RELEASE NOTES F-Secure® Client Security 10.00

RELEASE NOTES
F-Secure® Client Security 10.00 RTM build 415
Copyright © 1993-2012 F-Secure Corporation. All Rights Reserved.
Portions Copyright © 2004 BackWeb Technologies Inc.
This product may be covered by one or more F-Secure patents, including the following: GB2353372, GB2366691, GB2366692, GB2366693,
GB2367933, GB2368233, GB2374260
1. General
This document contains information about F-Secure Client Security 10.00 RTM build 415. We strongly
recommend that you read the entire document. Please refer to the online help for more information.
2. Product contents
This product has the following features that you can install:
·
·
·
·
·
·
·
·
Virus & spyware protection – protects your computer against viruses, trojans, spyware, rootkits and
other malware.
DeepGuard™ – proactive, instant protection against unknown threats. It monitors application behavior
and stops potentially harmful activities in real-time.
E-mail scanning – detects malicious content in e-mail traffic (IMAP4, POP3 and SMTP protocols) to
protect you against e-mail malware.
Web traffic scanning – detects and blocks malicious content in web traffic (HTTP protocol) to provide
additional protection against malware.
Internet Shield – consists of Firewall, Application Control, and Intrusion Prevention (IPS).
Browsing protection – provides additional protection against rogue web sites.
Device control – lets you control and disable hardware devices.
Microsoft NAP Plug-in – integrates with Microsoft Network Access Protection (NAP).
The supported languages are: English, Chinese (P.R.C, Taiwan, Hong Kong), Czech, Danish, Dutch, Estonian,
Finnish, French, Canadian French, German, Greek, Hungarian, Italian, Japanese, Korean, Norwegian, Polish,
Portuguese, Brazilian Portuguese, Romanian, Russian, Slovenian, Spanish, Latin American Spanish, Swedish,
and Turkish.
3. Installation and system requirements
Before you install the product, we recommend that you review the sections in this document to make sure that
your network, hardware, software, and other system components meet the requirements for F-Secure Client
Security 10.00 RTM build 415.
3.1 Stand-alone or centrally managed installations
For centrally managed installations, import the installation JAR package (fscs-10.00-415-rtm.jar) to Policy
Manager Console and deploy the product remotely to selected hosts. With Policy Manager Console, you can
also export an MSI package that you can deploy via other central management systems to install the product.
Note: Standalone installation is a feature that was removed from F-Secure Client Security 10.00 RTM build 415.
If you need to run the installation locally, create the MSI package with the F-Secure Policy Manager Console
export tool. Note that the installation requires local administrator rights.
Note: In this version, the Device Control feature can be managed only from Policy Manager Console.
3.2 Supported platforms
This release can be installed on the following platforms:
·
·
·
·
Microsoft
Microsoft
Microsoft
Microsoft
Windows
Windows
Windows
Windows
XP with SP3 (32-bit editions only)
Vista with SP2 or newer (all 32-bit and 64-bit editions)
7 (all 32-bit and 64-bit editions)
7 with SP1 or newer (all 32-bit and 64-bit editions)
·
Microsoft Windows 8 (all 32-bit and 64-bit editions)
Note: Here 64-bit editions mean AMD64 (x64) platform editions.
3.3 Recommended hardware requirements
Microsoft Windows 8, Windows 7 and Vista
·
·
·
·
Processor: Intel Pentium 4 2GHz or higher
Memory: 1GB for 32-bit / 2 GB for 64-bit or more
Disk space: at least 1 GB
Internet connection: an Internet connection is required to receive updates and use cloud-based
technology features
Microsoft Windows XP SP3
·
·
·
·
Processor: Intel Pentium III 1Gz or higher
Memory: 512 MB or more
Disk space: at least 1 GB
Internet connection: an Internet connection is required to receive updates and use cloud-based
technology features
3.4 Centralized management requirements
F-Secure Policy Manager 10.10 that is released at the same time with Client Security 10.00 is required for
centralized management.
3.5 Upgrading from previous versions
This release supports upgrading from all previous Client Security 9.x versions.
4. What’s new
This section describes the new features, enhancements, the most important issues solved in F-Secure Client
Security 10.00 RTM build 415, and features that are not supported any longer.
