-
Why are the quick action buttons (such as “Isolate Affected Device” and “Scan Device”) under the Broad Context Detection details view greyed out in the Elements Security Center?
Issue: Why are the quick action buttons (such as “Isolate Affected Device” and “Scan Device”) under the Broad Context Detection detail's view greyed out in the Elements Security Center? Resolution: The remote operations (such as “Isolate Affected Device” and “Scan Device”) in the Elements Security Center are only available…
-
Endpoint Detection and Response (EDR) sensor in Business Suite Client Security or Server Security is unable to connect to the backend
Issue: Endpoint Detection and Response (RDR) sensor in Business Suite Client Security or Server Security is unable to connect to the backend. User interface shows "Sensor is not activated" status and the device is not visible in the EDR Portal. Resolution: WithSecure recommends to add the following scope to whitelisted…
-
Elements Endpoint Detection and Response (EDR) execution start and detection date / time mismatch
Issue: There is a date / time mismatch between the Elements Endpoint Detection and Response (EDR) execution start and the detection. How is that possible? Resolution: The host needs to be turned ON and have an active internet connection for the host to upload the detection information to the EDR portal. If the host goes to…
-
How to remove a device from the Elements Endpoint Detection and Response portal?
Issue: I have uninstalled the sensor, how to remove the device from the Elements Endpoint Detection and Response portal? Resolution: The devices cannot be manually removed from the Elements Endpoint Detection and Response portal. Inactive devices will remain in the Elements Endpoint Detection and Response (EDR) portal…
-
WithSecure Elements Endpoint Detection and Response sensor installation failed and does not activate on Ubuntu without auditd package
Issue: WithSecure Elements Endpoint Detection and Response (EDR) sensor does not activate on Ubuntu. The state appears as "Waiting for connection" in the Elements Endpoint Protection portal and the Elements Endpoint Detection and Response portal. Resolution: Elements Endpoint Detection and Response functionality requires…
-
Elements Endpoint Detection and Response (EDR) detects a safe application. How to whitelist the detection?
Issue: WithSecure Elements Endpoint Detection and Response (EDR) detects a safe application (e.g. an in-house application). How to whitelist the detection? Resolution: You can close the Broad Context Detection (BCD) as "Accepted behavior", to create suppression rule that can accept the behavior of a user or a process. To…
-
System Upgrade for Endpoint Detection and Response – 27 September 2022
WithSecure™ regularly upgrades the Elements backend systems, and usually these upgrades are transparent to our customers. Very rarely, an upgrade will take longer, and we will advise our customers in advance, as it may have some small impact on access. WithSecure™ will be performing some essential upgrade tasks on the…
-
Tens of new response actions added to Elements EDR
NOTE: This article was originally published to the F-Secure Community, and has now been migrated to the WithSecure Community Update: A blog post has been made with more technical examples, together with associated videos. Take a look! We have added many new response actions to the Microsoft Windows version of the Elements…
-
Business Suite EDR clients are not shown in the Elements Endpoint Detection and Response Portal
Issue: Using Policy Manager Console, after activation of a new Elements EDR for Business Suite Computers license key on the devices when switching from an evaluation to production subscription, the devices are not visible in the Endpoint Detection and Response (EDR) Portal. submission.log shows the following error:…
-
Rapid Detection and Response (RDR) sensor in Business Suite Client Security or Server Security is unable to connect to the backend
Issue: Rapid Detection and Response (RDR) sensor in Business Suite Client Security or Server Security is unable to connect to the backend. User interface shows "Sensor is not activated" status and the device is not visible in the RDR Portal. Resolution: F-Secure recommends to add the following scope to whitelisted domains:…