Product Troubleshooting What's New in Elements

April 2024

Editor’s Highlights

Our teams have been working extremely hard preparing for the launch of some new products and services at our SPHERE24 partner event late in May.

Because of this, the following summary does not contain details of everything they have been working on, and details of these will be announced after SPHERE24.

Elements Endpoint Protection

WithSecure Elements Agent for Windows workstation and servers: version 24.3

A new version of the endpoint client for Microsoft Windows is now available.

This release makes the Elements Agent version 24.3 available (internal version 24.3.300).

The endpoints automatically upgrade, without a reboot.

Features:

This release brings several enhancements and corrections, particularly focusing on installation processes, proxy management, and automated tasks.

WithSecure Element Agent for MacOS 24.1 released

This release introduces new features and fixes. Please note that this release has significant changes and customers are advised to check the linked article.

Actions required:

MDM profiles must be updated as instructed on page Release Announcement: New WithSecure client for macOS.

Added features:

This release introduces new WithSecure Elements agent update mechanisms. We are taking into use backend services that are completely distinct from the services used by F-Secure products. Therefore this release also introduces new server addresses where the endpoints connect to. Switch to the new backend services happens like the usual automatic endpoint upgrade and will require full definitions download.
The product is now signed using the WithSecure certificate and installed to the new location:

/Library/WithSecure (instead of /Library/F-Secure used for earlier versions)

/Applications/WithSecure (instead of /Applications/F-Secure used for earlier versions)

activator tool is now moved to /Library/WithSecure/bin/activator

Background connectivity checker tool is now added to the product. Client now detects and reports connectivity issues to the Element Security Center to highlight Firewall misconfiguration to the administrator.
Elements Agent is now using the new Browsing Protection extensions. If you use MDM or group policies to manage browser extensions it is recommended to allow or preinstall these extensions as instructed on page Pre-Announcement: New WithSecure client for macOS.
Auditd is not required for the sensor to function on Sonoma and we will gradually reduce dependency on auditd on older OS versions.

Fixed issues:

Performance degradation on macOS Sonoma is now fixed.

WithSecure™ Element Agent is compatible with the following versions:

macOS 12 Monterey
macOS 13 Ventura
macOS 14 Sonoma

Dropped functionality:

macOS 11 Big Sur support is discontinued. The Elements Agent won't be upgraded on Big Sur and older OS versions and will remain running the previous product version until its end of life. WithSecure recommends upgrading these endpoints to macOS 12 or above to ensure uninterrupted service. Please upgrade Elements Agent manually if the version running is 22.4 and older. Versions 23.1 and newer will be upgraded automatically.

WithSecure Elements Mobile Protection app for iOS has been released

An update to the WithSecure Elements Mobile Protection app for iOS has been released.

It includes the following new features and improvements:

Network Gateway replaces the traditional VPN feature
The app now supports the Safari extension
The app and the WithSecure Elements Endpoint Protection portal now support the following settings:
- Network Gateway
- Remind user to activate the browser plugin
- Reputation based browsing
  - Block access when web site is rated harmful
  - Block access when web site is rated as suspicious
  - Block access when web site is rated as prohibited
  - Block access when web site contains trackers
- Web content control
  - Block everything except allowed sites
  - Web site exceptions
    - Allowed sites
    - Denied sites
  - Include the blocked URLs in all security events
The app and the WithSecure Elements Endpoint Protection portal now support security events for Browsing protection
The app now supports Firebase Crashlytics
The app now handles multiple remote operations seamlessly
The app can now automatically select the appropriate VPN profile
Improvements to app stability on iPads
Improvements to app stability for non-secured HTTP traffic

WithSecure Elements Mobile Protection app for Android has been released

An update to the WithSecure Elements Mobile Protection app for Android has been released

It includes the following new features and improvements:

