IBM Security Trusteer Rapport/Endpoint Protection
IBM Security Trusteer Rapport (aka Trusteer Endpoint Protection) prevents banking trojans such as ZeuS, SpyEye, Silon, Torpig and other financial malware from grabbing your login credentials and robbing your online bank account, or stealing your identity from other websites. It also provides protection from keylogging, screen grabbing and phishing.
The free program has a long list of partner web sites where its protections turn on automatically, and you can specify up to 100 other web sites to protect.
Rapport protects your personal data by creating a secure tunnel between your browser and your bank (or the website you are logging in to) and so it keeps you safe from Man-in-the-Browser (MITB) malware and Man-in-the-Middle (MITM) attacks. All browsers are checked for unauthorized modifications before launching to prevent malware infections and information theft. Trusteer Rapport also secures browsers' memory to avoid malicious code injection. Furthermore, it is well capable of removing financial malware all by itself - but do not ditch your anti-virus and anti-malware programs, for Rapport detects and kills only certain types of malware.
Keylogging protection is provided by encrypting all keystrokes before they reach your web browser.
If you enter a protected user name/password combination on an unknown page, Rapport will pop up a warning that asks to verify you are on the correct site. This way, phishing your Twitter user name and password on itwittier.com or twiitter.com is prevented.
IBM Security Trusteer Rapport/Endpoint Protection updates itself automatically to provide best protection from latest threats. Sometimes a restart is required for all new settings to take effect, but this does not happen often.
Rapport works in major Internet browsers - Microsoft Internet Explorer (including even the Metro/Modern UI version of IE 10 and 11), Mozilla Firefox, Google Chrome and Apple Safari. Sadly, Opera is not supported yet.
Rapport protects both 32-bit and 64-bit browsers, and it works fine in both 32-bit (x86) and 64-bit (x64) Windows XP, Vista, 7, 8 and 8.1. If you do not see Rapport icon in browser's address bar, please download and update it manually.
The software has a long history since 2006, and even a longer name after IBM bought Trusteer in September 2013 (Trusteer Rapport and Trusteer Endpoint Protection are used interchangeably). Well, everyone should know IBM, so safety of the program is guaranteed.
The program also works on Macs, and you can get free secure browser for Android and iOS devices.
Go to Rapport download page, and click the link to the right of "PC users:". The same link can be used for manual updating of the software.
Trusteer Endpoint Protection Installer will first notice you about possible firewall or anti-virus program alerts during the install. So, if you see any alerts, it is recommended to click Unblock, Yes, Allow or Permit buttons to let the setup safely finish.
Rapport/Endpoint Protection will then download the rest of installation files. Just stand by, this won't take long.
After this, setup will begin. Select the I accept the terms in the license agreement option and click Install.
The Advanced button is for those who have visual impairment or color blindness.
The installation takes a few minutes. Click Finish after it is complete.
An "Installation Completed" page opens in your default web browser. You can safely close the Tab.
If you updated Rapport manually, you might have to restart your PC for new features to come in effect.
You will see a new gray button with a white arrow pointing left in your browser's Address Bar or Toolbar. This shows that Trusteer Rapport is running.
Please remember to always check for the icon before entering some protected website - if Rapport needs upgrading or a restart, the icon might disappear from Address Bar or Toolbar. This might also happen after installing a new web browser or after a major version upgrade of a browser.
If there is no Rapport icon in Address Bar or Toolbar, it means your sessions are not protected.
While the button is gray, the software is not protecting your information on this website.
To keep your login credentials and other information safe on the website, click the Trusteer Rapport/Endpoint Protection button and then click Protect this Website.
As written in the information window, it is recommended to enable Rapport for every website that contains your personal information or requires logging in. Free version protects up to 100 websites - quite enough for an average Joe.
Rapport's button turns green to indicate that the protection is turned on. The button will be green each time you will visit the site from now on.
If you click the green button, Rapport/Endpoint Protection will notify you that this website is protected by Trusteer.
The first time you type in your credentials for a protected site and hit Enter key or click some login button, Trusteer Rapport offers to start protecting the password.
This also means that you should not reuse the passphrase on different websites. Please remember to use different passwords for different online services to prevent easy identity theft - read the Creating strong passwords and Password Safe articles to help you with this!
Now all you have to do is to click the gray button once for each website that contains or requires sensitive data in order to protect you from password-stealing malware. Yeah, banks, online stores, webmail and social network sites should be the first in line.
In case you enter a protected user name/password combination on a different site (for example, your PayPal credentials on www.paypal.badsite.com), Trusteer Rapport will pop up a Protected Information Warning dialog.
Now it is time to take a good look at browser's Address Bar and verify that you are on the correct site! The warning dialog lists both the site where you normally enter this data and the site you are visiting right now.
If the site's address is not the one you were expecting, click the Get me out of here! button immediately - this could be a phishing attempt.
