To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Elements Endpoint Protection Portal Changelog

145679

Comments

  • ŁukaszDrąg
    ŁukaszDrąg W/ Member Posts: 20 Junior Protector
    edited December 2022

    Dear community,

    What's new in week 50

    New features:

    • Software updater may notify users about new missing updates


    • Audit logs supports first 2 remote actions from portal: Send Full Status remote action, Uninstall remote action


    • Protection icon are now available in device list for Overview of Protection Status, Overall protection, Malware protection and Firewall columns.


    • Feedback form for device management rules is now available.


    • [PREMIUM] System events detection. Starting from 22.9 at least three system events are sent to security events: audit log was cleared, user account was locked out, an account failed to log on. Apart from that many other system events may be enabled by administrator.


    • Server Share Protection. Starting from 22.9 Elements Agent is able to detect malware activity on server shared folders and restore files automatically if they are broken or encrypted by malware (by default it only reports a security event and does not restore files, administrator needs to enable the feature via profiles)


    • History of updates for each Windows device. Administrator may check installation status of updates and see Software Updater Database version.


    Fixed issues:

    • In some situations profiles could not be deleted
    • When using select all admin could send windows only operations to linux and mac devices

    Best Regards,

    EPP Team

  • PetriKuikka
    PetriKuikka W/ Member Posts: 236 Threat Terminator

    Dear community,

    What's new in week 51

    New features:

    • Device details page has a link to device specific audit logs.

    Improvements:

    • Show quarantine action unconditionally for manual scanning type of event in Security Events and show a warning banner with an explanation once clicked if the file is too big or not an archive 
    • Audit log improvements:
      • "Source and Target" column simplified into "Target" and removed "Profile" and "Details" prefixes from the values of the column
      • Audit logs has new filter for Device UUID

    Fixed issues:

    • Re-fixed the scrolling issues when browsing Security Events and Audit Logs pages with Firefox. Now the sticky header is disabled for Firefox.
    • In some cases Assign profile drop-down showed incorrectly computer profiles for Windows Servers.
    • Unprotected devices scan button is shown when the user is read-only.

    Br, EPP team

  • PetriKuikka
    PetriKuikka W/ Member Posts: 236 Threat Terminator

    Dear community,

    What's new in week 52

    New features:

    • Following new EPP devices operations have been added to audit log:
      • Scan for malware, Scan for missing software updates
      • Isolate from network, Release from network isolation
      • Encrypt drive, decrypt drive
      • Restart system, Request diagnostic file
      • Active directory scan for unprotected devices

    Improvements:

    Fixed issues:

    • Profile can be created again with the same name after the deletion.
    • Mac firewall status is now updated in the portal when either the MAC or WS firewall status is changed.

    Br, EPP team

  • PetriKuikka
    PetriKuikka W/ Member Posts: 236 Threat Terminator

    Dear community,

    A new year 2023 and what's new in week 1

    New features:

    • Profile assignment rules supports multiple values in single rule - meaning it's possible to match multiple IP segments, DNS/WINS patterns or Active Directory groups with a single rule.

    Improvements:

    • New icons for main device icons and operating systems
    • Disable unprotected devices scan button for read only admins. Earlier read only admins could click button and where shown an error instead as they lack the rights to perform operations.
    • Disabling the Decryption operation when it's not available

    Fixed issues:

    • Device status data from Windows clients older than 2 years are no longer being processed. Devices are still visible in portal and shown in Dashboard/Advisory as unsupported and needing upgrade.
    • When assigning profiles, if the account has more than 200 profiles visible, then it's possible to assign any one of them. Previously it was possible to assign only one of the first 200.

    Br, EPP team

  • tranbi
    tranbi W/ Former Staff Posts: 2 W/ Former Staff
    edited January 2023

    Dear community,

    What's new in week 2

    New features:

    • Vulnerability management risk score is now visible in device listing. Also added a new default view "Vulnerability management"


    • Add last scanning status columns into devices list


    • Top 10 Most Applied Application Control Rules can now be seen on a chart in the Reports → Security Events tab. 


    • FSdiag download actions are audited
    • "Show message" operations are audited

    Improvements:

    • Chart labels under Reports → Security Events tab are now truncated. The full value can be seen in a tooltip while hovering over the bar. 


