-
How to remove a device from the Elements Endpoint Detection and Response portal?
Issue: I have uninstalled the sensor, how to remove the device from the Elements Endpoint Detection and Response portal? Resolution: The devices cannot be manually removed from the Elements Endpoint Detection and Response portal. Inactive devices will remain in the Elements Endpoint Detection and Response (EDR) portal…
-
WithSecure Elements Endpoint Detection and Response sensor installation failed and does not activate on Ubuntu without auditd package
Issue: WithSecure Elements Endpoint Detection and Response (EDR) sensor does not activate on Ubuntu. The state appears as "Waiting for connection" in the Elements Endpoint Protection portal and the Elements Endpoint Detection and Response portal. Resolution: Elements Endpoint Detection and Response functionality requires…
-
Elements Endpoint Detection and Response (EDR) detects a safe application. How to whitelist the detection?
Issue: WithSecure Elements Endpoint Detection and Response (EDR) detects a safe application (e.g. an in-house application). How to whitelist the detection? Resolution: You can close the Broad Context Detection (BCD) as "Accepted behavior", to create suppression rule that can accept the behavior of a user or a process. To…
-
System Upgrade for Endpoint Detection and Response – 27 September 2022
WithSecure™ regularly upgrades the Elements backend systems, and usually these upgrades are transparent to our customers. Very rarely, an upgrade will take longer, and we will advise our customers in advance, as it may have some small impact on access. WithSecure™ will be performing some essential upgrade tasks on the…
-
Tens of new response actions added to Elements EDR
NOTE: This article was originally published to the F-Secure Community, and has now been migrated to the WithSecure Community Update: A blog post has been made with more technical examples, together with associated videos. Take a look! We have added many new response actions to the Microsoft Windows version of the Elements…
-
Business Suite EDR clients are not shown in the Elements Endpoint Detection and Response Portal
Issue: Using Policy Manager Console, after activation of a new Elements EDR for Business Suite Computers license key on the devices when switching from an evaluation to production subscription, the devices are not visible in the Endpoint Detection and Response (EDR) Portal. submission.log shows the following error:…
-
Rapid Detection and Response (RDR) sensor in Business Suite Client Security or Server Security is unable to connect to the backend
Issue: Rapid Detection and Response (RDR) sensor in Business Suite Client Security or Server Security is unable to connect to the backend. User interface shows "Sensor is not activated" status and the device is not visible in the RDR Portal. Resolution: F-Secure recommends to add the following scope to whitelisted domains:…
-
Rapid Detection & Response (RDR) execution start and detection date / time mismatch
Issue: There is a date / time mismatch between the Rapid Detection & Response (RDR) execution start and the detection. How is that possible? Resolution: The host needs to be turned ON and have an active internet connection for the host to upload the detection information to the RDR portal. If the host goes to sleep mode or…
-
How to activate F-Secure Elements Endpoint Detection and Response when using Policy Manager?
Issue: How can I activate Elements Endpoint Detection and Response when using Policy Manager? Resolution: The endpoint sensors are lightweight, discreet sensors, which are included in Client Security 14.xx and Server Security 14.xx and above and newer. These sensors collect behavioural data from endpoint devices and are…
-
What is the difference between F-Secure Elements Endpoint Detection and Response and F-Secure Countercept?
What is the difference between F-Secure Elements Endpoint Detection and Response and F-Secure Countercept? F-Secure Elements Endpoint Detection and Response and F-Secure Countercept are both detection and response services concerned with addressing advanced and targeted cyber attacks in a rapidly evolving threat…