Editor’s Highlights
During January, we released updates to most of our endpoint clients, as well as many changes to the products that reside in the cloud.
For Exposure Management, we have introduced a new Executive Summary report (currently in Beta), which is intended for senior management reporting.
Extended Detection and Response
Endpoint Protection
Elements Mobile Protection for IOS
An update to the WithSecure Elements Mobile Protection app for iOS (version 25.1.11308) was released on January 3, 2025.
What’s new:
WithSecure Elements Agent for macOS 25.1 – General availability
WithSecure Elements Agent macOS 25.1.54172 has been released to general availability (GA) on 3rd of February 2025.
This release brings
- Improved migration support from Client Security to Elements
Automatic un-installation of Client Security and activating newly installed Elements with key and profile id from installer package
- Improved migration support from Countercept to Elements
- Improved shutdown process for swupd
- Delayed wssensord start-up until sensor db has been downloaded
Sensor db is preserved during upgrade (for immediate sensor restart after upgrade)
- Hide Elements Agent user interface completely when subscription is for EDR only
Fixes
- Incorrect swupd process start-up (swupd process was launched incorrectly in some cases)
- Remote scan of software updates failed sometimes
- Software updater process sometimes failed to communicate with admind
The installer can be downloaded from here.
Elements Agent macOS 25.1.54172 supports following macOS versions:
- macOS 15 Sequoia
- macOS 14 Sonoma
- macOS 13 Ventura
WithSecure Elements Agent for Workstation and Server
A new version of the endpoint client for Microsoft Windows is available. This release makes the Elements Agent version 25.1 available (internal version 25.1.85).
The endpoints automatically upgrade, without a reboot.
This release introduces new features and fixes.
Features:
- We have improved reporting of user principal name and user logon time for Entra ID users.
- Agent now sends more detection data to the portal.
- Agent reports two new security parameters to the portal:
- Allow log on through Remote Desktop Services:Lists users or groups that can access the sign-in screen of a remote device through a Remote Desktop Services connection.
- Deny log on through Remote Desktop Services:Lists users that are prevented from logging on to the device through a Remote Desktop connection through Remote Desktop Services.
OPSWAT certification is pending and newly released version will be added to the WithSecure - OPSWAT site as soon as the product is certified.
Endpoint Detection and Response
EDR: Fix for Advanced Response Display Issue in Elements Security Center
We recently addressed an issue where the Elements Portal dashboard incorrectly displayed Advanced Response as disabled on multiple hosts, even though it was enabled and functioning locally.
Resolution & Next Steps:
- The Advanced Response status should now display correctly in the portal indicating if the feature is enabled in the profile, regardless of whether a device is online or offline.
- If Advanced Response still appears as disabled, ensure that the profile setting is enabled.
- You can verify the Advanced Response status by adding the "Advanced Response" column to the device list view (this column is hidden by default).
Thank you for your patience!
Email and Collaboration Protection
We're pleased to introduce a new feature that lets you tailor notifications for disallowed file types.
Configuring Disallowed File Types:
- Go to the Policies view and select the Exchange tab.
- Click Malware Scanning.
- Under Disallowed file types, click Configure file types to specify which file types should be blocked.
Customizing Notifications:
- In the Policies view, navigate to the Exchange tab.
- Select Notifications.
- Under Notifications for Disallowed Content, customize the templates for both users and admins.
Click Save to apply your changes.
Important Notes:
- Ensure the policy is assigned to the cloud connection for it to take effect.
- To notify admins, the Admins Notification feature must be enabled.
Identity Security
WithSecure Elements Identity Security – General Availability
WithSecure Elements Identity Security is now officially in General Availability (GA) as of January 13, 2025.
Key highlights and features:
Enhanced detection logic for Business Email Compromise (BEC) attacks: Improved detection of email clients commonly used by attackers in BEC scenarios.
Identity Response actions: A major enhancement that enables Elements users to take immediate action to prevent attack impact. Identity Response actions are now available in the "Quick actions" section of Broad Context Detections (BCDs). Actions include:
Ending a compromised user’s current session
Resetting the password
Blocking user access
These actions integrate directly with Entra ID and are triggered with a single button press.