Oh, and if you tend to re-use passwords (a very, very bad security practice!) and you really are on the correct web site, click Trust this site. But please do not use the same password everywhere as this can cost you dearly in case your login credentials end up in the hands of cyber-crooks who want to empty your bank account or shop online using your credit card or virtual money.
Read the Creating strong passwords and Password Safe articles for good password practices and storing+auto-filling credentials securely!
In case you were on a suspicious site, Trusteer Rapport offers to go to your browser's home page or the site where you normally enter these login details.
Click either my home page, or the other link. Both are safe options.
You can change Rapport/Endpoint Protection settings by clicking (not right-clicking!) its icon in Taskbar Notification area (aka System Tray), or by clicking the program icon in browser's Address Bar and clicking Open Console.
Please note that administrative rights are required for some changes.
If no Address Bar or System Tray icon is visible, or you need to launch Trusteer Console with elevated permissions, open Start menu (Windows Vista and 7) or Start screen (Windows 8 and 8.1), type trusteer, right-click Trusteer Endpoint Protection Console and select Run as administrator.
In Windows XP, open Start menu, expand All Programs, Trusteer Endpoint Protection, right-click Trusteer Endpoint Protection Console and select Run as.
The first thing to check is to verify that both Address bar and Tray icons are visible. If not, click the Show link(s). Please note that every non-default setting has orange box with white exclamation mark.
Second, verify that there are no pending updates that require a restart. If there are, reboot your computer ASAP.
To verify that other settings are as recommended, click the More Settings link in Product Settings section.
Then, in Product Settings tab, make sure that all items have check marks in green boxes. Some changes might require restarting your web browser(s).
Close the tab after making changes.
In rare cases, you might need to decrease the number of websites that you manually added to Rapport/Endpoint Protection. To do that, click the Browse Trusted Websites link in Trusted Websites section.
Truster Partner Websites is a fixed list of banks and companies that work closely with IBM Security/Trusteer. You can only open the listed websites there.
To manage the list of your personal additions, click Websites you manually added.
The list is sorted alphabetically. Click remove for any site you no longer need.
This action will be confirmed, click OK. Close the tab after you're done.
Normally you get a notice about a weekly report on the second day of Endpoint Protection usage. Click Open report.
Alternatively, click Full Report link in Trusteer Rapport Dashboard, Weekly Activity Report section.
Please verify that there is nothing suspicious on the report - Num. of blocked screen capture events, Num. of certificate mismatch events, Num. of blocked IP addresses events, Num. of blocked browser add-ons events, Num. of blocked cookie access events, Num. of credentials submission events, Num. of Malware Detection Events and Num. of Risk Site Alerts should all be zero.
If any number of these events is higher than zero, it is highly recommended to scan your computer with Malwarebytes Anti-Malware and make sure that your anti-virus program is running and up-to-date.
Num. of character replacement events is purely informational, it just shows that anti-keylogging was activated.
To see details about any events, click a line once.
If you want to keep getting Rapport's weekly reports, tick the Automatically present this report at the beginning of each week box.
Close the tab.
Some upgrades bring new features that will not be enabled by default for existing users. It is strongly recommended to open Rapport/Endpoint Protection console and verify policy settings every two or three months.
First, move to the second page by clicking the large green Next Page button on bottom right of Rapport/Endpoint Protection console window.
Then make sure that the Edits field in Security Policy section states "0 (Default settings)". If not, click the Edit Policy link.
Because policy is a sensitive thing, Rapport/Endpoint Protection opens a User Approval tab with CAPTCHA image. Type the six characters on the image and click OK.
In the Security Policy tab, click Restore Defaults. A message about unsaved changes appears, click Save on the left.
Some changes might require restarting web browsers or rebooting your PC. Click OK in the informational dialog. Please note that this will not close programs or initiate a restart, you'll have to perform these actions yourself.
Besides protecting your information, Rapport has a built-in security check called Security Best Practices. The report will notify about important out-of-date software, such as Adobe Flash Player, Java SE, web browsers, etc.
See the Security Best Practices section on the second page of Rapport console. If there are improvements available, click View Report.
This will open a list of possible weaknesses in your computer security. In this example, Adobe Flash Players and Reader, plus Mozilla Firefox are outdated.
If you click on a Rapport's suggestion, you will see some general guidelines for resolving the problem.
A general rule of thumb is to close all browser windows while updating software that has browser plug-ins/add-ons - many programs do not replace plugin files that are currently in use. For example, if you do not close Firefox while updating VLC Player or Adobe Reader, you might end up in a situation where Firefox plug-in is outdated, but those of other web browsers are fine. This means that you must close all browser windows and run the update again.
You can also visit Browser and Plug-in Check page to see if everything is in perfect order.
After you have resolved all weaknesses, it is necessary to click the Scan again link.
Close the tab after you're done.