Elements Endpoint Protection
Early Access for pre-release builds is now available for Mac and Windows
Early Access is available in the general settings section of the Mac and Windows profiles. After a device is assigned a profile with this setting enabled, it will receive the latest product version before it is released to channels for the silent upgrade. The upgrade will still happen silently and identical to the regular update. We reserve up to 2 weeks for the build to be available in Early Access before it is pushed to all the clients. We also may reduce the early access stage to the minimum in case a release contains some urgent vulnerability fixes. We strongly encourage using the Early Access feature to verify upcoming changes, before they are applied to the real production fleet environment.
Computer Protection and EDR for Mac build 42929
We released a new version of the Elements product for Apple Mac computers. As part of this release, the device serial number is now reported to the portal and is visible in the device details, which may help the administrator identify the device better. Another improvement was made in the performance of the Xfence functionality.
With the same release, support for macOS 10.14 Mojave was removed.
This new release is available for download in the Elements Security Center and as the pilot release through Early Access mentioned above.
Elements Endpoint Protection for Windows has been updated for the WithSecure brand
We have a new version of the Windows client software available, which introduces the WithSecure brand, together with several new features:
- This release introduces WithSecure brand. Note that client has also a new icon in System tray.
- Information about default browser is sent to portal, which can help the administrator solving potential issues.
- Multiple improvements for Vulnerability Management module.
- Software Updater now supports an option to allow or disable installation of unsigned updates. This has been added as some third party applications supported by Software Updater are released without a digital signature.
- The administrator can choose to hide exclusions from the local user.
- A custom network isolation message can be shown when isolating the computer.
- The “App and file control” dialog has a new tab "Vaults". It lists vaults that are configured on the computer.
At the moment, this release is available through the Early Access program, and will become generally available starting on 9th May. Please note that the update of clients will be made gradually, so some customers will not receive it immediately at that time.
New Elements Mobile Protection for Android has been released
With the latest release of Elements Mobile Protection for Android, we have made it possible for the administrator to force a scheduled scan on the device. This can be a requirement for some customers, particularly if they require certification.
Additionally:
- The last scan report is now visible in the WithSecure Elements Security Center, under the Endpoint Protection section.
- Network Protection can now be turned off and locked in the WithSecure Elements Security Center.
Elements Endpoint Detection and Response
Elements Endpoint Detection and Response – Software reputation information
EDR software reputation information has been improved to have more complete reputation coverage. Each application software that is detected to be running in the endpoint has full sub-component information available with version and reputation.
Elements Collaboration Protection
This month, we’ve made several releases to Elements Collaboration Protection. These releases include several usability improvements, extended administrator permissions controlling the modification and authorization of cloud services, and improved details in the Quarantine.
While we were making the releases, we also fixed several issues that had been reported, and added translations to some texts that were previously only shown in English.
Elements Vulnerability Management
Elements Vulnerability Management – Spring4shell detection
We’re constantly looking at reported vulnerabilities in software, both our own and that provided by third party vendors. One high-profile vulnerability recently was in the Spring framework used by many vendors, reported as CVE-2022-22965 and called Spring4shell.
During April, we added detection for this vulnerability to Elements Vulnerability Management, and this can be used by customers to see if they are affected.
Another area of improvement in Elements Vulnerability Management is the scheduling and download of reports in various formats, including XML, Excel, or Word. It’s possible to automatically send a link to these reports by email, optionally setting a lifetime on the availability.
Elements Security Center
During April, several updates were made to the Elements Security Center.
The features and improvements include
- Select-box with search to choose profile to assign in the new Computers PILOT view (Devices)
- Predefined profiles were renamed to use the new WithSecure™ brand name from F-Secure
- You can now enable or disable EDR sensor on the device without the need to change the subscription type or the subscription key.
Other items of interest
WithSecure™ Preference Center relaunched
Our partners & clients can subscribe to our newsletters, event invitations, offers and other marketing messages.
Elements Connector general availability
We have now made the Elements Connector available for all customers. This application performs several useful actions which can help the administrator:
- Integration with third-party monitoring and SIEM systems, including Splunk.
- Reduce bandwidth usage by caching antimalware and software updates.
- Proxying of updates and upstream information.
- Managed through Elements Security Center
- Automatically updated when a new version is released.
The Elements Connector is available for free from the Elements Security Center in the EPP Downloads section.
For further details, please see the Getting Started Guide
Customers using this release should especially note that the installer currently available requires this hotfix to be applied, which provides an updated Spring Framework (5.2.20), which fixes recently reported vulnerability CVE-2022-22965.
With the release of Elements Connector, we are dropping support for the F-Secure Endpoint Proxy, and customers using that should take the Elements Connector into use at their earliest opportunity. Customers still using the F-Secure Endpoint Proxy should note that it is also vulnerable to CVE-2022-22965, and should be replaced with the Elements Connector.
In case you missed it
Endpoint Protection API new security events listing
Some partners and customers integrate their internal systems to our Elements systems via an API, and we have recently made some changes.
Security Events provides extensive data on activities that the WithSecure engines detected. In addition to infections, it also reports security events generated by application control, Dataguard, tamper protection, browsing protection.
Two new API endpoints below provide listing by company or partner but also filtering (e.g. by device, by engine)
https://connect.withsecure.com/api-reference/psb#get-/companies/-companyUuid-/security-eventshttps://connect.withsecure.com/api-reference/psb#get-/partners/-partnerUuid-/security-events
As we are moving forward with the Security Events which contains infection information and much more, we are deprecating the old infections endpoint and customers using it should start to use the Security Events endpoints at their earliest opportunity.
The following infections Endpoint will stop working by 29.10.2022
https://connect.withsecure.com/api-reference/psb#get-/companies/-companyId-/infectionshttps://connect.withsecure.com/api-reference/psb#get-/companies/-companyUuid-/computers/-computerId-/infectionshttps://connect.withsecure.com/api-reference/psb#get-/partners/-partnerId-/infections
Further Information
Changelogs and Release Notes for all parts of WithSecure™ Elements can be found at the Help Center
