Editor’s Highlights
We are currently gearing up to our annual SPHERE event for Partners, which will include the launch of some new products and services. Stay tuned for more information!
Extended Detection and Response
Endpoint Protection
Elements Agent for Windows and Server updated
A new version of the endpoint clients has been released. This release makes the Elements Agent version 25.2 available (internal version 25.2.408).
The endpoints automatically upgrade, without a reboot.
Enhanced Lock Workstation Task
We have improved the functionality of the Lock Workstation automated task to ensure it does not interrupt ongoing Microsoft Teams meetings, providing a seamless experience during active calls.
Optimized Software Updater Rescans
We have introduced a cooldown period to reduce the frequency of Software Updater rescans triggered by Windows updates, minimizing redundant scans and improving system performance.
Exposure Management
Luminen (Elements AI) enhanced recommendation descriptions
These are now globally available to all XM partners and customers.
When visiting recommendation details page, AI generated description and title are shown
There is the possibility of giving feedback by clicking on thumbs-up and thumbs-down icons at the bottom of the recommendation description
Please see the following item for more information.
Recommendation algorithm improvements
The algorithm has been improved to generate less "Inconclusive" recommendations
Luminen comes to Exposure Management
Last year, we introduced both Luminen (WithSecure AI assistant) and WithSecure Exposure Management (W/XM) in our annual launch event, Sphere. Since then, one of the most frequently asked questions we are getting must be “when is Luminen coming to XM”?
We are happy to announce that Luminen has now landed to XM. And what a beautiful match it is! Luminen is now responsible for creating remediation instructions for all the issues that XM scans are detecting. Luminen is combining public information with content explicitly written by our security specialists. And as Luminen is an international cyberpunk owl, the update also brings the much-requested translations to many languages incl. Japanese, French and German.
The initial release includes universal instructions for both immediate remediation and also for proactive steps. It will be followed shortly with what we like to call context sensitive instructions. These instructions utilize the information about your particular assets to produce more detailed remediation instructions.
We will continue developing Luminen and introducing even more helpful features in the future. Stay tuned for more Luminen magic!
Exposure Management for Business
Exposure Management Portal
Better integration to the Devices view
We have now integrated the VM portal with the Devices → Computers view. Scanning controls ("enable/disable") are coming soon. The Device Discovery view now automatically reflects the current scan status of devices from the Devices → Computers view.
Improved performance of data sync
We have improved the performance of including Assets and Vulnerabilities within Exposure Management.
Exposure Management System Scan
Support for detecting vulnerabilities in the following products was added to Authenticated Scanning:
- AWS SAM CLI
- Apache Parquet Avro
- bandizip
- Dell Common Event Enabler
- BleachBit
- Dell Wyse Management Suite Repository
- FileWave Client
- Ghostscript
- Gladinet CentreStack
- IBM Aspera Desktop App
- IBM QRadar WinCollect Agent
- MySQL Shell
- NoMachine
- Prisma Access Browser
- Spring Cloud Config
Elements Foundations
Integrations
Elements Connector
A new release of Elements Connector 25.17 for both Windows and Linux is now available. This release includes the following changes:
- Linux service
- The Elements Connector now runs as a systemd unit, extending support to modern Linux distributions.
- Java Runtime Environment
- Upgraded to JRE 17 for enhanced performance and security.
- Spring Framework
- Updated Spring Framework to version 6.2.4.
- Updated Spring Security to version 6.4.4.
- Removal of old update server
- Elements Connector no longer attempts to connect to the old update server (https://guts2.sp.f-secure.com), which was taken offline earlier this year.
- Security enhancements
- Addressed multiple recently discovered vulnerabilities, including:
JRE vulnerabilities: CVE-2024-21147, CVE-2024-21140, CVE-2024-21235, CVE-2025-21502
Spring vulnerabilities: CVE-2024-38829, CVE-2024-38828, CVE-2024-38820, CVE-2024-38819, CVE-2024-38816
- MSI installation fix
- Resolved an issue with MSI installation, where non-default HTTPS port was reverted back to default.
- New supported platforms
- Linux: Added support for Alma 9, Oracle 9, RHEL 9, and Rocky 9.
- Windows: Added support for Windows Server 2025.
- General improvements
- Missing update version cache is refreshed in every polling interval instead of 1 hour.
- Other fixes and enhancements for better stability and performance.
Elements Connector 25.17 supports the following operating systems:
Windows:
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
- Windows Server 2025
- Windows 10
- Windows 11
Linux:
- Alma Linux 8, 9
- Debian 11, 12
- openSUSE Leap 15
- Oracle Linux 8, 9
- Red Hat Enterprise Linux 8, 9
- Rocky Linux 8, 9
- SuSE Linux Enterprise Server 12, 15
- SuSE Linux Enterprise Desktop 12, 15
- Ubuntu 18.04, 20.04, 22.04, 24.04 LTS
NOTE! Known Limitations of Early access versions distribution
We want to inform you about a known limitation with the Elements Connector when used to redistribute definition updates to managed Elements agents for Windows and Mac. If any connected devices are enrolled in the early access client software program, early access versions might inadvertently be distributed to all devices fetching definitions from this Connector instance.
To ensure smooth operation and avoid unintended early access updates distribution, please set up a separate Connector instance to serve definitions to the early access agents group, or disable the use of the Connector for devices in the early access group. This limitation will be addressed in future Connector versions.
Installation Options
- First-Time Installers: Available on our Software download page.
- Automatic Channel Upgrade: Scheduled for Monday, May 5th 2025.
Elements API
Elements API Cookbook
We've introduced the Elements API Cookbook to help customers integrate with the Elements API. It includes step-by-step recipes for common use cases, with example solutions written in Python.
Incident filters
Two new filters—updatedTimestampStart and updatedTimestampEnd—have been added to the incidents listing endpoint. These filters make it easier to retrieve recent updates, improving the efficiency of polling for incidents and detections.
Check out the new poll detections recipe in the Cookbook for details.
Duplicate handling
A new exclusiveStart flag has been added to help avoid duplicate entries during incident polling.
Retrieving Exposure Management Security Event information
It is now possible to use the Elements API to retrieve Exposure Management Security Event information.
You can find out more by checking the API documentation
Share your ideas with us
Our purpose is to co-secure the world with you – now as WithSecure™. To co-create the best possible cyber security products and services, we warmly recommend you share your ideas via the Ideas section of the WithSecure Community, now accessible directly from WithSecure™ Elements Security Center.
Further information
Changelogs and Release Notes for all parts of WithSecure™ Elements can be found at the Help Center