in real-time and does not provide manual (on-demand) or scheduled scans of the SharePoint database.

The setting “list of files to be excluded from scan inside archives” for AV4SP doesn’t work (CSEP-1393)

Even though an extension is specified in the list of files to be excluded, files with the specified extension are scanned inside archives.

Virus and Spyware Protection
Scanning big folders does not disinfect found malware if scanning is interrupted (CTS-68901)

When a manual scan task that was started from the Web Console is interrupted, the admin-defined actions may not take place for found malware or spyware items. Run the manual scan again and wait until it is completed for the actions to take place.

EFS encrypted file cannot be scanned via scheduled scanning (CTS-88303)

The server can have many users and every user can have encrypted files. To scan these files, the scan must run under user credentials. The scheduled scan runs under the local system account and cannot decrypt these files. Guide each user to manually scan his/her encrypted files.

Browsing Protection
Browsing protection search results

Browsing protection does not show safety ratings on search result pages that use HTTPS.

Web Traffic Scanning
Web Traffic Scanning does not handle encrypted traffic

The current version of Web Traffic Scanning cannot handle the content of encrypted network traffic, for example HTTPS protocol.

Web Console
Manual Scanning does not allow to scan mapped network drives/shares (CTS-70572)

When you log in to Web Console, it does not load the full user profile, so you cannot scan a network drive or a share from the manual scanning page. Scan network drives and shares with “Virus and spyware scanning” menu from F-Secure icon in the system tray or with the “Scan Folder for Viruses” menu from Windows Explorer.

Web Console might delay on refreshing the page automatically

Sometimes after you change and save a new setting (for example, the language of the user interface), there may be a few second delay while the Web Console tries to automatically refresh the page.

Cluster environments
Messages may not be scanned when Exchange is moved from one cluster node to another (CTS-62925)

When Exchange cluster groups are moved from one node to another while the product is running on Active-Passive cluster environment, F-Secure Anti-Virus for Microsoft Exchange service can be down for a short time. While the service is down, some e-mail messages may not be scanned on the transport level. However, all e-mail messages and attachments are scanned without interruptions on the storage level.

Incorrect quarantine statistics are shown when Web Console is open on the passive node (CTS-63021)

Quarantine and other product statistics are not updated on the passive node as some of the product services are down or suspended. Therefore, when you connect to the Web Console on the passive node, the product status and statistics are not shown correctly. We strongly recommend that you connect to the Web Console using the name or IP address of the cluster instead of the name or IP address of the cluster nodes.

Disclaimers
Disclaimers are not added to messages released from quarantine (CTS-67265)

Disclaimers are not added to outbound mails that are manually released from the Quarantine, since it is not possible to say if they are safe or not.

Disclaimer is not added to TNEF mails with empty body (CTS-70123)

Disclaimer is not added to TNEF encoded mails with empty message bodies that have no text and no attachments. This occurs only on Microsoft Exchange Server 2007.

Disclaimer is not added to mails if sender/recipient is in the list of trusted senders/recipients (CTS-70124)

If the email sender or recipient is included in the Trusted Senders or Trusted Recipients list, the disclaimer is not added to the message.

Quarantine
Recipients are not listed for quarantined attachments that are blocked in real-time (CTS-73434)

If malicious or disallowed attachments are blocked during real-time scanning in the Exchange store, they are listed in the Quarantine Query without the name of the corresponding recipient mailbox where they have been blocked. However, the information about the mailbox that contains the malicious or disallowed attachment is in the product alerts.

Contact information and feedback

We look forward to hearing your comments and feedback on the product functionality, usability and performance.

Please report any technical issues via:

Before sending us a report about your issue, run F-Secure Support Tool FSDiag.exe on the host that is running F-Secure Server Security or F-Secure E-mail and Server Security. This utility gathers basic information about hardware, operating system, network configuration and installed F-Secure and third-party software that helps us to analyze and solve the issue.

You can run the F-Secure Support Tool from the Web Console as follows:

  1. Log in to the Web Console.
  2. Type https://127.0.0.1:25023/fsdiag/ in the address field of the browser. (If you are accessing the server remotely, use the real IP address of the server instead of 127.0.0.1).
  3. F-Secure Support Tool starts automatically and the dialog displays the data collection progress.
  4. When the tool has finished collecting the data, click Report to download and save the collected data

You can also run the FSDiag.exe utility under %ProgramFiles(x86)%\F-Secure\Common folder. The tool generates a file called FSDiag.tar.gz.

F-Secure license terms

F-Secure license terms are included in the software. You must read and accept them before you can install and use the software.

Source : Official F-Secure Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 13 times, 1 visits today)