-
Browsing Protection - Adding New Allowed/Denied Sites
Can we move new entries for allowing/denying sites up top near the Add Sites button? It is a hassle if there is already a long list of sites and we have to scroll down every time we add individual sites.
-
Changing layout of the Browsing Protection reminder
I would like for the WithSecure team to change the way users are reminded to activate their browser security extensions. I believe the current process is too confusing for the average user to actually do it. This would lead to many tickets to IT, asking to stop the reminders… Picture this: When activating the "Remind user…
-
Intune MDM
How to Allow System Extension, Driver Extension & Network Extension using MDM profile?Is there any workaround to auto-approve the Network Extension without user interaction on macOS? I'm currently using Intune as my Device Management Solution. I have done creating the policy for extension for another permissions,
-
Notify if the copy of Windows is activated.
Notify if the copy of Windows is activated. Between connection errors to Microsoft servers, forgotten product activations, and the addition of resources awaiting funding, it would be useful to have this display to ensure that the server farm is compliant since ELEMENTS.
-
[Insight] 3 Questions to Ask When Assessing Your Incident Readiness
Incident readiness isn’t just about having tools — it’s about knowing how to use them when it counts. Start with these three questions: 1. Do You Know What “Normal” Looks Like? If you don’t know your baseline, you won’t spot anomalies. 🛠 Use WithSecure Elements to establish behavioral baselines. 2. Can You Contain an…
-
Desktop Remote Location Locking
Hi everybody, I’d like to remotely lock a colleague’s computer, which is likely lost. Initially, I want to lock it to give us a chance to recover it, and then proceed with a remote wipe if we can’t locate it. Does WithSecure offer these features, and if so, how can I implement them? Thanks very much. Yoh from France
-
[Insight] Demystifying “Living-off-the-Land” Attacks — What You Need to Know
“Living-off-the-Land” (LotL) attacks are stealthy, effective, and increasingly common. But what does it actually mean? 🔍 What is LotL? Attackers use legitimate tools already present in your environment — like PowerShell, WMI, or PsExec — to carry out malicious actions. No malware needed. ⚠️ Why It’s Dangerous Hard to…
-
System Maintenance: Tuesday 30th September 2025 - Delays in Response Action processing
We need to perform some important maintenance on the Elements systems related to processing Response Actions. This maintenance is planned to start at 8.00 UTC on September 30th, and is expected to take three hours to complete. Read the full article:…
-
Filezilla
WithSecure is blocking Filezilla.exe I can't download it, copy it or install it. This was noticed today. Why is this?
-
New version of Elements Agent for Windows (25.4)
A new version of the endpoint client is available, and this release makes the Elements Agent version 25.4 available (internal version 25.4.231). Read the full article here: https://community.withsecure.com/en/kb/articles/32248-new-version-of-elements-agent-for-windows-25-4
-
[Insight] 3 Indicators of Compromise You Can Spot Without a SIEM
Not every organization has a SIEM — but that doesn’t mean you’re flying blind. Here are three common Indicators of Compromise (IoCs) you can detect using tools you already have: 1. Unusual Process Behavior Look for processes that: Spawn unexpectedly (e.g., powershell.exe launched from Word) Run from temp folders or user…
-
Elements Portal: Duplicate Email Alerts When Forwarding Is Enabled on Customer and SOP Levels
Hi Team, when email alert forwarding is enabled on both the customer level and the SOP level (with two different email addresses configured), the same alert is sent multiple times. This causes duplicate tickets on the SOP end and unnecessary noise in downstream systems. Use Case / Example: Email alert forwarding is active…
-
When launching a quick or full scan of WITHSECURE EPP on a workstation or server, is the RAM analyze
When launching a quick or full scan of WITHSECURE EPP on a workstation or server, is the RAM analyzed? Perhaps it is already analyzed transparently? Reading through IT news, I note that hackers are increasingly using RAM loading to carry out their attacks. Clearly, EPP+EDR would make it possible to stop them...
