Rapid Detection & Response (RDR) detects a safe application (e.g. an in-house application). How do I whitelist the detection?
To whitelist a file directly complete the following:
Select Not an Incident and then followed by False positive under the respective detection to whitelist. Once you have at least 3 incidents that are identical to the incident, and there is no identical incident that status is closed as confirmed, the false positive handling in RDR will close the false positive automatically.
In the event that this has been completed multiple times and the file still gets detected, make a whitelist request for the False Positive event as follows: RDR portal > Support > Request whitelisting
Open a Customer Support request of Problem Category - Threat/Malware and Subcategory - False Positive for whitelisting request of Broad Context Detection, File or URL which is part of BCD (Broad Context Detection). Provide the required information, reason for whitelisting and the scope (Single host, company level, etc). Open a support case (www.f-secure.com/en/web/business_global/support/support-request), and provide the BCD-ID to us.
Article no: 000008622
If installing the sensor does not succeed, follow these steps to troubleshoot:Check that the sensor.conf file is copied to the correct location and has the correct privileges, and then rerun the installation.
What is the firewall configuration requirement for F-Secure Rapid Detection Service (RDS) network sensor?
As the device needs to call the RDS backend for collection and management purposes, you must allow connections to the following hosts:
doorman.sc.fsapi.com over TCP port 443 lorsp.sc.fsapi.com over TCP port 443 lorsp.sc2.fsapi.com over TCP port 443 por1-timon-alpha02.sp.f-secure.com over TCP ports 4505 and 4506 time.f-secure.com over UDP port 123
Should there be no way of whitelisting on a per-domain basis, IP addresses are provided below:
126.96.36.199 over TCP port 443 188.8.131.52, 184.108.40.206, 220.127.116.11 over TCP port 443 18.104.22.168 over TCP ports 4505 and 4506 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206 over UDP port 123
Note: The IP addresses can change due to modifications to the backend environment; use the command dig +noall +answer <domain.to.check> (Linux) or nslookup <domain.to.check> (Windows) to get the IP address to which the domain <domain.to.check> resolves.
Article no: 000003525
After installing standalone Rapid Detection and Response (RDR), the GUI displays error device sensors are not operational and license expired
A most common mistake for standalone Rapid Detection and Response (RDR) sensor is installing MSI using the package without providing any MSI Transformation file (.mst) file, or any voucher in the command line. Those sensors will be in non-operation and expired. In order to fix this, the administrator needs to uninstall the RDR client first then reinstall it with the proper license. Note: There is a different subscription key type for Workstation and Server. The keycode is not compatible if used between the platforms. Below is the example for installation using the executable installer:
RDRStandaloneOnlineInstaller.exe --voucher ABCD-1234-BGFD --silent
For MSI package, refer to guide below to generate an MSI Transformation file (.mst) and embed the license key into the MSI package.
Refer here on installing the F-Secure Rapid Detection and Response client software for Windows Refer here on Installing the client software for Windows remotely
Article no: 000010539