    Fixed issues:

    • Fixed issue with Mac devices and change subscription from EPP+EDR to EPP

    BR,

    EPP Team

  • reunanen_tomi
    reunanen_tomi W/ Former Staff Posts: 3 W/ Former Staff

    Dear community,

    We are happy to announce that new Software Updates views are released to all environments. These new views provide few improvements, new features and changes compared to old ones:

    • Installation related tabs are merged. All installation related information can now be found under single tab called "Installation Logs". The "Installation summary" style view is currently missing from the UI and will be reintroduced later via grouping functionality
    • Improved installation status information for Installation logs. On top of the existing installation status, you can now also find more specific installation code / reason for all performed installations per device
    • Access "View affected devices" from the Computers and Servers columns directly. Previously this information was only available via the Action panels "View affected devices" button.
    • Number of affected devices on action buttons. When you perform a selection on set of updates, you can now also see the combined total of devices to be updated on the action panel.
    • Select all - Previously when using select all checkbox the selection affected only the updates visible at the given time. With the new views, the select all includes all updates matching the filters used currently.
    • Force close - Certain updates require target application to be closed before installing the updated. Now you can force the application to be shut down from the portal when making the installation request.

    BR,

    EPP Team

  • markni
    markni W/ Staff Posts: 2 W/ Staff
    edited January 2023

    Dear community,

    What's new in week 3

    New features:
    • Rule Engine change tracking. Currently, when a device changes its AD group, IP, DNS or WINS, automatically assign a profile and labels based on the rules to that device
    • All device-related audit logs allow navigating to a device by clicking the link in the target column
    • Device deletions are audited and visible in the Audit Logs page
    Fixed issues:
    • Application control status does not update when feature was disabled
    • Mobile Protection: Change link for admin guide in downloads

    Best regards,

    EPP Team

  • Suresh
    Suresh W/ Member Posts: 3 Security Scout
    edited January 2023

    Dear community,

    What's new in week 4

    New features:
    • Admin can use search in filter values in device view.
    • Audit logs support follow two new remote operations "Turn security off" and "Assign Profile".


    • Audit logs can be now filtered by the audit action type.

    Improvements:

    • Protection status trend graph is moved to Devices tab in Report view.
    • Improvements when downloading large FSDiags. In some situations browsers could report an out of memory error when downloading large FSDiags.
    • Improvement to device Vulnerability Management view. View now shows all devices where VM is activated, including also EPP and EDR devices.
    • Audit log device names are now links to device details page.
    Fixed issues:
    • Undefined free disk and memory is no longer shown for Mac devices - this is a Windows only feature.
    • Fixes to Summary Emails - the top Infections list did not show most of alerts due to format switch.

    Best regards,

    EPP Team

  • Suresh
    Suresh W/ Member Posts: 3 Security Scout
    edited February 2023

    Dear community,

    What's new in week 5

    Improvements:

    • In our device listing page, we have added icons for different device types with names, including took tips are added. Arranged device type column to be first column and always selected.


    Fixed issues:

    Fixed quarantine action error in the Security Events view

    Best regards,

    EPP Team

  • dolatawojciech
    dolatawojciech W/ Member Posts: 12 Security Scout

    Dear community,

    What's new in week 6

    Improvements:
    • Software updates tab now respects readOnlyWorkstations and readOnlyServer user permissions. For example if user is logged with readOnlyWorkstation then all update checkboxes affecting only workstation will be hidden. Also when select all or individual update checkbox is clicked then operations wizard has update button enabled only for which user is permitted.


    Best regards,

    EPP Team

  • dolatawojciech
    dolatawojciech W/ Member Posts: 12 Security Scout
    edited February 2023

    Dear community,

    What's new in week 7

    Improvements:

    • Column selector in Device view is changed to flyout UX style for greater unification across Elements portal
    • Remove 'disable change tracking' confirmation popup
    • Added confirmation popup for evaluating rules for all devices after saving


    • Show disabled checkboxes for missing updates instead of hiding them for full readOnly, readOnlyWorkstations or readOnlyServers users


    • Select devices to update button is enabled now when select all updates clicked

    Fixed issues:

    • The action panel does not hide anymore the bottom rows of the missing software updates table


    Best regards,

    EPP Team

  • ŁukaszDrąg
    ŁukaszDrąg W/ Member Posts: 20 Junior Protector

    Dear community,

    What's new in week 8

    Improvements:

    • Update advisory entry for Connector low disk space to use 5GB instead of 20GB


    • Devices view shows disabled checkbox instead of hidden for read only users and read only devices.


