-
[Insight] Demystifying “Living-off-the-Land” Attacks — What You Need to Know
“Living-off-the-Land” (LotL) attacks are stealthy, effective, and increasingly common. But what does it actually mean? 🔍 What is LotL? Attackers use legitimate tools already present in your environment — like PowerShell, WMI, or PsExec — to carry out malicious actions. No malware needed. ⚠️ Why It’s Dangerous Hard to…
-
System Maintenance: Tuesday 30th September 2025 - Delays in Response Action processing
We need to perform some important maintenance on the Elements systems related to processing Response Actions. This maintenance is planned to start at 8.00 UTC on September 30th, and is expected to take three hours to complete. Read the full article:…
-
Filezilla
WithSecure is blocking Filezilla.exe I can't download it, copy it or install it. This was noticed today. Why is this?
-
New version of Elements Agent for Windows (25.4)
A new version of the endpoint client is available, and this release makes the Elements Agent version 25.4 available (internal version 25.4.231). Read the full article here: https://community.withsecure.com/en/kb/articles/32248-new-version-of-elements-agent-for-windows-25-4
-
[Insight] 3 Indicators of Compromise You Can Spot Without a SIEM
Not every organization has a SIEM — but that doesn’t mean you’re flying blind. Here are three common Indicators of Compromise (IoCs) you can detect using tools you already have: 1. Unusual Process Behavior Look for processes that: Spawn unexpectedly (e.g., powershell.exe launched from Word) Run from temp folders or user…
-
Elements Portal: Duplicate Email Alerts When Forwarding Is Enabled on Customer and SOP Levels
Hi Team, when email alert forwarding is enabled on both the customer level and the SOP level (with two different email addresses configured), the same alert is sent multiple times. This causes duplicate tickets on the SOP end and unnecessary noise in downstream systems. Use Case / Example: Email alert forwarding is active…
-
When launching a quick or full scan of WITHSECURE EPP on a workstation or server, is the RAM analyze
When launching a quick or full scan of WITHSECURE EPP on a workstation or server, is the RAM analyzed? Perhaps it is already analyzed transparently? Reading through IT news, I note that hackers are increasingly using RAM loading to carry out their attacks. Clearly, EPP+EDR would make it possible to stop them...
-
Unable to export msi: the package you are exporting is outdated
Hi, I try to export an msi from the PM then get an error "The package you are exporting is outdated…" and are redirected to the WithSecure downloads. We've inported the most recent wscs-16.01.275.jar in the PM (16.10.99383). PM runs on Linux, PMC on Windows. Is there a solution for this? Kind regards, Sebastiaan
-
Upcoming Retirement of the Devices → Device Discovery Page in Elements
We would like to inform you that the Devices → Device Discovery page in Elements will be retired by the end of 2025. Read the full article here: https://community.withsecure.com/en/kb/articles/32245-upcoming-retirement-of-the-devices-device-discovery-page-in-elements
-
Characters for naming profiles
I recently renamed the profiles I have in my magnament console and noticed that synchronization with the agents took longer than usual, which is why I had a doubt about whether there is any limitation. In my case it would be with the numbers at the beginning and the "_" and "." characters. For example:…
-
Network Scan for Unmanaged Devices
Hello everyone, As a distributor for Romania, Bulgaria, and surrounding regions, we have a question regarding device visibility and management: Is there currently an option to scan the local network for unmanaged workstations or servers, by leveraging endpoints/servers that already have the WithSecure client installed? If…
-
Troubleshooting - Linux Security - Malware Protection disabled
Hello, I hope you are doing fine, I recently see an issue concerning a linux server that i manage : The malware protection is disabled But : The profile is the same as others Linux server (with scan directory set to "/"), the others linux server are working well (with malwre protection enable). More information, I tried…
-
Major Capricorn update for Endpoint Protection - September 2025
Key Improvements Optimized database & extended machine learning → reducing pattern file sizes while maintaining the same high detection rate. Component size reduction of more than 40% → from 210 MB down to 126 MB total. Faster initialization & lower memory consumption → improving overall performance on endpoints. Read the…
-
Recent Breach via Salesloft to Salesforce Drift
From a Cybersecurity article via the Cybernews web site article which reads: "Hackers, who obtained access (OAuth) tokens associated with marketing app Salesloft Drift, systematically exported large volumes of data from numerous corporate Salesforce instances.” Credentials were the main target, as the threat actor, labeled…
-
Added Filter for Patch Management and Whitelisting (EPP+EDR)
We would like to formally request the following features to be considered for implementation in WithSecure: Patch Management Filter – Ability to filter reports per hostname for easier monitoring and management. Whitelisting Enhancement – Option to prioritize or place whitelisted entries at the top of the list for better…
