-
Changes in support on Microsoft Windows – Minimum patch level
UPDATED 29.2.2024: Clarified the release schedule of the new client that mandates ACS. UPDATED 14.2.2024: Linked back to customer support article, as well as documenting new statuses within the Elements Security Center to reflect the missing ACS support. UPDATED 16.1.2024: Added note that this change becomes MANDATORY with…
-
Threat Analysis: No Pineapple! – North Korea’s Lazarus Group targetting the Medical Research and Technology sectors
WithSecure’s Analysts have been actively looking at a new threat from North Korea’s Lazarus Group, which targets the Medical Research and technology sectors. As the analysis progressed, our teams created detections for both our EPP and EDR solutions, helping to protect our customers. You can find more information about…
-
Windows Security Center shows briefly a notification that both Microsoft Defender Antivirus and WithSecure protection are both turned off
Issue: Windows Security Center Virus & Threat protection briefly shows a pop-up / toast notification alert that both Microsoft Defender Antivirus and WithSecure protection are both turned off. Full error message: "Check virus protection - Microsoft Defender Antivirus and WithSecure Elements Agent by F-Secure are both…
-
Elements Quarterly: the evolution of Elements Q3/2022
We have recently updated our WithSecure™ Elements pages with information about the recently launched features we have added to Elements. This update includes 9 videos displaying new & advanced topics which help add understanding and aid you when engaging with your customers. List of topics: This quarter in a nutshell…
-
How to collect quarantined files using Quarantine Dumper Tool
Issue: How to collect the quarantined files on an affected Windows machine using WithSecure Quarantine Dumper, and then submit the files for analysis. Resolution: Collect quarantined files using F-Secure/WithSecure Quarantine Dumper by following the instructions below: * Click on this link to download F-Secure Quarantine…
-
How to find and delete infected emails in Outlook PST data files
Issue: How do I identify and remove the infected item(s) WithSecure has detected on a .PST archive (Outlook Data File)? Resolution: Follow the steps below to configure the scanning report to show additional information when an email is detected inside an Outlook PST file. These steps will help you to identify the email so…
-
How to secure Remote Desktop Protocol (RDP)
Issue: * RDP Brute Force attack performed and Ransomware encrypted system or files * Technique commonly used by Crysis, Dharma, GandCrab ransomware. Resolution: * Use strong and long passwords* To avoid brute force attack on RDP, avoid using Dictionary word and simple password. Always use long password with combination of…
-
Infected by ransomware
Issue: A workstation's or server's files have been encrypted by ransomware. How do I decrypt them and get access back to my files? Resolution: A ransomware infection typically distributed through a few ways such as phishing email (common way to infect), infected USB drive, unsecured public Wi-Fi networks, exploitation of…
-
What to do if malicious code has been found in an MBR file
Issue: Malicious code has been found in MBR file (Master Boot Record), how to proceed for further investigation. Resolution: Collect the MBR log from the infected machine for further investigation whether it is valid infection or false positive from F-Secure product. Log Collection Instructions: * Install Sector Inspector…
-
Running the FSAUA tool to fix "Update check failed" or "Update won't download"
Issue: This article applies to the following F-Secure products: Client Security, Server Security, Computer Protection, Policy Manager, Email and Server Security, SAFE Steps on running the F-Secure Automatic Update Agent (FSAUA) reset tool, when the virus definitions are too old or the F-Secure products is encountering a…