Chapter 3 System Requirements 30
3.4 Other System Component Requirements
3.4.3 Web Browser Software Requirements
In order to administer the product with the Web Console, one of the following web browsers is required:
Microsoft Internet Explorer 6.0 or later
Mozilla Firefox 3.0 or later
If you plan to use Microsoft SQL Server 2000, 2005 or 2008, you must purchase it and obtain your own license before you start to deploy the product. To purchase Microsoft SQL Server, contact your Microsoft reseller.
Any other web browser supporting HTTP 1.0, SSL, javascripts and cookies may be used as well. Microsoft Internet Explorer 5.5 or earlier cannot be used to administer the product.
44
4 I
Installing F-Secure E-mail and Server Security from Policy
Manager ... 45
Installing F-Secure E-mail and Server Security to Microsoft
Exchange Server... 59
Upgrading from previous product versions... 78
Registering the Evaluation Version... 80
Uninstalling the Product... 81
4.1 Installing F-Secure E-mail and Server Security from Policy Manager
Before you begin the installation, download the remote installation package from the F-Secure web site.
To install the product with F-Secure Policy Manager, follow these instructions.
Step 1. Open Policy Manager Console
Log in to Policy Manager Console with your user name and password.
If you have F-Secure E-mail and Server Security license, use F-Secure E-mail and Server Security remote installation package with the filename ess_9.20-rtm.jar.
If you have F-Secure Server Security license, use F-Secure Server Security remote installation package with the filename
ss_9.20-rtm.jar.
Step 2. Import the Product Installation Package
1. In Policy Manager Console, open the Installation tab.
2. Click Installation packages.
3. Click Import.
4. Select the product installation package file that you have downloaded.
Click Import.
Policy Manager imports the installation package and the product information so that it can be used to administer the product. You do not need to import the package again when you install the product to other hosts.
Step 3. Install the Product to Hosts
1. Click Push install to Windows hosts in the Installation tab to start the installation wizard.
2. Enter either the WINS name or IP address of the target host. You can specify a list of hosts where you want to install the product.
All target hosts must be accessible from the Policy Manager Server with the address you enter.
Click Next.
3. Select the product installation package that you imported from the list of available packages.
Click Next.
4. In the policy selection dialog, leave Only default policy included selected.
Click Next.
5. In the account selection dialog, specify the account that has
administrative rights to target hosts. If you are using an account that is a Domain administrator, you can usually select This account.
Otherwise specify the administrative account and its password.
Click Next.
6. The installation wizard shows you the summary of selected options.
Click Start.
Step 4. Select Installation Options
1. The product-specific installation wizard opens.
Click Next to start the installation.
2. In the keycode dialog, enter your product keycode.
Click Next.
3. Select components to install.
Virus and Spyware protection is always installed, and Anti-Virus for Microsoft Exchange cannot be installed from Policy Manager.
To install Anti-Virus for Microsoft Exchange, see “Installing F-Secure E-mail and Server Security to Microsoft Exchange Server”, 59.
Click Next.
4. Choose the product language.
Select Select automatically during installation to install the product in the default system language of the target host.
Click Next.
If you have F-Secure Server Security license and use F-Secure Server Security remote installation package, Browsing protection and Anti-Virus for Microsoft Exchange components are not available.
5. Choose the Installation type.
Select Centrally managed installation and click Next.
6. Specify the Policy Manager Server address.
Enter the server address as it is visible to hosts, typically http://
protocol and IP or DNS.
Select the host identification mode.
Click Next.
7. Enter any custom properties that a host may require.
Click Next.
8. Choose the action to take if a conflicting software is installed on the host.
By default, Policy Manager Server uses port 80 for
communication with hosts. If you have assigned some other port, specify it in the URL.
Choose Uninstall conflicting software to uninstall the conflicting software automatically and then continue the installation, or
Choose Install the product only if no conflicting software is detected to stop the installation completely if any conflicting software is detected on the host.
Click Next.
9. Select restart options.
Usually, the first-time installation of the product does not require a restart. However, if it does, the installation is not completed until the computer is restarted.
Click Finish.
