Product Announcements & Troubleshooting Elements Announcements

What's New in Elements - June 2025

Editor’s Highlights

The Editor’s summer vacation period is starting, so this month’s What’s New in Elements is coming slightly earlier than normal, and only contains the updates for the first three weeks of June. The last week of June will be included in the next edition of What’s New in Elements, but for those curious about what has been released please check the changelogs (link in Further Information below)

Extended Detection and Response

Endpoint Protection

WithSecure Elements Agent for macOS

WithSecure Elements Agent macOS 25.2.54389 has been released to general availability (GA) on 16th of June 2025.

This release brings

A profile editor setting to hide/show Elements GUI
Improved response module status reporting
Elements Agent now reacts to subscription changes in near real-time

It also fixes:

Various crashes in wsuplinkd, wssettingsd and wsswupd
Elements Agent token activation issue
Network isolation issue when macOS native firewall was enabled
Allow new system extension popup window opened a wrong page in System Settings
Chrome browsing protection incorrect status issue

The Installer can be downloaded from:

https://download.withsecure.com/PSB/latest/ElementsAgentInstaller_54389.mpkg

Elements Agent for macOS supports following macOS versions:

macOS 15 Sequoia
macOS 14 Sonoma
macOS 13 Ventura

WithSecure Elements Mobile Protection for iOS

An update to the WithSecure Elements Mobile Protection app for iOS (25.6.11430) has been completed 15 April 2025.

It includes the following fixes:

Fixed an issue where Network Protection could interfere with certain applications' internet connectivity

Email and Collaboration Protection

We are delighted to share that we have released an important improvement of the release from quarantine feature for Teams. The feature has shown some reliability issues in the recent past. We were able to identify the root-cause and address it accordingly, improving the overall reliability considerably.

Additionally, a fix was released to address the discrepancy in mailbox usage counts in the ECP Portal. As a result, the mailbox usage counts showed in “Cloud Services” section is fully synced and aligned with the usage counts showed in “Management/Subscriptions” section

Exposure Management

XM newsletter week 24

Findings list - Tags column values can be copied to clipboard by clicking on a value, making it easier for creating multi-value filters such as filtering by Tag column

State of the views - can now be saved as a "saved views" on XM UI, Findings, Recommendations and Identity

Currently only filters and column selection can be saved
State of the ordering (sorting on a column) can not be saved yet. (upcoming feature)
Sharing a view to other users on organization level is not supported yet. (upcoming feature)

Attack Path Simulator - visual enhancements

Link from attack path step to the respective recommendation added

Improvements to c-level reporting – Also known as theExecutive Summary Report

Recommendations fixed, shows the actual number of recommendations being moved to Closed state per week (Done, False-Positive). Bar chart title adjusted accordingly
In case selected date period has start and end date falling in the middle of a year week, report adjusts the date selection to include the complete week stats from the begin and ending of the range.
Color theme of the report adjusted

Exposure widget-based reports available in My Reports

Access via Reports menu -> My report (tab) -> from view template drop down select "Exposure Management"
Report can be customized via widgets and saved as a template
Tabular data widgets supported
Bar charts and line charts from executive summary are supported
Widget-based reports can (not) yet be exported or scheduled. (upcoming feature)

Exposure recommendations available in Security Events

Access via Events menu -> Security Events (submenu) -> from "View" drop down select "XM recommendations" (available only for those having WithSecure Endpoint Protection)
A change in a recommendation status will result in an event in Security Events
Security Events can be configured to be sent as email to external systems
Security Events can be exported to JSON

New “Last seen” column in the Identities page

New column has been added to the Identities table to indicate when Identity’s Entra ID data has been refreshed last time. Column is hidden from the default view, and can be added to the view.

Identity breach findings

Finding description texts have been updated to include breach severity info.

Exposure Management for Business

System Scan

Support for detecting vulnerabilities in the following products was added to Authenticated Scanning for Windows:

Apache IoTDB JDBC driver
Apache Pekko Management
Dell Trusted Device Agent
Dell Trusted Device
Dot (desktop application)
FileZ
GFI MailEssentials
HashiCorp Vault
Intel MPI Library
Intel QuickAssist Technology (QAT)
IZArc
LegionSpace
Snowflake ODBC Driver
Solarwinds Platform
Srimax Output Messenger
Storage Center-Dell Storage Manager (DSM)
XenServer VM Tools
Yandex Telemost

Additionally, Authenticated Linux and Windows scans are now capable to detect directories of installed Python packages.

Exposure Management for Cloud

We have released an update to Exposure Management for Cloud which extends support for EntraID Dynamic membership rules.

In addition, this release improves the performance and scalability of the scanner.

Other items of interest

Threat Advisory: ScreenConnect

ScreenConnect versions 25.2.3 and earlier is vulnerable to a ViewState code injection attack.

ViewState is used by Web Forms to maintain page state and is encoded in Base64 format secured with machine keys. Accessing these keys requires privileged system-level access. If compromised, an attacker could craft malicious ViewState data, potentially leading to remote code execution on the server.

It was noted that a lot of organizations and companies have left ScreenConnect’s server exposed to the internet, making this a serious risk. Unless there is a strong business case, servers should not be exposed to the internet

Share your ideas with us

Our purpose is to co-secure the world with you – now as WithSecure™. To co-create the best possible cyber security products and services, we warmly recommend you share your ideas via the Ideas section of the WithSecure Community, now accessible directly from WithSecure™ Elements Security Center.

Further information

Changelogs and Release Notes for all parts of WithSecure™ Elements can be found at the Help Center