This step can be skipped if you are using a domain account (recommended) or a built-in local administrator account to authenticate to Windows systems. This step is only required if F-Secure Elements Vulnerability Management is configured to use a local user account and added to the local administrator’s group. To disable the Admin Approval Mode, do […]
Articles Tagged: F-Secure for Home
Create a Windows domain account (F-Secure)
To create a new domain account, you may use the command given here, which must be executed using administrator credentials. Log in as an administrator and open a command prompt with administrative privileges. Adjust the following command so it fits your organization and execute it: dsadd user “cn=radar_account,cn=users,dc=ORGANIZATION,dc=COM” -samid \ radar_account -upn [email protected] -pwd PASSWORD […]
Configuring Windows authenticated scanning (RPC) (F-Secure)
Before applying changes, F-Secure recommends that you discuss all potential changes to the Group Policy with your network administrator. For more information about Group Policy, refer to your Microsoft documentation on Group Policy deployment. The following summarizes the requirements for enabling authenticated scanning for Windows: A user account must meet one of the following requirements: […]
Configuring the WinRM service to use HTTPS without a publicly signed certificate (F-Secure)
If the computer does not use a publicly signed certificate, you need to perform some additional steps. If you are using a Windows version older than Windows 8/Windows Server 2012, you need to create a certificate on a separate, newer computer and then export the certificate to a file. Use the following commands to do […]
Configuring the WinRM service to use HTTPS with a publicly signed certificate (F-Secure)
After creating the dedicated WinRM user account for Elements Vulnerability Management, you need to configure the WinRM service on the machine where you want to run it. To set up the remote management configuration on a computer that uses a publicly signed certificate: Run the following command: Set-WSManQuickConfig -UseSSL -Force Note: When the computer is on […]
Configuring the WinRM service to use HTTP through GPO (F-Secure)
For larger domain environments, we recommend that you configure the WinRM service via Group Policy. Note: Using HTTP for WinRM is not recommended outside a domain environment where the NTLM protocol does not provide a sufficient level of protection for credentials. This also means that using HTTP is particularly inadequate when using scan nodes that are […]
Configuring the WinRM service to use HTTP on individual hosts (F-Secure)
You can configure the WinRM service used for authenticated scanning to handle network traffic over HTTP. Note: Using HTTP for WinRM is not recommended outside a domain environment where the NTLM protocol does not provide a sufficient level of protection for credentials. This also means that using HTTP is particularly inadequate when using scan nodes that […]
Create a dedicated user account (F-Secure)
We recommend that you create a dedicated user account for Elements Vulnerability Management with access to WinRM. To create a new user account: Go to Control Panel > Administrative Tools > Computer Management > Local Users and Groups > Users. Add a new user account. Add the new user account to the Administrators group. Source : Official F-Secure Brand Editor by : BEST Antivirus KBS Team
Updating PowerShell (F-Secure)
The configuration requires PowerShell version 5.0 or newer, although we recommend updating PowerShell to the latest version. To check the PowerShell version and update it: Open a PowerShell console with administrative privileges. Run the following command to check the installed version of PowerShell: Get-Host | Select-Object Version If necessary, download the required version of PowerShell […]
Configuring Windows authenticated scanning (WinRM) (F-Secure)
Before applying changes, F-Secure recommends that you discuss all potential changes with your network administrator. The following summarizes the requirements for enabling WinRM authenticated scanning for Windows: If a Linux scan node is in use, a user account must meet the following requirement: Local user account added to the Administrators group If a Windows scan node is […]