Advanced Threat Protection

Sort by:
GDPR regulatory demands require companies to be prepared for post-compromise breach detection, and invest in rapid response capabilities against...
View full article
Issue: I have F-Secure Rapid Detection and Response (RDR) installed on two devices. However, I notice that these devices are replacing each other repeatedly under the Assets list in the portal. At the very beginning, I can only find device A in the Assets list, while device B is missing. At a later stage, device B show up in the Assets list, while device A goes missing. Resolution: Most likely, these devices share the same host ID. This could happen in case the disk serial number/SMBIOS GUID is redundant on the devices. The product host ID generation uses the first hard disk serial number. If it is empty, the SMBIOS GUID is used. You can run the following command on the devices to verify: wmic diskdrive get Name, Manufacturer, Model, InterfaceType, MediaType, SerialNumber wmic path win32_computersystemproduct get uuid Article no: 000016495
View full article
Issue: There is a date / time mismatch between the Rapid Detection & Response (RDR) execution start and the detection. How is that possible? Resolution: The host needs to be turned ON and have an active internet connection for the host to upload the detection information to the RDR portal. If the host goes to sleep mode or loses internet connection, it is expected behavior for the execution start and the detection time / date to differ. Article no: 000018604
View full article
Issue: Rapid Detection & Response (RDR) detects a safe application (e.g. an in-house application). How to whitelist the detection? Resolution: To whitelist a file directly, complete the following: Select Closed, followed by False positive under the respective detection to whitelist. Once you have at least 3 incidents that are identical to the incident, and there is no identical incident where status is closed as confirmed, the false positive handling in RDR will close the false positive automatically. In the event that this has been completed multiple times and the file still gets detected, make a whitelist request for the False Positive event as follows: From the left-hand menu in the RDR portal, click the three dots below Reports and choose Support Click the link Request whitelisting, this will bring up a support request form Verify that the following fields are populated correctly:  Problem Category -> Threat/Malware Problem Subcategory -> False Positive Product Group -> For Business Product Name -> Rapid Detection & Response Language -> English Under Description, provide the Broad Context Detection ID (BCD-ID), a reason for why this content should be whitelisted and the scope (Single host, company level, etc) Fill in the rest of the required case information. Correct and complete information helps us to identify you and provide you with the proper service level Click Send to open the support ticket Article no: 000008622
View full article
F-Secure Rapid Detection & Response (RDR) has been designed to provide advanced threat protection for today's rapidly evolving security landscape....
View full article
Aside from detecting threats based on system and network behaviors as well as events, F-Secure Rapid Detection & Response (RDR) provides system...
View full article
F-Secure Rapid Detection & Response (RDR) monitors endpoints (assets) and network events which are analyzed in real-time using real-time behavioral,...
View full article
F-Secure Rapid Detection & Response (RDR) and F-Secure Rapid Detection & Response Service (RDS) are both detection and response services concerned...
View full article
F-Secure Rapid Detection & Response (RDR) is a solution for partners that enables end-customers to respond to threats promptly with built-in...
View full article
EDR stands for Endpoint Detection and Response (EDR). Endpoint Detection Response (EDR) solutions are designed to continuously monitor and respond to...
View full article
Understanding the scope of a targeted attack is easy with a broad context of detections visualized on a timeline that includes all impacted hosts,...
View full article
The F-Secure Rapid Detection & Response (RDR) sensor collects event-based data such as:
View full article
F-Secure Rapid Detection & Response prepares you against data breaches and gives you the ability to analyze and respond to data breaches when they...
View full article
Endpoint Detection and Response (EDR) solutions and endpoint protection products (EPP) serve different purposes in the threat landscape. EPP products...
View full article
Issue: After installing standalone Rapid Detection and Response (RDR), the GUI displays error device sensors are not operational and license expired  Resolution: A most common mistake for standalone Rapid Detection and Response (RDR) sensor is installing MSI using the package without providing any MSI Transformation file (.mst) file, or any voucher in the command line. Those sensors will be in non-operation and expired. In order to fix this, the administrator needs to uninstall the RDR client first then reinstall it with the proper license.  Note: There is a different subscription key type for Workstation and Server. The keycode is not compatible if used between the platforms. Below is the example for installation using the executable installer: RDRStandaloneOnlineInstaller.exe --voucher ABCD-1234-BGFD --silent For MSI package, refer to guide below to generate an MSI Transformation file (.mst) and embed the license key into the MSI package. Refer here on installing the F-Secure Rapid Detection and Response client software for Windows Refer here on Installing the client software for Windows remotely Article no: 000010539
View full article