To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Linux Malware protection ?

Jani
Jani Posts: 3 Security Scout
edited February 12 in Linux Products

I have installed WithSecure Elements EDR and EPP for Servers Premium to my Linux servers.

Malware protection is Disabled after installation.

Can I somehow get this working?

Ubuntu 20.04.6 LTS , Linux 5.15.0 -72 -generic

DEB packages are compatible with Debian and Ubuntu systems. Client version 12.0.445

Tagged:

Best Answer

  • JamesC
    JamesC Staff, Moderator Posts: 551 W/ Moderator
    Solved

    Hi @Jani ,

    Thank you for reaching out to us on WithSecure Community.

    Normally, this is caused by the default policy with a blank configuration of "Files and folders to scan" being assigned to the WithSecure™ EPP Elements for Servers (Linux client) or Linux Protection clients.

    In order to make the real time scan working, there is a need to clone the default profile and add a path (for example, root directory of "/" for scanning all files) to that configuration in the policy file.

    You could perform the following steps to clone the default profile if it has not been done yet, change the configuration for real time scanning, assign the cloned profile and trigger the full status update to solve this issue.

    1.  Log in to the Elements Endpoint Protection Portal 
    2.  Go to the Profiles page
    3.  Click the three dots which are next to the profile you want to clone (WithSecure™ for Linux in this case)
    4.  Select Clone Profile
    5.  Enter a profile name (Label and description are optional)
    6.  Select Real-time scanning in the profile
    7.  Click on Add path under Files and folders to scan
    8.  Add root directory of "/" to scan all files 
    9.  Click Save and Publish
    10. Go to the Devices tab
    11. Select the affected Linux device
    12. Click on Assign Assign Profile
    13. Select the cloned profile from the list
    14. Click on Assign button
    15. On Devices tab, select the affected Linux device again
    16. Choose Send full status update

    If the default profile has been cloned before but the configurations for real time scanning are not changed yet, follow the steps below to solve the issue.

    1.  Log in to the Elements Endpoint Protection Portal 
    2.  Go to the Profiles page
    3.  Open the assigned profile
    4.  Select Real-time scanning in the profile
    5.  Click on Add path under Files and folders to scan
    6.  Add root directory of "/" to scan all files 
    7.  Click Save and Publish
    8.  Go to the Devices tab
    9.  Select the affected Linux device
    10. Choose Send full status update

Answers

  • Jani
    Jani Posts: 3 Security Scout

    Hi

    Thank you for quick answer. Got this working now.

This discussion has been closed.

Categories