-
Fallback Update Server Based on Virus Definition Age
Hello, I would like to propose an idea for WithSecure Policy Manager and the WithSecure Clients. Problem: In both the past and current year, we encountered an issue where our WithSecure Policy Manager Proxy stopped downloading virus definition updates. Although the system remained reachable, clients continued to operate…
-
Withsecure alerts
Wonder whether there is a way on the portal to configure notifications to me more informative ? so rather accessing the portal, we can see which device is infected etc…
-
Important update to Exposure Management (28 August 2025) - improved coverage for RPM based Linux
We are improving coverage on findings for RPM based Linux distributions, and this is expected to be deployed to Production on 28th August 2025. Read the full article here: https://community.withsecure.com/en/kb/articles/32240-important-update-to-exposure-management-28-august-2025-improved-coverage-for-rpm-based-linux
-
WithSecure Elements Collaboration Protection and Microsoft SharePoint Embedded
On May 21st, 2024, Microsoft announced the general availability of SharePoint Embedded (Announcing SharePoint Embedded General Availability | Microsoft Community Hub ). WithSecure Elements Collaboration Protection currently does not support Microsoft SharePoint Embedded containers, as these are isolated, API-only storage…
-
Blocking Cumulative Updates in Patch Management
Hello, I would to block an update from Microsoft with ID KB5063878 in Patch Management, how can i do this, Can you tell me how can i do this please i just skip install auto : regards
-
Conflicts between WithSecure and other antivirus solutions
Can Elements Vulnerability Management be purchased separately without the antivirus component? Can i offer this solution to a client who needs a vulnerability scanner but is already using a different antivirus product? Will they be compatible, or could there be any conflicts between the two systems?
-
Photon OS Support
Linux Security support for Photon OS
-
🎥 Inside a Real-Life Ransomware Case – On-Demand Webinar
Check out the on-demand webinar Inside a Real-Life Ransomware Case featuring Tim West from WithSecure Intelligence, where he unpacks a real attack that started with a small code tweak in an open-source tool and escalated into a full-scale ransomware operation. You'll gain insights into the attacker's tactics—from initial…
-
WithSecure Monthly Threat Highlights Report
Get the latest insights from the cyber threat landscape - courtesy of WithSecure™ Countercept's own Threat Intelligence team. Subcribe to our Monthly Threat Highlights Report and other news and updates from WithSecure, by joining our mailing list. Every month, you'll see the latest highlights in the discussion thread here.…
-
Application Rules: copy and past from one profile to other/s
It would be useful if the new rules in ALLOW, "copied" from one profile to another, could be "pasted" ON TOP (the top of the destination profile list); And more: if this (point 1) could be done, also, for all profiles at the same time (past to all profiles, always al the TOP of the list), with just one click. Add more…
-
Unable to Modify or Clone Profiles in WithSecure Portal Despite Admin Rights
Hello, I'm encountering an issue in the WithSecure Elements console: Despite having full administrative rights on Collaboration Protection and full modification access for both servers and endpoints, I'm unable to modify, clone, or create new device profiles. Observed behavior: When attempting to edit any existing profile,…
-
Automated Actions Now Support Response Jobs for Identity Security for Entra ID BCDs
We are thrilled to announce that our Automated Actions feature has been extended to support running response jobs for Identity Security for Entra ID BCDs (Broad Context Detections). This enhancement is designed to provide more robust and efficient identity security management, particularly for cloud environments, ensuring…
-
New Email Notification Enhancements for Elements MDR Services
We’re excited to share an important update to the email notification system under the Detection and Response settings for Elements MDR services. These enhancements are designed to improve your experience by reducing notification volume and ensuring that the messages you receive are more relevant and actionable.…
-
Adblocker integrated into web browser extension
Hello It would be ideal not to have this feature separately with an additional third-party extension. You could integrate ad blocking, like extensions like ABP do, which remove ads directly from pages or results. Let me clarify, the idea is to remove all advertising, not block it because that is already done currently but…
-
Adding a watermark on sensitive files would be really interesting since the DATAGUARD functionality
Adding a watermark on sensitive files would be really interesting since the DATAGUARD functionality with the EPP agent. Let's imagine right-clicking on the file and then adding a watermark or even from the ELEMENTS DATAGUARD profile with a field allowing you to add a watermark to sensitive files in order to reduce the…