    • Audit Logs added for quarantine related operations are now accessible from Security Events list (Delete from Quarantine / Restore to original location)


    • Installation Logs of Software Updates can now be filtered by the Device UUID and List of BulletinIDs.
      • Additionally the filters in general in both Missing Updates and Installation Log tabs are persistent. Sam as in Security Events and Audit Log. 


    • Navigation from Device Details to the filtered Installation Log is now possible.


    • UI improvements to Custom report for devices


    • Added enabling / disabling change tracking to audit logs


    • Added possibility to export a read-only profile


    Fixed issues:

    • Pagination after select all on missing updates tab is broken.
    • CVE flyout is not working on missing updates for device view
    • Profile assignments rules is visible by default
    • Quarantine operations is missing the actual operation text


    Best regards,

    EPP Team

  • Hubert_Szymanski
    Hubert_Szymanski W/ Staff, W/ Article Coordinator Posts: 10 W/ Staff
    edited March 2023

    Dear community,

    What's new in week 9

    New features:

    • Server Share Protection: added possibility to set a folder for backups and to set a maximum backup file size.
    • Network location settings now can override settings even if they are locked in the profile. The red notification is not needed anymore.
    • Added monthly scanning counters to devices view. You can see how many files were scanned and how many issues was found during the month. These counters can be used to make queries.

    Improvements:

    • Customers can now provide feedback about new My Reports view. We are gathering feedback to further improve and make this new functionality more useful.

    Fixed issues:

    • Select all on afftected devices flyout from software update's tab now selects all devices on all pages. Also clicking on updates button sends update operation for all devices.

  • GrzegorzMusial2
    GrzegorzMusial2 W/ Staff, W/ Article Coordinator Posts: 2 W/ Staff

    Dear community,

    What's new in week 10

    New features:

    • Outbreak control: Outbreak control is an extension for profile assignment rules. When change tracking is enabled, you can create a rule that automatically reacts to open EDR detections and assigns a hardened profile and custom labels to the affected endpoint. Once the detection is closed it will automatically change the profile and labels back based on your other rules

    Improvements

    • Changes and operations done in the profile assignment rules page are now visible in the Audit Log.
    • Improved readability of local and admin exclusions in the device details by rendering the path as a list. If any of the exclusions are considered dangerous they are now highlighted in the list. 
    • affected devices flyout now respects filters present on missing updates tab. For example: if all crirical updastes are selected on missing updates tab and select devices button is clicked then only all devices affected by critical updates will be shown in the flyout

    Fixed issues:

    • Fixed an issue where it was possible to try and start unprotected devices scan in partner scope.
    • Removed changing own password and setup 2FA from accounts view in EPP as it was obsolete

  • goloni
    goloni W/ Staff, W/ Article Coordinator Posts: 2 W/ Staff

    Dear community,

    What's new in week 11

    New features:

    • Security Events can now be filtered by the device labels. Important to note that any changes to the labels assigned to the device are to be visible only in the events happening after the label change was made. No changes to historical data is ever made.
    • Similar to what has already been available in the Devices view now also Security Events view supports Saved Views. With the initial release a set of predefined system views is shipped together with an option to create custom user views.
    • Security Posture piloting release: Security Posture analyzes your devices and profiles to find common weaknesses that lead to devices being compromised or confidential data being leaked. You can click on the items to see further explanations and instructions.
    • add multiple proxy support to windows proxy settings. Will be available with clients 23.4+
    • Show discovered shared folders

    Fixed issues:

    • Fixed an issue where the feedback banner in the My reports page could overlap other elements when scrolling down in the page.
    • Software Updates shows servers in the host selection screen when using Platform_type=Workstation filter

  • RoopeKemppainen
    RoopeKemppainen W/ Staff Posts: 10 W/ Staff

    Dear community,

    What's new in week 12

    New features:

    • Security posture now has two more new recommendations "Over 10% of workstations have been last logged in by an admin user" and "System integrity protection is disabled.

