Trusteer Rapport/Endpoint Protection

By . Last modified: 2014-08-14.

How to use Trusteer Rapport for protection from password stealers, keyloggers, phishing sites and financial malware in Windows XP, Vista, 7, 8 and 8.1

Trusteer Rapport (aka Trusteer Endpoint Protection) prevents banking trojans ZeuS, SpyEye, Silon, Torpig and other financial malware from grabbing your login credentials and robbing your bank account, or stealing your identity from other websites. It also provides protection from keylogging, screen grabbing and phishing.
The program has a list of partner web sites where its protections turn on automatically, and you can specify up to 100 other web sites to protect.

Rapport protects your personal data by creating a secure tunnel between your browser and your bank (or the website you are logging in to) and so it keeps you safe from Man-in-the-Browser malware and Man-in-the-Middle attacks. All browsers are checked for unauthorized modifications before launching to prevent Man-in-the-Browser malware infections and information theft. Trusteer Rapport also secures browsers' memory to avoid malicious code injection. Furthermore, it is well capable of removing financial malware all by itself - but do not ditch your anti-virus and anti-malware programs, for Rapport detects and removes only certain types of malware.

Keylogging protection is provided by encrypting all keystrokes that reach your Internet browser.

Phishing protection is provided like this - if you enter a protected user name/password combination on an unknown page, Rapport will pop up a warning that asks to verify you are on the correct site. This way, you will not enter your Twitter password on or, for example.

As Rapport does all this without the need for constant updates and it does not overload your Internet browser or Internet connection, the software is already offered to customers of many well-known banks.
IBM purchased Trusteer in August, 2013 and that should increase users' confidence in the security software.

Trusteer Rapport/Endpoint Protection does update itself automatically to provide best protection from newest threats, but the updates are not big in size and do not cause any delays.

Rapport works in major Internet browsers - Microsoft Internet Explorer (including even the Metro/Modern UI version of IE 10 and 11), Mozilla Firefox, Google Chrome and Apple Safari. Sadly, Opera is not supported yet.

Sounds good, right? Wink Let's get the sweetie now!

Downloading and installing Trusteer Rapport/Endpoint Protection

Go to Rapport download page, and click the link to the right of "PC users:".
Trusteer Rapport download page. Click the link for PC users to download Rapport setup file.

Because Trusteer seems to be renaming Rapport to Endpoint Protection, both names are used interchangeably in this tutorial.

Trusteer Endpoint Protection Installer will first notice you about possible firewall or anti-virus program alerts during the install. So, if you see any alerts, it is recommended to click Unblock, Yes, Allow or Permit buttons to let the setup safely finish.
Click OK.
Trusteer Endpoint Protection Installer. Warning about possible firewall and antivirus software alerts. Click OK.

Rapport/Endpoint Protection will then download the rest of installation files. Just stand by, this won't take long.
Trusteer Endpoint Protection Installer, downloading setup package. Stand by.

After this, setup will begin. Tick the I've read and agreed with Trusteer End User License Agreement check box and click Install.
Trusteer Endpoint Protection Installation. Tick the 'I've read and agreed with Trusteer End User Licence Agreement' check box. Then click Install.

The installation takes a few minutes. Click Finish after it is complete.
Trusteer Endpoint Protection, installation complete. Click Finish.

Trusteer Rapport will then open your default Internet browser and load a quick compatibility test.
Do not click the Continue button unless you see this screen for more than 15 seconds!
Trusteer Rapport Compatibility Test page. Just stand by, the screen will change by itself.

The next screen you'll see is about Compatibility Test running. Stand by.
Trusteer Rapport Compatibility Test page, please do not close this window. Just stand by.

And the last screen for Rapport Compatibility Test is "Installation Completed".
Trusteer Rapport Compatibility Test, Installation Completed.

You can safely close the browser window now.

Using Trusteer Rapport/Endpoint Protection - protecting your information on websites

You will see a new gray button with a white arrow pointing left in your browser Address Bar or Toolbar. This shows that Trusteer Rapport is running.
Please remember to always check for the icon before entering some protected website - if Rapport needs upgrading, the icon might disappear. If there is no Rapport icon in Address Bar or Toolbar, it means you are not protected.
Trusteer Rapport/Endpoint Protection button in Internet Explorer's Address Bar.

While the button is gray, Trusteer Rapport is not protecting your information on this website.
To keep your login credentials and other information safe on the website, click the Trusteer Rapport button and then click Protect this Website.
As written in the information window, it is recommended to enable Rapport for every website that contains your personal information or requires logging in. Free version protects up to 100 websites - quite enough for an average Joe.
Trusteer Rapport/Endpoint Protection button in Internet Explorer's Address Bar. To protect a website, click the gray button and then click 'Protect this Website'.

