Looking for assistance in dealing with Games in BOYD devices triggering EDR Broad Context Detection

MikeLeger · 2023-10-24T14:10:06+00:00

There was an error rendering this rich post.

So I'm trying to figure out how other people are dealing with this situation, we have about 80% seasonal staff who all bring their own device.

While they are with us, we provide WithSecure ep,edr, vm as well as office and other online tools.

Because these devices are owned by the end user, we get so many alerts after hours about Broad Context Detections and its all for games, when you click on the like that opens the virustotal.com webpage, its always zero

Is there a way to add these games or paths to the whitelist in the profile?

How do you deal with BYOD devices in this manner?

Find more posts tagged with

EDR

Accepted answers

LiselotteP

Hi @MikeLeger! I really appreciate your thoughts on this. It’s a relevant point about managing devices on a client’s VPN.

I highly recommend publishing your idea on https://ideas.withsecure.com/, this is where users can share product ideas, feature requests, and improvements, and I'm sure you're idea would spark some great discussions.

And, I’m pretty curious too - is there anyone else out there dealing with the same thing?

All comments

LiselotteP

@MikeLeger - tagging you for visibility to @MartijnAVT's comment!

MartijnAVT

To be honest Mike, this is a very difficult thing to deal with. Here in the Netherlands we are more and more getting rid of BYOD (or Bring Your Own Disaster). In this, we rather isolate the endpoint from having access to corporate resources directly as much as possible and prevent them from downloading data on non-company-managed devices. Because al that rubbish, games, bloatware, and such, drives you nuts and you do not have control over it. I am not a big fan of Citrix or RDS perse, but for this, it's great to have to access those untrusted devices in the environment. Thankfully our customer take our advice and move to modern rich clients, which we can fully protect and support.

LiselotteP

Hi @MikeLeger! I really appreciate your thoughts on this. It’s a relevant point about managing devices on a client’s VPN.

And, I’m pretty curious too - is there anyone else out there dealing with the same thing?

MikeLeger

Thanks Sethu, but you understand this is the future of remote work here in north America right?

We have so many clients who hire on staff that bring their own device, we provide them with o365 licences, we provide them with phone system licences, vpn liences, and beacuse they are on the network a AV solution like With/Secure. All I'm saying is this is a new emerging issue you are going to see more and more of.

I'm not asking for gaming support, I'm looking for ways to better manages devices that are not owned by the client during the times that end user is connected to the clients VPN and only then are things running.

As a community discussion board, I just wanted to reach out to others to see how they are solving for this new situation.

Sethu Laks

Hi @MikeLeger

As per feedback from our EDR team, our EDR product is primarily designed for typical work-related usage. Consequently, it may detect activities associated with games for various reasons. Currently, we do not have immediate plans to enhance our "gaming" support. However, there are potential initiatives for self-service allowlisting, although no specific timeline has been confirmed for their implementation.

Regarding you specify query about handling devices that are off the network and not owned by you, in the scenario where a device lacks network connectivity, the EDR system will cache the events and transmit them once the network connection is reestablished.

Best regards,
Sethu
Community Moderator | Technical Support Engineer
WithSecure™ https://www.withsecure.com/en/home

Sethu Laks

Hi @MikeLeger

You are welcome! I am in touch with our EDR team to get more information for your query. I will let you know as soon as they give me an update.

Best regards,
Sethu
Community Moderator | Technical Support Engineer
WithSecure™ https://www.withsecure.com/en/home

MikeLeger

Thanks Sethu, that's however I'm looking to get some ideas on how to handle devices that are off network and not owned by us.

How are other using the product to still protect their network, yet not overtake someone's personal computer.

Sethu Laks

Hi @MikeLeger

Thank you for reaching out to the WithSecure Community,

We suggest that you refer to the following article to gain a better understanding of how to handle the BCD-ID false positive.

https://community.withsecure.com/en/kb/articles/29365-elements-endpoint-detection-and-response-edr-detects-a-safe-application-how-to-whitelist-the-detection

Best regards,
Sethu
Community Moderator | Technical Support Engineer
WithSecure™ https://www.withsecure.com/en/home