    Improvements:

    • Advisory dashboard pie-charts are now displayed with legends.

    • Missing updates for the device view have gotten styling changes to match other views.
    • Security Posture: more comprehensive text along with more information link updated in flyout against shown recommendations.

    Removed features:

    The option "Force application to stop" in Software Updater section is removed (only if it was not selected previously). It was a dangerous option. Consider using a similar functionality in Automated Tasks and in remote operations in Software Updates tab.

  • markni
    markni W/ Staff Posts: 2 W/ Staff
    edited April 2023

    Dear community,

    What's new in week 13

    New features:

    • Manage removed devices is now available. Administrators can use this feature to restore individual devices that have accidentally been removed or blocked. This feature will replace the existing "Restore devices from blocklist". This feature is placed under three-dot menu in device list view.

    Improvements:

    • Bulletin ID improvements for Software updates:
      • Help text added for Bulletin ID colums
      • Added the Bulletin ID column to Installation Logs tab
      • It is now possible to filter all devices that have installed some patch using Bulletin ID filter on Installation Logs tab.

  • RoopeKemppainen
    RoopeKemppainen W/ Staff Posts: 10 W/ Staff
    edited April 2023

    Dear community,

    What's new in week 14

    Improvements:

    • Quick Filters are now available for selected columns in the Security Events table.
    • Read-only administrators are now able to save device views and custom reports in the My Reports view.

  • RoopeKemppainen
    RoopeKemppainen W/ Staff Posts: 10 W/ Staff
    edited April 2023

    Dear community,

    What's new in week 15

    New features:

    • New profile editor features:
      • New section called "All settings" which contains all possible profile settings in one view.
      • New search box on top of every section which allows to free form search for settings or their values.
    • New unprotected devices features:
      • Admin can now enable automatic daily scanning for a company.
      • Devices found by the scan now can be marked as trusted and it is also possible to add comments for the devices found by the scan.
      • It is now possible to filter the list of unprotected devices by Active Directory Group and trusted status.

  • Hubert_Szymanski
    Hubert_Szymanski W/ Staff, W/ Article Coordinator Posts: 10 W/ Staff
    edited April 2023

    Dear community,

    What's new in week 16

    New features:

    • New column "On public internet" was added to device listing which
      describes whether any of IPv4 addresses of the device are public. 
    • Security Events have additional Quick Filters available in the expandable section: 
      • filtering by device
      • filtering by device label
    • In the Security Events section we have introduced a feedback form to
      encourage customers sharing their feedback about recent additions and
      ideas for future features.

  • AntonBlomström
    AntonBlomström W/ Staff Posts: 1 W/ Staff

    Dear community,

    What's new in week 18

    New features:

    • Added "Force scan USB and show result to user" option. (This requires WithSecure Elements Agent 23.4)

    Improvements:

    • DataGuard included paths and trusted applications are now rendered as a list in device details.

  • Milosz
    Milosz W/ Staff Posts: 17 W/ Staff
    edited May 2023

    What's new in week 20

    Dear Community,

    New features

    Security Events Trend Detector

    Security events trend detector for infections shown in Dashboard view's Issue list. This is an experimental feature looking at risky trends in the amount of malware infections from your computers over the last two weeks. At present it looks for two specific trends:

    • A large spike or sudden increase in detections
    • A strong growing trend towards the end of the two week time window

    Our suggestion is that you investigate if everything seems normal by using the check report link to look in the Security Events reporting page at the following items:

    • The infections handled report shows a count of the same detections, is there a growing trend?
    • Computers generating large numbers of detections can be identified from the "Top computers" graph, clicking the name of a computer will show you specific detections
    • Top infections will show most common detections, this can help investigation

    Acknowledging security events will exclude them from trend detection but not from the reporting page. This can be used to make this warning go away, otherwise it will vanish once the trend changes or settles. Please use the feedback form at the top of Security Events to give us feedback.