-
Unable to export msi: the package you are exporting is outdated
Hi, I try to export an msi from the PM then get an error "The package you are exporting is outdated…" and are redirected to the WithSecure downloads. We've inported the most recent wscs-16.01.275.jar in the PM (16.10.99383). PM runs on Linux, PMC on Windows. Is there a solution for this? Kind regards, Sebastiaan
-
Upcoming Retirement of the Devices → Device Discovery Page in Elements
We would like to inform you that the Devices → Device Discovery page in Elements will be retired by the end of 2025. Read the full article here: https://community.withsecure.com/en/kb/articles/32245-upcoming-retirement-of-the-devices-device-discovery-page-in-elements
-
Characters for naming profiles
I recently renamed the profiles I have in my magnament console and noticed that synchronization with the agents took longer than usual, which is why I had a doubt about whether there is any limitation. In my case it would be with the numbers at the beginning and the "_" and "." characters. For example:…
-
Network Scan for Unmanaged Devices
Hello everyone, As a distributor for Romania, Bulgaria, and surrounding regions, we have a question regarding device visibility and management: Is there currently an option to scan the local network for unmanaged workstations or servers, by leveraging endpoints/servers that already have the WithSecure client installed? If…
-
Troubleshooting - Linux Security - Malware Protection disabled
Hello, I hope you are doing fine, I recently see an issue concerning a linux server that i manage : The malware protection is disabled But : The profile is the same as others Linux server (with scan directory set to "/"), the others linux server are working well (with malwre protection enable). More information, I tried…
-
Major Capricorn update for Endpoint Protection - September 2025
Key Improvements Optimized database & extended machine learning → reducing pattern file sizes while maintaining the same high detection rate. Component size reduction of more than 40% → from 210 MB down to 126 MB total. Faster initialization & lower memory consumption → improving overall performance on endpoints. Read the…
-
Recent Breach via Salesloft to Salesforce Drift
From a Cybersecurity article via the Cybernews web site article which reads: "Hackers, who obtained access (OAuth) tokens associated with marketing app Salesloft Drift, systematically exported large volumes of data from numerous corporate Salesforce instances.” Credentials were the main target, as the threat actor, labeled…
-
Added Filter for Patch Management and Whitelisting (EPP+EDR)
We would like to formally request the following features to be considered for implementation in WithSecure: Patch Management Filter – Ability to filter reports per hostname for easier monitoring and management. Whitelisting Enhancement – Option to prioritize or place whitelisted entries at the top of the list for better…
-
Fallback Update Server Based on Virus Definition Age
Hello, I would like to propose an idea for WithSecure Policy Manager and the WithSecure Clients. Problem: In both the past and current year, we encountered an issue where our WithSecure Policy Manager Proxy stopped downloading virus definition updates. Although the system remained reachable, clients continued to operate…
-
Withsecure alerts
Wonder whether there is a way on the portal to configure notifications to me more informative ? so rather accessing the portal, we can see which device is infected etc…
-
Important update to Exposure Management (28 August 2025) - improved coverage for RPM based Linux
We are improving coverage on findings for RPM based Linux distributions, and this is expected to be deployed to Production on 28th August 2025. Read the full article here: https://community.withsecure.com/en/kb/articles/32240-important-update-to-exposure-management-28-august-2025-improved-coverage-for-rpm-based-linux
-
WithSecure Elements Collaboration Protection and Microsoft SharePoint Embedded
On May 21st, 2024, Microsoft announced the general availability of SharePoint Embedded (Announcing SharePoint Embedded General Availability | Microsoft Community Hub ). WithSecure Elements Collaboration Protection currently does not support Microsoft SharePoint Embedded containers, as these are isolated, API-only storage…
-
Blocking Cumulative Updates in Patch Management
Hello, I would to block an update from Microsoft with ID KB5063878 in Patch Management, how can i do this, Can you tell me how can i do this please i just skip install auto : regards
-
Conflicts between WithSecure and other antivirus solutions
Can Elements Vulnerability Management be purchased separately without the antivirus component? Can i offer this solution to a client who needs a vulnerability scanner but is already using a different antivirus product? Will they be compatible, or could there be any conflicts between the two systems?
-
Photon OS Support
Linux Security support for Photon OS
-
🎥 Inside a Real-Life Ransomware Case – On-Demand Webinar
Check out the on-demand webinar Inside a Real-Life Ransomware Case featuring Tim West from WithSecure Intelligence, where he unpacks a real attack that started with a small code tweak in an open-source tool and escalated into a full-scale ransomware operation. You'll gain insights into the attacker's tactics—from initial…
-
WithSecure Monthly Threat Highlights Report
Get the latest insights from the cyber threat landscape - courtesy of WithSecure™ Countercept's own Threat Intelligence team. Subcribe to our Monthly Threat Highlights Report and other news and updates from WithSecure, by joining our mailing list. Every month, you'll see the latest highlights in the discussion thread here.…