10.Policy Manager prepares and pushes the installation to target hosts.
11.When the installation is complete, click Finish.
As the server where you are installing the product may have a large number of active users, be careful which option you select.
Step 5. Import New Hosts
1. Click Import new hosts in the Installation tab.
2. In the New hosts table, select hosts where you installed the product.
If you have a policy tree with several domains, choose the target domain in the Import hosts to selection.
Click Import.
3. Click Close to close the New hosts table.
4. New hosts appear at the Policy domains tree.
Select a host to view information related to the host, for example, installed product versions and their installation status.
4.2 Installing F-Secure E-mail and Server Security to Microsoft Exchange Server
Follow these instructions to install the product.
Step 1.
1. Download the installation file (ess920-rtm.exe) from the F-Secure web site.2. Run the installation file to start the installation.
3. Click Install.
If you plan to install Microsoft SQL Server 2008 R2 Express Edition SP1 that is included in the package, and you want to control the installation, click the link under Extras to start the SQL Server installation before you install the product.
Depending on your system configuration, Microsoft SQL Server installation may require that you restart the server. In this case, install the product after the restart.
Step 2.
Read the information in the Welcome screen.Click Next to continue.
Step 3.
Read the license agreement.If you accept the agreement, check the I accept this agreement checkbox and click Next to continue.
Step 4.
Enter the product keycode.Click Next to continue.
This step is skipped if you install the evaluation version of the product.
Step 5.
Choose the components to install.If you do not have Microsoft Exchange Server installed on the computer, Anti-Virus for Microsoft Exchange and Spam control components are not present in the list.
Click Next to continue.
If you use F-Secure Server Security keycode to install the product, only Virus and spyware protection and DeepGuard components are present.
Step 6.
Choose the destination folder for the installation.Click Next to continue.
Step 7.
Choose the administration method.If you install the product in stand-alone mode, you cannot configure settings and receive alerts and status information in F-Secure Policy Manager Console.
Click Next to continue.
If you selected the stand-alone installation, continue to Step 10., 67.
Step 8.
The centrally managed administration mode requires the public management key. Enter the path to the public management key file admin.pub that was created during F-Secure Policy Manager setup.You can retrieve the admin.pub file directly from Policy Manager Server.
1. Open your web browser.
2. Go to the Policy Manager Server address, for example:
http://fspm.example.local
3. At the page that opens, find the following text:
F-Secure Policy Manager Server's management public key used by clients to verify validity of distributed policies can be downloaded from here.
If you select the stand-alone mode, use the Web Console to change product settings and to view statistics.
4. Click the link and save the file that opens.
5. Return to the setup and click Browse.
Browse to the admin.pub file that you saved.
You can also transfer the public key other ways (use a shared folder on the file server, a USB device, or send the key as an attachment in an e-mail message).
Click Next to continue.
Step 9.
In the centrally managed administration mode, enter the IP address or URL of the F-Secure Policy Manager Server you installed earlier.Click Next to continue.
If you do not use the default port (80) for the host communication, specify the port that you use here.
Step 10.
Enter an SMTP address that will be used by the product to send warning and informational messages to end-users.The SMTP address should be a valid, existing address that is allowed to send messages. Click Next to continue.
Step 11.
Specify the Quarantine management method.If you want to manage the Quarantine database locally, select Local quarantine management. Select Centralized quarantine management if you install the product on multiple servers.
Click Next to continue.
Step 12.
Specify Microsoft SQL Server instance that you use to store the Quarantine database.If you want to install Microsoft SQL Server 2008 R2 Express Edition and the Quarantine database on the same server as the product installation, select (a) Install and use Microsoft SQL Server 2008 R2 Express Edition.
If you are using Microsoft SQL Server already, select (b) Use an existing installation of Microsoft SQL Server.
Click Next to continue to either (a) or (b) based on your selection.
a Specify the installation and the database directory for Microsoft SQL Server 2008 R2 Express Edition.
Enter the password for the database server administrator account (sa) that will be used to create the new database. Click Next to continue.
b Specify the computer name and instance of the SQL Server where you want to create the Quarantine database.
