WithSecure Managed Detection and Response (MDR) client has been installed to a server but the device is not shown / visible in the WithSecure Countercept portal.
The MDR client requires a network connection to operate properly. It silently collects activity from the endpoint on which it is installed and then submits a representation of this data to the WithSecure backend.
To guarantee proper transmission, the endpoints need to be able to communicate over HTTP and HTTPS with various subdomains owned by F-Secure:
Also, the client's response functionality requires access to the following domains in Amazon Web Services:
- *.f-secure.com (ports 80 and 443)
- *.fsapi.com (port 443)
You must also allow connections to the digicert.com domain as well, as the Windows API may need to verify WithSecure services that are signed with a certificate that is issued by Digicert. If you have allowed traffic for the above domains, please create fsdiag file from the client for further check, note that MDR does not allow TLS interception, configure your proxy to do not inspect the traffic.
- ac3ujg1ortm4c-ats.iot.eu-west-1.amazonaws.com (port 443, Windows 7 and 2012: port 8883)
- c3hquxgihnj763.credentials.iot.eu-west-1.amazonaws.com (port 443)
- ew1-famp-prd-system-transfer.s3.eu-west-1.amazonaws.com (port 443)
If the issue persists, you may run our Connectivity Checker tool to determine what addresses are needed to be open in your firewall: https://download.sp.f-secure.com/connectivitytool/ConnectionChecker.exe
The issue could also be related to certificates. Do reinstall the certs and reboot the server for the changes to take effect.
If you are using proxy.f-secure.com, you need to allow two IP-addresses 22.214.171.124 and 46.338.136.158 + Port 8080 or 443 from the Firewall. It is recommended to use 8080 and traffic is still encrypted so TLS goes inside the port.
Lastly, ensure that these certificates in the host are valid:
If connectivity and certificates are OK, make sure that you have the required Azure Code Signing (ACS) Windows updates installed on the server or workstation: Changes in support on Microsoft Windows – Minimum patch level. - WithSecure Community
Without Azure Code Signing support, the Ultralight Core update will fail to install which will lead to fsatpn.exe and fsatpl.exe processes not being able to start.
Article no: 000037473