F-Secure - Software Install

Currently, we are only offering F-Secure on Windows servers. The agent can be auto-provisioned on new servers. If an existing customer wishes to add this service then please perform the following steps.

Notify the Customer

Notify the customer that we will need to access their server to install the AV agent. Also, let them know we will need to reboot the server to complete the install. Wait for the customer to provide us a time to reboot the server. Here is the standard response for the customer:

Customer,

Thank you for ordering our F-Secure anti-virus product. In order to complete the installation, we will need to access your server and complete the following tasks:

  1. Verify that no other anti-virus software is running. If it is, then we will need to uninstall the software.
  2. Install the F-Secure anti-virus agent.
  3. Reboot your server.

Please note that a reboot is required to complete the installation. In order to expedite the installation process, please provide us a time when we can perform the above procedure. Contact us with any questions.

Thank you, The Planet Information Security Team

Install F-Secure

  1. Un-install any AV product that is currently on the box.
  2. Reboot the server.
  3. Use the F-Secure msi package found here http://sss-lin.dllstx2.inside.theplanet.com/files/av.html to install the AV agent.
  4. Following the install, remove the msi package and reboot the server.

Update the Policy Manager

  • Access the Policy Manager

RDP to 216.185.111.151

The user is SOCadmin

Password is current enable password (firewall)

Verify the agent registered with the Policy Manager

  • Create a new Policy Domain

Click on the Policy Manager link located on the desktop. Enter passphrase (get it from a lead)

Right click on "the planet.com" located on the top right.

Click " New Policy Domain" Type in the customer ID C##### and click okay.

Find the new domain you just created and right click it and choose "Import Autoregister Host."

Make sure you find the right one here for the customer and click import at the bottom, then click close.

You will now see the + sign on the domain on the left and open this up.

Now, you will notice a pretty red X. This means you arent done yet...

You will notice that the host is named customer ID- HWO id. Click it and to the right you see Policy Distribution status is red. Click the link to the right of that to see the policy to the server.

Go back to the server of the customer and make sure all the policies are up to date.

  • Update the servers hardware object with the software installation of F-Secure
  • Update the ticket showing we completed the work

NOTE: The SOC Commander will be responsible for monitoring the Policy Manager server and sorting the newly registered hosts.

Repair/Removal

If you or a customer encounter an issue with the F-Secure anti-virus it's likely that the program will either need to be reinstalled or repaired. Simply copying the installation file back to the system and double-clicking it will open a window to allow for repair, modification or removal. You can attempt to repair or remove.

However, if the original install has some missing components removal will not work, you will have to repair *which is initially just a reinstall* After you repair I would suggest a removal and fully delete the F-secure folder from the hard drive and perform a full install to ensure that everything is intact.

Be sure when installing that the you log into the F-Secure Server and ensure the server is connecting. If you don't get rid of the red X make sure the correct IP is listed for host properties and that the server actually has our network policy server listed in the F-secure connection properties.

F-Secure (as copied from the KB)

Currently, we are only offering F-Secure on Windows servers. The agent can be auto-provisioned on new servers. If an existing customer wishes to add this service then please perform the following steps:

  1. Notify the customer that we will need to access their server to install the AV agent. Also, let them know we will need to reboot the server to complete the install. Wait for the customer to provide us a time to reboot the server. Here is the standard response for the customer:

Quote:

Customer,

Thank you for ordering our F-Secure anti-virus product. In order to complete the installation, we will need to access your server and complete the following tasks:

  1. Verify that no other anti-virus software is running. If it is, then we will need to uninstall the software.
  2. Install the F-Secure anti-virus agent.
  3. Reboot your server.

Please note that a reboot is required to complete the installation. In order to expedite the installation process, please provide us a time when we can perform the above procedure. Contact us with any questions.