    Security Events navigation from Infections handled chart
    It is now possible to navigate from Infections Handled chart (Reports → Security Events tab) to a Security Events list filtered to a day corresponding to the clicked bar. This is to foster faster investigation of spikes in the handled infections.
    Mac Software Updater (from the 10th of May)

    Software updater for Mac is now available. Administrators can select which software to include in scan results or automatic updates using include/exclude rules, specify HTTP proxy or Elements Connector for downloading the updates. Scanning for missing software or automatic updates installation can be scheduled in the Automated tasks section of the profile editor.

    Improvements

    • Active Directory Group has been renamed Active Directory Organizational Unit (abbreviated as OU in some places where space is restricted) in Device, Unprotected Devices and Profile Assignment Rules views. This is done to be more precise on what kind of data our clients collect from Active Directory.

  • PetriKuikka
    PetriKuikka W/ Member Posts: 236 Threat Terminator
    edited June 2023

    What's new in week 21

    Dear Community,

    Improvements

    • Status icons were added to the Device list for Application control, Device control, and Software update status.

    Fixed issues:

    • Changes can now be applied to multiple profiles.
    • Windows 10 end of life status is fixed for computers.
    • All updates can now be selected and installed on the selected computers from the popup menu.

  • RoopeKemppainen
    RoopeKemppainen W/ Staff Posts: 10 W/ Staff

    What's new in week 22

    Dear community,

    New features:

    • Chart export - All charts in the reports page can now be exported as SVG files

    Fixed issues:

    • Searching for profiles now works correctly on Mobile, Linux and Connector tabs.

    Best regards,

    EPP Team

  • Jasmeet
    Jasmeet W/ Staff Posts: 1 W/ Staff
    edited June 2023

    What's new in week 23

    Dear community,

    New features:

    • Device history - Added a history log of device data changes to device details.
      Currently supported fields are: Overall protection, Software updates status, Network isolation, Reboot needed, Assigned profile, Profile assignment state, IP addresses, Public IP, Last user and UPN.
    • New saved views features:
      • Custom views can now be shared by using the "Move to organization views" button. Organization views are visible to all admins at the same organization level.
      • It is now possible to set a view as default. Default view will be applied by default the next time you log into portal.
      • Organization and system views can now be hidden.
    • Device details now has an option to Connect with RDP
      • Allows you to connect with RDP to computers directly from Elements portal.
      • This features requires a premium subscription.
    • Export affected devices from flyout for selected missing updates.
    • Software updates installation log shows separate column for KB ID

    Fixed issues:

    • Security Events report is now showing data in the graphs.

    Best regards,
    EPP Team

  • ŁukaszDrąg
    ŁukaszDrąg W/ Member Posts: 20 Junior Protector

    What's new in week 24

    Dear community,

    Fixed issues:

    • Partner read-only administrators are now able to download the diagnostic files from the operations view.

    Best regards,
    EPP Team

  • Michal_Lubawy
    Michal_Lubawy W/ Member Posts: 2 Security Scout

    What's new in week 26

    Dear community,

    • "WINS" has been renamed to "Host name" in profile assignment rules.
    • Dashboard- Issue list now shows the number of untrusted devices for a company

  • Michal_Lubawy
    Michal_Lubawy W/ Member Posts: 2 Security Scout

    Hi again folks.
    Yesterdays changelog was missing a screenshot for change:
    "WINS" has been renamed to "Host name" in profile assignment rules.
    So Here you go!



  • ŁukaszDrąg
    ŁukaszDrąg W/ Member Posts: 20 Junior Protector

    What's new in week 28

    Dear community,

    New features:

    • Four new System Views have been added to Security Events
      • File detections
      • Web and Network
      • System and Applications
      • Other Elements Solutions

    Best regards,
    EPP Team

  • ŁukaszDrąg
    ŁukaszDrąg W/ Member Posts: 20 Junior Protector

    What's new in week 29

    Dear community,

    New features:

    • A new chart has been added under Security Events tab in the Reports section to show the number of events grouped by their source. 

    • Security Events can be filtered by the Target column (both in Filter Panel and as a Quick Filter).
      • filter is effective for events from the 1st of June 2023 onwards
      • for older events "Device UUID" filter should be used as a fallback option. 

    • Missing updates are now filterable by Bulletin id and KB id

    Best regards,
    EPP Team