Enter the password for the sa account that you use to log on to the server. Click Next to continue.
Step 13.
Specify the name for the SQL database that stores information about the quarantined content.Enter the user name and the password that you want to use to connect to the quarantine database.
• Use a different account than the server administrator account. If the new account does not exist, the product creates it during the installation.
• The password should be strong enough to comply with your current Windows password security policy.
Click Next to continue.
If the server has a database with the same name, you can either use the existing database, remove the existing database and create a new one or keep the existing database and create a new one with a new name.
Click Next to continue.
Step 14.
The list of components that will be installed is displayed, based on the keycode you use and the components that you selected in Step 5., 63.Click Start to install listed components. The installation will take a while.
Step 15.
The installation status of the components is displayed.Click Next to continue.
Step 16.
The installation is complete.Click Finish to close the Setup wizard.
In some cases, you may need to restart the computer to complete the installation.
You can choose Restart later to close the Setup wizard, but we recommend that you restart the server as soon as possible, as the product does not protect the server before the restart.
4.3 Upgrading from previous product versions
Follow these instructions to install the product if you have a previous version of F-Secure Anti-Virus for Windows Servers or F-Secure Anti-Virus for Microsoft Exchange installed.
4.3.1 Upgrading from the centralized installation of F-Secure Anti-Virus for Windows Server with Policy Manager 10.01
If you have F-Secure Anti-Virus for Windows Servers installed in your domain and you want to upgrade, we recommend that you upgrade to F-Secure Policy Manager to version 10.01 before installing E-mail and Server Security.
With F-Secure Policy Manager version 10.01, you can use Upgrade command at F-Secure Policy Manager Console to deploy and upgrade the product. You can view information about the product both in antivirus mode and in advanced mode.
4.3.2 Upgrading from F-Secure Anti-Virus for Microsoft Exchange with Policy Manager 10.01
If you have F-Secure Anti-Virus for Microsoft Exchange installed in your domain and you want to upgrade, we recommend that you upgrade to F-Secure Policy Manager to version 10.01 before installing E-mail and Server Security.
With F-Secure Policy Manager version 10.01, you can use Upgrade command at F-Secure Policy Manager Console to deploy and upgrade the product. You can view information about the product both in antivirus mode and in advanced mode.
4.3.3 Upgrading from F-Secure Anti-Virus for Microsoft Exchange
If you have F-Secure Anti-Virus for Microsoft Exchange version 9.00 - 9.10, follow the standard installation instructions. When the installation asks for the Policy Manager settings, select Keep current.
F-Secure Anti-Virus for Microsoft Exchange is updated only if it is installed on the host already. You cannot add F-Secure Anti-Virus for Microsoft Exchange component, but you can add or upgrade other components during the upgrade installation.
4.4 Registering the Evaluation Version
If you want to use the product after your evaluation period expires, you need a new keycode. Contact your software vendor or renew your license online.
After you have received the new keycode, you can either reinstall the product with your new keycode (see “Installing F-Secure E-mail and Server Security to Microsoft Exchange Server”, 59) or register the new keycode.
To register the new keycode:
1. Log in to the Web Console. The evaluation screen is opened.
2. Enter the new keycode you have received and click Register Keycode.
If you do not want to continue to use the product after your evaluation license expires, you should uninstall the software.
When the license expires, the product stops receiving anti-virus database updates, and processing e-mails and messages posted to public folders.
However, the messages are still delivered to the recipients.
4.5 Uninstalling the Product
To uninstall the product, select Add/Remove Programs from the Windows Control Panel. Uninstall the components in the following order:
1. F-Secure E-mail and Server Security - Spam control
2. F-Secure E-mail and Server Security - Anti-Virus for Microsoft Exchange
3. F-Secure E-mail and Server Security - Browsing protection 4. F-Secure E-mail and Server Security - DeepGuard
5. F-Secure E-mail and Server Security - Virus and spyware protection Restart the server after you have uninstalled all components.
If you use F-Secure E-mail and Server Security keycode to register the product, but you have installed only the Server Security evaluation version, you need to run the installation again to add the missing components.
