© 1993-2017 F-Secure Corporation. All rights reserved. Portions Copyright © 2004 BackWeb Technologies Inc. Portions Copyright © 1997-2014 BitDefender.
This product includes software developed by the Apache Software Foundation (http://www.apache.org/). Copyright © 2000-2004 The Apache Software Foundation. All rights reserved.
This product includes PHP, freely available from http://www.php.net/. Copyright © 1999-2015 The PHP Group. All rights reserved.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). Copyright © 1998-2015 The OpenSSL Project. All rights reserved.
This product includes optional Microsoft SQL Server 2014 Express edition. Copyright © 2014 Microsoft Corporation. All rights reserved.
This product may be covered by one or more F-Secure patents, including the following: GB2353372, GB2366691, GB2366692, GB2366693, GB2367933, GB2368233, GB2374260
This document contains late-breaking information about F-Secure PSB Email and Server Security 12.10 release. We strongly recommend that you read the entire document before installing the software.
F-Secure continuously improves documentation. Refer to the latest version of this document online at F-Secure website.
F-Secure PSB Email and Server Security provides protection for your Microsoft Windows Server, Microsoft SharePoint Server, Microsoft Exchange Server, Microsoft Small Business Server, Citrix XenApp, and Windows Terminal servers. The solution can be licensed and deployed as F-Secure PSB Server Security on per-server basis, or F-Secure PSB Email and Server Security on per-user or terminal connection basis.
This new F-Secure PSB Email and Server Security solution release includes the following features:
- Virus & spyware protection – protects your computer against viruses, trojans, spyware, rootkits and other malware.
- DeepGuard™ – proactive, instant protection against unknown threats. It monitors application behavior and stops potentially harmful activities in real-time.
- Web traffic scanning – detects and blocks malicious content in web traffic (HTTP protocol) to provide additional protection against malware.
- Browsing protection – protection for your terminal users against web browser exploits and rogue web sites.
- Anti-Virus for Microsoft Exchange – protects incoming, outgoing, and internal mail traffic and Exchange public folders from malware and other security threats and provides content and attachment filtering.
- Spam Control – detects and filters spam messages from email traffic providing real-time protection against all types of spam, regardless of its content, format or language.
- Email Quarantine Manager – allows dedicated users to manage the email quarantine: to release, reprocess, or delete quarantined emails or attachments.
- Software Updater – keeps your system and applications up-to-date by installing patches as they are released by vendors.
- Anti-Virus for Microsoft SharePoint – real-time protection for the Microsoft SharePoint servers, scanning the uploaded and downloaded content for malware and other security threats.
The table below shows which features are enabled with different product licenses.
The solution is available in the following languages: English, Chinese Simplified, Chinese Traditional, French, German, Italian, Japanese, Korean, Polish, Spanish (Latin America), and Swedish.
- New features and improvements
- Support for Microsoft Exchange 2016
- Support for Microsoft SharePoint 2016
- Support for Windows Server 2016
- Integration with F-Secure Security Cloud for email and attachment scanning
- Web traffic scanning advanced protection
You can filter out potentially dangerous content types on unknown websites. By default, the filtering is disabled.
- Web Console visual and structural improvements
Web Console navigation is revised, the terminology is adjusted to be more clear and self-descriptive. Some pages and tabs that had common functionalities have been combined to make the administration easier.
- Email Quarantine Manager web application
The new version has a new web application for the email quarantine management for help desk users. The application is aimed for users with limited access and no administrative privileges, and it provides a subset of quarantine management functionality. Web Console features are not affected by this application. To deploy Email Quarantine Management application, see the configuration instructions that are provided with the product installer.
- Test mode option for on-demand and scheduled email scanning
Added support to scan email boxes in test mode. In this mode, email content is not modified, so no disinfection or other content-altering operations take place.
