Rapid Detection & Response (RDR) detects a safe application (e.g. an in-house application). How to whitelist the detection?
To whitelist a file directly, complete the following:
Select Closed, followed by False positive under the respective detection to whitelist. Once you have at least 3 incidents that are identical to the incident, and there is no identical incident where status is closed as confirmed, the false positive handling in RDR will close the false positive automatically.
In the event that this has been completed multiple times and the file still gets detected, make a whitelist request for the False Positive event as follows:
From the left-hand menu in the RDR portal, click the three dots below Reports and choose Support Click the link Request whitelisting, this will bring up a support request form Verify that the following fields are populated correctly:
Problem Category -> Threat/Malware Problem Subcategory -> False Positive Product Group -> For Business Product Name -> Rapid Detection & Response Language -> English
Under Description, provide the Broad Context Detection ID (BCD-ID), a reason for why this content should be whitelisted and the scope (Single host, company level, etc) Fill in the rest of the required case information. Correct and complete information helps us to identify you and provide you with the proper service level Click Send to open the support ticket
Article no: 000008622
How can I reset a forgotten Rapid Detection and Response Service (RDS) portal password?
In order to reset your password, do the following: Open the RDS login page https://portal.rds.f-secure.com. Click the Forgot your password button. Type in your email address, and click Send. This will send you an email with a link to reset your password. If you can't find this email in your inbox, check your spam or junk mail folder. (Note: The password reset link in the email expires in two hours). Click on the link in the email. Type in your new password and click on Reset. The new password is immediately taken into use. Go back to the login page, enter your new credentials and log in. If you do not receive the Password Reset Email, then contact F-Secure Technical Support.
Article no: 000018066
What is the firewall configuration requirement for F-Secure Rapid Detection Service (RDS) network sensor?
As the device needs to call the RDS backend for collection and management purposes, you must allow connections to the following hosts:
doorman.sc.fsapi.com over TCP port 443 lorsp.sc.fsapi.com over TCP port 443 lorsp.sc2.fsapi.com over TCP port 443 por1-timon-alpha02.sp.f-secure.com over TCP ports 4505 and 4506 time.f-secure.com over UDP port 123
Should there be no way of whitelisting on a per-domain basis, IP addresses are provided below:
220.127.116.11 over TCP port 443 18.104.22.168, 22.214.171.124, 126.96.36.199 over TCP port 443 188.8.131.52 over TCP ports 4505 and 4506 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124 over UDP port 123
Note: The IP addresses can change due to modifications to the backend environment; use the command dig +noall +answer <domain.to.check> (Linux) or nslookup <domain.to.check> (Windows) to get the IP address to which the domain <domain.to.check> resolves.
Article no: 000003525
If installing the sensor does not succeed, follow these steps to troubleshoot:Check that the sensor.conf file is copied to the correct location and has the correct privileges, and then rerun the installation.
After installing standalone Rapid Detection and Response (RDR), the GUI displays error device sensors are not operational and license expired
A most common mistake for standalone Rapid Detection and Response (RDR) sensor is installing MSI using the package without providing any MSI Transformation file (.mst) file, or any voucher in the command line. Those sensors will be in non-operation and expired. In order to fix this, the administrator needs to uninstall the RDR client first then reinstall it with the proper license. Note: There is a different subscription key type for Workstation and Server. The keycode is not compatible if used between the platforms. Below is the example for installation using the executable installer:
RDRStandaloneOnlineInstaller.exe --voucher ABCD-1234-BGFD --silent
For MSI package, refer to guide below to generate an MSI Transformation file (.mst) and embed the license key into the MSI package.
Refer here on installing the F-Secure Rapid Detection and Response client software for Windows Refer here on Installing the client software for Windows remotely
Article no: 000010539