4.1 New features and enhancements
·
Windows 8 support – you can install and use the product on Windows 8.
·
DeepGuard™ version 4 – advanced behavioral analysis techniques has been added to further improve
the malware detection rate.
·
New Browsing protection and Web traffic scanning – based on the Network Interceptor Framework
to provide smooth protection for Internet browsing independent from the web browser.
·
Korean localization – The product is localized to Korean language.
4.2 Features dropped or unsupported
·
Cisco NAC support is not supported in this release.
·
Dial-up support is not supported in this release.
·
Standalone installation mode is not supported in this release. To install the product locally, export an
MSI package from F-Secure Policy Manager.
4.3 Fixed issues since the previous version (9.32) release
The following issues have been solved in this RTM build 415 since the previous version (9.32) release:
·
·
·
·
·
·
·
·
Status of device under device control is confusing (CTS-85449).
Network quarantine pop-up window need to be resized (CTS-88592)
Unload options are not available in F-icon menu (CTS-90257)
New GUI: Tab Ctrl has a drawing problem (CTS-61388)
Upgrading after initial MSI installation to a new version using policy based updating functionality leaves
old version in Control panel Programs list (CTS-90265)
"Show Custom Message when Virus Found" setting is still visible in PM Console (CTS-71713)
Network drive scanning doesn't work on all extensions (CTS-78460)
DeepGuard does not protect services in Windows 7 (CTS-65247)
4.4 Fixed issues from the Technology Preview (9.50 build 139)
The following issues have been solved in this RTM build 415 since the TP release:
·
·
·
·
·
Scan wizard has poor fonts in Windows 8 (CTS-86291)
Virus & Spyware scanning dialog has two options missing in Japanese (CTS-89737)
Application control now works with Windows 8 Store apps. Added toast notifications.
"IPv6 filtering mode setting is not grayed out after final setting" (CTS-88462)
"Uninstallation via PMC leave entry in Add/Remove Programs/Programs and Features" (CTS-84321)
4.5 Fixed issues from the previous Beta (10.00 build 233)
The following issues have been solved in this RTM build 415 since the previous Beta release:
·
·
·
·
·
Browsing protection may not work correctly after the upgrade
The “Allow” button at the blocking page does not work
The “Security summary for this web site” link at the blocking page does not work
White list of trusted sites does not work
Black list of disallowed sites does not work
4.6 Fixed issues from the previous RC (10.00 build 340)
The following issues have been solved in this RTM build 415 since the previous RC release:
·
·
·
·
·
·
·
·
·
Firewall blocks connection to Policy Manager (CTS-89267)
Upgrade from CS 10.00 Beta to CS 10.00 RC hangs on creating restore point (CTS-90831)
AVCS 10 killing POP3/SMTP connections (CTS-90766)
Clients are not getting latest policies (CTS-87900)
Some rules doesn't work in Browsing Protection disallowed sites list (SPT-217)
NIF updates failing on CS 10.00 build 340 (SPT-219)
Base policy file on F-Secure Management Server is invalid (CTS-90978)
WTS page is not present in CS 10.00 help contents (CTS-90850)
"Action on Infection" shows incorrect value on GUI (CTS-90790)
4.7 Fixed issues from the previous RC2 (10.00 build 406):
The following issues have been solved in this RTM build 415 since the previous RC2 release:
·
·
·
·
·
Outlook 2010 Home and Business freeze on multiple XP clients unless network interceptor is disabled
(SPT-224)
USS Engine update not re-applied after CS10 Beta installation (CTS-91007)
Reboot is not requested after upgrade from CS 9.50 TP to CS 10.00 Beta
F-Secure System Health Validator (server part of NAP support feature) can't be installed on MS Server
2012 (CTS-90863)
Client Security 10.00 causes ncpa.cpl to crash (CTS-90791)
5. Known issues
5.1 Sidegrade
PSB WKS sidegrade does not work correctly
PSB Workstation Security sidegrade does not work correctly while installing Client Security. To solve this issue,
install Client Security twice or uninstall PSB Workstation Security before the installation.
5.2 Installation, upgrade and uninstallation
Remote installation to Windows 8
To remotely install Client Security to Windows 8 host from Policy Manager Console, set the following registry at
the host to enable access to 'admin$' share:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"LocalAccountTokenFilterPolicy"=dword:00000001
Policies are not received immediately after reboot
In some cases, the installed client may not receive policies immediately after the reboot. Usually, the client
receives the new policy after some time and recovers automatically. If this does not happen, restart the
computer.
