{"id":2264,"date":"2026-05-06T10:54:23","date_gmt":"2026-05-06T09:54:23","guid":{"rendered":"https:\/\/ws-sup.fi-s.seravo.com\/?page_id=2264"},"modified":"2026-05-22T17:11:59","modified_gmt":"2026-05-22T14:11:59","slug":"elements-endpoint-detection-and-response","status":"publish","type":"page","link":"https:\/\/support.withsecure.com\/en\/quick-start\/elements-endpoint-detection-and-response\/","title":{"rendered":"Elements Endpoint Detection and Response"},"content":{"rendered":"<section\n    class=\"wp-block-support-banner edwp-block wp-block-support-banner--bg-light-gray layout--spacing-xxxl-top layout--spacing-xxxl-bottom\"\n    >\n            <div class=\"wp-block-support-banner__container\">\n        <div class=\"wp-block-support-banner__content-wrapper\">\n                        <div class=\"wp-component-content wp-component-content--default wp-block-support-banner__content\">\n            <h2 class=\"wp-component-heading text--h2 wp-component-content__title\">\n    Getting started with WithSecure\u2122 Elements Endpoint Detection and Response<\/h2>                    <div class=\"wp-component-content__inner\">\n                                    <div class=\"wp-component-content__content wysiwyg\">\n                        <div class=\"wp-component-paragraph \">\n    <div class=\"hero-desc\">Follow the steps below to get started with using WithSecure\u2122 Elements Endpoint Detection and Response.<\/div>\n<\/div>\n                    <\/div>\n                                                            <\/div>\n                <\/div>                            <div class=\"wp-block-support-banner__searchbar wp-block-support-banner__searchbar--centered\">\n                    <div class=\"addsearch-standalone-searchbar-container\" style=\"--addsearch-searchbar-max-width: 600px;\"><\/div>\n                <\/div>\n                                <\/div>\n    <\/div>\n<\/section>\n\n\n<section\n    class=\"wp-block-accordion edwp-block layout--spacing-xxxl-top layout--spacing-xxxl-bottom\"\n    >\n    <div class=\"wp-block-accordion__container\">\n        <div class=\"wp-block-accordion__box\">\n                        <div class=\"wp-block-accordion__items\">\n                <div class=\"wp-component-accordion-item row-load wp-component-accordion-item--default wp-component-accordion-item--overlap js-wp-component-accordion-item-group\">\n            <div class=\"wp-component-accordion-item__item js-wp-component-accordion-item-item is-active\">\n                        <button\n                id=\"block_0c1f181f5cab1cef89329e31db056e5f-accordion-summary-0\"\n                class=\"wp-component-accordion-item__title js-wp-component-accordion-item-title\"\n                type=\"button\"\n                aria-expanded=\"false\"\n                aria-controls=\"block_0c1f181f5cab1cef89329e31db056e5f-accordion-0\">\n                <span class=\"wp-component-accordion-item__inner-title\">\n                                                            <span>Step 1 \u2014 Log in to Elements Security Center<\/span>\n                <\/span>\n                <div class=\"wp-component-accordion-item__toggle\">\n                    <svg class='edwp-icon edwp-icon--lrg js-icon wp-component-accordion-item__toggle__icon' aria-hidden='true'>\n                <use xlink:href='#chevron'><\/use>\n            <\/svg>                <\/div>\n            <\/button>\n            <div\n                id=\"block_0c1f181f5cab1cef89329e31db056e5f-accordion-0\"\n                class=\"wp-component-accordion-item__content js-wp-component-accordion-item-content\"\n                aria-labelledby=\"block_0c1f181f5cab1cef89329e31db056e5f-accordion-summary-0\"\n                role=\"region\">\n                <div class=\"wp-component-accordion-item__content__inner\">\n                    <div class=\"wp-component-accordion-item__content__box\">\n                        <div class=\"wp-component-paragraph wp-component-accordion-item__content-text\">\n    <div class=\"info-box\">\n<p class=\"prose\">You need a WithSecure\u2122 Business Account to access <a href=\"https:\/\/elements.withsecure.com\" target=\"_blank\" rel=\"noopener\">Elements Security Center \u2197<\/a>, the management portal for all WithSecure\u2122 Elements products.<\/p>\n<p class=\"prose\">When you purchase from a WithSecure partner, the partner typically creates your first administrator account and sends you an email with a temporary password. If your account hasn&#8217;t been created yet but you have a subscription key, go to\u00a0<a href=\"https:\/\/elements.withsecure.com\/self-register\" target=\"_blank\" rel=\"noopener\">elements.withsecure.com\/self-register \u2197<\/a>\u00a0to create one.<\/p>\n<div class=\"info-box\"><strong>Tip:<\/strong>\u00a0If you haven&#8217;t received your activation email, check your junk mail folder first.