Support for Network Gateway was added
The app and the WithSecure Elements Endpoint Protection portal now support the following settings:
Network Gateway
Reputation-based browsing
- Block access when web site is rated harmful
- Block access when web site is rated as suspicious
- Block access when web site is rated as prohibited
- Block access when web site contains trackers
Web content control
- Block everything except allowed sites
- Web site exceptions
  - Allowed sites
  - Denied sites
Include the blocked URLs in all security events
The app and the WithSecure Elements Endpoint Protection portal now support security events for Browsing protection

It includes the following new features and improvements:

Android 9 support has been dropped, Malware Protection will be still available on these devices
Improvements to app stability
The app now allows Samsung devices to receive updates when Network Protection is turned on

Elements Vulnerability Management

EVM: System Scan

Vulnerability detections have been added for the following products in authenticated scanning on Microsoft Windows:

Microsoft Support Diagnostic Tool UAC Bypass
IBM Engineering Requirements Management DOORS
Vim

Integrations

Device subscription change

The Elements API allows a solution provider to move an endpoint device from one subscription to another.

Example query like curl -X PATCH -H "Authorization: Bearer {token}" -H "Content-Type: application/json" https:// connect.withsecure.com /devices/v1/devices -d '{"subscriptionKey": "E43V-DE4H-U2X8-87L2-438V", "targets": ["ec8a0100-d313-4896-b3cb-02188e060bf3",1c49df1a-02d9-4bc4-91db-5609b80ad709]}

{

"multistatus": [

{

"target": "ec8a0100-d313-4896-b3cb-02188e060bf3",

"status": 200

{

"target": "1c49df1a-02d9-4bc4-91db-5609b80ad709",

"status": 400,

"details": "Product transition is not allowed"

}

"transactionId": "0000-abcdef-1234"

}

From response client can find which devices have been successfully moved to a new subscription, and which ones failed to do that and why.

Other items of interest

Monthly Threat Highlights Report: March 2024

These issues underscore the diverse and evolving nature of cybersecurity threats faced by organizations in March 2024.

Political Espionage by China: The report highlights instances of political espionage by China, specifically mentioning the compromise of the UK Electoral Commission by Chinese state-sponsored attackers. This indicates a concerning trend of state-sponsored cyber attacks targeting critical government institutions, potentially for espionage or influence operations.
Increase in Ransomware Attacks: The FBI's report reveals a significant increase in ransomware attacks against critical infrastructure. The statistics show an 18% rise in reported ransomware attacks compared to the previous year, with a 74% increase in losses due to these attacks. Of particular concern is the 37% increase in attacks against critical infrastructure organizations, underscoring the heightened risk faced by essential services and infrastructure.
IoT Vulnerabilities: The report highlights significant vulnerabilities in IoT devices, such as the Saflok brand of RFID-based keycard locks used in millions of hotel doors worldwide. The slow patching process for these vulnerabilities poses a serious security risk, as only a fraction of affected locks have been updated so far. Additionally, the inclusion of CVE-2019-7256 in the Nice Linear eMerge E3-Series operating system further emphasizes the critical need for timely patching to prevent remote code execution attacks.
Cybersecurity Industry Disagreements: The disagreements between cybersecurity organizations, such as JetBrains and Rapid7, over responsible disclosure practices, and the dispute between CISA and Ivanti regarding the effectiveness of detection and remediation tools, highlight internal challenges within the industry. These disagreements can impact collaboration and information sharing, potentially hindering collective efforts to combat cyber threats effectively.
Ransomware Industry Updates: Recent developments in the ransomware industry, including the closure of major players like BlackCat/ALPHV and the subsequent crisis of trust within the Ransomware as a Service sector, demonstrate the dynamic nature of cyber threats. The exit scam carried out by BlackCat/ALPHV against their affiliates, coupled with the takedown of Lockbit, underscores the ongoing battle between defenders and threat actors in the ransomware landscape.

Download report

Share your ideas with us

Our purpose is to co-secure the world with you – now as WithSecure™. To co-create the best possible cyber security products and services, we warmly recommend you share your ideas via our Ideas Portal, now accessible directly from WithSecure™ Elements Security Center.

Further information

Changelogs and Release Notes for all parts of WithSecure™ Elements can be found at the Help Center