- Real-time operations between the portal and client (this is an upcoming feature and its availability will be announced later)
When you assign an operation from the portal to a client, the client performs the operation within a very short period of time and no longer waits until the next polling interval. The client reports back to the portal on the completion of the operation or when its state changes. If you have limited connections from the client to the Internet, you must allow HTTPS access to the real-time service backend to ensure that the client can use the new functionality. Addresses of the real-time services can be found here: https://community.f-secure.com/t5/Business/Real-time-operation-support-and/ta-p/82413
- Enhanced security on client-server communication
To improve security and privacy, all communication between end-point computers and F-Secure PSB servers are now encrypted using the HTTPS protocol. This improvement secures the data transmission between the client and F-Secure PSB servers so that it cannot be monitored by external malicious interceptors on the route. If you have limited connections from the client to the Internet, you need to allow HTTPS access to the F-Secure update server. To check the server address in the product user interface, open F-Secure PSB Workstation Security and go to Settings > Other settings > Automatic updates > Update server. To update the server address, enable the HTTPS protocol on port 443 in addition to HTTP on port 80.
- Service recovery
F-Secure services are configured to restart automatically if they stop unexpectedly.
- Other changes and improvements
Email and Server Security triggers alerts if F-Secure Quarantine Management (FQM) runs into problems. The product comes with Microsoft SQL Server 2014 Service Pack 2 Express.
- Fixed issues
- This section lists important issues fixed in this release:
- New installer to fix issues that prevented the product from fully working after installation (published 11 February 2019)
- New installer to fix vulnerability FSC-2019-1 (published 5 February 2019)
- CTS-97730: ‘Unknown’ attachment matches ‘All Files’ stripping condition
- CSEP-3037: Exchange ODS should report scan errors
- CSEP-2655: WebUI daemon logs rotation
- CSEP-3033: ESS WebUI does not detect the daylight saving changes
- Dropped features
- Windows Server 2003
- MS Exchange 2003
- Blacklight engine
- SQL Express 2005 support SQL Server 2005 is not supported any longer. The new format of the quarantine management database requires SQL Server 2008 or above. If you used SQL Server 2005 for the quarantine management, update SQL Server to one of recommended versions before updating PSB Email and Server Security to version 12.10.
Before you install the product, we recommend that you review sections in this topic to ensure that your network, hardware, software, and other system components meet the requirements.
Note: The minimum hardware requirements may not be sufficient if you run multiple services on the same system.
- System requirements for F-Secure PSB Email and Server Security installation
- To install F-Secure PSB Email and Server Security, the following minimum hardware and system requirements are recommended:
- Any computer that meets the requirements for the supported operating system.
- 10 GB or more disk space is recommended.
- Internet connection is required to receive updates and to use cloud-based detection.
- Supported operating systems
- The product can be installed on a computer running one of the following operational systems:
- Microsoft Windows Server 2008
- Microsoft Windows Server 2008 R2
- Microsoft Small Business Server 2008
- Microsoft Small Business Server 2011, Standard edition
- Microsoft Small Business Server 2011, Essentials
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 Essentials
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2012 R2 Essentials
- Microsoft Windows Server 2012 R2 Foundation
- Microsoft Windows Server 2016 Standard
- Microsoft Windows Server 2016 Essentials
- Microsoft Windows Server 2016 Datacenter
- Microsoft Windows Server 2016 Core
Note: Windows Server 2016 Nano is not supported.
All Microsoft Windows Server editions are supported except:
- Windows Server for Itanium processor
- Windows HPC editions for specific hardware
- Windows Storage editions
- Windows MultiPoint Server
- Windows Home Server
Note: All operating systems must have the latest Service Pack installed.
Note: For performance and security reasons, you can install the product only on NTFS partition.
