Trusteer Rapport (aka Trusteer Endpoint Protection) prevents banking trojans ZeuS, SpyEye, Silon, Torpig and other financial malware from grabbing your login credentials and robbing your bank account, or stealing your identity from other websites. It also provides protection from keylogging, screen grabbing and phishing.
The program has a list of partner web sites where its protections turn on automatically, and you can specify up to 100 other web sites to protect.
Rapport protects your personal data by creating a secure tunnel between your browser and your bank (or the website you are logging in to) and so it keeps you safe from Man-in-the-Browser malware and Man-in-the-Middle attacks. All browsers are checked for unauthorized modifications before launching to prevent Man-in-the-Browser malware infections and information theft. Trusteer Rapport also secures browsers' memory to avoid malicious code injection. Plus it is well capable of removing financial malware all by itself - but do not ditch your anti-virus and anti-malware programs, for Rapport detects and removes only certain types of malware.
Keylogging protection is provided by encrypting all keystrokes that reach your Internet browser.
Phishing protection is provided like this - if you enter a protected user name/password combination on an unknown page, Rapport will pop up a warning that asks to verify you are on the correct site. This way, you will not enter your Twitter password on itwittier.com or twiitter.com, for example.
As Rapport does all this without the need for constant updates and it does not overload your Internet browser or Internet connection, the software is already offered to customers of many well-known banks. IBM purchased Trusteer in August, 2013 and that should increase users' confidence in the security software.
Trusteer Rapport/Endpoint Protection does update itself automatically to provide best protection from newest threats, but the updates are not big in size and do not cause any delays.
Rapport works in major Internet browsers - Microsoft Internet Explorer (including even the Metro/Modern UI version of IE 10 and 11), Mozilla Firefox, Google Chrome and Apple Safari. Sadly, Opera is not supported yet.
Sounds good, right? Let's get the sweetie now!
Please note that some versions of Trusteer Rapport are incompatible with Microsoft EMET - web browsers might not open at all or open a blank, unusable window.
Windows XP users should disable EAF protection for their Internet browsers in EMET configuration.
Windows Vista, 7 and 8 users should disable Mandatory ASLR protection for their browsers in EMET configuration.
avast! Free Antivirus might mislabel Rapport Service (rapportmgmtservice.exe) as malware, but you can safely ignore this warning - Rapport is clean.
Go to Rapport download page, and click the link to the right of "PC users:".
Because Trusteer seems to be renaming Rapport to Endpoint Protection, both names are used interchangeably in this tutorial.
Trusteer Endpoint Protection Installer will first notice you about possible firewall or anti-virus program alerts during the install. So, if you see any alerts, it is recommended to click Unblock, Yes, Allow or Permit buttons to let the setup safely finish.
Rapport/Endpoint Protection will then download the rest of installation files. Just stand by, this won't take long.
After this, setup will begin. Tick the I've read and agreed with Trusteer End User License Agreement check box and click Install.
The installation takes a few minutes. Click Finish after it is complete.
Trusteer Rapport will then open your default Internet browser and load a quick compatibility test.
Do not click the Continue button unless you see this screen for more than 15 seconds!
The next screen you'll see is about Compatibility Test running. Stand by.
And the last screen for Rapport Compatibility Test is "Installation Completed".
You can safely close the browser window now.
You will see a new gray button with a white arrow pointing left in your browser Address Bar or Toolbar. This shows that Trusteer Rapport is running.
Please remember to always check for the icon before entering some protected website - if Rapport needs upgrading, the icon might disappear. If there is no Rapport icon in Address Bar or Toolbar, it means you are not protected.
While the button is gray, Trusteer Rapport is not protecting your information on this website.
To keep your login credentials and other information safe on the website, click the Trusteer Rapport button and then click Protect this Website.
As written in the information window, it is recommended to enable Rapport for every website that contains your personal information or requires logging in. Free version protects up to 100 websites - quite enough for an average Joe.
After clicking the Protect this Website button, Rapport's button turns green to show you that protection is turned on. The button will be green each time you will visit the site from now on.
If you click the green button, Rapport/Endpoint Protection will notify you that this website is protected by Trusteer.
After you type in your password and hit Enter key or click some login button, Trusteer Rapport offers to start protecting your user credentials. Protecting the password means preventing phishing attacks in case you enter the same password on a fraudulent website (for example, a malicious website pretending to be your bank, PayPal or Facebook).
This also means that you should not reuse your password on many different websites. Please remember to use different passwords for different online services to prevent easy identity theft - read our Creating strong passwords and Password Safe articles to help you with this!
Now all you have to do is to click the gray button once for each website that you log in to in order to protect your credentials and sensitive information from password-stealing malware. Yeah, banks, online stores, webmail and social network sites should be the first in line.
In case you enter a protected user name/password combination on a different site (for example, your PayPal credentials on www.paypal.mustnotenter.blogger.com), Trusteer Rapport will pop up a Protected Information Warning dialog.
Now it is time to take a good look at browser's Address Bar and verify you are on the correct site! The warning dialog lists both the site where you normally enter this data and the site you are visiting right now.
If the site's address is not the one you were expecting, click the Get me out of here! button immediately - this could be a phishing site.
Oh, and if you tend to re-use passwords (a very, very bad security practice!) and you really are on the correct web site, click Trust this site. But please do not use the same password everywhere as this can cost you dearly in case your login credentials end up in the hands of cyber-crooks who want to empty your bank account or shop online using your credit card or virtual money.