<\/div>\n<\/div>\n<\/div>\n                                                                                            <\/div>\n                <\/div>\n            <\/div>\n        <\/div>\n            <div class=\"wp-component-accordion-item__item js-wp-component-accordion-item-item\">\n                        <button\n                id=\"block_0c1f181f5cab1cef89329e31db056e5f-accordion-summary-1\"\n                class=\"wp-component-accordion-item__title js-wp-component-accordion-item-title\"\n                type=\"button\"\n                aria-expanded=\"false\"\n                aria-controls=\"block_0c1f181f5cab1cef89329e31db056e5f-accordion-1\">\n                <span class=\"wp-component-accordion-item__inner-title\">\n                                                            <span>Step 2 \u2014 Deploy the endpoint sensor<\/span>\n                <\/span>\n                <div class=\"wp-component-accordion-item__toggle\">\n                    <svg class='edwp-icon edwp-icon--lrg js-icon wp-component-accordion-item__toggle__icon' aria-hidden='true'>\n                <use xlink:href='#chevron'><\/use>\n            <\/svg>                <\/div>\n            <\/button>\n            <div\n                id=\"block_0c1f181f5cab1cef89329e31db056e5f-accordion-1\"\n                class=\"wp-component-accordion-item__content js-wp-component-accordion-item-content\"\n                aria-labelledby=\"block_0c1f181f5cab1cef89329e31db056e5f-accordion-summary-1\"\n                role=\"region\">\n                <div class=\"wp-component-accordion-item__content__inner\">\n                    <div class=\"wp-component-accordion-item__content__box\">\n                        <div class=\"wp-component-paragraph wp-component-accordion-item__content-text\">\n    <p>Elements EDR works by installing a lightweight sensor on each device you want to monitor. The sensor collects behavioral event data \u2014 file accesses, process creation, network connections, registry changes \u2014 and sends it to the backend for analysis.<\/p>\n<h6 class=\"sub-heading\">Before you deploy<\/h6>\n<p>To get the best possible detection coverage, apply these recommendations on target devices before installing:<\/p>\n<ul class=\"bullet-list\">\n<li><strong>Windows:<\/strong>\u00a0Make sure a Windows audit policy is configured to generate security log events. Also ensure that PowerShell ScriptBlock logging is not disabled \u2014 turning it off limits detection capabilities.<\/li>\n<li><strong>Linux:<\/strong>\u00a0Use kernel 5.10 or newer for best performance. If using kernel 3.16 or older, make sure\u00a0<code>auditd<\/code>\u00a0is installed and configured correctly.<\/li>\n<\/ul>\n<h6 class=\"sub-heading\">Install the sensor<\/h6>\n<p>Elements EDR covers\u00a0<strong>Windows<\/strong>\u00a0(workstations and servers),\u00a0<strong>Mac<\/strong>, and\u00a0<strong>Linux<\/strong>. Choose the method that suits your environment:<\/p>\n<ul class=\"bullet-list\">\n<li><strong>Email invitation<\/strong>\u00a0\u2014 good for a small number of devices. Go to\u00a0<strong>Environment &gt; Devices<\/strong>, select the three-dots icon next to Devices, choose\u00a0<strong>Add new device<\/strong>, and follow the wizard to send users a download link.<\/li>\n<li><strong>Download the installer<\/strong>\u00a0\u2014 suited for larger deployments. Go to\u00a0<strong>Downloads<\/strong>\u00a0in the sidebar, select the package for your platform (EXE or MSI for Windows, MPKG for Mac, DEB\/RPM\/tar for Linux), select a subscription key, and download. The key is embedded in the installer.<\/li>\n<\/ul>\n<div class=\"info-box\"><strong>Deploying at scale?<\/strong>\u00a0The user guide covers deployment via Active Directory GPO, Microsoft Intune, and VDI environments. See the link in Further reading.<\/div>\n<\/div>\n                                                                                            <\/div>\n                <\/div>\n            <\/div>\n        <\/div>\n            <div class=\"wp-component-accordion-item__item js-wp-component-accordion-item-item\">\n                        <button\n                id=\"block_0c1f181f5cab1cef89329e31db056e5f-accordion-summary-2\"\n                class=\"wp-component-accordion-item__title js-wp-component-accordion-item-title\"\n                type=\"button\"\n                aria-expanded=\"false\"\n                aria-controls=\"block_0c1f181f5cab1cef89329e31db056e5f-accordion-2\">\n                <span class=\"wp-component-accordion-item__inner-title\">\n                                                            <span>Step 3 \u2014 Verify with a test detection<\/span>\n                <\/span>\n                <div class=\"wp-component-accordion-item__toggle\">\n                    <svg class='edwp-icon edwp-icon--lrg js-icon wp-component-accordion-item__toggle__icon' aria-hidden='true'>\n                <use xlink:href='#chevron'><\/use>\n            <\/svg>                <\/div>\n            <\/button>\n            <div\n                id=\"block_0c1f181f5cab1cef89329e31db056e5f-accordion-2\"\n                class=\"wp-component-accordion-item__content js-wp-component-accordion-item-content\"\n                aria-labelledby=\"block_0c1f181f5cab1cef89329e31db056e5f-accordion-summary-2\"\n                role=\"region\">\n                <div class=\"wp-component-accordion-item__content__inner\">\n                    <div class=\"wp-component-accordion-item__content__box\">\n                        <div class=\"wp-component-paragraph wp-component-accordion-item__content-text\">\n    <p>Once the sensor is installed, verify it&#8217;s working by triggering a test Broad Context Detection. Regular users don&#8217;t run the\u00a0<code>whoami<\/code>\u00a0command, so it reliably produces a detection.