If you have installed F-Secure E-mail and Server Security
evaluation version, you cannot use the Server Security keycode to register the product. Uninstall the evaluation version before you install the full Server Security product.
Some files and directories may remain after the uninstallation and can be removed manually.
82
5 C P RODUCT
Configuring the Product... 83
Network Configuration... 84
Configuring F-Secure Spam Control ... 86
5.1 Configuring the Product
The product is fully functional only after it receives the first automatic update. The first update can take longer time than the following updates.
The product uses mostly default settings after the installation and the first update. We recommend that you go through all the settings of the installed components.
Configure the product.
If the product has been installed in the centralized administration mode, use F-Secure Policy Manager Console to configure the settings and distribute the policy.
If the product has been installed in stand-alone mode, use the Web Console to configure the settings.
To make sure that the Real-time Protection Network is enabled, go to the Privacy page in the Web Console and select Yes, I want to participate in the Real-time Protection Network.
With Real-time Protection Network, you benefit from the cloud-based F-Secure technology of exchanging information about threats with other participants all over the world.
To change the setting with Policy Manager Console, go to:
F-Secure Real-time Protection Network Client / Settings / Participate in the Real-time Protection Network.
Specify the IP addresses of hosts that belong to your
organization. For more information, see “Network Configuration”, 84.
Verify that the product is able to retrieve the virus and spam definition database updates.
If necessary, reconfigure your firewalls or other devices that may block the database downloads. For more information, see
“Network Requirements for E-mail and Server Security”, 39.
If the product is installed on the same computer with Microsoft Exchange Server 2010, which is in the Mailbox server role, specify the primary SMTP address for the account which is used to scan items in public folders. The user account must have permissions to access and modify items in the public folders.
If the organization has multiple Microsoft Exchange Server installations and Mailbox servers are deployed on dedicated servers, you have to configure the Hub Transport Role and Mailbox Role Servers so that quarantined messages can be delivered: For more information, see “Configuring Mailbox Role Servers”, 124.
5.2 Network Configuration
The mail direction is based on the Internal Domains and Internal SMTP senders settings and it is determined as follows:
1. E-mail messages are considered internal if they come from internal SMTP sender hosts and mail recipients belong to one of the specified internal domains (internal recipients).
a. Specify Internal Domains and separate each domain name with a space. You can use an asterisk (*) as a wildcard. For example,
*example.com internal.example.net
b. Specify all hosts within the organization that send messages to Exchange Edge or Hub servers via SMTP as Internal SMTP Senders.
Separate each IP address with a space. An IP address range can be defined as:
• a network/netmask pair (for example, 10.1.0.0/255.255.0.0), or
• a network/nnn CIDR specification (for example, 10.1.0.0/16).
You can use an asterisk (*) to match any number or dash (-) to define a range of numbers. For example,
172.16.4.4 172.16.*.1 172.16.4.0-16 172.16.250-255.*
2. E-mail messages are considered outbound if they come from internal SMTP sender hosts and mail recipients do not belong to the specified internal domains (external recipients).
3. E-mail messages that come from hosts that are not defined as internal SMTP sender hosts are considered inbound.
4. E-mail messages submitted via MAPI or Pickup Folder are treated as if they are sent from the internal SMTP sender host.
If the product has been installed in the centralized administration mode, configure the mail direction with F-Secure Policy Manager Console.
If the product has been installed in stand-alone mode, configure the mail direction with the Web Console.
If end-users in the organization use other than Microsoft Outlook e-mail client to send and receive e-mail, it is recommended to specify all end-user workstations as Internal SMTP Senders.
If the organization has Exchange Edge and Hub servers, the server with the Hub role installed should be added to the Internal SMTP Sender on the server where the Edge role is installed.
Do not specify the server where the Edge role is installed as Internal SMTP Sender.
If e-mail messages come from internal SMTP sender hosts and contain both internal and external recipients, messages are split and processed as internal and outbound respectively.
5.3 Configuring F-Secure Spam Control
When F-Secure Spam Control is enabled, incoming messages that are
When F-Secure Spam Control is enabled, incoming messages that are