Release Notes (.DOCX, 28KB) - F-Secure

oklahomaflockSecurity

Nov 3, 2013 (3 years and 7 months ago)

248 views


F
-
Secur
e® Client Security Premium 11.00

RC

build
315

RELEASE NOTES

Copyright © 1993
-
201
3

F
-
Secure Corporation. All Rights Reserved.

Portions Copyright © 2004 BackWeb Technologies Inc.

This product may be covered by one or more F
-
Secure patents,
including the following: GB2353372, GB2366691, GB2366692,
GB2366693, GB2367933, GB2368233, GB2374260

1.

General

This document contains information about F
-
S
ecure Client Security
Premium 11
.00
RC

build
315
. We
strongly recommend that you read the entire docume
nt. Please refer to the online help for more information.

2.

Product contents

The solution can be licensed and deployed as

F
-
Secure
Client
Security

or

F
-
Secure
Client
Security

Premium
.

F
-
Secure Client Security
product has the following features that you can i
nstall:



Virus & spyware protection



protects your computer against viruses, trojans, spyware, rootkits and
other malware.



DeepGuard™



proactive, instant protection against unknown threats. It monitors application
behavior and stops potentially harmful ac
tivities in real
-
time.



E
-
mail scanning



detects malicious content in e
-
mail traffic (IMAP4, POP3 and SMTP protocols) to
protect you against e
-
mail malware.



Web traffic scanning



detects and blocks malicious content in web traffic (HTTP protocol) to
provide additional protection against malware.



Internet Shield



consists of Firewall, Application Control, and Intrusion Prevention (IPS).



Browsing protection



provides additional
protection against
unsafe

web sites.



Device control


lets you control and disable hardware devices.



Microsoft NAP Plug
-
in



integrates with Microsoft Network Access Protection (NAP).

The supported languages are: English, Chinese (P.R.C, Taiwan, Hong
Kong), Czech, Danish, Dutch,
Estonian, Finnish, French, Canadian French, German, Greek, Hungarian, Italian, Japanese, Korean,
Norwegian, Polish, Portuguese, Brazilian Portuguese, Romanian, Russian, Slovenian, Spanish, Latin
American Spanish, Swedish, and T
urkish.

F
-
Secure Client Security Premium product offers the following additional feature:



Software Updater
-
-

keeps your system and applications up
-
to
-
date by automatically installing
patches as they are released by vendors.


3.

Installation and system requir
ements

Before you install the product, we recommend that you review the sections in this document to make sure
that your network, hardware, software, and other system components meet the requirements for F
-
Secure
Client Security

11
.00
RC

build
315
.

3.1

Local
a
nd

centrally managed installations

For centrally managed installations, import the

Client Security Premium

installation JAR package (
fscs
pr
-
11.00
-
315
-
rc.jar
) to Policy Manager Console and deploy the product remotely to selected hosts. With Policy
Manager C
onsole, you can also export an MSI package that you can deploy via other central management
systems to install the product.

T
o run
the
installation

locally
,
create the MSI package with the export tool

in F
-
Secure Policy Manager
Console
. Note that
the
insta
llation requires local administrator rights.

Note:
Standalone installation
has not been supported since

F
-
Secure Client Security
version
10.00.

Note:
In this
version
, the Device Control feature can be managed only from Policy Manager Console.

3.2

Supported
platforms

This release can be installed on the following platforms:



Microsoft Windows XP with SP3 (32
-
bit editions only)



Microsoft Windows Vista with SP
2

or newer (all 32
-
bit and 64
-
bit editions)



Microsoft Windows 7 with SP1 or newer (all 32
-
bit and 64
-
bit

editions)



Microsoft Windows 8 (all 32
-
bit and 64
-
bit editions)

Note:

Here
,

64
-
bit editions mean AMD64 (x64) platform editions.

3.3

Recommended hardware requirements

Microsoft Windows 8, Windows 7 and Vista



Processor: Intel Pentium 4 2GHz or higher



Memory: 1GB

for 32
-
bit / 2 GB for 64
-
bit or more



Disk space: at least 1
,5

GB



Internet connection: an Internet connection is required to receive updates and use cloud
-
based
technology features

Microsoft Windows XP SP3



Processor: Intel Pentium III 1Gz or higher



Memory: 512 MB or more



Disk space: at least 1
,5

GB



Internet connection: an Internet connection is required to receive updates and use cloud
-
based
technology features

3.4

Centralized management requirements

F
-
Secure Policy Manager 11.0
0

RC

that is released at
the s
ame time with Client Security Premium 11
.00

RC

is required for
the
centralized management.

4.

What’s new

This section describes the new features,
enhancements,

the most important issues solve
d in F
-
Secure Client
Security 11
.00
, and

features that are no

l
onger

supported.

4.1

New features and enhancements



Software Updater

ensures that the operating systems and applications used in your organization are
always up
-
to
-
date. This lowers the security risks of using vulnerable or unpatched software.
Software
Updater

proactively scans the computer for missing security patches
, software updates and
service
packs, a
nd deploys them automatically.
Users can receive notifications when updates are
installed

on the computer.