- Supported Microsoft Exchange Servers
- F-Secure Email and Server Security can be installed on a computer running the following Microsoft Exchange Server versions:
- Microsoft Exchange Server 2007 (64-bit version) with the latest service pack
- Microsoft Exchange Server 2010 service pack 2, service pack 3
- Microsoft Exchange Server 2013 w/o service pack, service pack 1
- Microsoft Small Business Server 2008
- Microsoft Small Business Server 2011, Standard edition
- Microsoft Exchange Server 2016
The product supports the following roles of Microsoft Exchange Server 2007/2010:
- Edge Server role
- Hub Server role
- Mailbox Server role
- Combo Server (Mailbox Server and Hub Server roles)
Note: The 32-bit version of Microsoft Exchange Server 2007 is not supported.
Important: If you plan to install F-Secure Email and Server Security on Microsoft Exchange Server 2007 that runs on Microsoft Windows Server 2008 R2, the Collaboration Data Objects for Exchange (CDOEX) update is required. The update and installation instructions are available in Microsoft Knowledge Base article 98270. You must install the CDOEX update before installing Microsoft Exchange Server 2007 SP3.
Note: Microsoft Exchange Server 2013 SP1 requires a special fix, which allows third-party or custom-developed transport agents to be installed correctly. The fix and its installation instructions are available in Microsoft Knowledge Base article 2938053.
To use Email Quarantine Manager, you need Microsoft Internet Information Server up and running in your environment. This is available as part of Microsoft Exchange Server.
- Cluster environments
- F-Secure PSB Email and Server Security can be installed on Microsoft Exchange Server clusters. The following cluster configurations are supported:
- Microsoft Exchange Server 2007 Cluster Continuous Replication (CCR) model
- Microsoft Exchange Server 2007 Single Copy Cluster (SCC) model
- Microsoft Exchange Server 2010 Database Availability Groups
- Microsoft Exchange Server 2013 Database Availability Groups
- Microsoft Exchange Server 2016 Database Availability Groups
- SQL Server requirements
- F-Secure PSB Email and Server Security requires Microsoft SQL Server for the quarantine management. The following versions of Microsoft SQL Server are recommended to use:
- Microsoft SQL Server 2008 (Enterprise, Standard, Workgroup or Express Edition)
- Microsoft SQL Server 2008 R2 (Enterprise, Standard, Workgroup or Express Edition)
- Microsoft SQL Server 2012 (Enterprise, Business Intelligence, Standard, or Express Edition)
- Microsoft SQL Server 2014
- Microsoft SQL Server 2016
Microsoft SQL Server 2014 Service Pack 2 Express edition is distributed with the product and can be installed during F-Secure PSB Email and Server Security setup.
Note: Microsoft .NET Framework version 3.5 SP1 with KB 956250 applied and Microsoft Windows Installer 4.5 are required to install Microsoft SQL Server 2014 Express SP2. They can be downloaded from Microsoft Download Center. If you plan to have Microsoft SQL Server on the same server, install these components before installing F-Secure PSB Email and Server Security. Microsoft .NET Framework version 4.0 is required for Microsoft SQL Server 2014 SP2 to work. During the installation of the Express edition, Microsoft .NET 4.0 is downloaded and installed if it was not previously installed. You cannot perform the installation on a remote desktop console or to Core Edition of Windows Server.
Important: We do not recommend using MSDE or Microsoft SQL Server Express edition if you are planning to use the centralized quarantine management or if your organization sends and receives a large amount of emails. For more information about the limitations of the Microsoft SQL Server Express or MSDE, see the product manual.
- Microsoft Internet Information Server
- To use Email Quarantine Management, an ASP. NET Web Application, IIS should be up and running, which is also a requirement for Exchange Server.