Unused databases are still visible after upgrade
When upgrading from a previous version, some database and engine updates that were used in the previous
version may not be needed anymore. They are still visible in “Settings > Other settings > Downloads”, marked as
“Not Installed”. This is normal and entries will disappear automatically after 7 days.
System might be slow for several minutes after the first reboot while the installation finishes
The system may start up slowly during the initial restart after the installation. The product downloads and installs
various updates to finalize the installation in the background after the restart.
The effect is more noticeable after a fresh installation, as more updates need to be downloaded. The local user
interface has a blue status indicator and a “Completing Installation” status until the installation is complete.
Subsequent restarts are not affected.
NAP Health Validator is not removed from configured health policies during uninstallation
During uninstallation, references to F-Secure System Health Validator (SHV) are not automatically removed from
health policies. Computers that use these policies are considered as non-compliant with health policies and they
are quarantined. To correct broken references to F-Secure SHV, open the health policies properties from
Network Policy Server console (nps.msc) and confirm the automatic update.
Installation of Client Security 10.00 removes McAfee Agents
During the installation, the product removes 3rd-party software that may be incompatible (including McAfee
Agent and McAfee NAI ePolicy Orchestrator Agent). If you need such 3rd-party software that would else be
removed this way, contact us by submitting a support ticket to F-Secure customer support and request a special
build that does not remove it.
5.3 Browsing protection and Web traffic scanning
Change in Browsing protection settings may look ineffective due to caching
Sometimes it may seem that a change in Browsing protection settings is not applied, because the browser finds
the page content from the cache. Use Ctrl-F5 to ignore the cache and reload the content.
Uninstalling only Browsing protection/Web traffic scanning does not immediately switch it off
Once the Browsing protection feature is uninstalled, it is still working until GateKeeper service (FSGKHS) is
restarted. The same is true regarding Web traffic scanning.
Browsing protection search results
Browsing protection does not show safety ratings on search result pages that use HTTPS.
5.4 E-mail scanning
TLS- and SSL-encrypted e-mail protocols not supported (44173, 44869, 54496, 55285, 89415)
E-mail scanning works only with unencrypted e-mails using protocols POP3, IMAP or SMTP.
Scanning e-mails that are encrypted with Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
protocols is not supported. When TLS and SSL protocols are used, e-mail scanning may either block all e-mails
or fail to scan them. Turn off e-mail scanning if you use either TLS or SSL protocols for secure e-mail
transmissions.
If E-mail scanning is configured to listen to a port which is used by TLS- or SSL- encrypted e-mail, the traffic is
blocked completely even when e-mail scanning is turned off [89415]. To work around the problem, reconfigure
E-mail scanning to a standard unencrypted port (110) or, if the later is used, to any unused port.
5.5 Anti-Virus
Incorrect engine versions are shown in policy statistics
The Status tab of Policy Manager Console (F-Secure Anti-Virus > Plug-ins table) shows incorrect engine versions
after a clean installation. This affects scanning reports. To solve this issue, restart the FSGKHS service.
No shell extension scan option for Chinese-language files/folders (CTS-73234/SPT-84)
In Chinese or other multibyte language environments, if a file or folder name contains a multibyte character, the
Scan for viruses context menu item is missing.
6. Contact information and feedback
We look forward to hearing your comments and feedback on the product functionality, usability and performance.
Please report any technical issues through the F-Secure support web site: http://support.f-secure.com/
When reporting a technical problem, please attach the F-Secure system summary report to the feedback. To
collect the system summary report, you need to have administrator rights.
·
·
·
7.
In Windows XP, select Start | All Programs | F-Secure Client Security, right-click on ”Support Tool”,
select Run as and finally select to run the program as administrator.
In Windows Vista and Windows 7, select Start | All Programs | F-Secure Client Security 10.00,
right-click on “Support Tool” and select Run as administrator.
In Windows 8, right-click on “Support Tool” application in Metro UI and use Run as Administrator option.
F-Secure license terms
F-Secure license terms are included in the software. You must read and accept them before you can install and
use the software.