-
After installing Elements Agent client with EDR subscription, the message "Device sensor is not operational" show up
Issue: After installing Elements Agent client with EDR subscription, the message "Device sensor is not operational" is shown in the local Elements Agent user interface. Resolution: You need to ensure that you have allowed the network traffic to the following addresses in your network firewall. The client sensor silently…
-
How to configure Elements Endpoint Detection and Response alert email ONLY to be sent when severe or high risk level happened?
Issue: Normally, the alert notification email from EDR will be sent when a detection with he risk level at "Severe", "High" and "Medium" has been added to the portal, but is it possible to configure the alert email that ONLY will be notified when "Severe" or "high" risk level has happened? Is it possible to filter the…
-
EDR sensor for Windows endpoint is shown as disabled in Elements security Center
Issue: EDR Sensor Disabled is shown in Elements Security Center even after uninstall/re-installation. Resolution: Giving following permission to registry in administration right. Registry HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\CA Permission “Local Service” and “Network Service” This is most probably…
-
How to test the Elements Endpoint Detection and Response sensors?
Issue: How to test if EDR sensors on Windows, Mac and Linux are working and reporting detections to the Elements Endpoint Detection and Response portal? Resolution: For Windows sensors there are a few tests outlined in the product Simple test with Windows system tools | Elements Endpoint Detection and Response | Latest |…
-
What data does the WithSecure Elements Endpoint Detection and Response sensor collect?
What data does the WithSecure Elements Endpoint Detection and Response sensor collect? The WithSecure Elements Endpoint Detection and Response sensor collects event-based data such as: file accesses process creations network connections registry writes system log entries relevant to detecting security breaches extracts of…
-
WithSecure and the MITRE “Turla” results
Background Information WithSecure participated in the 2023 MITRE ATT&CK Evaluation (“Turla”). This was the fifth time we have taken part in the evaluations, run annually by MITRE. MITRE Turla evaluation results can be found here What is MITRE Turla From MITRE: “Turla is a Russian-based threat group that has infected…
-
Changes in the new Broad Context Detection (BCD) details view
UPDATE: The new view will be available in production from Monday 25th September. The exact time is not yet known. The new Broad Context Detection (BCD) details view is being fully released in production during September and will become the new default view, and replaces the old Broad Context Detection details view. We will…
-
Changes in EDR Automated responses
UPDATE: This change has now been released to production, and is now available for all customers! Please note that the Automated Response view will be removed on 16th October 2023 The Automated Response view is being revamped! It is being replaced by a new view called ‘Automated Actions’. The functionality stays the same…
-
Improvements in Broad Context Detection handling
Recently we have added new functionality to reduce noise and also increase the speed of processing new Broad Context Detections (BCD). Now an automated suppression mechanism will activate if any detection part of a BCD earlier closed as false positive repeats more than 4 days within a 30 days period, or repeats more than 5…
-
How to activate WithSecure Elements Endpoint Detection and Response when using Policy Manager?
Issue: How can I activate Elements Endpoint Detection and Response for Business Suite Client Security or Server Security using Policy Manager? Resolution: The endpoint sensors are lightweight, discreet sensors, which are included in Client Security and Server Security clients. These sensors collect behavioral data from…