- Supported terminal servers
- F-Secure PSB Email and Server Security supports the following terminal server platforms:
- Microsoft Windows Terminal/RDP Services (on the above mentioned Windows Server platforms)
- Citrix XenApp 5.0
- Citrix XenApp 6.0
- Citrix XenApp 6.5
- Citrix XenApp 7.5 & 7.6
- Supported Microsoft SharePoint servers
- F-Secure PSB Email and Server Security can be installed on a computer running the following Microsoft SharePoint Server versions:
- Microsoft SharePoint 2010 with the latest service pack
- Microsoft SharePoint 2013 with the latest service pack
- Microsoft SharePoint 2016
- Browser requirements
- To administer the product with F-Secure Web Console, one of the following web browsers is required:
- Microsoft Internet Explorer 9.0 or later
- Mozilla Firefox (up-to-date versions)
- Google Chrome (up-to-date versions)
The same browsers are required to use Email Quarantine Manager.
Setup and configuration
- Installation instructions
- To install the product, you need to log in with administrator-level privileges.
Before you install F-Secure PSB Server Security or F-Secure PSB Email and Server Security, uninstall any potentially conflicting products, such as other antivirus or server security software.
Prepare for installation:
- Get your subscription key.
- If you plan to install Anti-Virus for Microsoft Exchange, decide if you will use an existing SQL Server or install SQL Server 2014 SP2 Express Edition included in the installer. In the first case, get the administrative password for SQL Server.
- If you plan to install Anti-Virus for Microsoft SharePoint, get the administrative credentials for SharePoint Server.
- If you are upgrading or reinstalling an existing installation, the installation may need to restart the Windows Server in some cases. If you upgrade or reinstall Anti-Virus for Microsoft Exchange, then Microsoft Exchange Information Store Service will be restarted during installation. Schedule the installation time to minimize the impact on your business caused by restarts.
- Using pre-installed Microsoft SQL Server
- Microsoft SQL Server 2014 SP2 Express Edition is distributed with the product and included in the product installation package. If you need to use F-Secure PSB Email and Server Security with your own installation of Microsoft SQL Server, make sure that you select the Mixed mode in the Authentication mode page. To change the authentication mode after the installation, refer to the Microsoft SQL Server documentation.
- Reconfiguration of quarantine storage
- During installation, F-Secure PSB Email and Server Security is configured to exclude all its working folders from the real-time file scanning to prevent interferences with any email scanning operations. If the location of the quarantine storage folder is changed in future, reconfigure the product to exclude the folder from the real-time file scan. Refer to the manual for detailed instructions on how to exclude folders.
- Uninstallation instructions
- To uninstall F-Secure PSB Server Security or F-Secure PSB Email and Server Security, use Programs and Features (former Add or Remove Programs) in the Windows Control Panel. Restart the server after the uninstallation.
Note: Some files and directories may remain under the product installation directory (%ProgramFiles(x86)%\F-Secure), programs data directory (%ALLUSERSPROFILE%\F-Secure), and user’s temporary directories (%TEMP%) after you uninstall the product. We recommend that you remove these directories and files manually.
Using Web Console
To open F-Secure PSB Email and Server Security Web Console, follow these instructions:
- Click Windows Start button > Programs > F-Secure PSB Email and Server Security > F-Secure PSB Email and Server Security Web Console, or
- Enter the localhost address (IP or DNS) and the port number of F-Secure PSB Email and Server Security Web Console in your web browser. Note that the protocol used is HTTPS. For example: https://127.0.0.1:25023
When the Web Console login page opens, enter your user name and the password and click Log In.
Note that you need administrator rights to the host where F-Secure PSB Email and Server Security Web Console is installed to log in.
- Logging in for the first time
Microsoft Internet Explorer users: You need to add the address of F-Secure PSB Email and Server Security Web Console (https://127.0.0.1:25023/) to the Trusted sites in the Internet Explorer security options to ensure that F-Secure PSB Email and Server Security Web Console works properly.
When you log in for the first time, your browser displays a Security Alert dialog about the security certificate for F-Secure PSB Email and Server Security Web Console. If you install the certificate, you will not see the Security Alert window again. Follow these instructions to install the security certificate:
- Open F-Secure PSB Email and Server Security Web Console. The browser displays the Security Alert about F-Secure PSB Email and Server Security Web Console certificate. Click Continue and then Certificate Error.
