Editor’s Highlights
New products and services launched at SPHERE24
We recently held out annual partner event SPHERE in Helsinki, and during this we announced several new products and services.
You can find out more about these new launches in a dedicated Community article
Removal of old F-Secure.com domain names for WithSecure Elements
As announced early in 2023, we have changed all of our domain names used by WithSecure Elements to use the withsecure.com address space. Until recently, the old elements.f-secure.com redirected to elements.withsecure.com, but now that redirection has been removed as we no longer have any influence on f-secure.com.
Please always use to access the Elements Security Center. We recommend you add this to your browser bookmarks, and remove any old entries using elements.f-secure.com
Elements Security Center
New UI for the connector profiles
Added "Not within" filter option to Devices view filter panel
Custom reports from templates
We have added a view template selector that allows the creation of multiple custom reports. Once a view is created, it can be part of an organization, making it visible to all admins within the same organization. We have also introduced system view templates to provide basic default view that is a generic example of widgets. You can set what is your default view or hide default and organization views that are not useful to you.
Elements Endpoint Protection
Rollback Enabled by default
After some careful consideration, we have now enabled by default the Rollback feature of Windows EPP in the WithSecure supplied profiles.
As Ransomware attacks are becoming more prevalent, we feel that this functionality is more and more important for our partners and customers.
We strongly recommend that all partners and customers enable this feature, as it will help prevent unwanted outcomes when a Ransomware is detected.
WithSecure Element Agent for Mac: Version 24.1.52031
A new version of WithSecure™ Elements Agent for Mac has now rolled out to Production and is available for all customers.
Actions required:
MDM profiles must be updated as instructed in the dedicated article for this release
You can update products deployed by MDM using the first time installer.
This release introduces new WithSecure Elements agent update mechanisms. We are taking into use backend services that are completely distinct from the services used by F-Secure products. Therefore this release also introduces new server addresses where the endpoints connect to. Switch to the new backend services happens like the usual automatic endpoint upgrade and will require full definitions download.
- The product is now signed with WithSecure signature and installed to the new location:
/Library/WithSecure (instead of /Library/F-Secure used for earlier versions)
/Applications/WithSecure (instead of /Applications/F-Secure used for earlier versions)
activator tool is now moved to /Library/WithSecure/bin/activator
- Background connectivity checker tool is now added to the product. Client now detects and reports connectivity issues to the Element Security Center to highlight Firewall misconfiguration to the administrator.
- Elements Agent is now using the new Browsing Protection extensions. If you use MDM or group policies to manage browser extensions it is recommended to allow or preinstall these extensions as instructed on page Announcement: New WithSecure client for macOS.
- Auditd is not required for the sensor to function on Sonoma and we will gradually reduce dependency on auditd on older OS versions.
WithSecure™ Element Agent is compatible with the following versions:
- macOS 12 Monterey
- macOS 13 Ventura
- macOS 14 Sonoma
Dropped functionality:
- macOS 11 Big Sur support is discontinued. Elements Agent won't be upgraded on Big Sur and older OS versions and will remain running the previous product version until its end of life. WithSecure recommends upgrading these endpoints to macOS 12 or above to ensure uninterrupted service. Please upgrade Elements Agent manually if the version running is 22.4 and older. Versions 23.1 and newer will be upgraded automatically.
WithSecure Element Mobile Protection for IOS 24.4.10902
An update to the WithSecure Elements Mobile Protection app for iOS (24.4.10902) has been released.
It includes the following new features and improvements:
- Improved the app battery consumption
- Removed the security parameter "Available Disk Space" to comply with the latest Apple regulations
- Updated the port used by Network Gateway to avoid interference with other standalone applications
- The app now handles profile settings even when it is not running
- The app now sends upstream data even when it is not running
Elements Endpoint Detection and Response
EDR: Accepted Behavior
We're excited to announce the introduction of the Accepted Behavior feature! This powerful tool allows you to create suppression rules that recognize and accept user or process behavior, effectively silencing BCDs for expected activities.
Discover more about this feature here.
Elements Vulnerability Management
EVM: System Scan
Authenticated scanning for Windows can now detect vulnerabilities in the following products:
- Splunk Universal Forwarder
- Veeam Service Provider Console
- SketchUp Viewer
- Veritas Backup Exec Remote Agent
- Quest KACE Agent
- R for Windows
- Intel Media SDK
- JAVS Viewer
- Intel Processor Diagnostic Tool
- Intel Inspector
Integrations
Withsecure Elements API
List created response actions.
Advance response action is a feature that allows responders to execute actions directly on attack targets when an attack is detected in order to aid with the incident investigation and containment.
Listing of response actions with filtering is now available with Elements API.
Example query like curl -X GET -H "Authorization: Bearer {token}" https://api.connect.withsecure.com/response-actions/v1/responses?organizationId={organizationId}&order=asc
{
"items": [
{
"id": "18f99eba-81a0-4000-8b87-366b26bb7c01",
"type": "string",
"state": "created",
"progress": {
"devicesCount": 0,
"pendingTasksCount": 0,
"errorTasksCount": 0,
"activeTasksCount": 0,
"completedTasksCount": 0,
"successfullyCompletedTasksCount": 0
},
"createdTimestamp": "1970-01-01T00:00:00.000Z",
"updatedTimestamp": "1970-01-01T00:00:00.000Z",
"devices": [
{
"deviceId": "18f99eba-81a0-4000-8ac9-f6243f1f6901"
}
],
"author": {
"id": "18f99eba-81a0-4000-8906-2164b4581501",
"source": "oneId",
"username": "string"
},
"comment": "string",
"result": "succeeded"
}
],
"nextAnchor": "string"
}
|
|---|
|
The response contains the list of created response actions for the organization. It contains action type, creation time, result and other parameters.
A new integration of WithSecure™ Elements via Function for Microsoft Sentinel
WithSecure™ Elements via Function for Microsoft Sentinel has been published in the Azure marketplace.
The new integration is more secure, serverless and requires no maintenance from the customer. It brings all security events supported by the Elements API to MS Sentinel.
You can find out more at the dedicated community article
In case you missed it
End of Installation support for deprecated Elements Agent registration API
We will be stopping installation for very old installers, and you can find out more details in the dedicated article
Do note that all current installers will still work correctly. This only affects installers we produced some time ago, so we recommend always using the latest installer to deploy our products.-
Share your ideas with us
Our purpose is to co-secure the world with you – now as WithSecure™. To co-create the best possible cyber security products and services, we warmly recommend you share your ideas via our Ideas Portal, now accessible directly from WithSecure™ Elements Security Center.
Further information
Changelogs and Release Notes for all parts of WithSecure™ Elements can be found at the Help Center
