We have released a new sensor version to resolve the issue.
The sensor release is currently being distributed to all hosts.
The new version is sensor version is 2022.5.53. You can verify the installation from the portal: For WithSecure Countercept: under the version column For WithSecure Elements EDR: under Device details view
No reboot is necessary to take the update into use.
Posted Jan 30, 2023 - 10:17 UTC
Identified
We have identified a memory leak in the latest WithSecure Countercept and WithSecure Elements Endpoint Detection and Response sensor driver, which is part of the Windows Sensor 2022.5 which was released to production on 16th of January 2023.
The impact varies vastly host to host, some machines would barely notice this while others can degrade in a few days. This can be identified by observing the non paged memory pool growing.
A workaround is:
For Countercept: "C:\Program Files (x86)\F-Secure\MDR\Ultralight\sensor\1670403971\sensor_control.exe" --restart-sensor For Elements EDR: "C:\Program Files (x86)\F-Secure\PSB\Ultralight\sensor\1670403971\sensor_control.exe" --restart-sensor
We are currently testing a new sensor version to resolve the issue.
Posted Jan 26, 2023 - 13:47 UTC
This incident affected: WithSecure Elements Endpoint Detection and Response (Detection Processing) and WithSecure Countercept (Detection Processing).