Outage in WithSecure

Memory leak in latest WithSecure Elements EDR / WithSecure Countercept Windows sensor

Resolved Minor
January 26, 2023 - Started about 1 year ago - Lasted 5 days
Official incident page

Need to monitor WithSecure outages?
Stay on top of outages with IsDown. Monitor the official status pages of all your vendors, SaaS, and tools, including WithSecure, and never miss an outage again.
Start Free Trial

Outage Details

We have identified a memory leak in the latest WithSecure Countercept and WithSecure Elements Endpoint Detection and Response sensor driver, which is part of the Windows Sensor 2022.5 which was released to production on 16th of January 2023. The impact varies vastly host to host, some machines would barely notice this while others can degrade in a few days. This can be identified by observing the non paged memory pool growing. A workaround is: For Countercept: "C:\Program Files (x86)\F-Secure\MDR\Ultralight\sensor\1670403971\sensor_control.exe" --restart-sensor For Elements EDR: "C:\Program Files (x86)\F-Secure\PSB\Ultralight\sensor\1670403971\sensor_control.exe" --restart-sensor We are currently testing a new sensor version to resolve the issue.
Components affected
WithSecure Detection Cloud WithSecure Detection Cloud
Latest Updates ( sorted recent to last )
RESOLVED about 1 year ago - at 01/31/2023 11:00AM

This incident has been resolved.

MONITORING about 1 year ago - at 01/30/2023 10:17AM

We have released a new sensor version to resolve the issue.

The sensor release is currently being distributed to all hosts.

The new version is sensor version is 2022.5.53.
You can verify the installation from the portal:
For WithSecure Countercept: under the version column
For WithSecure Elements EDR: under Device details view

No reboot is necessary to take the update into use.

IDENTIFIED about 1 year ago - at 01/26/2023 01:47PM

We have identified a memory leak in the latest WithSecure Countercept and WithSecure Elements Endpoint Detection and Response sensor driver, which is part of the Windows Sensor 2022.5 which was released to production on 16th of January 2023.

The impact varies vastly host to host, some machines would barely notice this while others can degrade in a few days.
This can be identified by observing the non paged memory pool growing.

A workaround is:

For Countercept:
"C:\Program Files (x86)\F-Secure\MDR\Ultralight\sensor\1670403971\sensor_control.exe" --restart-sensor
For Elements EDR: "C:\Program Files (x86)\F-Secure\PSB\Ultralight\sensor\1670403971\sensor_control.exe" --restart-sensor

We are currently testing a new sensor version to resolve the issue.

Latest WithSecure outages

Elements Agent for Mac 24.1 does not remove automatically previous version of the agent. - 7 days ago
WithSecure Downloads page - downloading installers may fail - about 2 months ago
WithSecure support webpage is down "404: The page could not be found". - 2 months ago
WithSecure Elements Endpoint Protection performance issues on MacOS 14 Sonoma - 3 months ago
Webform submission showing error "Please check the data you sent" when trying to file a support ticket. - 4 months ago

The easiest way to monitor WithSecure and all cloud vendors

With IsDown, you can monitor all your critical services' official status pages from one centralized dashboard and receive instant alerts the moment an outage is detected. Say goodbye to constantly checking multiple sites for updates and stay ahead of outages with IsDown.

Start free trial

No credit card required · Cancel anytime · 3153 services available

Integrations with Slack Microsoft Teams Google Chat Datadog PagerDuty Zapier Discord Webhook

Setup in 5 minutes or less

How much time you'll save your team, by having the outages information close to them?

14-day free trial · No credit card required · Cancel anytime

Start today for FREE