Elements Endpoint Detection and Response (EDR) detects a safe application. How to whitelist the detection?

@import "https://static.cloud.coveo.com/searchui/v2.6063/css/CoveoFullSearch.min.css"; header {margin:52px 0 0 0} #dropdownnavi {float:left; clear:both; width:100%;} header .row {width:100%} header .row:nth-child(1) {background-color:#0014a0} header .container, footer .container {max-width:1172px; margin: auto;} .top-header {height:53px;} .bottom-header {height:52px;} .Header-logo {width: 10%;float: left;} .Header-logo img {width: 105px; margin: 11px 8px 8px 16px;} .header-top-links {float: right; margin: 1px 15px 0 0;} .header-top-link, .header-bottom-item {cursor: pointer; display: inline-block; font-size: 14px; font-weight: 400; line-height: 52px; margin: 0 15px; position: relative; text-align: center; } .header-top-link, .header-bottom-item a {text-decoration:none;} .header-top-link {color: #fff; margin: 0 10px 0 12px;} .header-top-link.active {margin-right:12px} .header-top-link.active::after {width: calc(100% + 30px)!important} .header-top-link.active::after, .header-top-link:hover::after {background: #fff;} .header-bottom-link {color: #1e1e1e;} .header-bottom-item .header-bottom-link {margin:0 15px} #opensearch-icon:before {content:"\f220";font-family:fsg-icon;font-size:26px;color:#ffffff} #closesearch-icon:before {content:"\f130";font-family:fsg-icon;font-size:26px;color:#ffffff} #opensearch-icon, #closesearch-icon {font-style: normal;} #opensearch-icon:hover, #closesearch-icon:hover {cursor:pointer} #homeLink {margin-left:1px} .kb-lang-title {width:100%;text-align:center;font-weight:600;color:black; margin:0} .header-right {float: right; margin: 10px 48px 0 0; padding: 3px; height: 30px; border-radius: 3px;} #signin {margin-top:5px} #signin a {text-decoration: none; color:#1e1e1e; } .signin-icon {float: left; height: 20px; padding: 0 5px 20px 0;} #articleslink hr, #dashboardlink hr {margin:0} #articleslink .title {padding: 0;text-align: center; font-weight: 600;} #articleslink p, #dashboardlink p {padding:10px 0 10px 20px;} #articleslink p a, #dashboardlink p a {text-decoration: none; color:#1e1e1e;} #articleslink .draftslink:hover, #dashboardlink p:hover {padding: 10px 0 10px 20px;} .header-coveosearch {position: relative; margin-top: -53px;} .header-search {display:inline-block;padding:8px 0 0 0;} .searchboxtoggle {color:white;} .header-searchcontainer {float: right; margin:0 18px 0 0; height:52px} .search-icon {color:white;} .expand {display:inline-block;} .collapse {display:none;} .header-searchbox {height:52px;} .CoveoSearchbox {background: white!important;margin-top: 3px!important;} .CoveoSearchbox .magic-box .magic-box-input > input {font-family: 'FSSansWeb';font-size: 14px;} #kbsearch {display:block;margin: 0 0 0 auto; height:53px; box-sizing: border-box; border: 1px solid white; font-size: 14px; padding: 14px 0 10px 15px;} header-searchbox.active, #kbsearch:focus {width: 100%; transition: 1s ease-in-out;} #helpForumsLink #menu-dropdown.ontouch {display: block;left: 25px;position: absolute;top: 52px;} #FaqsLink #kb-menu-dropdown.ontouch {display: block;left:0;position: absolute;top: 52px;} #helpForumsLink #menu-dropdown.ontouch .depth-2-list.ontouch, #FaqsLink #kb-menu-dropdown.ontouch .depth-2-list.ontouch {border: 1px solid #c4c4c4;left: calc(100% + 0px);position: absolute;top:-1px;width: 100%;display:block;background:white} #helpForumsLink #menu-dropdown.ontouch .dropdown-1-title, #helpForumsLink #menu-dropdown.ontouch .dropdown-2-title, #helpForumsLink #menu-dropdown.ontouch .dropdown-3-title,#FaqsLink #kb-menu-dropdown.ontouch .dropdown-1-title, #FaqsLink #kb-menu-dropdown.ontouch .dropdown-2-title, #FaqsLink #kb-menu-dropdown.ontouch .dropdown-3-title {display: block;text-align: left;margin-left:25px} #helpForumsLink #menu-dropdown.ontouch a.dropdown-1-title,#helpForumsLink #menu-dropdown.ontouch a.dropdown-2-title,#helpForumsLink #menu-dropdown.ontouch a.dropdown-3-title,#FaqsLink #kb-menu-dropdown.ontouch a.dropdown-1-title,#FaqsLink #kb-menu-dropdown.ontouch a.dropdown-2-title,#FaqsLink #kb-menu-dropdown.ontouch a.dropdown-3-title {font-weight:500!important;color:#8a8a8a;font-style: italic} #helpForumsLink #menu-dropdown.ontouch .depth-2-list.ontouch .depth-2-item, #FaqsLink #menu-dropdown.ontouch .depth-2-list.ontouch .depth-2-item {border-top: 1px solid #c4c4c4;} #helpForumsLink #menu-dropdown.ontouch .depth-2-list.ontouch .depth-2-item:first-of-type {border-top:none;} #helpForumsLink #menu-dropdown.ontouch .depth-2-list.ontouch .depth-3-list.ontouch {left: calc(100% + 0px);position: absolute;top:-1px;border: 1px solid #c4c4c4;width: 100%;display: block;border-bottom: none;background:white} #signin .header-bottom-item.header-bottom-link {display:inline-block; margin-top: -16px;} #signin a:hover {color:#0014a0} .signin-icon:before {content:"\f258";font-family:fsg-icon;font-size:22px;color:#363636;position:absolute;margin:-10px 0 0 -20px} .Footer {background:#f6f6f6;color:#555a62;font-size:16px;line-height:1.5;padding:18px 0; border-top:1px solid #c4c4c4} .Footer .footer-logo-wrap .footer-logo {height: auto; max-height: 32px; width: auto; margin-top:20px} .Footer .col {padding:0 0 0 15px;width: 23%; font-size: 13px; display: inline-block; vertical-align: top;} .Footer .footer-links-wrap {border-bottom: 1px solid #c4c4c4;max-width: 1172px; margin: auto;} .Footer .footer-links-wrap .col:nth-child(2), .Footer .footer-links-wrap .col:nth-child(3), .Footer .footer-links-wrap .col:nth-child(4) {border-right:1px solid #c4c4c4} .Footer .col ul {list-style: none;} .Footer .col:nth-child(2) ul {padding: 0;} .Footer .col ul li a {color: #1e1e1e; text-decoration: none;} .footer-link-title {text-transform: uppercase; color: #1e1e1e;} .footer-link-subtitle {font-size:14px; color: #1e1e1e; max-width:95%} .footer-icon {float: left; height: 30px; padding: 0 10px 60px 0;} footer.Footer .row.footer-links-wrap .col.footer-links {border:none;margin-bottom:0} footer.Footer .row.footer-links-wrap .col.footer-links h3 {font-size:16px} footer.Footer .row.footer-links-wrap .col.footer-links ul {padding:0 0 15px 0;margin-left:0} footer.Footer .row.footer-links-wrap .col.footer-links .footer-link{color:black;font-size:14px} footer.Footer .row.bottom-row .col.col-copyRight * {color:black;font-weight:400} footer.Footer .row.footer-links-wrap .col.footer-links .footer-link:hover, footer.Footer .row.bottom-row .col.col-copyRight:hover {color:#0014a0;} footer.Footer .row.bottom-row {border-top:none} footer.Footer .row.bottom-row .col {width:48%} footer.Footer .row.footer-links-wrap:nth-of-type(3) {padding-top:10px} .col-copyRight a, .social-icons-wrap a {display:inline-block; padding:5px 0; text-decoration: none; color: #1e1e1e; } .social-icons-wrap {float:right} .Footer a:hover, .Footer .col ul li a:hover, footer.Footer .row.bottom-row .col.col-copyRight *:hover {color:#0014a0} footer.Footer .row.bottom-row {padding-top:5px;max-width: 1172px;margin: auto;} footer.Footer .row.bottom-row .col.col-copyRight * {font-weight:400} social-link:hover {cursor:pointer} social-link:hover svg {fill:#0014a0} .social-link.facebook:before {content:"\f226";font-family:fsg-icon;font-size:38px;padding:10px 0;color:#363636} .social-link.youtube:before {content:"\f231";font-family:fsg-icon;font-size:38px;padding:10px 0;color:#363636} .social-link.twitter:before {content:"\f22f";font-family:fsg-icon;font-size:38px;padding:10px 0;color:#363636} .social-link.linkedin:before {content:"\f22a";font-family:fsg-icon;font-size:38px;padding:10px 0;color:#363636} .social-link.facebook:hover::before,.social-link.youtube:hover::before,.social-link.twitter:hover::before, .social-link.linkedin:hover::before {color:#0f58dc} @media screen and (max-width:991px){ header {margin:0} header .row:nth-child(1) {height:64px} .Header-logo img {margin: 17px 8px 8px 16px;} .Hamburger-border {position: absolute; right: 60px; border-left: 1px solid #fff; height: 64px; width: 50px; top: 0; z-index: 20; border-right: 1px solid white; padding-right: 10px;} .Hamburger {display:block;position: absolute; top: 8px; left: calc(100% - 52px); z-index: 20;-webkit-box-align: center; -webkit-box-pack: center;-webkit-user-select: none; align-items: center; background: transparent; border: none; border-radius: 0;cursor: pointer;justify-content: center; outline: none;transition: .35s;} .Hamburger-menuXcross {height: 25px; padding: 0; width: 26px;} .Hamburger-menuLines {-o-transition: .35s;-webkit-transition: .35s; background-color: #fff; border-radius: 2px; display: inline-block; height: 2px; position: relative; transition: .35s; width: 26px;} .Hamburger-menuLines::before {top: 6px; } .Hamburger-menuLines::after {top: -6px;} .Hamburger-menuLines::after, .Hamburger-menuLines::before {-ms-transform-origin: 5.5px center;-o-transition: .35s;-webkit-transform-origin: 5.5px center;-webkit-transition: .35s;background-color: #fff;border-radius: 2px; content: ""; display: inline-block; height: 2px;left: 