DeepGuard™
version 5



e
nhanced protection against
exploit
-
based attacks and sophisticated
malware
.

5.

Fixed

issues

5.1

Fixed issues (in comparison with CS 10.00)



Not enough disk space to download infopak (CTS
-
91785)



CS10.00 Firewall (Stateful Inspection) blocked several WEB (CTS
-
91720)



Upgrading from CS 9.20 to

CS 10.00 failed (CSEP
-
515)



A
pplication
C
ontrol

does not respect custom default messages if executing a binary from a network
share (CSEP
-
424)



Bad font in WTS flyer on French and other languages (CSEP
-
580)



User can configure blocking of IMAP4 partial fetch

requests (CSEP
-
592)



User cannot send and receive e
-
mail (CSEP
-
510)



FSMA
DLL
hoster dies after FSMA restart (CSEP
-
585)



FSHDLL64.EXE causing system to be unable to start programs (CTS
-
92138)



No shell extension scan option for Chinese
-
language files/folders
(CTS
-
73234/SPT
-
84)

5.2

Fixed issues (in comparison with CS 11.00 Beta)



AUA proxy settings can
n
o
t satisfy correctly both PM and SU needs (CSEP
-
633)



Software Updater

flyer is confusing (CSEP
-
586)



New
MIB
setting to allow automatic installation of unsigned update
s (CSEP
-
637)



Excluded upda
tes are counted as missing in local user interface

(CSEP
-
621)

6.

Known issues

6.1

Sidegrade

PSB WKS sidegrade does not work correctly

When

installing Client Security
,

PSB Workstation Security sidegrade

does not work correctly. To solve this
issue, install Client Security twice or uninstall PSB Workstation Security before the installation.

6.2

Installation, upgrade and uninstallation

Remote installation to Windows 8

To remotely install Client Security to Win
dows 8 host from Policy Manager Console, set the following registry
at the host to enable access to 'admin$' share:

[HKEY_LOCAL_MACHINE
\
SOFTWARE
\
Microsoft
\
Windows
\
CurrentVersion
\
Policies
\
System]

"LocalAccountTokenFilterPolicy"=
dword:00000001

Policies are
not received immediately after reboot

In some cases, the installed client may not receive policies immediately after the reboot. Usually, the client
receives the new policy after some time and recovers automatically. If this does not happen, restart the
co
mputer.

Unused databases are still visible after upgrade

When upgrading from a previous version, some database and engine updates that were used in the previous
version may not be needed anymore. They are still visible in “Settings > Other settings > Down
loads” marked
as “Not Installed”. This is normal and entries will disappear automatically after 7 days.

System might be slow for several minutes after the first reboot while the installation finishes

The system may start up slowly during the initial restar
t after the installation.
A
fter the restart
, t
he product
downloads and installs various updates to finalize the installation in the background.

The effect is more noticeable after a fresh installation, as more updates need to be downloaded. The local
user
interface has a blue status indicator and a “Completing Installation” status until the installation is
complete.

Subsequent restarts are not affected.

NAP Health Validator is not removed from configured health policies during uninstallation

During uninstal
lation, references to F
-
Secure System Health Validator (SHV) are not automatically removed
from health policies. Computers that use these policies are considered as non
-
compliant with health policies
and they are quarantined. To
fix

broken references to F
-
Secure SHV, open the health policies properties
in
the
Network Policy Server console (nps.msc) and confirm the automatic update.

In
stallation of Client Security 11
.00 removes McA
fee
Agents

During the installation, the product removes 3rd
-
party software tha
t may be incompatible (including McAfee
Agent and McAfee NAI ePolicy Orchestrator Agent). If you need
3rd
-
party
software that would be removed,
submit a support ticket to F
-
Secure customer support
to
request a special build that does not remove
software th
at you need
.

6.3

Browsing protection and Web traffic scanning

Change in Browsing protection settings may look ineffective due to caching

Sometimes it may seem that
new

Browsing protection settings
do not do anything
,

because
the browser finds
the page content from the
browser
cache. Use Ctrl
-
F5 to ignore the cache and reload the
web page
content.

Uninstalling only Browsing protection/Web traffic scanning does not immediately switch it off

After you uninstall

the Browsing pr
otection feature, it work
s

until
the
GateKeeper service (FSGKHS) is
restarted. The same is true
with
Web traffic scanning.

Browsing protection search results

Browsing protection does not show safety ratings on search result pages that use HTTPS.

6.4

E
-
mail
scanning

TLS
-

and SSL
-
encrypted e
-
mail protocols not supported (44173, 44869, 54496, 55285, 89415)

E
-
mail scanning works only with unencrypted e
-
mails using protocols POP3, IMAP or SMTP.

Scanning e
-
mails that are encrypted with Transport Layer Security (TL
S) and Secure Sockets Layer (SSL)
protocols is not supported. When TLS and SSL protocols are used, e
-
mail scanning
either cannot scan e
-
mails or
may block
them
. Turn off e
-
mail scanning if you use either TLS or SSL protocols for secure e
-
mail
transmissions
.

