WithSecure launches Elements Cloud Security Posture Management
With many organizations moving some or all of their infrastructure to cloud services such as AWS or Azure, it's important that this infrastucture is secure. Our new Elements Cloud Security Posture Management can analyze and suggest changes to make these more secure. More details below.
Software Updater for Mac
We have released Software Updater for Mac. This addition brings much-requested functionality to our Mac EPP product. You can find more details below
Elements Security Center
Elements Endpoint Protection Portal
Force USB scan
Added "Force scan USB and show result to user" option. (This requires WithSecure Elements Agent 23.4)
Security Events Trend Detector
Security events trend detector for infections shown in Dashboard view's Issue list. This is an experimental feature looking at risky trends in the amount of malware infections from your computers over the last two weeks. At present it looks for two specific trends:
- A large spike or sudden increase in detections
- A strong growing trend towards the end of the two week time window
Our suggestion is that you investigate if everything seems normal by using the check report link to look in the Security Events reporting page at the following items:
- The infections handled report shows a count of the same detections, is there a growing trend?
- Computers generating large numbers of detections can be identified from the "Top computers" graph, clicking the name of a computer will show you specific detections
- Top infections will show most common detections, this can help investigation
Acknowledging security events will exclude them from trend detection but not from the reporting page. This can be used to make this warning go away, otherwise it will vanish once the trend changes or settles. Please use the feedback form at the top of Security Events to give us feedback.
Security Events navigation from Infections handled chart
It is now possible to navigate from Infections Handled chart (Reports → Security Events tab) to a Security Events list filtered to a day corresponding to the clicked bar. This is to foster faster investigation of spikes in the handled infections.
Active Directory Group renamed
Active Directory Group has been renamed Active Directory Organizational Unit (abbreviated as OU in some places where space is restricted) in Device, Unprotected Devices and Profile Assignment Rules views. This is done to be more precise on what kind of data our clients collect from Active Directory.
DataGuard paths display
DataGuard included paths and trusted applications are now rendered as a list in device details.
Status icons added
Status icons have been added to the Device list for Application control, Device control, and Software update status.
Elements Endpoint Protection
Elements Agent for Windows and Server version 23.4
A new version of the endpoint clients is available and our Early access program participants already use it. Full availability starts from 20.6.2023
This release makes the Elements Agent version 23.4 available (internal version 23.4.163).
The endpoints automatically upgrade, without a reboot.
This release introduces new features and fixes,
Disable Alerts for Application Control events
It is now possible to disable alerts for certain Application control rules.
Application control rules have a new setting "Security event" that can be used to define what kind of security event the rule triggers if any.
USB Scan Stop button can be disabled
The Administrator can disable Stop button of the Scanning dialog for USB scans to prevent end users from stopping the USB device scans. This feature can be enabled from the profile's Manual scanning page. Setting is "Action when USB storage device is plugged in".
Additions to WMI interface
Elements Agent WMI interface provides now RebootStatus class. This class contains two Properties.
- Pending (True/False)
- Reason ("swup" / "update" / "virus" / "spyware" / "critical" / "malfunction").
Elements Mac Agent version 23.1.50165
Software Updater can be enabled in the Mac profile editor.
You can specify which software you would like to include/exclude from scan results or automatic installations
Running applications can be force-closed or update installation can be cancelled.
Software updates can be downloaded via HTTP proxy or from Elements Connector
Software updater can scan for missing software or install updates automatically, these operations can be scheduled in the Automated tasks section of the profile.
- Automatic InTune deployment support
- Adds an option to download definition updates from via HTTP
Elements Collaboration Protection
New features and Improvements
The filter "Affected assets" was introduced to detections list.
- The new functionality allows to search detections across all the protected tools: by a file name shared in SharePoint, OneDrive and Teams, or by email subject.
We have also reduced false positives for deleted emails
Elements Vulnerability Management
Elements Vulnerability Management System Scan
Capability to detect vulnerabilities in:
- Beekeeper Studio in authenticated scanning for Windows
- Qualys Cloud Agent in authenticated scanning for Windows
- Acronis Snap Deploy in authenticated scanning for Windows
- Golang in authenticated scanning for Windows
- Nessus Agent in authenticated scanning for Windows
- Stimulsoft Designer (Desktop) in authenticated scanning for Windows
Endpoint Protection API: Provisioning invitations endpoints end of life on 3rd of November 2023
The old invitations endpoints are deprecated and should be replaced by the new Elements devices endpoints:
The following Endpoint Protection API invitation endpoints will stop working on the 03.11.2023:
- Create new invitation
- List pending or expired invitations
- Remove invitations
- Renew expired invitations
- Resend pending invitations
Reminder: In order to provide a better and unified set of APIs for WithSecure Elements, we are progressively deprecating the Endpoint Protection API and replacing it by Elements API. The following Endpoint Protection endpoints end of life dates are below:
- Computers endpoint: 30th of May, 2023
- Security events endpoint: 30th of June, 2023
- Companies endpoint: 31st of July, 2023
Provisioning API update
Update Service Partner (SEP) name
This new API call allows to change an existing Service Partner(SEP) name by using the unique identifier as described in
Elements API: New properties in devices list
New properties have been added to to device list endpoint:
- total and free space on system drive
- total and free physical memory
- Vulnerability Management risk score. That values is calculated only for devices with active VM module
- EDR incidents counters
- computer model and BIOS version
- version of malware database and timestamp of its last update
- list of MAC addresses
- property that indicates if user has administrator privileges
Other items of interest
Threat Highlight Report - April
Threat Intel monthly highlights: Ransomware gangs get Papercuts, Lockbit and BlueNoroff get into MacOS, pro-Russian 'hacktivism' continues and 3CX continues.
- Ransomware: Trends and notable reports
- Nokoyawa – CVE-2023-28252
- Rorschach Ransomware discovered
- Other notable highlights in brief
- DuckTail new update?
- APT41 HOODOO
- Service Location Protocol Vulnerability
- Google Chrome Zero Day attacks
- Continued targeting of Networking Devices
You can Download the full report here
In case you missed it
WithSecure launches Elements Cloud Security Posture Management
At our recent SPHERE23 event, we launched a new product, Elements Cloud Security Posture Management.
This is designed to help organizations who are using Cloud platforms for their infrastructure, to find and resolve any configuration issues before the bad guys do.
You can find out more about Elements Cloud Security Posture Management on our website
Share your ideas with us
Our purpose is to co-secure the world with you – now as WithSecure™. To co-create the best possible cyber security products and services, we warmly recommend you share your ideas via our Ideas Portal, now accessible directly from WithSecure™ Elements Security Center.
Changelogs and Release Notes for all parts of WithSecure™ Elements can be found at the Help Center