Advanced Threat Protection

Sort by:
F-Secure Rapid Detection & Response (RDR) monitors endpoints (assets) and network events which are analyzed in real-time using real-time behavioral,...
View full article
Issue: Why is the Isolate Host button missing from the assets' information page in the Rapid Detection and Response (RDR) portal? Resolution: Isolate Host function in the RDR Portal is only available for PSB Computer Protection / Server Protection + RDR hosts.  Business Suite + RDR hosts do not have the option to isolate via the RDR portal, but can be isolated using the Policy Manager Console Operations tab. Article no: 000019141
View full article
Issue: How to activate Rapid Detection & Response when using Policy Manager? Resolution: Activating endpoint sensors Endpoint sensors are lightweight, discreet sensors, which are included in Client Security 14.10 and Server Security 14.00 and newer. These sensors collect behavioral data from endpoint devices and are specifically designed to withstand a wide range of attacks. You need an activation keycode for registering the Rapid Detection and Response (RDR) sensors. Contact your F-Secure partner to get your RDR for Business Suite keycode. Select the target domain. Go to the Settings tab and select the Rapid Detection & Response page. Enter your sensor activation keycode for the corresponding host type (workstations or servers). Select Enable Rapid Detection & Response. Click the following icon to distribute the policy: Article no: 000016253
View full article
Issue: F-Secure RDR client fails installation without any errors Resolution: There can be several root causes; 1. Firewall could be preventing additional downloads from F-Secure URLs. Check that the firewall settings or rules are not causing the download to time out. 2. Wrong command line parameter used. Article no: 000007020
View full article
Issue: F-Secure Countercept have been installed for a few months, however, there have been no detections since installation.  Resolution: You can proceed to check if omniagent is running by following steps below: Open Services (services.msc) or Taskmanager Look for omniagent running in the service list  Note: F-Secure Countercept is known to have very low false positive, so it is normal to have no detections for new customers with a small number of hosts.    Article no: 000020280
View full article
The RDS Windows sensor supports both 32-bit and 64-bit platforms and is designed to run on both client and server versions of the Microsoft Windows...
View full article
The RDS Mac sensor supports the following versions of the macOS operating systems: Supported operating system Client version 3.0 4.0 5.0 5.2 5.3 macOS...
View full article
The RDS Linux sensor is designed to run on any recent major version of the following 64-bit (amd64) Linux distributions. Note: Containers are not...
View full article
In this article, we outline the system and environment requirements necessary for deploying RDS sensors.
View full article
GDPR regulatory demands require companies to be prepared for post-compromise breach detection, and invest in rapid response capabilities against...
View full article
Issue: I have F-Secure Rapid Detection and Response (RDR) installed on two devices. However, I notice that these devices are replacing each other repeatedly under the Assets list in the portal. At the very beginning, I can only find device A in the Assets list, while device B is missing. At a later stage, device B show up in the Assets list, while device A goes missing. Resolution: Most likely, these devices share the same host ID. This could happen in case the disk serial number/SMBIOS GUID is redundant on the devices. The product host ID generation uses the first hard disk serial number. If it is empty, the SMBIOS GUID is used. You can run the following command on the devices to verify: wmic diskdrive get Name, Manufacturer, Model, InterfaceType, MediaType, SerialNumber wmic path win32_computersystemproduct get uuid Article no: 000016495
View full article
Issue: There is a date / time mismatch between the Rapid Detection & Response (RDR) execution start and the detection. How is that possible? Resolution: The host needs to be turned ON and have an active internet connection for the host to upload the detection information to the RDR portal. If the host goes to sleep mode or loses internet connection, it is expected behavior for the execution start and the detection time / date to differ. Article no: 000018604
View full article
Issue: Rapid Detection & Response (RDR) detects a safe application (e.g. an in-house application). How to whitelist the detection? Resolution: To whitelist a file directly, complete the following: Select Closed, followed by False positive under the respective detection to whitelist. Once you have at least 3 incidents that are identical to the incident, and there is no identical incident where status is closed as confirmed, the false positive handling in RDR will close the false positive automatically. In the event that this has been completed multiple times and the file still gets detected, make a whitelist request for the False Positive event as follows: From the left-hand menu in the RDR portal, click the three dots below Reports and choose Support Click the link Request whitelisting, this will bring up a support request form Verify that the following fields are populated correctly:  Problem Category -> Threat/Malware Problem Subcategory -> False Positive Product Group -> For Business Product Name -> Rapid Detection & Response Language -> English Under Description, provide the Broad Context Detection ID (BCD-ID), a reason for why this content should be whitelisted and the scope (Single host, company level, etc) Fill in the rest of the required case information. Correct and complete information helps us to identify you and provide you with the proper service level Click Send to open the support ticket Article no: 000008622
View full article