If E
-
mail scanning is configured to listen to a port which is used by TLS
-

or SSL
-

encrypted e
-
mail, the traffic
is blocked completely even when e
-
mail scanning is turned off [89415]. To
solve this issue
, reconfigure E
-
mail scanning to
listen to
the
stan
dard unencrypted port (110) or to any unused port
, if
port 110
is used

already
.

Unable to open attachment scanned via IMAP on Thunderbird email client (CSEP
-
441)

Sometimes
,

Thunderbird
can
not
download messages or attachments via IMAP protocol when e
-
mail
s
canning is turned on.

In
these
cases
,
the user

can
turn off the
‘mail.server.default.fetch_by_chunks’ setting
in Thunderbird

at the
host
:

1.

Open
Thunderbird and go to “Tools > Options”
.


2.

In the dialog
that opens,
select “Advanced settings” (rightmost icon)
and
go to the
“General”
tab
.

3.

Click
the
"Config Editor..." button
.

The “
Advanced

options

dialog opens.

4.

In the “Advanced options”, s
et
the
following value: mail.server.default.fetch_by_chunks =
false

5.

Close
the
dialogs and restart Thunderbird
.

For centrally
managed hosts,

the administrator

can
use the setting
1.3.6.1.4.1.2213.12.1.113.400.10.20

in
Advanced mode to

Allow partial FETCH


for IMAP clients. Note, however, that this decreases the level of
e
-
mail protection.

6.5

Anti
-
Virus

Incorrect engine versions ar
e shown in policy statistics

A
fter a clean installation
, t
he Status tab of Policy Manager Console (F
-
Secure Anti
-
Virus > Plug
-
ins table)
and
scanning reports
show incorrect engine versions. To solve this issue, restart the FSGKHS service.

6.6

Software Updater

Some proxy configurations can
prevent

Software Updater functionality

(
CSEP
-
543
)

If your corporate network is
behind

a
proxy or
a
firewall
that has
strict deny rules, Software Updater may be
unable to download patches from some sites. Make sure that your proxy
allows

hosts to
access
download.microsoft.com and
the
download sites of
other
vendors

(web or ftp)
,

whose

products are installed
in

your corpor
ate

environment
.

Software Updater does not automatically install updates not signed by trusted authority

Some updates, for example Notepad++, WinZip,
and
7
-
Zip, are released unsigned. Software Updater does
not automatically install unsigned updates and rep
orts the installation error “There is no signature”. The
administrator can
use the selective installation from the Policy Manager Console to
install
these

updates.
Alternatively, the administrator can
use the setting
1.3.6.1.4.1.2213.59.1.20.30

to
‘Allow u
nsigned updates
automatic installation’. Note, however, that this may
decrease the level of protection, because
it
applies to all
future updates, which are
installed according to
a
utomatic installation rules, including missing updates of
newly
installed

pr
oducts.


Installation of some updates can hang

The installation of updates run
s

under
the
local system account without user interaction.
On rare occasions
,
the installation can hang because it waits for user’s
input

or is handling an error. The installation is cancelled
after the timeout period, which is 4 hours by default. After
the timeout
, the batch installation continues,
skipping the problematic patch / update.
Software Updater reports the installation error
as

Installation hung
up
”.

To forcibly retry the installation of the problematic update, use
the
selective installation.

Installation

dialog shown every day for MS Office updates [CSEP
-
461]

Software Updater requests

a path input
for MS Office 2003 patches
.

Failed to download update for MS Office 2000 suite [CTS
-
91704]

This issue is related to the issue with the MS Office 2003 patches (CSEP
-
461).
A
dialog request
s

the user
to
provide the path to MS Office 2000 installation sources and if the user does not ans
wer anything
with
in one
hour, all Office 2000 patches are skipped.

Skype Update requires reboot when distributed through SWUP

(CSEP
-
631)

When Software Updater

update
s

Skype
,
the
Skype update (for example from version 6.3 to version 6.5)
requests to restart

the computer.

7.

Contact information and feedback

We look forward to hearing
your
comments and feedback on the product functionality, usability and
performance
.

Please report any technical issues
:



F
-
Secure support web site:
http://support.f
-
secure.com/



F
-
Secure Community:
http://community.f
-
secure.com/t5/End
-
point/bd
-
p/End
-
point_Security

When reporting a technical problem, please attach the F
-
Secure system summary report to the feedback.

To
collect the system summary report, you need to have administrator rights.



In Windows XP, select Start | All Programs | F
-
Secure Client Security, right
-
click on ”Support Tool”,
select Run as and finally select to run the program as administrator.



In Windows Vista and Windows 7, select Start | All Programs | F
-
Secure Client Secur
ity
Premium
,
right
-
click on “Support Tool” and select Run as administrator.



In Windows 8, right
-
click on “Support Tool” application in Metro UI and use Run as Administrator
option.

8.


F
-
Secure license terms

F
-
Secure license terms are included in the softwar
e. You must read and accept them before you can install
and use the software.