To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Looking for assistance in dealing with Games in BOYD devices triggering EDR Broad Context Detection

Options
MikeLeger
MikeLeger W/ Member Posts: 8 Junior Protector

So I'm trying to figure out how other people are dealing with this situation, we have about 80% seasonal staff who all bring their own device.

While they are with us, we provide WithSecure ep,edr, vm as well as office and other online tools.

Because these devices are owned by the end user, we get so many alerts after hours about Broad Context Detections and its all for games, when you click on the like that opens the virustotal.com webpage, its always zero

Is there a way to add these games or paths to the whitelist in the profile?

How do you deal with BYOD devices in this manner?

Tagged:

Best Answer

  • LiselotteP
    LiselotteP W/ Staff, W/ Community Manager Posts: 321 Community Manager
    Solved
    Options

    Hi @MikeLeger! I really appreciate your thoughts on this. It’s a relevant point about managing devices on a client’s VPN.

    I highly recommend publishing your idea on https://ideas.withsecure.com/, this is where users can share product ideas, feature requests, and improvements, and I'm sure you're idea would spark some great discussions.

    And, I’m pretty curious too - is there anyone else out there dealing with the same thing?

Answers

  • Sethu Laks
    Sethu Laks W/ Partner, W/ Staff, W/ Moderator Posts: 245 Moderator
    edited October 2023
    Options

    Hi @MikeLeger

    Thank you for reaching out to the WithSecure Community,

    We suggest that you refer to the following article to gain a better understanding of how to handle the BCD-ID false positive.

    https://community.withsecure.com/en/kb/articles/29365-elements-endpoint-detection-and-response-edr-detects-a-safe-application-how-to-whitelist-the-detection

    Best regards,
    Sethu
    Community Moderator | Technical Support Engineer
    WithSecure™ https://www.withsecure.com/en/home

  • MikeLeger
    MikeLeger W/ Member Posts: 8 Junior Protector
    Options

    Thanks Sethu, that's however I'm looking to get some ideas on how to handle devices that are off network and not owned by us.

    How are other using the product to still protect their network, yet not overtake someone's personal computer.

  • Sethu Laks
    Sethu Laks W/ Partner, W/ Staff, W/ Moderator Posts: 245 Moderator
    Options

    Hi @MikeLeger

    You are welcome! I am in touch with our EDR team to get more information for your query. I will let you know as soon as they give me an update.

    Best regards,
    Sethu
    Community Moderator | Technical Support Engineer
    WithSecure™  https://www.withsecure.com/en/home

  • Sethu Laks
    Sethu Laks W/ Partner, W/ Staff, W/ Moderator Posts: 245 Moderator
    Options

    Hi @MikeLeger

    As per feedback from our EDR team, our EDR product is primarily designed for typical work-related usage. Consequently, it may detect activities associated with games for various reasons. Currently, we do not have immediate plans to enhance our "gaming" support. However, there are potential initiatives for self-service allowlisting, although no specific timeline has been confirmed for their implementation.

    Regarding you specify query about handling devices that are off the network and not owned by you, in the scenario where a device lacks network connectivity, the EDR system will cache the events and transmit them once the network connection is reestablished.

    Best regards,
    Sethu
    Community Moderator | Technical Support Engineer
    WithSecure™  https://www.withsecure.com/en/home

  • MikeLeger
    MikeLeger W/ Member Posts: 8 Junior Protector
    Options

    Thanks Sethu, but you understand this is the future of remote work here in north America right?

    We have so many clients who hire on staff that bring their own device, we provide them with o365 licences, we provide them with phone system licences, vpn liences, and beacuse they are on the network a AV solution like With/Secure. All I'm saying is this is a new emerging issue you are going to see more and more of.

    I'm not asking for gaming support, I'm looking for ways to better manages devices that are not owned by the client during the times that end user is connected to the clients VPN and only then are things running.

    As a community discussion board, I just wanted to reach out to others to see how they are solving for this new situation.

  • MartijnAVT
    MartijnAVT W/ Partner Posts: 5 Junior Protector
    Options

    To be honest Mike, this is a very difficult thing to deal with. Here in the Netherlands we are more and more getting rid of BYOD (or Bring Your Own Disaster). In this, we rather isolate the endpoint from having access to corporate resources directly as much as possible and prevent them from downloading data on non-company-managed devices. Because al that rubbish, games, bloatware, and such, drives you nuts and you do not have control over it. I am not a big fan of Citrix or RDS perse, but for this, it's great to have to access those untrusted devices in the environment. Thankfully our customer take our advice and move to modern rich clients, which we can fully protect and support.

  • LiselotteP
    LiselotteP W/ Staff, W/ Community Manager Posts: 321 Community Manager
    Options

    @MikeLeger - tagging you for visibility to @MartijnAVT's comment!