After clicking the Protect this Website button, Rapport's button turns green to show you that protection is turned on. The button will be green each time you will visit the site from now on.
Trusteer Rapport button in Internet Explorer's Address Bar. If the button is green, your information on this website is protected.

If you click the green button, Rapport/Endpoint Protection will notify you that this website is protected by Trusteer.
Trusteer Rapport's green button, this website is protected by Trusteer.

After you type in your password and hit Enter key or click some login button, Trusteer Rapport offers to start protecting your user credentials. Protecting the password means preventing phishing attacks in case you enter the same password on a fraudulent website (for example, a malicious website pretending to be your bank, PayPal or Facebook).
This also means that you should not reuse your password on many different websites. Please remember to use different passwords for different online services to prevent easy identity theft - read our Creating strong passwords and Password Safe articles to help you with this!
Click Protect.
Trusteer Endpoint Protection has identified password submission. Click Protect.

Now all you have to do is to click the gray button once for each website that you log in to in order to protect your credentials and sensitive information from password-stealing malware. Yeah, banks, online stores, webmail and social network sites should be the first in line. Laughing

Trusteer Rapport/Endpoint Protection phishing protection in action

In case you enter a protected user name/password combination on a different site (for example, your PayPal credentials on, Trusteer Rapport will pop up a Protected Information Warning dialog.
Now it is time to take a good look at browser's Address Bar and verify you are on the correct site! The warning dialog lists both the site where you normally enter this data and the site you are visiting right now.
If the site's address is not the one you were expecting, click the Get me out of here! button immediately - this could be a phishing site.
Oh, and if you tend to re-use passwords (a very, very bad security practice!) and you really are on the correct web site, click Trust this site. But please do not use the same password everywhere as this can cost you dearly in case your login credentials end up in the hands of cyber-crooks who want to empty your bank account or shop online using your credit card or virtual money.
Read the Creating strong passwords and Password Safe articles for good password practices and storing+auto-filling credentials securely!
Trusteer Rapport, Protected Information Warning, you have just entered text similar to your login on. Verify that your really are on the correct site, not a phishing page! If the site or its address looks suspicious, click 'Get me out of here!'.

In case you were on a suspicious site, Trusteer Rapport offers to go to your browser's home page or the site where you normally enter these login details.
Click either Take me to my home page, or the other link. Both are safe options.
Trusteer Rapport, Protected Information Warning, you have chosen not to send your information to the site. Click the 'Take me to my home page' link.

Configuring Trusteer Rapport/Endpoint Protection

You can change Rapport/Endpoint Protection settings by clicking (not right-clicking!) its icon in Taskbar Notification area (aka System Tray), or by clicking the program icon in browser's Address Bar and clicking Open Console.
Windows 7, Trusteer Rapport icon in System Tray. Clicking it opens Rapport/Endpoint Protection console. Trusteer Rapport/Endpoint Protection information window in web browser. Click 'Open Console' to configure the program.

The first thing to check is to verify that Rapport/Endpoint Protection Tray icon is visble. If it is not, click the Show link. Every non-default setting has orange box with white exclamation mark.
Second, verify that there are no pending updates. If there are, restarting your computer is recommended ASAP.
Trusteer Rapport/Endpoint Protection Dashboard. If Tray icon is hidden, click 'Show'.

To verify that other settings are as recommended, click the More Settings link in Product Settings section.
Then, in the Product Settings tab, make sure that all items have check marks in green boxes. Some changes might require restarting your web browser(s).
Close the tab after making changes.
Trusteer Rapport/Endpoint Protection Dashboard, Product Settings. To verify that default settings are in effect, click 'More Settings'. Trusteer Rapport/Endpoint Protection Dashboard, Product Settings tab. Make sure all options are set as recommended. Close the tab.

Managing trusted websites in Trusteer Rapport/Endpoint Protection

In rare cases, you might need to decrease the number of websites that you manually added to Rapport/Endpoint Protection. To do that, click the Browse Trusted Websites link in Trusted Websites section.
Trusteer Rapport/Endpoint Protection Dashboard, Trusted Websites. Click 'Browse Trusted Websites' to manage your own list of protected sites.

The Trusted Websites: Websites you manually added list is sorted alphabetically. Click remove for any site you want to delete.
Trusteer Rapport/Endpoint Protection Dashboard, Trusted Websites tab. Click 'remove' to stop protecting a site.

This action will be confirmed, click OK. Close the tab after you're done.

Managing Trusteer Rapport/Endpoint Protection activity reports

Normally you get a notice about a weekly report on the second day of Endpoint Protection usage. Click Open report.
Trusteer Rapport, Your periodic activity report is ready and consists of number events. Click 'Open report'.

Alternatively, click Full Report link in Trusteer Rapport Dashboard, Weekly Activity Report section.
Trusteer Rapport Dashboard, Weekly Activity Report. To see events related to Endpoint Protection, click 'Full Report'.