Read the Creating strong passwords and Password Safe articles for good password practices and storing+auto-filling credentials securely!
In case you were on a suspicious site, Trusteer Rapport offers to go to your browser's home page or the site where you normally enter these login details.
Click either Take me to my home page, or the other link. Both are safe options.
You can change Rapport/Endpoint Protection settings by clicking (not right-clicking!) its icon in Taskbar Notification area (aka System Tray), or by clicking the program icon in browser's Address Bar and clicking Open Console.
The first thing to check is to verify that Rapport/Endpoint Protection Tray icon is visble. If it is not, click the Show link. Every non-default setting has orange box with white exclamation mark.
Second, verify that there are no pending updates. If there are, restarting your computer is recommended ASAP.
To verify that other settings are as recommended, click the More Settings link in Product Settings section.
Then, in the Product Settings tab, make sure that all items have check marks in green boxes. Some changes might require restarting your web browser(s).
Close the tab after making changes.
In rare cases, you might need to decrease the number of websites that you manually added to Rapport/Endpoint Protection. To do that, click the Browse Trusted Websites link in Trusted Websites section.
The Trusted Websites: Websites you manually added list is sorted alphabetically. Click remove for any site you want to delete.
This action will be confirmed, click OK. Close the tab after you're done.
Normally you get a notice about a weekly report on the second day of Endpoint Protection usage. Click Open report.
Alternatively, click Full Report link in Trusteer Rapport Dashboard, Weekly Activity Report section.
Please verify that there is nothing suspicious on the report - Num. of blocked screen capture events, Num. of certificate mismatch events, Num. of blocked IP addresses events, Num. of blocked browser add-ons events, Num. of blocked cookie access events , Num. of Malware Detection Events and Num. of Risk Site Alerts should all be zero.
If any number of these events is higher than zero, it is highly recommended to scan your computer with Malwarebytes' Anti-Malware and make sure that your anti-virus program is running and up-to-date.
Num. of credentials submission events and Num. of character replacement events are purely informational, these numbers do not represent anything suspicious.
To see details about any events, click a line once.
If you want to keep getting Rapport's weekly reports, tick the Automatically present this report at the beginning of each week box.
Close the tab.
Some upgrades bring new features that will not be enabled by default for existing users. It is strongly recommended to open Rapport console and verify policy settings every two or three months.
First, move to the second page by clicking the large green Next Page button on bottom right of Rapport/Endpoint Protection console window.
Then make sure that the Edits field in Security Policy section states "0 (Default settings)". If not, click the Edit Policy link.
Because policy is a sensitive thing, Rapport/Endpoint Protection opens a User Approval tab with captcha image. Type the six characters on the image and click OK.
In the Security Policy tab, click Restore Defaults. Then close the tab.
Some changes might require restarting web browsers or rebooting your PC. Click OK in the informational dialog. Please note that this will not close programs or initiate a restart, you'll have to perform these actions yourself.
Besides protecting your information, Rapport has a built-in security check called Security Best Practices. The report will notify about important out-of-date software, such as Adobe Flash Player, Java SE, web browsers, etc.
NB! Some versions of Trusteer Rapport / Endpoint Protection might label Google Chrome outdated. This is a known issue and you can ignore it as long Chrome states it really is up-to-date. Alternatively, use the Browser and Plug-in Check page to verify browser versions.
See the Security Best Practices section on the second page of Rapport console. If there are improvements available, click View Report.
This will open a list of possible weaknesses in your computer security. In this example, Java installation is outdated.
If you click on a Rapport's suggestion, you will see some general guidelines for resolving the problem.
A general rule of thumb is to close all browser windows while updating software that has browser plug-ins/add-ons - many programs do not replace plugin files that are currently in use. For example, if you do not close Firefox while updating VLC Player or Adobe Reader, you might end up in a situation where Firefox plug-in is outdated, but those of other web browsers are fine. This means that you must close all browser windows and run the update again.
You can also visit Browser and Plug-in Check page to see if everything is in perfect order.
After you have resolved all weaknesses, it is necessary to click the Scan again link.
Close the tab after you're done.
Trusteer sometimes sends suggestions and security news via Rapport/Endpoint Protection. This can be changed on page three of Rapport console/dashboard.
Click Manage Security News.
In the Security News Channels tab, use check boxes to select which type of information you want to receive. To disable notifications completely (not really recommended), clear the Notify me when a new message is available in Security News check box.
Close the tab.
Upgrading Trusteer Rapport/Endpoint Protection to a newer version or re-enabling protections after a browser upgrade
Because Rapport updates itself automatically, the only times you need to re-install or update it are after upgrading your browser to a completely new version or installing new web browsers. Most major upgrades break the functionality of Trusteer Rapport - always check for Rapport button in Address Bar or toolbar to verify you are protected. No Rapport icon means no protection!
The steps for updating or re-installing Trusteer Rapport are mostly the same as installing the program for the first time.
Before installing the new version, Rapport Setup asks if you want to fix the existing version, update to a newer version or you had no idea that Rapport was installed. The last one seems like Homer Simpson saying: "D'oh!"
Click It works - I just want to update it. Then click Next.
During the update, the existing Trusteer Rapport service must be shut down. This causes a security confirmation message, because normally the service must be running. Now it is the time to close all open windows of Internet Explorer, Mozilla Firefox, Google Chrome or Apple Safari to make sure the upgrade goes smoothly.
Type the six characters on the captcha picture and click Shutdown.
After the update is complete, you will sometimes see a message that you should restart your computer to activate all new features. Click OK and then reboot your PC.