F-Secure for Home Security description (F-Secure) Use case: track assets coming from a custom source (for example Active Directory) (F-Secure). Use case: search discovered hosts (F-Secure) Use case: export web scan findings (F-Secure) Use case: export system scan findings (F-Secure) Use case: export system scan findings in XML format (F-Secure) Use case: check for vulnerabilities […]
Category: F-Secure Endpoint
Add rule to allow traffic to the RPC Endpoint Mapper (F-Secure)
Go to Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security – LDAP > Inbound Rules. Right-click and choose New Rule. Choose Custom and click Next. Choose This Program Path and enter %systemroot%\system32\svchost.exe. Choose Customize. Choose Apply to this service, then select Remote Procedure Call (RPC) with the short name RpcSs and click OK. Click Next and accept the pop-up warning. Select TCP as the Protocol type. Select RPC Endpoint Mapper as the Local Port and click Next. Specify […]
Changing the frequency for endpoint status updates (F-Secure)
You can set how often Radar Endpoint Agent sends updated status information on vulnerabilities in the devices in your network to the Elements Security Center. Note: In addition to the scheduled status updates, endpoints automatically send any information to the Elements Security Center from scans that are triggered by changes to the installed software. Select the Settings page […]
Reporting false positives (F-Secure Endpoint)
All detected anomalies are not actual attacks. If you determine that the detection is not an attack and it has a too high risk level score, you can report the detection as a false positive. To request whitelisting: Log in to the portal with your email address and password. The Home view opens. Select the … item from the […]
Advanced test with Powershell (F-Secure Endpoint)
You can use this test to view what an advanced attack in the organization network may look like in the F-Secure Elements Endpoint Detection and Response portal. For this test, you need: a Windows workstation that is running the Sensor, and an access to the F-Secure Elements Endpoint Detection and Response portal. Note: We recommend that […]
Simple test with Windows system tools (F-Secure Endpoint)
You can use this simple test to generate a monitored event on the endpoint to make sure that the Sensor is installed and working correctly. To run the test, follow these instructions: Log in to the monitored endpoint where you have deployed the sensor. Open the command prompt. Run the command to create a monitored […]
Forensics package contents (F-Secure Endpoint)
The forensics package is a zip archive that contains the following information about device. Note: The package is available for 14 days and contains the latest archive that has been collected from the device. Product and system information basic/product_info.txt Product version, license, update status, profile settings basic/settings.txt Product settings basic/systeminfo.log Operating system, hardware profile (memory and […]
Process activities (F-Secure Endpoint)
This table lists some of the most common process activities that sensors detect. Abnormal file accesses The process is accessing multiple file types or system files without privileges, for example. Abnormal file modification The process is making unusual changes in system files, making files executable, or removing log files or executable files, for example. Abnormal […]
Incident types (F-Secure Endpoint)
This table lists some of the most common incident types. Category Description Directed attack The attack targets a specific host. Lateral movement The attack moves between hosts while searching for the device that would be the eventual target of the attack. Spoofing The attack uses falsified data to try to disguise itself. Persistence The attack […]
Responding to a targeted attack (F-Secure Endpoint)
Source : Official F-Secure Brand Editor by : BEST Antivirus KBS Team