Please verify that there is nothing suspicious on the report - Num. of blocked screen capture events, Num. of certificate mismatch events, Num. of blocked IP addresses events, Num. of blocked browser add-ons events, Num. of blocked cookie access events, Num. of credentials submission eventsNum. of Malware Detection Events and Num. of Risk Site Alerts should all be zero.
If any number of these events is higher than zero, it is highly recommended to scan your computer with Malwarebytes Anti-Malware and make sure that your anti-virus program is running and up-to-date.

Num. of character replacement events is purely informational, it just shows that anti-keylogging was activated.
Trusteer Rapport Dashboard, Weekly Activity Report tab. Check that any number of blocked events is not higher than zero. Other events are just informational.

To see details about any events, click a line once.

If you want to keep getting Rapport's weekly reports, tick the Automatically present this report at the beginning of each week box.

Close the tab.

Resetting Trusteer Rapport/Endpoint Protection policy to defaults

Some upgrades bring new features that will not be enabled by default for existing users. It is strongly recommended to open Rapport console and verify policy settings every two or three months.

First, move to the second page by clicking the large green Next Page button on bottom right of Rapport/Endpoint Protection console window.
Then make sure that the Edits field in Security Policy section states "0 (Default settings)". If not, click the Edit Policy link.
Trusteer Rapport Dashboard, Page 2, Security Policy. If 'Edits' is higher than 0, click 'Edit Policy'.

Because policy is a sensitive thing, Rapport/Endpoint Protection opens a User Approval tab with captcha image. Type the six characters on the image and click OK.
Trusteer Rapport Dashboard, Page 2, Security Policy, User Approval. Enter the characters from image and click OK.

In the Security Policy tab, click Restore Defaults. Then close the tab.
Trusteer Rapport Dashboard, Page 2, Security Policy tab. Click 'Restore Defaults' and close the tab.

Some changes might require restarting web browsers or rebooting your PC. Click OK in the informational dialog. Please note that this will not close programs or initiate a restart, you'll have to perform these actions yourself.
Trusteer Rapport, the following settings will take effect after you restart your computer. Click OK.

Using Security Best Practices report in Trusteer Rapport/Endpoint Protection

Besides protecting your information, Rapport has a built-in security check called Security Best Practices. The report will notify about important out-of-date software, such as Adobe Flash Player, Java SE, web browsers, etc.

See the Security Best Practices section on the second page of Rapport console. If there are improvements available, click View Report.
Trusteer Rapport Dashboard, second page. If there are improvements available in Security Best Practices section, click 'View report'.

This will open a list of possible weaknesses in your computer security. In this example, Java installation is outdated.
If you click on a Rapport's suggestion, you will see some general guidelines for resolving the problem.

A general rule of thumb is to close all browser windows while updating software that has browser plug-ins/add-ons - many programs do not replace plugin files that are currently in use. For example, if you do not close Firefox while updating VLC Player or Adobe Reader, you might end up in a situation where Firefox plug-in is outdated, but those of other web browsers are fine. This means that you must close all browser windows and run the update again.
You can also visit Browser and Plug-in Check page to see if everything is in perfect order.

After you have resolved all weaknesses, it is necessary to click the Scan again link.
Trusteer Rapport Dashboard, Security Best Practices tab. Clicking on an issue opens risk description and recommended actions.

Close the tab after you're done.

Upgrading Trusteer Rapport/Endpoint Protection to a newer version or re-enabling protections after a browser upgrade

Because Rapport updates itself automatically, the only times you need to re-install or update it are after upgrading your browser to a completely new version or installing new web browsers. Most major upgrades break the functionality of Trusteer Rapport - always check for Rapport button in Address Bar or toolbar to verify you are protected. No Rapport icon means no protection!

The steps for updating or re-installing Trusteer Rapport are mostly the same as installing the program for the first time.

Before installing the new version, Rapport Setup asks if you want to fix the existing version, update to a newer version or you had no idea that Rapport was installed. The last one seems like Homer Simpson saying: "D'oh!" Tongue out
Click It works - I just want to update it. Then click Next.
Trusteer Rapport update, Rapport is already installed. Select 'It works - I just want to update it'. Then click Next.

During the update, the existing Trusteer Rapport service must be shut down. This causes a security confirmation message, because normally the service must be running. Now it is the time to close all open windows of Internet Explorer, Mozilla Firefox, Google Chrome or Apple Safari to make sure the upgrade goes smoothly.
Type the six characters on the captcha picture and click Shutdown.
Trusteer Rapport update, Security confirmation message. Type the letters on the image and click Shutdown.

After the update is complete, you will sometimes see a message that you should restart your computer to activate all new features. Click OK and then reboot your PC.
Trusteer Rapport upgrade complete. Click OK and reboot your computer.


Sub Navigation

Sub Navigation
Next: Microsoft EMET
Previous: Secunia PSI
comments powered by Disqus