Product Troubleshooting What's New in Elements

February 2024

Editor’s Highlights

Elements Endpoint Agent is now available for Windows running on the ARM64 processor!

Find out more in the Elements Endpoint Protection section.

Elements Security Center

Elements Portal: Multi-Factor Authentication (MFA) Banner

As every administrator should activate MFA to keep their company (and customers) safe, Element Security Center is now displaying a red banner each time an administrator logs without MFA.

By clicking on "here" in the banner, the administrator can easily activate MFA by clicking on "enable" in the My Settings view.

Reminder: From Security administrator table under organization settings, you can and should verify that all administrator in your organization have enabled MFA.

New features

Admins can now select the time zone they want to use when configuring Email reports.

Improvements

EDR device classification confidence is now visible in the device listing.
Vulnerability counters are now displayed as icons in the device listing.

Elements Endpoint Protection

Elements Agent: Windows Workstations & Servers

On 2 April 2024 Elements Agents will switch to WithSecure browser extensions:

If you use MDM or group policies to manage browser extensions it is recommended to allow or preinstall these extensions in advance.

You can follow instructions Setting up Browsing Protection via GPO user guide and use following IDs:

Google Chrome: imdndkajeppdomiimjkcbhkafeeooghd
Microsoft Edge: aambijcigikmdoehgjhdepcpieghopdl
Mozilla Firefox:
- Extensions to install: https://download.withsecure.com/online-safety/ws_firefox_https.xpi

Any old F-Secure extension IDs can be removed from MDM or group policies later in March after the switch.

The same extensions will be later used in next versions of Elements EPP for Mac.

WithSecure Elements Agent for Windows version 24.2

A new version of the endpoint clients is now available, and this release makes the Elements Agent version 24.2 available (internal version 24.2.187).

The endpoints automatically upgrade, without a reboot.

This release introduces new features and fixes.

Features:

This release introduces new WithSecure Elements agent update mechanisms.
- We are taking into use new backend services that are completely distinct from the services used by F-Secure products. Therefore this release also introduces new server addresses where the endpoints connect to. Switch to the new backend services happens like the usual automatic endpoint upgrade. It requires minimal extra bandwidth.
Note that if endpoint is missing the ACS (Azure Code Signing) dependencies it won't be upgraded automatically to 24.2 (and will be automatically upgraded once there is no ACS issue anymore). For more information please see our community article
We are pleased to announce that version 24.2 of 'WithSecure Elements EPP for Computers' and 'WithSecure Elements EPP for Computers Premium' introduces support for Windows ARM64 devices. The following features are supported:
- Heuristic & behavioral analysis
- DeepGuard
- Extensive web protection
- Firewall management
- Integrated patch management
- Device control
- Rollback

Elements Vulnerability Management

EVM: System Scan

We have now added vulnerability detection capabilities for the following products to authenticated scanning for Windows:

Mullvad VPN
FileZilla Client
Regify Regipay Client
Dell Pair
OpenEXR Viewer
Citrix StoreFront
SolarWinds Access Rights Manager
ockwell FactoryTalk Activation Manager
MOVEit Automation
Acronis Cyber Protect Cloud Agent
Qlik NPrinting Designer
Qlik GeoAnalytics
UltraVNC
Trend Micro Apex Central
Autodesk Design Review
PDF24 Creator
Datto RMM (Remote Monitoring and Management)
PeaZip
TightVNC
Intel Extreme Tuning Utility
Intel Memory and Storage Tool
Wix Toolset
ZED! and ZED! Free
PRIMX ZONECENTRAL
ConnectWise ScreenConnect

Integrations

Elements Connector: new release 24.05

A new release 24.05 has been rolled out with the following changes:

Support Event Forwarding for Elements Collaboration Protection security events

Support serving updates from new WithSecure GUTS2 update server

This change ensures, that WithSecure Elements endpoint agents can receive updates via Elements Connector, when using the new WithSecure GUTS2 server address.

More about the related network address changes can be found from here

GUTS2 update server connectivity indicators in Elements Security Center

In this release we will highlight if GUTS2 server addresses are unreachable, and managed clients might stop receiving updates when using Elements Connector for caching updates.

This warning will be visible as a warning in Connector device view in Elements Security Center:

Improvements for upgrade installation on RPM-based Linux systems

Improvements for installation on Windows

The new version is available as a first-time installer, as well as a channel upgrade.

Elements API: Change log

Device statistics

Elements API client can read statistics of EPP devices from query endpoint. When request contains HTTP header Accept: application/vnd.withsecure.aggr+json Elements API selects all devices matching query parameters and depending on query parameters and groups items by selected property. If client requests histogram then API return statistics for last 30 days.

Device count

Elements API uses value of parameter count which represents name of property that is used to group devices by. In response API return list of items where each one represents different value of property and number of devices having such value.

Example query like curl -v -X GET-H "Accept: application/vnd.withsecure.aggr+json" "https://api.connect.withsecure.com/devices/v1/devices?count=protectionStatus" groups devices by property protectionStatus.

{

"items" : [

{ "count" : 1, "protectionStatus" : "isolated" } ,

{ "count" : 16, "protectionStatus" : "malwareIssue" },

{ "count" : 4, "protectionStatus" : "notConnected" },

{ "count" : 88, "protectionStatus" : "protected" },

{ "count" : 11, "protectionStatus" : "subscriptionExpired" }

]

}

From response client can find that query found:

1 device with protection status equal isolated
16 devices with protection status equal malwareIssue
4 devices with protection status equal notConnected
88 devices with protection status equal protected
11 devices with protection status equal subscriptionExpired

Device histogram

Elements API uses value of parameter histogram which represents name of property that is used to group devices by. In such case API return statistic for each day in last 30 day. Response contains list of items sorted in descending order where each element has format

{ "count": <number of devices>, <name of property>: <value of property>, "date": <statistic date> }

Example query like curl -v -X GET-H "Accept: application/vnd.withsecure.aggr+json" "https://api.connect.withsecure.com/devices/v1/devices?histogra=protectionStatus" generates histogram for property protectionStatus .

{

"items" : [

{ "count" : 1, "protectionStatus" : "isolated", "date": "2024-02-14"},

{ "count" : 16, "protectionStatus" : "protected", "date": "2024-02-14"} ,

{ "count" : 5, "protectionStatus" : "isolated", "date": "2024-02-13"},

{ "count" : 12, "protectionStatus" : "protected", "date": "2024-02-13"}

]

}

From response client can find that:

on 2024-02-14:

there was 1 device with protection status equal isolated
16 devices with protection status equal protected

and on 2024-02-13

there were 5 devices with protection status equal isolated
12 devices with protection status equal protected

Share your ideas with us

Our purpose is to co-secure the world with you – now as WithSecure™. To co-create the best possible cyber security products and services, we warmly recommend you share your ideas via our Ideas Portal, now accessible directly from WithSecure™ Elements Security Center.

Further information

Changelogs and Release Notes for all parts of WithSecure™ Elements can be found at the Help Center