Issue: How can I reset a forgotten Rapid Detection and Response Service (RDS) portal password? Resolution: In order to reset your password, do the following:  Open the RDS login page https://portal.rds.f-secure.com.  Click the Forgot your password button. Type in your email address, and click Send. This will send you an email with a link to reset your password. If you can't find this email in your inbox, check your spam or junk mail folder. (Note: The password reset link in the email expires in two hours). Click on the link in the email. Type in your new password and click on Reset. The new password is immediately taken into use. Go back to the login page, enter your new credentials and log in. If you do not receive the Password Reset Email, then contact F-Secure Technical Support. Article no: 000018066
View full article
Issue: What is the firewall configuration requirement for F-Secure Rapid Detection Service (RDS) network sensor? Resolution: As the device needs to call the RDS backend for collection and management purposes, you must allow connections to the following hosts: doorman.sc.fsapi.com over TCP port 443 lorsp.sc.fsapi.com over TCP port 443 lorsp.sc2.fsapi.com over TCP port 443 por1-timon-alpha02.sp.f-secure.com over TCP ports 4505 and 4506 time.f-secure.com over UDP port 123 Should there be no way of whitelisting on a per-domain basis, IP addresses are provided below: 52.211.24.218 over TCP port 443 52.30.135.216, 52.214.234.48, 34.251.224.248 over TCP port 443 46.228.134.213 over TCP ports 4505 and 4506 46.228.134.122, 46.228.134.123, 52.211.114.129, 34.241.107.203 over UDP port 123  Note: The IP addresses can change due to modifications to the backend environment; use the command dig +noall +answer <domain.to.check> (Linux) or nslookup <domain.to.check> (Windows) to get the IP address to which the domain <domain.to.check> resolves. Article no: 000003525
View full article
The Windows sensor does not install and the following message appears:
View full article
If installing the sensor does not succeed, follow these steps to troubleshoot:Check that the sensor.conf file is copied to the correct location and has the correct privileges, and then rerun the installation.
View full article
Run the following commands to remove a failed installation, and then rerun the installation:
View full article
The RDS portal user can configure daily, weekly and monthly reports on detections perceived in the monitored IT environment. The reports contain...
View full article
To collect the client's database and diagnostic information, do as follows:
View full article
Use the diagnostics tool included in the product to collect diagnostic information as follows:
View full article
Use the diagnostics tool included in the product to collect diagnostic information as follows:
View full article
The RDS Windows sensor supports several approaches to configuring proxy information.
View full article
To ensure that the RDS sensors are fully operational, we strongly recommend that you allow the connection to these entire sub-domains:
View full article
The Rapid Detection and Response Service uses the data, as well as our human expertise to respond to the severity in the appropriate way. For example,...
View full article
F-Secure Rapid Detection & Response Service (RDS) is a managed intrusion detection and response service that combines the best technology with the...
View full article
For servers, we are currently able to collect the necessary data with our generic sensors, so there is no need for separate server sensors.
View full article
When an update to the RDS sensors is available, F-Secure notifies your organization.
View full article
No. RDS only works with a working internet connection, as it is a cloud solution. However, proxy support is available.
View full article
F-Secure Rapid Detection & Response (RDR) has been designed to provide advanced threat protection for today's rapidly evolving security landscape....
View full article
Aside from detecting threats based on system and network behaviors as well as events, F-Secure Rapid Detection & Response (RDR) provides system...
View full article
F-Secure Rapid Detection & Response (RDR) and F-Secure Rapid Detection & Response Service (RDS) are both detection and response services concerned...
View full article
F-Secure Rapid Detection & Response (RDR) is a solution for partners that enables end-customers to respond to threats promptly with built-in...
View full article
EDR stands for Endpoint Detection and Response (EDR). Endpoint Detection Response (EDR) solutions are designed to continuously monitor and respond to...
View full article
Understanding the scope of a targeted attack is easy with a broad context of detections visualized on a timeline that includes all impacted hosts,...
View full article
The F-Secure Rapid Detection & Response (RDR) sensor collects event-based data such as:
View full article
F-Secure Rapid Detection & Response prepares you against data breaches and gives you the ability to analyze and respond to data breaches when they...
View full article
Endpoint Detection and Response (EDR) solutions and endpoint protection products (EPP) serve different purposes in the threat landscape. EPP products...
View full article
Issue: After installing standalone Rapid Detection and Response (RDR), the GUI displays error device sensors are not operational and license expired  Resolution: A most common mistake for standalone Rapid Detection and Response (RDR) sensor is installing MSI using the package without providing any MSI Transformation file (.mst) file, or any voucher in the command line. Those sensors will be in non-operation and expired. In order to fix this, the administrator needs to uninstall the RDR client first then reinstall it with the proper license.  Note: There is a different subscription key type for Workstation and Server. The keycode is not compatible if used between the platforms. Below is the example for installation using the executable installer: RDRStandaloneOnlineInstaller.exe --voucher ABCD-1234-BGFD --silent For MSI package, refer to guide below to generate an MSI Transformation file (.mst) and embed the license key into the MSI package. Refer here on installing the F-Secure Rapid Detection and Response client software for Windows Refer here on Installing the client software for Windows remotely Article no: 000010539
View full article