0;position: absolute;transform-origin: 5.5px center;transition: .35s;width: 26px;} .sr-only {position: absolute !important;width: 1px !important;height: 1px !important;padding: 0 !important;margin: -1px !important;overflow: hidden !important;clip: rect(0,0,0,0) !important;border: 0 !important;} .Hamburger-menuXcross.isToggled .Hamburger-menuLines::before {-webkit-transform: rotate(45deg); transform: rotate(45deg);} .Hamburger-menuXcross.isToggled .Hamburger-menuLines::after {-webkit-transform: rotate(-45deg);transform: rotate(-45deg);} .Hamburger-menuXcross.isToggled .Hamburger-menuLines::after, .Hamburger-menuXcross.isToggled .Hamburger-menuLines::before {-ms-transform-origin: 50% 50%;-webkit-transform-origin: 50% 50%;background-color: hsla(0,0%,100%,.6); left: 0;top: 0;transform-origin: 50% 50%;width: 26px;} .Hamburger-menuXcross.isToggled .Hamburger-menuLines {background: transparent;} .isToggled .Hamburger-menuLines {-webkit-transform: scaleX(1);transform: scaleX(1);} #signin {text-align:center; margin: auto; color:white} #signin a {text-decoration: none; color:white;} .header-top-links, .bottom-header {display: none} .header-coveosearch {margin-top:0} .header-searchcontainer {color: white; text-align: right; margin: 8px 18px 0 0;} .header-search { padding: 5px 0 0 0; width: 60px; margin: auto; display: block; position: absolute; right: 17px; top: 8px;} .searchboxtoggle {color:white} .header-searchbox {position: absolute; right: 60px; top: 0; height:65px; width:85%;z-index:30} .CoveoSearchInterface {margin-top:-3px} .CoveoSearchbox {margin-top:0;} .CoveoSearchInterface .CoveoSearchbox {margin-right:0;height:65px;} .CoveoSearchButton.coveo-accessible-button, .CoveoSearchbox .magic-box .magic-box-input > input {height:65px} #kbsearch {height:66px} .banner-middleContainer_f1l0wf96 {box-shadow: inset 0 10px 10px -10px #000;} #homeLink, #helpForumsLink, #FaqsLink, #userguidesLink, #supportLink, .header-right {width:100%; text-align: left; margin: 0; } #userguidesLink, #supportLink {border-top: 1px solid #dfdfdf;} #helpForumsLink, #FaqsLink {margin: 0 0 10px 25px;} .top-header-link {text-transform: uppercase; font-weight:700; color:#1e1e1e; font-size:14px; padding:15px 15px; line-height: 2em;} #dropdownnavi .top-header-link {margin: 3px 0 0 10px;} .header-bottom-link::after {background:none;} .header-bottom-item .header-bottom-link {margin:0 10px} .depth-1-list, .depth-2-list, .depth-3-list {list-style: none; margin: 0; padding:0 0 0 40px} .kb-lang-title {text-align:left;} #menu-dropdown {margin-top: -20px;} #kb-menu-dropdown .depth-2-list.open {padding-left:30px} .depth-1-list a, .depth-2-list a, .depth-3-list a {color:#1e1e1e} .smdropdown-alt {line-height: 0; margin:0; padding: 0 0 10px 0;} .smdropdown-link {color:#acacac!important; font-style: italic;} .depth-1-list, .depth-2-list, .depth-3-list {display: none; margin: -20px 0 0 0; padding: 0 0 0 15px;} .header-right {float: right;padding: 8px 0; height: 30px; border-radius: 0; box-shadow: 0 3px 5px #1e1e1e; background:#0014a0; text-align: right;} .signin-icon {display: none;} #signin .header-bottom-item.header-bottom-link {margin-top: -10px;} .open {display: block;} .Footer .col {display: block; width:96%; padding: 0 20px 15px 20px} .Footer .col.col-copyRight, .Footer .col.col-social {width:90%} footer .container {width:95%} .col.footer-logo-wrap {text-align: center;} .col-copyRight a {padding: 10px 0 0 20px;} .social-icons-wrap a {padding: 10px 0 0 0;} .Footer .footer-links-wrap {padding-bottom:none; border-bottom:none;} .Footer .footer-links-wrap .col:nth-child(2), .Footer .footer-links-wrap .col:nth-child(3), .Footer .footer-links-wrap .col:nth-child(4) {border-bottom:1px solid #c4c4c4; border-right:none} footer.Footer .row:nth-of-type(2).footer-links-wrap .col.footer-links:last-of-type {border-bottom:none} a.dropdown-1-title, a.dropdown-2-title, a.dropdown-3-title {color: #8a8a8a; font-style: italic;} .header-bottom-link:focus::after, .header-bottom-link:hover .smdropdown::after,.smdropdown::after,.depth-1-url::after,.depth-2-url::after {content:"\f1f5";font-family:fsg-icon;font-size:26px;color:#363636;position:absolute} .smdropdown.change::after,.depth-1-url.change::after,.depth-2-url.change::after {content:"\f131";} .footer-link-title {width:94%} .footer-link-title::after {content:"\f1f5";font-family:fsg-icon;font-size:26px;color:#363636;float:right!important} .footer-link-title.change::after {content:"\f131";} footer.Footer .row.footer-links-wrap .col.footer-links ul {display:none} footer.Footer .row.footer-links-wrap .col.footer-links ul.open {display:block; padding-bottom:30px} footer.Footer .row.footer-links-wrap:nth-of-type(3) {border-bottom:none} footer.Footer .row.footer-links-wrap .col.footer-links {border-bottom:1px solid #dfdfdf;} footer.Footer .row.footer-links-wrap .col.footer-links, footer.Footer .row.footer-links-wrap .col.footer-links:last-of-type {padding:10px 0 0 20px} footer.Footer .row.footer-links-wrap .col.footer-links .footerdropdown::hover {cursor:pointer!important} .row.bottom-row {display:flex;} .Footer .col.col-copyRight, .Footer .col.col-social {width:50%;padding:0} .social-icons-wrap {margin-top:-15px} } @media screen and (min-width:992px){ .Hamburger, .dropdownnavi .top-header-link, #userguidesLink, #supportLink, .smdropdown-alt {display: none;} .bottom-header {display: block;} .header-top-link::after {background: #fff;} header .row:nth-child(2) {background-color:white; box-shadow: 0 3px 5px rgba(0,0,0,0.1);} .depth-1-list, .depth-2-list, .depth-3-list {list-style: none; margin: 0; padding-left: 0; box-shadow: 0 4px 4px rgba(0,0,0,.1);} .depth-1-item, .depth-2-item, .depth-3-item {padding-left:15px; border-bottom:1px solid #dfdfdf; position: relative;} .depth-1-item a, .depth-2-item a, .depth-3-item a {color: #1e1e1e;} .header-bottom-link::after {background: #0014a0;} .header-top-link.active::after, .header-top-link:hover::after, .header-bottom-link.active::after, .header-bottom-link:hover::after {bottom: 0; content: ""; display: block; height: 5px; left: -15px; margin: auto; position: absolute; width: calc(100% + 35px);} .header-bottom-link.smdropdown:hover, .header-bottom-link.smdropdown.active {color:#0014a0} .header-searchbox {position:absolute;top:0;right:60px; margin:0; z-index: 200; } .header-searchbox.active {width:500px;transition: 1s ease-in-out;} #kbsearch {width:350px;} #menu-dropdown, #kb-menu-dropdown {position: absolute; z-index: 100; background: white; text-align: left; margin: 1px 0 0 -15px;} #menu-dropdown, #kb-menu-dropdown .depth-1-list {width:300px} #kb-menu-dropdown .depth-1-url {color:#8a8a8a} #kb-menu-dropdown .depth-2-list {width:350px!important} #profile-menu {position: absolute; z-index: 100; background: white; width: 350px; text-align: left; width:260px; margin: 0 0 0 -230px; border: 1px solid #c4c4c4; border-radius: 5px; box-shadow: 0 4px 4px rgba(0,0,0,.1);} #menu-dropdown, #menu-dropdown .depth-2-list, #menu-dropdown .depth-3-list, #kb-menu-dropdown, #kb-menu-dropdown .depth-2-list, #profile-menu {display:none;} #helpForumsLink:hover #menu-dropdown, #FaqsLink:hover #kb-menu-dropdown, #profiledropdown:hover #profile-menu {display: block;} #menu-dropdown .depth-1-item:hover .depth-2-list, #menu-dropdown .depth-2-item:hover .depth-3-list, #kb-menu-dropdown .depth-1-item:hover .depth-2-list { display: block; left: calc(100%); background: #fff; border: 1px solid #c4c4c4; position: absolute; top: 0; width: 100%;} #kb-menu-dropdown .depth-1-url {margin:0} #menu-dropdown .depth-1-item:nth-child(3) .depth-2-list, #menu-dropdown .depth-2-item:hover .depth-3-list {top:-1px} .depth-1-item:hover, .depth-2-item:hover, .depth-3-item:hover {pointer:cursor;background-color:#f8f8f8} #helpForumsLink .depth-1-item:hover .depth-1-url, .depth-2-item:hover .depth-2-url, .depth-3-item:hover .depth-3-url, #kb-menu-dropdown .depth-2-item:hover .depth-3-url {color:#0014a0} #FaqsLink .depth-1-item:hover, #FaqsLink .depth-1-item:hover .depth-1-url {cursor:default} .header-right {float: right; margin: 8px 15px 0 0; padding: 3px; height: 30px; border-radius: 3px;} #dropdownnavi {margin: -1px 0 0 -13px;width:50%} #dropdownnavi .top-header-link, .dropdown-1-title, .dropdown-2-title, .dropdown-3-title {display:none} .header-bottom-link.smdropdown {line-height:53px} #signin {display:flex; margin: 1px -12px 0 0} #signin .header-bottom-item.header-bottom-link {margin-top:-14px; height:54px} #signin span {margin-top: 3px;} .signin-icon {padding: 4px 0 20px 0;} .header-bottom-link.smdropdown:before {content:"\f1f5";font-family:fsg-icon;font-size:26px;float: right;} #helpForumsLink:hover .header-bottom-link.smdropdown::before, #FaqsLink:hover .header-bottom-link.smdropdown::before, .header-bottom-link.smdropdown:hover::before {content:"\f131";} .depth-1-item:before, #helpForumsLink .depth-2-item:before {content:"\f1f6";font-family:fsg-icon;font-size:26px;float: right;} .depth-1-item:hover::before, #helpForumsLink .depth-2-item:hover::before {content:"\f132";} }