Luminen GenAI for Identity-based Broad Context Detections: This feature provides clear, actionable advice to assist with investigations, making responses easier and faster.
Exposure Management
Executive Summary PDF Report (Beta)
The executive summary PDF report is now available as a beta feature. Access it through: Home → Exposure.
Elevate to WithSecure Flow Improvements
Elevations can now be re-opened for up to 30 days after being closed, improving flexibility and workflow.
Improved Finding Detail Page
For VM System Scan findings, a link to the VM Scan page related to the finding has been added to the Finding Detail Page for easier navigation.
Identity Table to Exposure Findings Link Enhanced
The linkage between the Identities table (Environment → Identities → View Findings) and the Exposure findings table (Environment → Exposure → Findings tab) has been improved.
The landing view now displays findings specific to the selected identity, simplifying the user experience.
New Label for Exploitable Recommendations
The Highest Impact Recommendations table (Home → Exposure) now includes a new label, "Exploit exists", to indicate when findings have known exploits based on threat intelligence data.
Enhanced Attack Path Details
The Attack Path details page has been improved for better usability and clarity.
Vulnerability Management
EVM System Scan
Support for detecting vulnerabilities in the following products was added to Authenticated Scanning:
- ACAT
- Amazon AppStream 2.0 Client
- Amazon DCV Client
- Amazon Redshift JDBC Driver
- Amazon Redshift ODBC Driver
- Apache Struts 2
- BeyondTrust Privileged Remote Access
- Chatwork
- Hasleo Backup Suite
- Intel Context Sensing Technology
- Intel Driver & Support Assistant
- Intel oneAPI DPC++/C++ Compiler
- Intel OSPRay Studio
- Intel OSPRay
- Thunderbolt Share
- Samsung Magician
- WinZip
- Zemana AntiLogger
Exposure Management for Cloud
- New feature to retrieve list of all resources belonging to a customer.
- New rules to find GuardDuty misconfigurations
- Improved performance and removal of False Negative for MFA Detection
- Bug fixes and stability improvements in the scanner.
- More accurate calculations for large numbers of accounts when processing finding and results.
- Improve performance of scanner
Elements Foundations
Elements Security Center
Elements Endpoint Protection Portal
Improved Unmanaged Devices view:
- Consistent Layout – The page layout now aligns with other Device tabs.
- Enhanced Filtering – The unmanaged devices view now supports flexible filtering, similar to other Device tabs.
- Better Search & Sorting – You can now search and sort devices by UUID and labels.
- Customization Options – Added support for column selection, saved views, and row count customization.
- Limited Remote Actions – Unmanaged devices now support actions such as managing labels, updating importance and comments, and removing devices.
- Streamlined Scan Configuration – The button for initiating scans and configuring daily scans has been moved under the three-dot menu in the Devices view.
- Partner-Level Visibility – Scan results for all companies under a partner can now be viewed in the partner dashboard.
This version improves usability and consistency, making device management more efficient.
Updated End-of-Life Information
The Endpoint Protection home page for Windows, Mac, and Linux now reflects End-of-Life details for all versions still using the old Update Service.
Integrations
Elements API: Identity response actions
New identity response actions are now available, enhancing the management of Microsoft Entra ID.
New Actions:
- endCurrentSession – Ends the Microsoft Entra session of a user.
- resetPassword – Resets the Microsoft Entra password of a user.
- blockUserAccess –Blocks access for a user to all resources inside the Microsoft Entra ecosystem.
For detailed information and examples of these new Elements API features, refer to the API documentation.
In case you missed it
Upcoming: New Elements organization management features
We will soon be introducing some new functionality for Organization Management to the WithSecure Elements Security Center.
These changes will help our Elements Administrators to more effectively manage their environments.
You can find out more at this dedicated article.
Share your ideas with us
Our purpose is to co-secure the world with you – now as WithSecure™. To co-create the best possible cyber security products and services, we warmly recommend you share your ideas via the Ideas section of the WithSecure Community, now accessible directly from WithSecure™ Elements Security Center.
Further information
Changelogs and Release Notes for all parts of WithSecure™ Elements can be found at the Help Center
