Product Announcements & Troubleshooting Elements Announcements

What's New in Elements - July 2025

Editor’s Highlights

This edition of What’s New in Elements covers the final week of June, together with the whole of July.

Extended Detection and Response

Endpoint Protection

WithSecure Elements Agent for Windows and Server

A new version of the endpoint clients is available. This release makes the Elements Agent version 25.3 available (internal version 25.3.159).

The endpoints automatically upgrade, without a reboot.

This release introduces new features (with Profile Editor Update) and fixes.

Features:

Application Control Enhancements: Added new rule types for BCD creation, OR condition to group multiple conditions in a single rule for greater rule flexibility.
Disk Encryption: New option to encrypt system or all fixed drives directly from the profile editor, in addition to remote operations.
Option to choose between classic or modern Windows 11 context menu for malware scanning.
Introduced a new Artificial Intelligence category for URL filtering.
Added support for disabling Device Control through remote operations.
Added a new option to disable the sending of security events for denied sites. When this setting is turned off, administrators will no longer receive security events related to access attempts on denied sites.
Introduced a new option: Skip a scheduled scan while the device is running on battery. Enable this setting to prevent scheduled scans from running when the device is on battery power, preserving battery life.
A new 'Computer Description' value, defined using the System Properties Control Panel applet (sysdm.cpl), is sent to the portal and is available as a new column in the Devices list and in the Operating system accordion in Device details (hidden if empty).

WithSecure Elements Agent for macOS

WithSecure Elements Agent macOS 25.3.54466 has been released to general availability (GA) on 14th of July 2025.

This release brings

Improved product telemetry

Fixes

wsavd process was running even when the real time scanning was disabled
Notification about missing Chrome extension even when Chrome extension was properly installed
wsbootstrapnative crash

Installer can be downloaded from here.

Elements Agent macOS 25.3.54466 supports following macOS versions:

macOS 15 Sequoia
macOS 14 Sonoma
macOS 13 Ventura

WithSecure Mobile Protection for Android

An update to the WithSecure Elements Mobile Protection app for Android (25.3.0023315) has been released.

It includes the following new features and improvements:

The app now supports SMS Protection for anti-phishing detection
The app and the WithSecure Elements Endpoint Protection portal now support the SMS Protection setting

Fixed issues:

Improvements to app stability

WithSecure Elements Mobile Protection for iOS

An update to the WithSecure Elements Mobile Protection app for iOS (25.9.11666) has been released.

It includes the following new features and improvements:

The app now supports SMS Protection for anti-phishing detection
Added permission request screens for iPad devices

Fixed issues:

The app now correctly includes the category information in Browsing Protection security event
Improvements to app stability

Exposure Management

In brief, we have made changes in WithSecure Exposure Management as follows:

Correction to some of the links navigating to Asset or Findings page using filter where filter was not applied when navigating.
Identity’s MFA status
- New MFA status (Inconclusive) has been introduced for the cases where MFA status can’t be sufficiently determined at the moment due to the complexity of the used Conditional Access Policies.
Recommendations list view: status indicators added as colored bullets to the Status column:
- Red bullet: Indicating that the recommendation is new and requires attention
- Yellow bullet: Indicating that a recommendation that has has been closed during the past 30 days, has been re-opened, mainly due to new findings and requires attention
- Green bullet: Indicating that the recommendation has been resolved. mainly due to findings being mitigated and recommendation severity has dropped to "Inconclusive".In this case, the recommendation also gets closed automatically.
Summary report:
- Recommendation Fixed chart shows the break down of fixed recommendation by actor. Actor can be either User (closing a recommendation manually) or Automation (explained the logic above on the Green bullet status above)
Simulated Attack Path Visualization
- Minor design improvements
- Terminology change - Attack path step “Simplicity” is now called “Complexity”.
Improved workflow from recommendation details to related findings and assets
- Recommendations details page introduces a tabbed widget for Findings and Assets related to a recommendation
- Findings tab of the widget grouping the findings by finding type to avoid cluttered view by repeating finding instances on different assets.
- Findings table rows (having finding definitions now) can be expanded to visit the affected assets. eg for CVE vulnerabilities there is now only a single row by expanding which, affected assets by that single CVE can be viewed.
- Findings widget shows first few findings only, to see them all in a fly out, "Show All" link on the top of the table has to be clicked on
- Simulated attack path visualization "preview" added to the recommendations detail page as a new widget
- Attack path preview widget with a best effort approach highlights the critical asset in the attack path
New EASM recommendations added for misconfigurations within web applications
- Requires setting up a vulnerability web scan against the target that runes the web application. Please refer to this document for how to set up a web scan.

Exposure Management for Business

WithSecure Vulnerability Management Portal

Fixed issues and minor improvements:

The Internet Discovery page now supports pagination, allowing access to all discovered services. Previously, the list was limited to 500 results. With this update, results beyond the initial 500 can be easily viewed on additional pages, making it simpler to explore the full set of findings.

New features and improvements:

The following deprecated API endpoints have now been removed:

/ContentSecurityPolicyReport,
/Account/signin,
/Account/oauthsignin.

System Scan

Support for detecting vulnerabilities in the following products was added to Authenticated Scanning for Windows:

Advanced Port Scanner and Advanced IP Scanner
Apache EventMesh Runtime
Bitvise SSH Client
Cyberduck and Mountain Duck
Dell iDRAC Tools
Embarcadero Dev-CPP
GoCD Agent and GoCD Server
Hibernate Validator
KEPServerEX
ManageEngine Exchange Reporter Plus
MarkText
Streamline NX Client
TSplus

In addition, Windows authenticated and endpoint agent scans are capable of detecting latest Microsoft SharePoint Server Remote Code Execution Vulnerabilities (CVE-2025-53770 and CVE-2025-53771)

Exposure Management for Cloud

Number of Findings Reduced? – Here's Why

We’ve introduced a new Azure-specific rule: Inconclusive MFA-based Conditional Access Policy for user

This rule runs at the tenant level and is related to two existing rules concerning Conditional Access Policies and MFA.

What’s changed? If the new tenant-level rule is violated, the related user-level rules will be skipped.

What to expect: You may notice a lower number of findings in your scan results and in the Cloud Security Trends dashboard. This is expected and reflects the improved logic.

Let us know if you have any questions or feedback!

Elements Foundations

Elements Security Center

New Profile Editor for Windows Computers and Servers

We're pleased to announce the release of the new Windows Computers and Servers profile editors.

This release brings the following changes:

UI redesign for profile editors, compare profiles, save and publish to multiple profiles
- Help section is now on the right
- End user rights section added to control the settings on the client UI
- Some table layout changes
New: the new profile editor also includes the capability to create custom IOC (Indicators of compromise) rules

New roles for managing access to XDR features

We are excited to announce the introduction of new roles designed to enhance the segregation of duties and permissions.

You can find out more about this in a dedicated article.

In case you missed it

Automated Actions Now Support Response Jobs for Identity Security for Entra ID BCDs

We are thrilled to announce that our Automated Actions feature has been extended to support running response jobs for Identity Security for Entra ID BCDs (Broad Context Detections). Find out more in the dedicated article.

Share your ideas with us

Our purpose is to co-secure the world with you – now as WithSecure™. To co-create the best possible cyber security products and services, we warmly recommend you share your ideas via the Ideas section of the WithSecure Community, now accessible directly from WithSecure™ Elements Security Center.

Further information

Changelogs and Release Notes for all parts of WithSecure™ Elements can be found at the Help Center