- Click View Certificate to view the certificate information. The Certificate window opens.
- Click Install Certificate to install the certificate with the Certificate Import Wizard. The Certificate window opens. If your company has an established process for creating and storing certificates, follow that process to create and store the security certificate for F-Secure PSB Email and Server Security Web Console.
- Click Install Certificate to proceed to the Certificate Import Wizard.
- Follow the instructions in the Certificate Import Wizard. Select the Trusted Root Certification Authorities store in the Place all certificates in the following store selection.
- If the browser still displays the Security Alert window, click Yes to proceed or log back in to F-Secure PSB Email and Server Security Web Console.
- Log in to the Web Console with your user name and the password when the login page opens.
The Web Console displays the product Home page when you log in. You can check the status of server protection on this page.
- Using Web Console from a remote computer
- By default, Web Console is accessible only from localhost. If you reconfigure the Web Console to allow access from remote hosts, you can manage F-Secure PSB Email and Server Security from another computer, e.g. your workstation or laptop. See Web Console requirements for the list supported browsers.
To access F-Secure PSB Email and Server Security Web Console remotely, follow these instructions:
- Log in to the Web Console locally on the server (https://127.0.0.1:25023 ).
- Go to the Settings > Administration page and open the Web Console tab.
- In the Allowed hosts section, click Add new hosts link and enter the IP address of the remote host where you want to access the server.
- Log out from the Web Console.
- Make sure that the assigned port 25023 is not blocked by the firewall.
Now you can open the Web Console on the remote computer:
- Run the browser
- In the browser address field, enter the protocol prefix https://, external address of the server (IP or DNS), where F-Secure PSB Email and Server Security is installed, and the port number (:25023) by default. For example: https://exchange.mycompany.com:25023
- When the Web Console login page opens, enter your user name and the password and click Log In.
Note that you need administrator rights to the host where F-Secure PSB Email and Server Security Web Console is installed to log in.
- Installation and uninstallation
- Setup displays “STSADM. EXE – Application Error” dialog when user enters account with not enough permissions (CSEP-1362)
In some cases you can get an application error message if you use an account that does not have proper permissions. Close the message to get the correct dialog.
At uninstallation: call the STSADM. EXE may fail (CSEP-1345)
Uninstallation of Anti-Virus for Microsoft SharePoint tries to revert SharePoint antivirus settings. This operation may not succeed if you use an account that does not have permissions to change SharePoint settings as changing these settings requires a special account. After the uninstallation completes, log in to SharePoint Management Console and make sure “Scan on upload” and “Scan on download” anti-virus settings are switched off.
- Anti-Virus for Microsoft SharePoint
- Quarantine is not supported
The current release of Anti-Virus for Microsoft SharePoint blocks infected files and malware in real-time – when they are uploaded or downloaded. It does not move these files to quarantine. To disinfect or quarantine these files, use Anti-Virus at file level.
Scanning on demand is not supported
The current release of Anti-Virus for Microsoft SharePoint blocks infected files and malware in real-time and does not provide manual (on-demand) or scheduled scans of the SharePoint database.
The setting “list of files to be excluded from scan inside archives” for AV4SP does not work (CSEP-1393)
Even though an extension is specified in the list of files to be excluded, files with the specified extension are scanned inside archives.
- Virus and Spyware Protection
- Scanning big folders does not disinfect found malware if scanning is interrupted (CTS-68901)
When a manual scan task that was started from the Web Console is interrupted, the admin-defined actions may not take place for found malware or spyware items. Run the manual scan again and wait until it is completed for the actions to take place.
EFS encrypted file cannot be scanned via scheduled scanning (CTS-88303)
The server can have many users and every user can have encrypted files. To scan these files, the scan must run under user’s credentials. The scheduled scan runs under the local system account and cannot decrypt these files. Instruct each user to manually scan their encrypted files.