<\/p>\n<ol class=\"numbered-list\">\n<li>Log in to the monitored endpoint where the sensor is installed.<\/li>\n<li>Open a\u00a0<strong>Command Prompt<\/strong> and run: whoami<\/li>\n<li>Run\u00a0<code>exit<\/code>\u00a0to close the prompt, then log out of the endpoint.<\/li>\n<li>In Elements Security Center, go to\u00a0<strong>Events &gt; Broad Context Detections<\/strong>. The detection should appear within a few minutes.<\/li>\n<\/ol>\n<h6 class=\"sub-heading\">When a real detection appears<\/h6>\n<p>Each detection shows a\u00a0<strong>risk level score<\/strong>, confidence, and criticality to help you prioritize. Select a detection to see the process tree, log view, and related events. From there you can take response actions \u2014 such as isolating the host from the network \u2014 or escalate the case to WithSecure experts using\u00a0<strong>Elevate to WithSecure<\/strong>.<\/p>\n<p><strong>Tip:<\/strong>\u00a0For advanced testing using PowerShell, see Appendix A of the Elements EDR user guide.<\/p>\n<\/div>\n                                                                                            <\/div>\n                <\/div>\n            <\/div>\n        <\/div>\n    <\/div>\n                            <\/div>\n                    <\/div>\n    <\/div>\n<\/section>\n\n\n<section\n    class=\"wp-block-cards edwp-block wp-block-cards--col-3 layout--spacing-xxxl-top layout--spacing-xxxl-bottom\"\n    >\n    <div class=\"wp-block-cards__container\">\n                                                    <div class=\"wp-block-cards__cards row-load\">\n                    <article class=\"wp-component-card wp-block-cards__card wp-component-card--style-default\">\n    <div class=\"wp-component-card__content\">\n        <div>\n                                    <h2                            class=\"wp-component-card__title\"\n            >\n                User guide \u2014 Elements Endpoint Detection and Response        <\/h2>\n                    <\/div>\n                    <p class=\"wp-component-card__description\">\n                Full documentation covering deployment methods, investigation workflows, response actions, best practices, and more            <\/p>\n                            <div class=\"wp-component-card__button-wrapper\">\n                                    <a class=\"wp-component-button btn btn--primary wp-component-card__button\" href=\"https:\/\/support.withsecure.com\/userguides\/product.html#business\/edr\/latest\/en\">View Full Guide<\/a>                                            <\/div>\n            <\/div>\n<\/article>\n<article class=\"wp-component-card wp-block-cards__card wp-component-card--style-default\">\n    <div class=\"wp-component-card__content\">\n        <div>\n                                    <h2                            class=\"wp-component-card__title\"\n            >\n                WithSecure Community        <\/h2>\n                    <\/div>\n                    <p class=\"wp-component-card__description\">\n                Stay up to date with product announcements and changelogs, get answers to your questions, and share product ideas            <\/p>\n                            <div class=\"wp-component-card__button-wrapper\">\n                                    <a class=\"wp-component-button btn btn--primary wp-component-card__button\" href=\"https:\/\/community.withsecure.com\/\">Go to Community<\/a>                                            <\/div>\n            <\/div>\n<\/article>\n<article class=\"wp-component-card wp-block-cards__card wp-component-card--style-default\">\n    <div class=\"wp-component-card__content\">\n        <div>\n                                    <h2                            class=\"wp-component-card__title\"\n            >\n                Knowledge base        <\/h2>\n                    <\/div>\n                    <p class=\"wp-component-card__description\">\n                Troubleshooting and how-to articles covering sensor deployment, Broad Context Detections, response actions, and host isolation            <\/p>\n                            <div class=\"wp-component-card__button-wrapper\">\n                                    <a class=\"wp-component-button btn btn--primary wp-component-card__button\" href=\"https:\/\/community.withsecure.com\/en\/kb\/categories\/105-endpoint-detection-and-response\">Endpoint Detection and Response Knowledge Base<\/a>                                            <\/div>\n            <\/div>\n<\/article>\n                <\/div>\n                                                <\/div>\n<\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":12,"featured_media":0,"parent":2257,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-2264","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Elements Endpoint Detection and Response - WithSecure\u2122<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/support.withsecure.com\/en\/quick-start\/elements-endpoint-detection-and-response\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Elements Endpoint Detection and Response - WithSecure\u2122\" \/>\n<meta property=\"og:url\" content=\"https:\/\/support.withsecure.com\/en\/quick-start\/elements-endpoint-detection-and-response\/\" \/>\n<meta property=\"og:site_name\" content=\"WithSecure\u2122\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-22T14:11:59+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/support.withsecure.com\\\/en\\\/quick-start\\\/elements-endpoint-detection-and-response\\\/\",\"url\":\"https:\\\/\\\/support.withsecure.com\\\/en\\\/quick-start\\\/elements-endpoint-detection-and-response\\\/\",\"name\":\"Elements Endpoint Detection and Response - WithSecure\u2122\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/support.withsecure.com\\\/en\\\/#website\"},\"datePublished\":\"2026-05-06T09:54:23+00:00\",\"dateModified\":\"2026-05-22T14:11:59+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/support.withsecure.com\\\/en\\\/quick-start\\\/elements-endpoint-detection-and-response\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/support.withsecure.com\\\/en\\\/quick-start\\\/elements-endpoint-detection-and-response\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/support.withsecure.com\\\/en\\\/quick-start\\\/elements-endpoint-detection-and-response\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/support.withsecure.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Quick start\",\"item\":\"https:\\\/\\\/support.withsecure.com\\\/en\\\/quick-start\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Elements Endpoint Detection and Response\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/support.withsecure.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/support.withsecure.com\\\/en\\\/\",\"name\":\"WithSecure\u2122\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/support.withsecure.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Elements Endpoint Detection and Response - WithSecure\u2122","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/support.withsecure.com\/en\/quick-start\/elements-endpoint-detection-and-response\/","og_locale":"en_US","og_type":"article","og_title":"Elements Endpoint Detection and Response - WithSecure\u2122","og_url":"https:\/\/support.withsecure.com\/en\/quick-start\/elements-endpoint-detection-and-response\/","og_site_name":"WithSecure\u2122","article_modified_time":"2026-05-22T14:11:59+00:00","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/support.withsecure.com\/en\/quick-start\/elements-endpoint-detection-and-response\/","url":"https:\/\/support.withsecure.com\/en\/quick-start\/elements-endpoint-detection-and-response\/","name":"Elements Endpoint Detection and Response - WithSecure\u2122","isPartOf":{"@id":"https:\/\/support.withsecure.com\/en\/#website"},"datePublished":"2026-05-06T09:54:23+00:00","dateModified":"2026-05-22T14:11:59+00:00","breadcrumb":{"@id":"https:\/\/support.withsecure.com\/en\/quick-start\/elements-endpoint-detection-and-response\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/support.withsecure.com\/en\/quick-start\/elements-endpoint-detection-and-response\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/support.withsecure.com\/en\/quick-start\/elements-endpoint-detection-and-response\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/support.withsecure.com\/en\/"},{"@type":"ListItem","position":2,"name":"Quick start","item":"https:\/\/support.withsecure.com\/en\/quick-start\/"},{"@type":"ListItem","position":3,"name":"Elements Endpoint Detection and Response"}]},{"@type":"WebSite","@id":"https:\/\/support.withsecure.com\/en\/#website","url":"https:\/\/support.withsecure.com\/en\/","name":"WithSecure\u2122","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/support.withsecure.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/support.withsecure.com\/en\/wp-json\/wp\/v2\/pages\/2264","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/support.withsecure.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/support.withsecure.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/support.withsecure.com\/en\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/support.withsecure.com\/en\/wp-json\/wp\/v2\/comments?post=2264"}],"version-history":[{"count":9,"href":"https:\/\/support.withsecure.com\/en\/wp-json\/wp\/v2\/pages\/2264\/revisions"}],"predecessor-version":[{"id":2837,"href":"https:\/\/support.withsecure.com\/en\/wp-json\/wp\/v2\/pages\/2264\/revisions\/2837"}],"up":[{"embeddable":true,"href":"https:\/\/support.withsecure.com\/en\/wp-json\/wp\/v2\/pages\/2257"}],"wp:attachment":[{"href":"https:\/\/support.withsecure.com\/en\/wp-json\/wp\/v2\/media?parent=2264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}