F-Secure Elements Agent status update and profile changes are not working when CRL URLs are not allowed
Incident Report for F-Secure services
Resolved
Further to the information regarding allowing CRL checks in firewalls, we have discovered that some devices still fail to connect in some scenarios, particularly where a proxy is used. This appears to be an issue with how the System processes access the proxy.

To resolve this issue, we have identified so far two possible solutions

1. Install a hotfix for 22.1 which restores the previous behaviour for CRL checks. You can download the hotfix here:
https://download.sp.f-secure.com/SE/PSB/hotfixes/CSBP-28015.zip
Unpack the zip file and execute bootstrap.cmd as administrator.

2. If tamper protection is enabled, uninstall the client, and reinstall using the relevant 22.2 installer listed below. This version removes the code that handles the CRLs, and behaves like the 21.10 version (before the CRL check code was introduced).
EMEA: PSB1 - https://download.sp.f-secure.com/PSB/tp87/OfflineInstallerCP-PSB1.msi
AMER: PSB2 - https://download.sp.f-secure.com/PSB/tp87/OfflineInstallerCP-PSB2.msi
APAC: PSB3 - https://download.sp.f-secure.com/PSB/tp87/OfflineInstallerCP-PSB3.msi
EMEA2: PSB4 - https://download.sp.f-secure.com/PSB/tp87/OfflineInstallerCP-PSB4.msi
EMEA3: SMI-EU - https://download.sp.f-secure.com/PSB/tp87/OfflineInstallerCP-PSBSMIEU.msi

If you need assistance, do not hesitate to contact F-Secure Support.
https://www.f-secure.com/en/business/support-and-downloads
Posted Feb 15, 2022 - 14:26 EET
Monitoring
We have received some reports that F-Secure Elements Agent is unable to update its status in the Elements portal, or to make changes to the assigned profiles.

After investigation, it was determined that this issue was introduced in the release of the F-Secure Elements Agent version 22.1, released on 21 January 2022. This release included a new check which contacts CRL servers, related to the validity check of TLS certificates used.

We will update the release notes for this version, and add the following information:

Connectivity requirements changed:
Please note that we do require connection to CRL URLs now. Please verify that connections to the following CRL URLs work:

ocsp.rootca1.amazontrust.com
crl.sca1b.amazontrust.com
ocsp.rootg2.amazontrust.com
ocsp.sca1b.amazontrust.com
crl3.digicert.com
crl4.digicert.com
ocsp.digicert.com

If you see that the client status is not updating in the portal, or profile changes are not applied to the client, please open HTTP connections to the CRL URLs.

At no time was the security of the device affected by this change. All detections and network connections to F-Secure Security Cloud continued to work as expected.
Posted Feb 03, 2022 - 12:56 EET
Identified
We have received some reports that F-Secure Elements Agent is unable to update its status in the Elements portal, or to make changes to the assigned profiles.

After investigation, it was determined that this issue was introduced with the release of the F-Secure Elements Agent version 22.1, on 21 January 2022. This release included a new check which contacts a CRL server, related to the validity check of TLS certificates used.

Connectivity requirements changed:
Please note that we do require connection to CRL URLs now. Please allow HTTP connectivity to crl.sca1b.amazontrust.com and verify that connections to CRL URLs work (like http://crl.sca1b.amazontrust.com/sca1b-1.crl). If you see that clients cannot send data to portal anymore then most likely CRL URL is blocked.
Posted Feb 01, 2022 - 17:39 EET
This incident affected: F-Secure Elements Endpoint Detection and Response (Portal), F-Secure Elements Vulnerability Management (Portal, Scan Nodes), and F-Secure Elements Endpoint Protection (Portal, Endpoints (Clients & Servers)).