Thank you, The Planet Information Security Team

  1. Un-install any AV product that is currently on the box. Reboot the server.
  2. Use the F-Secure msi package found here http://sss-lin.dllstx2.inside.theplanet.com/files/av.html to install the AV agent.
  3. Following the install, remove the msi package and reboot the server.
  4. Access the Policy Manager server to verify the agent registered with the Policy Manager. The registration process can take several minutes.
  5. Create a new Policy Domain, labeled with the customer number, in the Policy Manager server. Drag the newly registered agent to this new Policy Domain. All of the agents will be placed in a Policy Domain that is identified by the customer number. Some Policy domains will have 1 computer, while others may have several. It depends on the number of servers the customer wishes to protect with AV.
  6. Update the servers hardware object with the software installation of F-Secure
  7. Update the ticket showing we completed the work

The SOC Commander will be responsible for monitoring the Policy Manager server and sorting the newly registered hosts.

 


Lets try this again, but with a little more detail.

RDP to 216.185.111.151

The user is SOCadmin

Password is current enable password (firewall)

Click on the Policy Manager link located on the desktop. Enter passphrase (get it from a lead)

Right click on "the planet.com" located on the top right.

Click " New Policy Domain" Type in the customer ID C##### and click okay.

Find the new domain you just created and right click it and choose "Import Autoregister Host."

Make sure you find the right one here for the customer and click import at the bottem. Click close.

You will now see the + sign on the domain on the left and open this up.

Now, you will notice a pretty red X. This means you arent done yet...

You will notice that the host is named customer ID- HWO id. Click it and to the right you see Policy Distribution status is red. Click the link to the right of that to see the policy to the server.

Go back to the server of the customer and make sure all the policies are up2date.

While I hope this is complete, I know I might have missed a few things, this should be more thorough. I hope someone finds it useful.

 


Repair/Removal : If you or a customer encounter an issue with the F-Secure anti-virus it's likely that the program will either need to be reinstalled or repaired. Simply copying the installation file back to the system and double-clicking it will open a window to allow for repair, modification or removal. You can attempt to repair or remove.

However, if the original install has some missing components removal will not work, you will have to repair *which is initially just a reinstall* After you repair I would suggest a removal and fully delete the F-secure folder from the hard drive and perform a full install to ensure that everything is intact.

Be sure when installing that the you log into the F-Secure Server and ensure the server is connecting. If you don't get rid of the red X make sure the correct IP is listed for host properties and that the server actually has our network policy server listed in the F-secure connection properties.

F-Secure Linux - uninstall

  1. Stop F-Secure

    # /etc/rc.d/init.d/fsma stop
    Stopping FSMA modules
    Stopping F-Secure FSAV Web UI (/opt/f-secure/fsav/tomcat/bin/shutdown.sh) as root
    Stopping F-Secure FSAV PostgreSQL daemon (/opt/f-secure/common/postgresql/bin/shutdown.sh) as fsma
    Stopping F-Secure Management Agent

    # /etc/rc.d/init.d/fsaua stop
    Shutting down F-Secure Automatic Update Agent: [ OK ]

  2. Run uninstaller

    # /opt/f-secure/fsav/bin/uninstall-fsav
    F-Secure Security Platform uninstall
    Copyright (c) 1999-2006 F-Secure Corporation. All Rights Reserved.
    Are you sure you want to uninstall F-Secure Linux Server Security [no]? yes
    Uninstalling F-Secure Linux Server Security
    Removing F-Secure Linux Server Security
    ..

  3. Remove config files

    # rm -rf /opt/f-secure/

  4. Remove server from Policy Manager

    Go into policy manager and check under Policy Domains (on the left) and remove the server entry. If it is not there, then check the Autoregistered Hosts link on the right and remove the entry for the server.

    Disabling the Firewall Module in F-Secure for Linux

    For some installs this is a problem when the ssh port is not set to the default 22. To disable the firewall module in F-Secure you rename the module right after the install of the files, when it asks about the kernel is fine, you can either ctrl+z or open a new ssh window, either way.

     

    Navigate to /etc/opt/f-secure/fsma/modules/

     

    Rename fsfwd.config to fsfwd.config.disabled

     

    This will keep fsma loading the firewall configuration.