Troubleshooting Common Issues in F-Secure E-mail and Server Security

F-Secure E-mail and Server Security — Complete Setup Guide (2026)

Overview

• Purpose: protect file servers, mail servers (Exchange/SMTP), SharePoint, Terminal/Citrix servers and collaboration systems from malware, spam and web threats.
• Editions: Standard (Windows servers, Exchange, Terminal/Citrix, Linux via Linux Security) and Premium (adds SharePoint, EMC CAVA, Software Updater).

Prerequisites (assume medium-size Windows/Exchange environment)

• Admin account with local admin and Exchange/AD privileges.
• Windows Server 2016–2022 (or supported versions per product docs).
• Exchange Server ⁄₂₀₁₉ (or supported versions); SMTP relays for other MTAs.
• SQL Server (if using on-prem central management database).
• Firewall ports: allow communication between servers and Policy Manager/console (TCP ⁄₄₄₃ or product-specific ports).
• Valid product licenses and current installer bundle (download from F‑Secure/WithSecure user guides).

High-level deployment steps

1. Download latest E-mail and Server Security installers and Admin/Deployment guides from F‑Secure/WithSecure site.
2. Plan architecture:
   • Central Policy Manager (on-prem or hosted) for policies, updates and quarantine.
   • Dedicated scanning servers for Exchange/SharePoint or use agent-based scanning on target servers.
   • Quarantine/mail flow: decide on gateway vs. server-side scanning.
3. Install Policy Manager:
   • Install server, configure DB, create admin account, and open required ports.
   • Apply TLS certificate for secure console access.
4. Install server/agent components:
   • On Exchange: install Mail Security/antivirus modules and enable transport/SMTP scanning as per Admin Guide.
   • On file/terminal servers: install Server Security agent with real-time scanning, exclusions for backup paths and virtualization temp directories.
   • On SharePoint/EMC: install relevant connectors (Premium).
5. Configure mail flow:
   • For gateway deployment: set MX to gateway, configure upstream/downstream relays.
   • For server-side: configure transport agents or SMTP relay settings so mail passes through the scanner before delivery.
6. Configure anti-spam and content policies:
   • Enable spam filtering, tuning thresholds, allowed/blocked lists.
   • Set content-disposition, re-write/subject-tagging, quarantine actions (reject, quarantine, deliver with warning).
7. Set scanning policy and exclusions:
   • Real-time scanning enabled, scheduled full scans weekly.
   • Exclude backup/replication folders, temp dirs, and antivirus vendor update paths.
8. Configure Software Updater (Premium) and Browsing Protection for terminal users.
9. Centralized quarantine and notification:
   • Configure quarantine retention, admin/user notifications and release workflows.
10. Test before production:

• Send test malware (EICAR) and spam samples.
• Verify mail headers, delivery latency, false-positive rates, and agent reporting.

11. Rollout:

• Staged deployment by OU or server group.
• Monitor logs and performance; tune scanning settings to reduce load.

12. Operational tasks:

• Regular signature/engine updates (automated), monitor Policy Manager health, review quarantined items daily, apply product patches.

Recommended settings (default assumptions)

• Real-time scanning: on for all servers.
• CPU/IO throttling: enable during business hours if heavy load.
• Update frequency: hourly signatures + continuous cloud intelligence.
• Spam threshold: start medium (e.g., score ⁄₁₀), tighten after 2 weeks of monitoring.
• Quarantine retention: 30 days (adjust per compliance).

Troubleshooting quick checklist

• Mail delays: check transport agent/service status, queue length, and scanning time per message.
• High CPU/IO: enable offload for virtual environments, add exclusions, schedule full scans off-hours.
• False positives: review quarantine, add safe senders and file-type exceptions, adjust heuristics.
• Management console unreachable: verify firewall, service status, DB connectivity and TLS certificate validity.

Security & compliance notes

• Keep Policy Manager and agents patched.
• Maintain secure backups of Policy Manager DB and quarantine.
• Document retention and data-handling per your compliance requirements.

Useful links (go to vendor docs)

• F‑Secure / WithSecure User Guides — E-mail and Server Security (Admin Guide, Deployment Guide, Cluster Deployment)
• Product datasheets and technical diagrams

If you want, I can generate a step-by-step checklist tailored to a specific environment (Exchange version, number of servers, on-prem vs cloud).