- Browsing Protection
- Browsing protection search results
Browsing protection does not show safety ratings on search result pages that use HTTPS.
- Web Traffic Scanning
- Web Traffic Scanning does not handle encrypted traffic
The current version of Web Traffic Scanning cannot handle the content of encrypted network traffic, for example HTTPS protocol.
- Web Console
- Manual Scanning does not allow scanning mapped network drives/shares (CTS-70572)
When you log in to Web Console, it does not load the full user profile, so you cannot scan a network drive or a share from the manual scanning page. Scan network drives and shares with “Virus and spyware scanning” menu from F-Secure icon in the system tray or with the “Scan Folder for Viruses” menu from Windows Explorer.
Web Console might delay on refreshing the page automatically
Sometimes after you change and save a new setting (for example, the language of the user interface), there may be a short delay while the Web Console tries to refresh the page.
- Cluster environments
- Messages may not be scanned when Exchange is moved from one cluster node to another (CTS-62925)
When Exchange cluster groups are moved from one node to another while the product is running on Active-Passive cluster environment, F-Secure Anti-Virus for Microsoft Exchange service can be down for a short time. While the service is down, some email messages may not be scanned on the transport level. However, all email messages and attachments are scanned without interruptions on the storage level.
Incorrect quarantine statistics are shown when Web Console is open on the passive node (CTS-63021)
Quarantine and other product statistics are not updated on the passive node as some of the product services are down or suspended. Therefore, when you connect to the Web Console on the passive node, the product status and statistics are not shown correctly. We strongly recommend that you connect to the Web Console using the name or IP address of the cluster instead of the name or IP address of the cluster nodes.
- Disclaimers are not added to messages released from quarantine (CTS-67265)
Disclaimers are not added to outbound mails that are manually released from the Quarantine, since it is not possible to say if they are safe or not.
Disclaimer is not added to TNEF mails with empty body (CTS-70123)
Disclaimer is not added to TNEF encoded mails with empty message bodies that have no text and no attachments. This occurs only on Microsoft Exchange Server 2007.
Disclaimer is not added to mails if sender/recipient is in the list of trusted senders/recipients (CTS-70124)
If the email sender or recipient is included in the Trusted Senders or Trusted Recipients list, the disclaimer is not added to the message.
- Recipients are not listed for quarantined attachments that are blocked in real-time (CTS-73434)
If malicious or disallowed attachments are blocked during real-time scanning in the Exchange store, they are listed in the Quarantine Query without the name of the corresponding recipient mailbox where they have been blocked. However, the information about the mailbox that contains the malicious or disallowed attachment is in the product alerts.
Contact information and feedback
We look forward to receiving your comments and feedback on the product functionality, usability, and performance.
Please report any technical issues via:
- F-Secure support web site: http://support.f-secure.com
- F-Secure Community: http://community.f-secure.com/t5/End-point/bd-p/End-point_Security
Before sending us a report about your issue, run F-Secure Support Tool FSDiag.exe on the host that is running F-Secure PSB Server Security or F-Secure PSB Email and Server Security. This utility gathers basic information about hardware, operating system, network configuration and installed F-Secure and third-party software that helps us to analyze and solve the issue.
You can run the F-Secure Support Tool from the Web Console as follows:
- Log in to the Web Console.
- Type the following URL in the address field of the browser:https://127.0.0.1:25023/common/fsdiag.php?run_it If you access the server remotely, use the real IP address of the server instead of 127.0.0.1.
- F-Secure Support Tool starts automatically and the dialog displays the data collection progress.
- When the tool has finished collecting the data, click Report to download and save the collected data
You can also run the FSDiag.exe utility under %ProgramFiles(x86)%\F-Secure\Common folder. The tool generates a file called FSDiag.tar.gz.
F-Secure license terms
F-Secure license terms are included in the software. You must read and accept them before you can install and use the software.