Elements Endpoint Detection and Response (EDR) detects a safe application. How to whitelist the detection? - F-Secure Community

Issue:

F-Secure Elements Endpoint Detection and Response (EDR) detects a safe application (e.g. an in-house application). How to whitelist the detection?

Resolution:

To whitelist a file directly, complete the following:

1. Log in to the Elements Security Center at here
2. Click on the bricks symbol at top right corner of the page and choose Endpoint Detection and Response
3. Go to the Devices page
4. Go to Detections tab, tick the Broad Context Detections check box.
5. Click "Update status" option at bottom page.
6. Select "Closed" from drop down menu, then select reason as "False positive"
7. Click "Update" option.

Once you have at least 1 incident that is identical to the incident, and there is no identical incident where status is closed as confirmed, the false positive handling in F-Secure Elements Endpoint Detection and Response (EDR) will close the false-positive automatically.

In the event that this has been completed multiple times and the file still gets detected, make a whitelist request for the False Positive event as follows:

From the left-hand menu in the F-Secure Elements Endpoint Detection and Response (EDR), click the three dots below Reports and choose Support
Click the link Request whitelisting, this will bring up a support request form
Verify that the following fields are populated correctly:
- Problem Category -> Threat/Malware
- Problem Subcategory -> False Positive
- Product Group -> For Business
- Product Name -> Rapid Detection & Response
- Language -> English
Under Description, provide the Broad Context Detection ID (BCD-ID), a reason for why this content should be whitelisted and the scope (Single host, company level, etc)
Fill in the rest of the required case information. Correct and complete information helps us to identify you and provide you with the proper service level
Click Send to open the support ticket

Article no: 000008622